0

I recently asked a question here about getting Ubuntu to authenticate via LDAP against an OS X server. The good news is, I got it to work and the clients are now authenticating, but my problem now is that pam_mkhomdir.so doesn't seem to be doing it's job. Here's my common-session file:

session sufficient pam_ldap.so
session [default=1]                     pam_permit.so
session requisite                       pam_deny.so
session required                        pam_permit.so
session required        pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel/
session optional                        pam_ldap.so
session optional                        pam_ck_connector.so nox11
session optional pam_foreground.so

Because of this, every time an LDAP user tries to login, gdm tells them that their home directory is set to /Network/[Servername]/User/[username]. Based on this error, I'm guessing that pam_mkhomedir.so is being overridden by the LDAP provided home path, so my question is: is there a way to have the LDAP user's home directory created locally when they log in instead of it trying to use /Volumes/[Servername]/...?

Thanks in advance

Update: Kamil's response seems to have helped make some progress, but instead of gdm reporting the home directory as being set to /Network/etc..., it's saying it's set to '' (null). I tried using 

nss_map_attribute homeDirectory "/home/$username"

but this gave me the same error. Any ideas?

Community
  • 1
Steve Gattuso
  • 71
  • 1
  • 10

1 Answers1

2

The way we solved this is to add another attribute to LDAP, something like linuxHomeDirectory . Then you can create a mapping in ldap.conf:

nss_map_attribute homeDirectory linuxHomeDirectory

The for each user you set the attribute in LDAP to the path you want for their Linux home dir, such as /home/$username or whatnot.

If you have your home directories served from OS X server, you can mount those with an automounter in the /Volumes/$servername/$path hierarchy on Linux and then you don't need to do any LDAP attribute mangling.

More info: Here's an article how to extend the LDAP schema in OpenDirectory: http://www.afp548.com/article.php?story=20060228230005854

To populate the user attributes you can use the ldapadd and ldapmodify tools.

Kamil Kisiel
  • 12,184
  • 7
  • 48
  • 69
  • When I tried using `nss_map_attribute homeDirectory linuxHomeDirectory`, I then got another error saying that the home directory was set to '', so I'm guessing that linuxHomeDirectory isn't being set. How could I go about setting this? – Steve Gattuso Sep 23 '09 at 12:59
  • As I mentioned, you need to extend your LDAP scheme with a new attribute and then set the attribute for each user. Sorry if it wasn't clear enough. – Kamil Kisiel Sep 23 '09 at 17:12
  • How would I go about doing that, and by set the attribute for each user, do you mean go through and add something for each and every LDAP user? (That's around 700+ users in my case...) – Steve Gattuso Sep 25 '09 at 14:08