2008/2/14, Dave <[EMAIL PROTECTED]>: > Hi, > Actually i'm only using jails, because i haven't got all the bugs worked > out yet and when i do i'm going to just copy the files over and go > production. Other than that these files will work for a freebsd system. In > brief you'll need openldap server and client ports, i'm using 2.4, pam_ldap > port and nss_ldap port. Go configure all that and that'll do it, take it in > stages, slapd first, the ldap client next, then either pam_ldap or nss_ldap, > one thing you'll definitely want is tls encryption, can't help with that as > i'm still trying to get that working. > If you need any help let me know, i'll do what i can. > > Dave. > > ----- Original Message ----- > From: "Jon Theil Nielsen" <[EMAIL PROTECTED]> > > To: "Dave" <[EMAIL PROTECTED]> > Cc: <freebsd-questions@freebsd.org> > Sent: Thursday, February 14, 2008 7:20 AM > Subject: Re: LDAP user authentication? > > > >> >I have googled for a very long time, but I haven't found any useful > >> > howto on this issue. Well, there is > >> > > >> > http://www.cultdeadsheep.org/FreeBSD/docs/Quick_and_dirty_FreeBSD_5_x_and_nss_ldap_mini-HOWTO.html > >> > but that seems to be a bit confusing an not up-to-date. I guess it > >> > _should_ be possible - and indeed very useful (especially combinde > >> > with Samba PDC and an easily maintainlable mail server). So please, if > >> > you have any experiences or knowledge of a useful description..! > >> > > >> > Regards, > >> > Jon Theil Nielsen > > > > > > 2008/2/14, Dave <[EMAIL PROTECTED]>: > >> Hi, > >> I am far from an expert, in fact i'm still learning. I don't know a > >> lot > >> of the jargon, that is i still get the more intense terms mixed up, but > >> i've > >> been banging my head against ldap for about a month now and am starting > >> to > >> show results. Right now i'm using ldap in jails on freebsd 6.2 as i > >> don't > >> have all the bugs worked out to go production. I've got a directory that > >> is > >> a user addressbook as well as handles authentication of users, both for > >> the > >> jailed ldap server, but for two other jailed environments, one the ldap > >> client, the other just a test machine. I've also authenticated a linux > >> box > >> against this server that works fine with a few tweaks. Right now i've > >> got a > >> jail specifically for testmail setup i'm going to try to hook in email > >> services, pop/imap, smtp, etc. in to ldap. > >> If you have im abilities i can talk more there, but basically it's > >> definitely not trivial to get going, in my opinion others might differ. > >> Dave. > >> Thanks a lot. That might be interesting. TLS might not be that vital, since I'm mostly thinking of a solution on my own servers and primarily only on the central one. When I was on Linux, PAM was almost a most, but I think it is different on FreeBSD, so I guess I would prefer the solution with nss_ldap. Your are right, nothing severe will happen if I try to get the LDAP server and client up and running in the first place. As far as I remember, the most critical issue was how to initialize the database and how to make a reasonable structure suited for both user authentication, Samba and some mail server. Right now I have to parallel structures, one for Samba/system users and one for (virtual) mail users. I still wonder why a "universal" implementation of LDAP authentication on FreeBSD is not described anywhere. But if I find the time and energy, I migth try to experiment on my own and might also return to you if a have more specific issues.
Regards, Jon _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
