A general purpose LDAP solution?
outbackdingo at gmail.com
Tue Mar 25 10:53:07 PDT 2008
GOSA is another nice feature full LDAP manager in PHP, does samba, dns,
mail, web, asterisk etc etc etc
On Wed, Mar 26, 2008 at 12:02 AM, Christopher Sean Hilton <
chris at vindaloo.com> wrote:
> On Mar 24, 2008, at 6:40 PM, Jon Theil Nielsen wrote:
> > I asked this on freebsd-net@ but got no replies. So now I ask the same
> > question here.
> >> Hi list!
> >> I have speculated a lot about implementation of (Open)LDAP on my
> >> sever. By I haven't yet found the right (and logical) way to do it.
> >> I'm running FreeBSD 7.0-Release with some different server
> >> applications
> >> - Samba PDC
> >> - Virtual mail server (Postfix, MySQL, Courier-IMAP)
> >> - VPN (currently with mpd4)
> >> - Apache-2.2.8 web server (with PHP and MySQL)
> >> I would like to implement LDAP for:
> >> - authentication of UNIX/login users
> >> - authentication of Samba users
> >> - authentication/authorization of virtual mail users
> >> For the first part, I got useful information from a previsous thread
> >> (
> >> )
> >> and for the second part, i guess there is sufficient howtos to make
> >> it
> >> work.
> Tim Judd's advice is good for a start. I'm currently using ldap for
> authentication of:
> Jabber (directly)
> WebDAV (through Apache2's mod_auth_ldap)
> inbound email (imap/pop)
> outbound email (smtp+auth)
> As a general rule the experience has been very positive. The biggest
> issues that I've run into are maintenance of the underlying ldap
> database which involves keeping tiny ldif files scattered around.
> Certainly the biggest hassle is in doing ldapadd and ldapmodify from
> the command line with all the torturous options that you have to
> provide (BindDn, BindPassword, TargetDN).
> Nonetheless it's been a generally positive experience. In looking at
> your list of applications it seems that most of them will support ldap
> authentication directly. Mpd4 doesn't but it does support Radius so it
> looks like you'll have to build radius to authenticate against LDAP
> and then have mpd4 authenticate against radius. SMTP is similar. It
> doesn't support authentication via LDAP directly. It uses SASL which
> can also authenticate against LDAP.
> >> My biggest question right now is if is possible to combine all three
> >> things in one data structure. And which in which order I should make
> >> the different implimentions.
> >> Excuse my total lack of understanding, but is it possible to have a
> >> structure with a superior unit such as OU=<some organization> which
> >> could contain several virtual domains and the actual doamin for my
> >> PDC?
> The answer to this question would be a set of non-conflicting ldap
> schemas to support the functions that you need. If your needs are
> simple authentication the schemas that ship with openldap will provide
> fruit. If you want to make ldap your database for delivering mail to
> virtual users there are a few path's out there. Courier had/has a
> schema for supporting virtual users that could be banged into shape
> but if I recall correctly it's support for keeping virtual domain
> information in ldap is lacking. Phamm, /usr/ports/net/phamm completely
> supports virtual domains and virtual users including delegation of
> user management. E.g. the user hostmaster at example.com can reset
> passwords for <user>@example.com. Phamm also has a neat web interface
> for administration. However, when I was setting it up I found it more
> overly complex for my needs. Like using a Formula 1 car for a grocery
> run. However I think that it even works with the Samba schema so it
> may be exactly what you want.
> >> --
> >> Jon Theil Nielsen
> > Oh, i forgot one more thing: I would also like to be able to
> > authenticate VPN users the same way.
> mpd4 + radius + ldap should get you where you want to be.
> -- Chris
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions