LDAP user authentication?
Jon Theil Nielsen
jontheil at gmail.com
Thu Feb 14 18:39:40 UTC 2008
2008/2/14, Dave <dmehler26 at woh.rr.com>:
> Actually i'm only using jails, because i haven't got all the bugs worked
> out yet and when i do i'm going to just copy the files over and go
> production. Other than that these files will work for a freebsd system. In
> brief you'll need openldap server and client ports, i'm using 2.4, pam_ldap
> port and nss_ldap port. Go configure all that and that'll do it, take it in
> stages, slapd first, the ldap client next, then either pam_ldap or nss_ldap,
> one thing you'll definitely want is tls encryption, can't help with that as
> i'm still trying to get that working.
> If you need any help let me know, i'll do what i can.
> ----- Original Message -----
> From: "Jon Theil Nielsen" <jontheil at gmail.com>
> To: "Dave" <dmehler26 at woh.rr.com>
> Cc: <freebsd-questions at freebsd.org>
> Sent: Thursday, February 14, 2008 7:20 AM
> Subject: Re: LDAP user authentication?
> >> >I have googled for a very long time, but I haven't found any useful
> >> > howto on this issue. Well, there is
> >> >
> >> http://www.cultdeadsheep.org/FreeBSD/docs/Quick_and_dirty_FreeBSD_5_x_and_nss_ldap_mini-HOWTO.html
> >> > but that seems to be a bit confusing an not up-to-date. I guess it
> >> > _should_ be possible - and indeed very useful (especially combinde
> >> > with Samba PDC and an easily maintainlable mail server). So please, if
> >> > you have any experiences or knowledge of a useful description..!
> >> >
> >> > Regards,
> >> > Jon Theil Nielsen
> > 2008/2/14, Dave <dmehler26 at woh.rr.com>:
> >> Hi,
> >> I am far from an expert, in fact i'm still learning. I don't know a
> >> lot
> >> of the jargon, that is i still get the more intense terms mixed up, but
> >> i've
> >> been banging my head against ldap for about a month now and am starting
> >> to
> >> show results. Right now i'm using ldap in jails on freebsd 6.2 as i
> >> don't
> >> have all the bugs worked out to go production. I've got a directory that
> >> is
> >> a user addressbook as well as handles authentication of users, both for
> >> the
> >> jailed ldap server, but for two other jailed environments, one the ldap
> >> client, the other just a test machine. I've also authenticated a linux
> >> box
> >> against this server that works fine with a few tweaks. Right now i've
> >> got a
> >> jail specifically for testmail setup i'm going to try to hook in email
> >> services, pop/imap, smtp, etc. in to ldap.
> >> If you have im abilities i can talk more there, but basically it's
> >> definitely not trivial to get going, in my opinion others might differ.
> >> Dave.
Thanks a lot. That might be interesting. TLS might not be that vital,
since I'm mostly thinking of a solution on my own servers and
primarily only on the central one. When I was on Linux, PAM was almost
a most, but I think it is different on FreeBSD, so I guess I would
prefer the solution with nss_ldap.
Your are right, nothing severe will happen if I try to get the LDAP
server and client up and running in the first place. As far as I
remember, the most critical issue was how to initialize the database
and how to make a reasonable structure suited for both user
authentication, Samba and some mail server. Right now I have to
parallel structures, one for Samba/system users and one for (virtual)
I still wonder why a "universal" implementation of LDAP authentication
on FreeBSD is not described anywhere. But if I find the time and
energy, I migth try to experiment on my own and might also return to
you if a have more specific issues.
More information about the freebsd-questions