[gentoo-user] where is pam_ldap now?

[gentoo-user] where is pam_ldap now?

[Evgeny Bushkov]

Hi ,

somehow my ldap user became blocked from access to a ssh-server. It 
turns out pam can't find pam_ldap.so module anymore. Yes I remember I 
removed it at recent 'emerge --depclean' session but the portage tree 
doesn't have it anymore. I wonder where is sys-auth/pam_ldap now? 
There's no mentioning in news nor in web search. I managed to restore 
pam_ldap module from packages but now I'm in need for more reliable 
decision.

Best regards,
Evgeny.

Re: [gentoo-user] where is pam_ldap now?

[Eli Schwartz]

[-- Attachment #1.1: Type: text/plain, Size: 907 bytes --]

On 11/13/24 8:48 AM, Evgeny Bushkov wrote:
> Hi ,
> 
> somehow my ldap user became blocked from access to a ssh-server. It
> turns out pam can't find pam_ldap.so module anymore. Yes I remember I
> removed it at recent 'emerge --depclean' session but the portage tree
> doesn't have it anymore. I wonder where is sys-auth/pam_ldap now?
> There's no mentioning in news nor in web search. I managed to restore
> pam_ldap module from packages but now I'm in need for more reliable
> decision.


pam_ldap was masked and last rited on August 8, and deleted from
::gentoo on September 13. It wouldn't have been in the news.


Here is the announcement:

https://public-inbox.gentoo.org/gentoo-dev-announce/7f786219-b478-46b2-ab5c-d2a805727063@gentoo.org/

The recommended replacement was nss-pam-ldapd.

You can keep using pam_ldap if you prefer, from a local overlay.


-- 
Eli Schwartz

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 236 bytes --]

Re: [gentoo-user] where is pam_ldap now?

[Michael]

[-- Attachment #1: Type: text/plain, Size: 1176 bytes --]

On Wednesday 13 November 2024 15:12:06 GMT Eli Schwartz wrote:
> On 11/13/24 8:48 AM, Evgeny Bushkov wrote:
> > Hi ,
> > 
> > somehow my ldap user became blocked from access to a ssh-server. It
> > turns out pam can't find pam_ldap.so module anymore. Yes I remember I
> > removed it at recent 'emerge --depclean' session but the portage tree
> > doesn't have it anymore. I wonder where is sys-auth/pam_ldap now?
> > There's no mentioning in news nor in web search. I managed to restore
> > pam_ldap module from packages but now I'm in need for more reliable
> > decision.
> 
> pam_ldap was masked and last rited on August 8, and deleted from
> 
> ::gentoo on September 13. It wouldn't have been in the news.
> 
> Here is the announcement:
> 
> https://public-inbox.gentoo.org/gentoo-dev-announce/7f786219-b478-46b2-ab5c-> d2a805727063@gentoo.org/
> 
> The recommended replacement was nss-pam-ldapd.
> 
> You can keep using pam_ldap if you prefer, from a local overlay.

The wiki suggests 'sys-auth/sssd' as a more recent alternative:

https://wiki.gentoo.org/wiki/
Centralized_authentication_using_OpenLDAP#Configuring_SSSD

https://packages.gentoo.org/packages/sys-auth/sssd

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [gentoo-user] where is pam_ldap now?

[Eli Schwartz]

[-- Attachment #1.1: Type: text/plain, Size: 810 bytes --]

On 11/13/24 10:14 AM, Michael wrote:
> On Wednesday 13 November 2024 15:12:06 GMT Eli Schwartz wrote:
>> The recommended replacement was nss-pam-ldapd.
>>
>> You can keep using pam_ldap if you prefer, from a local overlay.
> 
> The wiki suggests 'sys-auth/sssd' as a more recent alternative:


Sure. sssd is a good idea for a modern replacement for configuring LDAP
users. But nss-pam-ldapd might be considered more desirable for previous
users of pam_ldap who are looking for a replacement that is relatively
equivalent, particularly in terms of being lightweight.

My gut feeling is that anyone who wanted to use pam_ldap in the first
place would rather avoid sssd if it's possible to use nss-pam-ldapd.
Personally, I would just use sssd, but that is me personally...


-- 
Eli Schwartz

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 236 bytes --]

Re: [gentoo-user] where is pam_ldap now?

[Evgeny Bushkov]

On 13.11.2024 18:14, Michael wrote:
> On Wednesday 13 November 2024 15:12:06 GMT Eli Schwartz wrote:
>> On 11/13/24 8:48 AM, Evgeny Bushkov wrote:
>>> Hi ,
>>>
>>> somehow my ldap user became blocked from access to a ssh-server. It
>>> turns out pam can't find pam_ldap.so module anymore. Yes I remember I
>>> removed it at recent 'emerge --depclean' session but the portage tree
>>> doesn't have it anymore. I wonder where is sys-auth/pam_ldap now?
>>> There's no mentioning in news nor in web search. I managed to restore
>>> pam_ldap module from packages but now I'm in need for more reliable
>>> decision.
>> pam_ldap was masked and last rited on August 8, and deleted from
>>
>> ::gentoo on September 13. It wouldn't have been in the news.
>>
>> Here is the announcement:
>>
>> https://public-inbox.gentoo.org/gentoo-dev-announce/7f786219-b478-46b2-ab5c-> d2a805727063@gentoo.org/
>>
>> The recommended replacement was nss-pam-ldapd.
>>
>> You can keep using pam_ldap if you prefer, from a local overlay.
> The wiki suggests 'sys-auth/sssd' as a more recent alternative:
>
> https://wiki.gentoo.org/wiki/
> Centralized_authentication_using_OpenLDAP#Configuring_SSSD
>
> https://packages.gentoo.org/packages/sys-auth/sssd

Thanks! I'll take a look at manuals and choose sssd or nss-pam-ldapd for 
substitution of pam_ldap.