Date: Thu, 14 Feb 2008 19:39:38 +0100 From: "Jon Theil Nielsen" <jontheil@gmail.com> To: Dave <dmehler26@woh.rr.com> Subject: Re: LDAP user authentication? Message-ID: <8f82c35c0802141039j1b9338b9n7d4e436c4c6b3707@mail.gmail.com> In-Reply-To: <000701c86f18$0dadeea0$0200a8c0@satellite> References: <8f82c35c0802131110l7c678965qe6d0c3432f008254@mail.gmail.com> <000301c86ed2$17177560$0200a8c0@satellite> <8f82c35c0802140420w57a1d5dfpd12b86e57efd585d@mail.gmail.com> <000701c86f18$0dadeea0$0200a8c0@satellite>
next in thread | previous in thread | raw e-mail | index | archive | help
2008/2/14, Dave <dmehler26@woh.rr.com>: > Hi, > Actually i'm only using jails, because i haven't got all the bugs worked > out yet and when i do i'm going to just copy the files over and go > production. Other than that these files will work for a freebsd system. In > brief you'll need openldap server and client ports, i'm using 2.4, pam_ldap > port and nss_ldap port. Go configure all that and that'll do it, take it in > stages, slapd first, the ldap client next, then either pam_ldap or nss_ldap, > one thing you'll definitely want is tls encryption, can't help with that as > i'm still trying to get that working. > If you need any help let me know, i'll do what i can. > > Dave. > > ----- Original Message ----- > From: "Jon Theil Nielsen" <jontheil@gmail.com> > > To: "Dave" <dmehler26@woh.rr.com> > Cc: <freebsd-questions@freebsd.org> > Sent: Thursday, February 14, 2008 7:20 AM > Subject: Re: LDAP user authentication? > > > >> >I have googled for a very long time, but I haven't found any useful > >> > howto on this issue. Well, there is > >> > > >> http://www.cultdeadsheep.org/FreeBSD/docs/Quick_and_dirty_FreeBSD_5_x_and_nss_ldap_mini-HOWTO.html > >> > but that seems to be a bit confusing an not up-to-date. I guess it > >> > _should_ be possible - and indeed very useful (especially combinde > >> > with Samba PDC and an easily maintainlable mail server). So please, if > >> > you have any experiences or knowledge of a useful description..! > >> > > >> > Regards, > >> > Jon Theil Nielsen > > > > > > 2008/2/14, Dave <dmehler26@woh.rr.com>: > >> Hi, > >> I am far from an expert, in fact i'm still learning. I don't know a > >> lot > >> of the jargon, that is i still get the more intense terms mixed up, but > >> i've > >> been banging my head against ldap for about a month now and am starting > >> to > >> show results. Right now i'm using ldap in jails on freebsd 6.2 as i > >> don't > >> have all the bugs worked out to go production. I've got a directory that > >> is > >> a user addressbook as well as handles authentication of users, both for > >> the > >> jailed ldap server, but for two other jailed environments, one the ldap > >> client, the other just a test machine. I've also authenticated a linux > >> box > >> against this server that works fine with a few tweaks. Right now i've > >> got a > >> jail specifically for testmail setup i'm going to try to hook in email > >> services, pop/imap, smtp, etc. in to ldap. > >> If you have im abilities i can talk more there, but basically it's > >> definitely not trivial to get going, in my opinion others might differ. > >> Dave. > >> Thanks a lot. That might be interesting. TLS might not be that vital, since I'm mostly thinking of a solution on my own servers and primarily only on the central one. When I was on Linux, PAM was almost a most, but I think it is different on FreeBSD, so I guess I would prefer the solution with nss_ldap. Your are right, nothing severe will happen if I try to get the LDAP server and client up and running in the first place. As far as I remember, the most critical issue was how to initialize the database and how to make a reasonable structure suited for both user authentication, Samba and some mail server. Right now I have to parallel structures, one for Samba/system users and one for (virtual) mail users. I still wonder why a "universal" implementation of LDAP authentication on FreeBSD is not described anywhere. But if I find the time and energy, I migth try to experiment on my own and might also return to you if a have more specific issues. Regards, Jon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8f82c35c0802141039j1b9338b9n7d4e436c4c6b3707>