Date: Thu, 27 May 2004 15:27:43 -0400 From: Bart Silverstrim <bsilver@chrononomicon.com> To: "Thompson, Jimi" <JimiT@mail.cox.smu.edu> Cc: freebsd-questions Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: LDAP Message-ID: <ECD261BE-B013-11D8-B5C2-000A956D2452@chrononomicon.com> In-Reply-To: <4B3F673172B98D449EBCC3BE8316F52403BA16A0@exch4.elcsb.net> References: <4B3F673172B98D449EBCC3BE8316F52403BA16A0@exch4.elcsb.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On May 27, 2004, at 2:38 PM, Thompson, Jimi wrote: > > > The question then becomes - What do you plan to use the LDAP to store? > Depending on your answer, you may need to modify your schema in order > to > store that information. For example, there is a library which uses > LDAP > to store information about their books. As books don't need a lot of > the address type information, their schema is heavily modified to > support this. For example, humans don't have an author or publisher > whereas books do. > Thanks for the response... Right now, we're using a testbed server to see if it's possible to use LDAP with pGINA on Windows to replace our current active directory structure. We don't use a lot of the "advanced" features of AD, and would like to begin this work as a possible way of eventually migrating users to something a little more flexible (it seemed everything could talk to LDAP for authentication...with the proper amount of headache-suffering...) For what we're using it for, it would be primarily user authentication. Right now, to get Windows 2000/XP systems to talk to it. Eventually, email using (postfix?) for authenticating <2000 users. Email directories would also be helpful for clients to talk to the LDAP server and get username, maybe some properties like phone number, building they're in, room number, student ID number...things like that. The 2000 machines need to get usernames, home directories, profile directories at a minimum...and would there be a way to get it to handle the permissions (group memberships, etc.)? We would probably need to figure out if the home directory and profile directories can be also stored in the LDAP directory as well as maybe memberships for that username? Would these be possible? Part of this would also rely on pGINA as well. The last systems that may need to talk to it are Win9x machines, if we can get the 2000 machines to talk to it then maybe SAMBA could be tied to it for authenticating Win9x. An alternative, I suppose, would be to get the machine to run samba and have samba act as some kind of domain controller and authenticating to the LDAP server on the Windows machines' behalf... Anyone hear of a setup to accomplish something similar to this, and if so have some tips/ideas on what to do? I know this sounds like a big jumble...I guess I'm just starting out into this project and looking for guidance on where to start charting a course :-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ECD261BE-B013-11D8-B5C2-000A956D2452>