GOSA is another nice feature full LDAP manager in PHP, does samba, dns, mail, web, asterisk etc etc etc
On Wed, Mar 26, 2008 at 12:02 AM, Christopher Sean Hilton < [EMAIL PROTECTED]> wrote: > > On Mar 24, 2008, at 6:40 PM, Jon Theil Nielsen wrote: > > > I asked this on freebsd-net@ but got no replies. So now I ask the same > > question here. > >> Hi list! > >> > >> I have speculated a lot about implementation of (Open)LDAP on my > >> sever. By I haven't yet found the right (and logical) way to do it. > >> I'm running FreeBSD 7.0-Release with some different server > >> applications > >> - Samba PDC > >> - Virtual mail server (Postfix, MySQL, Courier-IMAP) > >> - VPN (currently with mpd4) > >> - Apache-2.2.8 web server (with PHP and MySQL) > >> I would like to implement LDAP for: > >> - authentication of UNIX/login users > >> - authentication of Samba users > >> - authentication/authorization of virtual mail users > >> For the first part, I got useful information from a previsous thread > >> ( > http://unix.derkeiler.com/Mailing-Lists/FreeBSD/questions/2008-02/msg01047.html > >> ) > >> and for the second part, i guess there is sufficient howtos to make > >> it > >> work. > >> > > Tim Judd's advice is good for a start. I'm currently using ldap for > authentication of: > > Jabber (directly) > WebDAV (through Apache2's mod_auth_ldap) > inbound email (imap/pop) > outbound email (smtp+auth) > > As a general rule the experience has been very positive. The biggest > issues that I've run into are maintenance of the underlying ldap > database which involves keeping tiny ldif files scattered around. > Certainly the biggest hassle is in doing ldapadd and ldapmodify from > the command line with all the torturous options that you have to > provide (BindDn, BindPassword, TargetDN). > > Nonetheless it's been a generally positive experience. In looking at > your list of applications it seems that most of them will support ldap > authentication directly. Mpd4 doesn't but it does support Radius so it > looks like you'll have to build radius to authenticate against LDAP > and then have mpd4 authenticate against radius. SMTP is similar. It > doesn't support authentication via LDAP directly. It uses SASL which > can also authenticate against LDAP. > > >> My biggest question right now is if is possible to combine all three > >> things in one data structure. And which in which order I should make > >> the different implimentions. > >> Excuse my total lack of understanding, but is it possible to have a > >> structure with a superior unit such as OU=<some organization> which > >> could contain several virtual domains and the actual doamin for my > >> PDC? > >> > > The answer to this question would be a set of non-conflicting ldap > schemas to support the functions that you need. If your needs are > simple authentication the schemas that ship with openldap will provide > fruit. If you want to make ldap your database for delivering mail to > virtual users there are a few path's out there. Courier had/has a > schema for supporting virtual users that could be banged into shape > but if I recall correctly it's support for keeping virtual domain > information in ldap is lacking. Phamm, /usr/ports/net/phamm completely > supports virtual domains and virtual users including delegation of > user management. E.g. the user [EMAIL PROTECTED] can reset > passwords for <user>@example.com. Phamm also has a neat web interface > for administration. However, when I was setting it up I found it more > overly complex for my needs. Like using a Formula 1 car for a grocery > run. However I think that it even works with the Samba schema so it > may be exactly what you want. > > >> -- > >> Jon Theil Nielsen > > > > Oh, i forgot one more thing: I would also like to be able to > > authenticate VPN users the same way. > > mpd4 + radius + ldap should get you where you want to be. > > -- Chris > > _______________________________________________ > firstname.lastname@example.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > [EMAIL PROTECTED]" > _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"