From owner-freebsd-isp@FreeBSD.ORG Sat Jun 14 10:25:33 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9EC3037B401 for ; Sat, 14 Jun 2003 10:25:33 -0700 (PDT) Received: from fragma.wildcardinternet.co.uk (fragma.wildcardinternet.co.uk [195.82.114.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id E26E243FE1 for ; Sat, 14 Jun 2003 10:25:32 -0700 (PDT) (envelope-from lee@wildcardinternet.co.uk) Received: from ded.ncl-ne39.wildcardinternet.co.uk ([195.82.114.89] helo=gate.p.ncl-ne39.wildcardinternet.co.uk) by fragma.wildcardinternet.co.uk with esmtp (Exim 3.35 #1) id 19REmO-00006z-00; Sat, 14 Jun 2003 18:25:28 +0100 From: Lee Johnston In-Reply-To: <20030614121049.GA57026@LF.net> X-Mailer: clevercactus beta Date: Sat, 14 Jun 03 18:25:47 +0100 X-Spaces-Space: Default To: vezku@surfeu.fi, Marc Schoechlin Content-Type: text/plain Message-ID: <-1294203520.1055611547881@clevercactus.6488153> cc: freebsd-isp@freebsd.org Subject: Re: enteprise account management X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Lee Johnston List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Jun 2003 17:25:33 -0000 I looked into the LDAP solution a while back... Basically you'll be fine using LDAP if the applications can query an LDAP directory directly, or via PAM using PADLs pam_ldap module. The problem comes when you need system accounts stored in an LDAP directory, as far as I know (or at least this was the case a few months ago) the nss_ldap module won't work with with FreeBSD Nameserver switch preventing alternative methods of storing system account details. Mind, someone did mention this was possible by recompiling the C library to use BIND IRS. Another solution maybe to use PADLs commercial NIS/LDAP gateway, so you have a replacement for an NIS server which queries an LDAP directory - http://www.padl.com/ Hope this helps, Lee. > -----Original Message----- > What`s about using OpenLDAP ? > > http://www.openldap.org/ > > With OpenLDAP you can: > > * store your user-accounts in a centralized > database > (replication is also possible) > * define your own attributes > (usernames, passwords, adresses, mail-aliases, > customer-data, > user-rights,....) > * program your own management-interfaces in many > > programming-languages > .... > > Many applications are able to use > LDAP-directories for authentification and > configuration - but there is also the possibility > to use the pam-ldap-module > to import the ldap-users as regular > system-users. > > There are also some gui- and web-based > management-tools available..... > (If you like this - look at freshmeat.net) > > Regards > > Marc Schoechlin