A general purpose LDAP solution?
Zane C.B.
v.velox at vvelox.net
Fri Mar 28 14:15:53 PDT 2008
On Sun, 23 Mar 2008 23:26:51 +0100
"Jon Theil Nielsen" <jontheil at gmail.com> wrote:
> 2008/3/23, Jon Theil Nielsen <jontheil at gmail.com>:
> > Hi list!
> >
> > I have speculated a lot about implementation of (Open)LDAP on my
> > sever. By I haven't yet found the right (and logical) way to do
> > it. I'm running FreeBSD 7.0-Release with some different server
> > applications
> > - Samba PDC
> > - Virtual mail server (Postfix, MySQL, Courier-IMAP)
> > - VPN (currently with mpd4)
> > - Apache-2.2.8 web server (with PHP and MySQL)
> > I would like to implement LDAP for:
> > - authentication of UNIX/login users
> > - authentication of Samba users
> > - authentication/authorization of virtual mail users
> > For the first part, I got useful information from a previsous
> > thread
> > (http://unix.derkeiler.com/Mailing-Lists/FreeBSD/questions/2008-02/msg01047.html)
> > and for the second part, i guess there is sufficient howtos to
> > make it work. My biggest question right now is if is possible to
> > combine all three things in one data structure. And which in
> > which order I should make the different implimentions.
> > Excuse my total lack of understanding, but is it possible to
> > have a structure with a superior unit such as OU=<some
> > organization> which could contain several virtual domains and the
> > organization> actual doamin for my
> > PDC?
> >
> > --
> > Jon Theil Nielsen
> Oh, i forgot one more thing: I would also like to be able to
> authenticate VPN users the same way.
For foo.bar and monkies.foo.bar, I would do it as below. And
remember, PAM is your friend. And on a similar note, I am goat
fragging surprised Postfix does not have a native PAM auth backend
yet.
ou=users,dc=foo,dc=bar
ou=users,dc=monkies,dc=foo,bar
In regards to VPN, you may wish to look into OpenVPN. It has a
scriptable password checking mechanism.
http://openvpn.net/index.php/documentation/howto.html#auth
Enjoy playing with the nastiness that is Samba and LDAP. =^.^=
On another note, I changed this from the net list to the questions
list as I don't think this really falls under FreeBSD net related
stuff.
More information about the freebsd-questions
mailing list