On Mon, Feb 16, 2026 at 09:49:54AM -0500, Chaz Kettleson wrote:
> Hello,
> 
> I've been playing with setting up LDAP with ldapd(8) for authentication.
> Using the example login_ldap.conf there is a colon and line continuation
> between binddn and bindpw. Initially I thought this was for a
> 'user:password' setup, but it appears that is not the case. I've been
> able to get it to work by removing the ':\'. Adding 'ldap' as an
> authentication style in login.conf, authentication succeeds.
> 
> While we are here, update the example to be more in line with other
> examples using "example.com". Also, use posixAccount/uid instead of the
> more AD specific user/sAMAccountName. This is also in line with what the
> example ypldap.conf uses.
> 
> -- 
> Chaz
> 
> diff --git i/etc/examples/login_ldap.conf w/etc/examples/login_ldap.conf
> index 4f4e9381b4b..ab5f7203d15 100644
> --- i/etc/examples/login_ldap.conf
> +++ w/etc/examples/login_ldap.conf
> @@ -2,7 +2,7 @@ host=ldap+tls://1.2.3.4:8389
>  host=ldap://localhost
>  cacert=/etc/ssl/ca-ldap.pem
>  scope=sub
> -basedn=dc=openbsd,dc=org
> -binddn=cn=admin,dc=openbsd,dc=org:\
> +basedn=dc=example,dc=com
> +binddn=cn=admin,dc=example,dc=com
>  bindpw=password
> -filter=(&(objectClass=user)(sAMAccountName=%u))
> +filter=(&(objectClass=posixAccount)(uid=%u))
> 

This file format supports comments with '#' so maybe the example file
should include both filters with a comment.
Apart from the OK from me.

-- 
:wq Claudio