install openssh with ldap public key patch on debian lenny

set up ldap, install ldap-utils libpam-ldap libnss-ldap nscd

$ vim /etc/nsswitch.conf
passwd:         ldap compat
group:          ldap compat
shadow:         ldap compat

$ cd /etc/pam.d
$ vim common-account 
account sufficient

$ vim common-auth 
auth sufficient

$ vim common-password
password sufficient

$ vim common-session
session     required skel=/etc/skel umask=0022

$ vim /etc/ldap/ldap.conf 
BASE    dc=nullren,dc=com
URI     ldap://pollux

$ /etc/init.d/nscd restart

these two pages helped me a lot: SSH Public Keys from LDAP and OpenSSH LPK+HPN.

this ended up being a lot easier than i let it. this is how i compiled openssh with ldap public key support.

first i set up my build env

$ cd /tmp
$ svn checkout openssh-lpk-read-only
$ mkdir openssh
$ cd openssh
$ apt-get source openssh
$ apt-get build-dep openssh
$ apt-get install libldap2-dev

i then ran the patches on the openssh source:

$ cd openssh-5.1p1
$ patch < ../../openssh-lpk-read-only/patch/contrib/contrib-openssh-lpk-5.1p1-0.3.10.patch
$ patch < ../../openssh-lpk-read-only/patch/contrib/contrib-openssh-5.1_p1-lpk-64bit.patch

had to add ./configure flags to run, i just opened up debian/rules, found the lines with ./configure on them, and added to the end: --with-libs="-lldap" --with-ldflags="-L/usr/lib" --with-cppflags="-I/usr/include -DWITH_LDAP_PUBKEY"

here is a diff you can look at:

<       cd build-deb && ../configure $(confflags)
>       cd build-deb && ../configure $(confflags) --with-libs="-lldap" --with-ldflags="-L/usr/lib" --with-cppflags="-I/usr/include -DWITH_LDAP_PUBKEY"
<       cd build-udeb && ../configure $(confflags_udeb)
>       cd build-udeb && ../configure $(confflags_udeb) --with-libs="-lldap" --with-ldflags="-L/usr/lib" --with-cppflags="-I/usr/include -DWITH_LDAP_PUBKEY"

then i was ready to build:

dpkg-buildpackage -us -uc

then i had my package built: openssh-server_5.1p1-5_amd64.deb. all that was left to do was install:

$ cd ..
$ dpkg -i openssh-server_5.1p1-5_amd64.deb
$ vim /etc/ssh/sshd_config

i added this to the end:

UseLPK yes
LpkLdapConf /etc/ldap/ldap.conf

and restarted ssh:

$ /etc/init.d/ssh restart

yay! now i can log in with my test users.