A general purpose LDAP solution?

Tim Judd tajudd at gmail.com
Mon Mar 24 16:02:30 PDT 2008 

Jon Theil Nielsen wrote:
> I asked this on freebsd-net@ but got no replies. So now I ask the same
> question here.
>   
>> Hi list!
>>     
>  >
>  >  I have speculated a lot about implementation of (Open)LDAP on my
>  >  sever. By I haven't yet found the right (and logical) way to do it.
>  >  I'm running FreeBSD 7.0-Release with some different server applications
>  >  - Samba PDC
>  >  - Virtual mail server (Postfix, MySQL, Courier-IMAP)
>  >  - VPN (currently with mpd4)
>  >  - Apache-2.2.8 web server (with PHP and MySQL)
>  >  I would like to implement LDAP for:
>  >  - authentication of UNIX/login users
>  >  - authentication of Samba users
>  >  - authentication/authorization of virtual mail users
>  >  For the first part, I got useful information from a previsous thread
>  >  (http://unix.derkeiler.com/Mailing-Lists/FreeBSD/questions/2008-02/msg01047.html)
>  >  and for the second part, i guess there is sufficient howtos to make it
>  >  work.
>  >  My biggest question right now is if is possible to combine all three
>  >  things in one data structure. And which in which order I should make
>  >  the different implimentions.
>  >  Excuse my total lack of understanding, but is it possible to have a
>  >  structure with a superior unit such as OU=<some organization> which
>  >  could contain several virtual domains and the actual doamin for my
>  >  PDC?
>  >
>  >  --
>  > Jon Theil Nielsen
>
> Oh, i forgot one more thing: I would also like to be able to
>  authenticate VPN users the same way.
>  --
> Jon Theil Nielsen
>   

It's easy to find out if LDAP is a global solution for you.  See if LDAP 
is an available option in each port's config.

I just finished setting up a LDAP-based email system.  Samba is capable, 
unix logins are capable.  There's a good chance everything is.

I liked the virtual part of everything, so I stopped after getting email 
working.  I didn't want to open up my system to all sorts of unix/samba 
logins that might exploit or give me problems.

The email system I documented isn't ready for publishing.  I'm having 
some select friends review it and proofread it first.

If there's any interest here, I will provide a 2nd publishing to the 
general public as a draft.  Not to be used exclusively yet.

Jon, you should be able to get most if not all of it working though.

--Tim

More information about the freebsd-questions mailing list