From owner-freebsd-questions@FreeBSD.ORG Fri Mar 28 21:15:53 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9D13B106564A for ; Fri, 28 Mar 2008 21:15:53 +0000 (UTC) (envelope-from SRS0=RvP3vR=UO=vvelox.net=v.velox@yourhostingaccount.com) Received: from mailout09.yourhostingaccount.com (mailout09.yourhostingaccount.com [65.254.253.78]) by mx1.freebsd.org (Postfix) with ESMTP id 526788FC12 for ; Fri, 28 Mar 2008 21:15:53 +0000 (UTC) (envelope-from SRS0=RvP3vR=UO=vvelox.net=v.velox@yourhostingaccount.com) Received: from mailscan06.yourhostingaccount.com ([10.1.15.6] helo=mailscan06.yourhostingaccount.com) by mailout09.yourhostingaccount.com with esmtp (Exim) id 1JfLQc-0007Yi-RS for freebsd-questions@freebsd.org; Fri, 28 Mar 2008 16:43:58 -0400 Received: from impout02.yourhostingaccount.com ([10.1.55.2] helo=impout02.yourhostingaccount.com) by mailscan06.yourhostingaccount.com with esmtp (Exim) id 1JfLQc-0002cD-J8; Fri, 28 Mar 2008 16:43:58 -0400 Received: from authsmtp08.yourhostingaccount.com ([10.1.18.8]) by impout02.yourhostingaccount.com with NO UCE id 6kjn1Z00D0ASqTN0000000; Fri, 28 Mar 2008 16:43:47 -0400 X-EN-OrigOutIP: 10.1.18.8 X-EN-IMPSID: 6kjn1Z00D0ASqTN0000000 Received: from c-68-51-74-1.hsd1.il.comcast.net ([68.51.74.1] helo=vixen42) by authsmtp08.yourhostingaccount.com with esmtpa (Exim) id 1JfLQR-00089v-Gs; Fri, 28 Mar 2008 16:43:47 -0400 Date: Fri, 28 Mar 2008 15:44:47 -0500 From: "Zane C.B." To: "Jon Theil Nielsen" Message-ID: <20080328154447.31c37b04@vixen42> In-Reply-To: <8f82c35c0803231526n5a429cb5t1c81a7f98dfb19ea@mail.gmail.com> References: <8f82c35c0803231523i52e55906tfd3cf96b36fe70d7@mail.gmail.com> <8f82c35c0803231526n5a429cb5t1c81a7f98dfb19ea@mail.gmail.com> X-Mailer: Claws Mail 3.3.1 (GTK+ 2.12.9; i386-portbld-freebsd6.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-EN-UserInfo: 0d1ca1697cdb7a831d4877828571b7ab:1570f0de6936c69fef9e164fffc541bc X-EN-AuthUser: vvelox2 Sender: "Zane C.B." X-EN-OrigIP: 68.51.74.1 X-EN-OrigHost: c-68-51-74-1.hsd1.il.comcast.net Cc: freebsd-questions@freebsd.org Subject: Re: A general purpose LDAP solution? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Mar 2008 21:15:53 -0000 On Sun, 23 Mar 2008 23:26:51 +0100 "Jon Theil Nielsen" wrote: > 2008/3/23, Jon Theil Nielsen : > > Hi list! > > > > I have speculated a lot about implementation of (Open)LDAP on my > > sever. By I haven't yet found the right (and logical) way to do > > it. I'm running FreeBSD 7.0-Release with some different server > > applications > > - Samba PDC > > - Virtual mail server (Postfix, MySQL, Courier-IMAP) > > - VPN (currently with mpd4) > > - Apache-2.2.8 web server (with PHP and MySQL) > > I would like to implement LDAP for: > > - authentication of UNIX/login users > > - authentication of Samba users > > - authentication/authorization of virtual mail users > > For the first part, I got useful information from a previsous > > thread > > (http://unix.derkeiler.com/Mailing-Lists/FreeBSD/questions/2008-02/msg01047.html) > > and for the second part, i guess there is sufficient howtos to > > make it work. My biggest question right now is if is possible to > > combine all three things in one data structure. And which in > > which order I should make the different implimentions. > > Excuse my total lack of understanding, but is it possible to > > have a structure with a superior unit such as OU= > organization> which could contain several virtual domains and the > > organization> actual doamin for my > > PDC? > > > > -- > > Jon Theil Nielsen > Oh, i forgot one more thing: I would also like to be able to > authenticate VPN users the same way. For foo.bar and monkies.foo.bar, I would do it as below. And remember, PAM is your friend. And on a similar note, I am goat fragging surprised Postfix does not have a native PAM auth backend yet. ou=users,dc=foo,dc=bar ou=users,dc=monkies,dc=foo,bar In regards to VPN, you may wish to look into OpenVPN. It has a scriptable password checking mechanism. http://openvpn.net/index.php/documentation/howto.html#auth Enjoy playing with the nastiness that is Samba and LDAP. =^.^= On another note, I changed this from the net list to the questions list as I don't think this really falls under FreeBSD net related stuff.