LDAP user authentication?

Jon Theil Nielsen jontheil at gmail.com
Thu Feb 14 18:39:40 UTC 2008

2008/2/14, Dave <dmehler26 at woh.rr.com>:
> Hi,
>     Actually i'm only using jails, because i haven't got all the bugs worked
>  out yet and when i do i'm going to just copy the files over and go
>  production. Other than that these files will work for a freebsd system. In
>  brief you'll need openldap server and client ports, i'm using 2.4, pam_ldap
>  port and nss_ldap port. Go configure all that and that'll do it, take it in
>  stages, slapd first, the ldap client next, then either pam_ldap or nss_ldap,
>  one thing you'll definitely want is tls encryption, can't help with that as
>  i'm still trying to get that working.
>     If you need any help let me know, i'll do what i can.
> Dave.
>  ----- Original Message -----
>  From: "Jon Theil Nielsen" <jontheil at gmail.com>
> To: "Dave" <dmehler26 at woh.rr.com>
>  Cc: <freebsd-questions at freebsd.org>
>  Sent: Thursday, February 14, 2008 7:20 AM
>  Subject: Re: LDAP user authentication?
>  >>  >I have googled for a very long time, but I haven't found any useful
>  >>  > howto on this issue. Well, there is
>  >>  >
>  >> http://www.cultdeadsheep.org/FreeBSD/docs/Quick_and_dirty_FreeBSD_5_x_and_nss_ldap_mini-HOWTO.html
>  >>  > but that seems to be a bit confusing an not up-to-date. I guess it
>  >>  > _should_ be possible - and indeed very useful (especially combinde
>  >>  > with Samba PDC and an easily maintainlable mail server). So please, if
>  >>  > you have any experiences or knowledge of a useful description..!
>  >>  >
>  >>  > Regards,
>  >>  > Jon Theil Nielsen
>  >
>  >
>  > 2008/2/14, Dave <dmehler26 at woh.rr.com>:
>  >> Hi,
>  >>     I am far from an expert, in fact i'm still learning. I don't know a
>  >> lot
>  >>  of the jargon, that is i still get the more intense terms mixed up, but
>  >> i've
>  >>  been banging my head against ldap for about a month now and am starting
>  >> to
>  >>  show results. Right now i'm using ldap in jails on freebsd 6.2 as i
>  >> don't
>  >>  have all the bugs worked out to go production. I've got a directory that
>  >> is
>  >>  a user addressbook as well as handles authentication of users, both for
>  >> the
>  >>  jailed ldap server, but for two other jailed environments, one the ldap
>  >>  client, the other just a test machine. I've also authenticated a linux
>  >> box
>  >>  against this server that works fine with a few tweaks. Right now i've
>  >> got a
>  >>  jail specifically for testmail setup i'm going to try to hook in email
>  >>  services, pop/imap, smtp, etc. in to ldap.
>  >>     If you have im abilities i can talk more there, but basically it's
>  >>  definitely not trivial to get going, in my opinion others might differ.
>  >>  Dave.
>  >>
Thanks a lot. That might be interesting. TLS might not be that vital,
since I'm mostly thinking of a solution on my own servers and
primarily only on the central one. When I was on Linux, PAM was almost
a most, but I think it is different on FreeBSD, so I guess I would
prefer the solution with nss_ldap.
Your are right, nothing severe will happen if I try to get the LDAP
server and client up and running in the first place. As far as I
remember, the most critical issue was how to initialize the database
and how to make a reasonable structure suited for both user
authentication, Samba and some mail server. Right now I have to
parallel structures, one for Samba/system users and one for (virtual)
mail users.
I still wonder why a "universal" implementation of LDAP authentication
on FreeBSD is not described anywhere. But if I find the time and
energy, I migth try to experiment on my own and might also return to
you if a have more specific issues.


More information about the freebsd-questions mailing list