From owner-freebsd-current@freebsd.org Thu Jun 9 06:41:38 2016 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EA829B6B9B3 for ; Thu, 9 Jun 2016 06:41:38 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "anubis.delphij.net", Issuer "StartCom Class 1 DV Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BA76A1C5D; Thu, 9 Jun 2016 06:41:38 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from Xins-MBP.home.us.delphij.net (unknown [IPv6:2601:646:9b80:c0a9:284c:de1:45d8:b79f]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by anubis.delphij.net (Postfix) with ESMTPSA id E7CEA1998A; Wed, 8 Jun 2016 23:41:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delphij.net; s=anubis; t=1465454498; x=1465468898; bh=/k32YqM5XG4NliRHtUQ3dxD0kqHvKpRNKIvAHudR9zo=; h=Subject:To:References:Cc:From:Date:In-Reply-To; b=yLy93jdYMIRMzZ6x0JoMPfG9SIVHBeOq69Y+dB+52o2oVLYrvYfJoW9hRqHf5gJtg zdJaCWNbJZlnVafgnfvXVvlaIbk/c/bqHCqxnDDz0CMTEd6hCq8MMW/D25ykfNyBR7 cRLNPxTZDJIm7hrhcT8T41A87kc9xwt9YK3+6d0k= Subject: Re: [CFT] ypldap testing against OpenLDAP and Microsoft Active Directory To: Craig Rodrigues , freebsd-current Current References: Cc: d@delphij.net, =?UTF-8?B?6LW15paw?= From: Xin Li Message-ID: <7c39e5ac-3ed7-f19a-e175-d27af07eea47@delphij.net> Date: Wed, 8 Jun 2016 23:41:50 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="uFnBlcCoesH5DcAExaw1g3lGLqvsk791E" X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2016 06:41:39 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --uFnBlcCoesH5DcAExaw1g3lGLqvsk791E Content-Type: multipart/mixed; boundary="npWp36kqiqKR4DonWdt9n0Jb87WrbrQi8" From: Xin Li To: Craig Rodrigues , freebsd-current Current Cc: d@delphij.net, =?UTF-8?B?6LW15paw?= Message-ID: <7c39e5ac-3ed7-f19a-e175-d27af07eea47@delphij.net> Subject: Re: [CFT] ypldap testing against OpenLDAP and Microsoft Active Directory References: In-Reply-To: --npWp36kqiqKR4DonWdt9n0Jb87WrbrQi8 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 6/8/16 23:10, Craig Rodrigues wrote: > Hi, >=20 > I have worked with Marcelo Araujo to port OpenBSD's ypldap to FreeBSD > current. >=20 > In latest current, it should be possible to put in /etc/rc.conf: >=20 > nis_ypldap_enable=3D"YES" > to activate the ypldap daemon. >=20 > When set up properly, it should be possible to log into FreeBSD, and ha= ve > the backend password database come from an LDAP database such > as OpenLDAP >=20 > There is some documentation for setting this up, but it is OpenBSD spec= ific: >=20 > http://obfuscurity.com/2009/08/OpenBSD-as-an-LDAP-Client > http://puffysecurity.com/wiki/ypldap.html#2 >=20 > I did not bother porting the OpenBSD LDAP server to FreeBSD, so that > information > does not apply. I figure that openldap from ports should work fine. >=20 > I was wondering if there is someone out there familiar enough with LDAP= > and has a setup they can test this stuff out with, provide feedback, an= d > help > improve the documentation for FreeBSD? Looks like it would be a fun weekend project. I've cc'ed a potential person who may be interested in this as well. But will this worth the effort? (I think the current implementation would do everything with plaintext protocol over wire, so while it extends life for legacy applications that are still using NIS/YP, it doesn't seem to be something that we should recommend end user to use?) > I would also be interested in hearing from someone who can see if > ypldap can work against a Microsoft Active Directory setup? Cheers, --npWp36kqiqKR4DonWdt9n0Jb87WrbrQi8-- --uFnBlcCoesH5DcAExaw1g3lGLqvsk791E Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXWQ+xAAoJEJW2GBstM+ns2W4QAJa7Dmemc8bD7r3QpzepP9jJ LunLnPxCSqA2NHvjdxIihcWTH9g3JIqJZAK3qvIJJHud1jIPVKDG2uVyvbgHSweT gsAVr1l9zKrLo+nQoUksxNIulDfmGRAxSrwlclwIFUs98BS/D9RQPRbssTqZh3kK RmPOPbBS0N1TEKbgcobsFTBK/VLhV2e6H35MPTQSpL6rCzgkCgVXbjkTynVYJTpH Aze4LqevCb0U6ot1scczhPfUuqZTL0BT9+mKB+yEyef3jYuUf7e9NZrouImHNGpE ftPjyVOXeTq7sDB3vOeQa0BPUz6RWui15SCq6DAImmighAKaGeKCu2py8Ha8LbOl /IydKQ8s1beQIK8dKYxQTxenIlbieJE8pRpqnmf7yR7q3xoSfnD/Y35sTBeS4Mmz zW7wIbqpUJv71Mu9pyN0fKv/86Allj+8TXFBlSF3IO1GMYKnPou/r06a4B/26mjt 7J2AcLRY/YvxiUM04NBUL8jpBigkybXRV3VAbX2HSgEolZLB36oO6z1Ha7DT0U+0 8C9UAYllkktejRQUyZ6QTAxZHNUzMsOZtoynHLSIkyBNL60DB2bjXG4MnwP5d0G5 VYX41n5cfnHVLxrkREg0z0J5XxBjJ38dfW2qhJ0RdB2sZ1tCXO1v8X+/varOqWMh 9Hjc+86Dj3chRMsEe+X2 =oKAe -----END PGP SIGNATURE----- --uFnBlcCoesH5DcAExaw1g3lGLqvsk791E--