A general purpose LDAP solution?

Patrick C pcloches at gmail.com
Mon Mar 24 16:14:05 PDT 2008 

I'd be interested in a read.

I am currently using NIS/YP with FreeBSD servers and Linux clients... makes
things very interesting. I've been meaning to exploit PAM for a more modern
solution but it hasn't been a huge priority.

Is there any support for built-in redundancy on the server level? I just
need changes replicated, CARP can handle failover.

-Patrick

On 24/03/2008, Tim Judd <tajudd at gmail.com> wrote:
>
> Jon Theil Nielsen wrote:
> > I asked this on freebsd-net@ but got no replies. So now I ask the same
> > question here.
> >
> >> Hi list!
> >>
> >  >
> >  >  I have speculated a lot about implementation of (Open)LDAP on my
> >  >  sever. By I haven't yet found the right (and logical) way to do it.
> >  >  I'm running FreeBSD 7.0-Release with some different server
> applications
> >  >  - Samba PDC
> >  >  - Virtual mail server (Postfix, MySQL, Courier-IMAP)
> >  >  - VPN (currently with mpd4)
> >  >  - Apache-2.2.8 web server (with PHP and MySQL)
> >  >  I would like to implement LDAP for:
> >  >  - authentication of UNIX/login users
> >  >  - authentication of Samba users
> >  >  - authentication/authorization of virtual mail users
> >  >  For the first part, I got useful information from a previsous thread
> >  >  (
> http://unix.derkeiler.com/Mailing-Lists/FreeBSD/questions/2008-02/msg01047.html
> )
> >  >  and for the second part, i guess there is sufficient howtos to make
> it
> >  >  work.
> >  >  My biggest question right now is if is possible to combine all three
> >  >  things in one data structure. And which in which order I should make
> >  >  the different implimentions.
> >  >  Excuse my total lack of understanding, but is it possible to have a
> >  >  structure with a superior unit such as OU=<some organization> which
> >  >  could contain several virtual domains and the actual doamin for my
> >  >  PDC?
> >  >
> >  >  --
> >  > Jon Theil Nielsen
> >
> > Oh, i forgot one more thing: I would also like to be able to
> >  authenticate VPN users the same way.
> >  --
> > Jon Theil Nielsen
> >
>
>
> It's easy to find out if LDAP is a global solution for you.  See if LDAP
> is an available option in each port's config.
>
> I just finished setting up a LDAP-based email system.  Samba is capable,
> unix logins are capable.  There's a good chance everything is.
>
> I liked the virtual part of everything, so I stopped after getting email
> working.  I didn't want to open up my system to all sorts of unix/samba
> logins that might exploit or give me problems.
>
> The email system I documented isn't ready for publishing.  I'm having
> some select friends review it and proofread it first.
>
> If there's any interest here, I will provide a 2nd publishing to the
> general public as a draft.  Not to be used exclusively yet.
>
> Jon, you should be able to get most if not all of it working though.
>
>
> --Tim
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
>

More information about the freebsd-questions mailing list