Is there any service that will speak LDAP but just respond with the local UNIX users?
Right now I have good management for local UNIX users but every service wants to do its own auth. This means that it is a pain of remembering different passwords, configuring passwords on setting up a new service and whatnot.
I noticed that a lot of services support LDAP auth, but I don’t want to make my UNIX user accounts depend on LDAP for simplicity. So I was wondering if there was some sort of shim that will talk the LDAP protocol but just do authentication against the regular user database (PAM).
The closest I have seen is the services.openldap.declarativeContents NixOS option which I can probably use by transforming my regular UNIX settings into an LDAP config at build time, but I was wondering if there was anything simpler.
(Related note: I really wish that services would let you specify the user via HTTP header, then I could just manage auth at the reverse-proxy without worrying about bugs in the service)
deleted by creator
I use NixOS.
Meaning what?
NixOS makes it very easy to declaratively configure servers. For example the users config to manage UNIX users: https://nixos.org/manual/nixos/stable/options#opt-users.users
That’s not much of an answer, I’m not reading docs because you can’t be bothered. I don’t use NixOS, so if you want to use that as an example, you’ll need to put in the effort to explain how it’s different.
If you don’t want to use LDAP, don’t. Then you get to manage each user account on each device.
To be frank, it seems like you have an adversarial attitude about this, and you think NixOS is the answer. Every one of your responses has been “but” whatever. You don’t seem like you want to understand how to use things, just complain it doesn’t work the way you think it should.