LDAP

Bart Silverstrim bsilver at chrononomicon.com
Thu May 27 12:30:00 PDT 2004


On May 27, 2004, at 2:38 PM, Thompson, Jimi wrote:
>
>
> The question then becomes - What do you plan to use the LDAP to store?
> Depending on your answer, you may need to modify your schema in order 
> to
> store that information.  For example, there is a library which uses 
> LDAP
> to store information about their books.  As books don't need a lot of
> the address type information, their schema is heavily modified to
> support this.  For example, humans don't have an author or publisher
> whereas books do.
>

Thanks for the response...

Right now, we're using a testbed server to see if it's possible to use 
LDAP with pGINA on Windows to replace our current active directory 
structure.

We don't use a lot of the "advanced" features of AD, and would like to 
begin this work as a possible way of eventually migrating users to 
something a little more flexible (it seemed everything could talk to 
LDAP for authentication...with the proper amount of 
headache-suffering...)

For what we're using it for, it would be primarily user authentication. 
  Right now, to get Windows 2000/XP systems to talk to it.  Eventually, 
email using (postfix?) for authenticating <2000 users.  Email 
directories would also be helpful for clients to talk to the LDAP 
server and get username, maybe some properties like phone number, 
building they're in, room number, student ID number...things like that. 
  The 2000 machines need to get usernames, home directories, profile 
directories at a minimum...and would there be a way to get it to handle 
the permissions (group memberships, etc.)?

We would probably need to figure out if the home directory and profile 
directories can be also stored in the LDAP directory as well as maybe 
memberships for that username?  Would these be possible?  Part of this 
would also rely on pGINA as well.

The last systems that may need to talk to it are Win9x machines, if we 
can get the 2000 machines to talk to it then maybe SAMBA could be tied 
to it for authenticating Win9x.

An alternative, I suppose, would be to get the machine to run samba and 
have samba act as some kind of domain controller and authenticating to 
the LDAP server on the Windows machines' behalf...

Anyone hear of a setup to accomplish something similar to this, and if 
so have some tips/ideas on what to do?

I know this sounds like a big jumble...I guess I'm just starting out 
into this project and looking for guidance on where to start charting a 
course :-)



More information about the freebsd-questions mailing list