Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
LDAP user auto creation: A way to set (default) login shell for LDAP users?
« previous
next »
Print
Pages: [
1
]
Author
Topic: LDAP user auto creation: A way to set (default) login shell for LDAP users? (Read 803 times)
msi
Newbie
Posts: 7
Karma: 1
LDAP user auto creation: A way to set (default) login shell for LDAP users?
«
on:
October 26, 2022, 07:02:09 am »
Hi there
I've realized that while LDAP autocreation of (in my case admin) users work pretty well (definitely appreciate it!) and newly-created accounts get the right permissions in the Web UI based on LDAP group memberships, even sudo worked - but the login shell defaults to /sbin/nologin.
The result is that even if they add their SSH keys such users cannot log in via SSH nor can they log into a shell on i.e. the local VGA or serial console.
I've realized this on our OPNsense cluster on 22.4 but was able to reproduce this on my personal system running 22.7 I know it's minor but I tried finding options in the UI and source code for either:
Define the login shell based on an LDAP attribute mapping (this can have disadvantages if LDAP is unavailable)
Set a selectable default shell for new-ly created users in the auth server?
It took me some time to realize what (seems) was happening at first. Looking forward to an input, maybe I can figure out a small addition to the Authentication code in the core repository.
Any other/better ideas?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
LDAP user auto creation: A way to set (default) login shell for LDAP users?