Date: Fri, 28 Mar 2008 15:44:47 -0500 From: "Zane C.B." <v.velox@vvelox.net> To: "Jon Theil Nielsen" <jontheil@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: A general purpose LDAP solution? Message-ID: <20080328154447.31c37b04@vixen42> In-Reply-To: <8f82c35c0803231526n5a429cb5t1c81a7f98dfb19ea@mail.gmail.com> References: <8f82c35c0803231523i52e55906tfd3cf96b36fe70d7@mail.gmail.com> <8f82c35c0803231526n5a429cb5t1c81a7f98dfb19ea@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 23 Mar 2008 23:26:51 +0100 "Jon Theil Nielsen" <jontheil@gmail.com> wrote: > 2008/3/23, Jon Theil Nielsen <jontheil@gmail.com>: > > Hi list! > > > > I have speculated a lot about implementation of (Open)LDAP on my > > sever. By I haven't yet found the right (and logical) way to do > > it. I'm running FreeBSD 7.0-Release with some different server > > applications > > - Samba PDC > > - Virtual mail server (Postfix, MySQL, Courier-IMAP) > > - VPN (currently with mpd4) > > - Apache-2.2.8 web server (with PHP and MySQL) > > I would like to implement LDAP for: > > - authentication of UNIX/login users > > - authentication of Samba users > > - authentication/authorization of virtual mail users > > For the first part, I got useful information from a previsous > > thread > > (http://unix.derkeiler.com/Mailing-Lists/FreeBSD/questions/2008-02/msg01047.html) > > and for the second part, i guess there is sufficient howtos to > > make it work. My biggest question right now is if is possible to > > combine all three things in one data structure. And which in > > which order I should make the different implimentions. > > Excuse my total lack of understanding, but is it possible to > > have a structure with a superior unit such as OU=<some > > organization> which could contain several virtual domains and the > > organization> actual doamin for my > > PDC? > > > > -- > > Jon Theil Nielsen > Oh, i forgot one more thing: I would also like to be able to > authenticate VPN users the same way. For foo.bar and monkies.foo.bar, I would do it as below. And remember, PAM is your friend. And on a similar note, I am goat fragging surprised Postfix does not have a native PAM auth backend yet. ou=users,dc=foo,dc=bar ou=users,dc=monkies,dc=foo,bar In regards to VPN, you may wish to look into OpenVPN. It has a scriptable password checking mechanism. http://openvpn.net/index.php/documentation/howto.html#auth Enjoy playing with the nastiness that is Samba and LDAP. =^.^= On another note, I changed this from the net list to the questions list as I don't think this really falls under FreeBSD net related stuff.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080328154447.31c37b04>