From owner-freebsd-questions@FreeBSD.ORG Fri Jan 28 10:49:01 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E12916A4CE for ; Fri, 28 Jan 2005 10:49:01 +0000 (GMT) Received: from top.daemonsecurity.com (FW-182-254.go.retevision.es [62.174.254.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8897243D5A for ; Fri, 28 Jan 2005 10:49:00 +0000 (GMT) (envelope-from norgaard@locolomo.org) Received: from [IPv6???1] (localhost.daemonsecurity.com [127.0.0.1]) by top.daemonsecurity.com (Postfix) with ESMTP id 93B4BFD068; Fri, 28 Jan 2005 11:48:58 +0100 (CET) Message-ID: <41FA1893.7070505@locolomo.org> Date: Fri, 28 Jan 2005 11:48:51 +0100 From: Erik Norgaard User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20050127 X-Accept-Language: en, en-us, da, it, es MIME-Version: 1.0 To: Dick Davies References: <3388.192.168.1.150.1106853833.squirrel@vipersystems.biz> <41F94A5E.6020502@locolomo.org> <41F94F07.7000308@locolomo.org> <20050127210155.GM57113@eris.tenfour> In-Reply-To: <20050127210155.GM57113@eris.tenfour> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: FreeBSD Questions Subject: Re: Syncing 3 Freebsd servers' accounts Question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Jan 2005 10:49:01 -0000 Dick Davies wrote: >>O'Reilly has a really good book on LDAP "LDAP System Administration" - >>includes a chapter on how to migrate from NIS to LDAP. > > IMO that's one of the few bad oreilly books > the orielly book is more of a cookbook, but does'nt really explain what's > going on. You have a problem, and you want to solve it. I find the O'Reilly book a good guide. I didn't claim it will give you a complete understanding of the protocol or X.509 etc. But it will show you how to solve the problem at hand, and give ideas of how to exploit LDAP further. > NetBSD is almost finished integrating pluggable nsswitch modules, I doubt openbsd > will be far behind. No offence to the openbsd crew but if you waited for them to support > something before using it on freebsd you wouldn't be running much... I think the whole idea of pam is against their fundamental philosophy, so I wouldn't expect to see this any time soon. >>Also, LDAP requires you to obtain Object Identifiers if you defnine new >>types, I haven't heard of OID that can be used for private/experimental >>purposes only (like the private ip address spaces). > > There's no need to get an OID registered (unlike IP addresses; it's not like > it's routed) but it's free and they'll happily give you one if you ask. You will need to have your directory service available for the internet if you eg. want to distribute certificates - the most common use I think. And you will need OID if you want to add your own extensions to the v3 certificate. But even if not, just to make sure that your choice of OID will not clash with commonly distributed entries, it would be convenient to have a private playground, where any interference is _your_ problem. I know they will give you a branch for free if you ask, but I guess that will change if we all request such a branch. Anyway, the predefined schemes much satturates the need of most SOHO's. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2