From owner-freebsd-questions@FreeBSD.ORG Mon Mar 24 23:02:30 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 17FE1106564A for ; Mon, 24 Mar 2008 23:02:30 +0000 (UTC) (envelope-from tajudd@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.176]) by mx1.freebsd.org (Postfix) with ESMTP id AA44F8FC17 for ; Mon, 24 Mar 2008 23:02:29 +0000 (UTC) (envelope-from tajudd@gmail.com) Received: by py-out-1112.google.com with SMTP id u52so4524393pyb.10 for ; Mon, 24 Mar 2008 16:02:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; bh=yj11KLjGs6Vsju84sxeavHuDvhONCGlh7Ix7ae5FTGA=; b=HUGKejklB0MT6F2Ki7nyNSv8KH8bFT9zxqEvZGH2IUNGaDcPn+DPo6OkqMR+Fx7CPAaTwxVQ+hpsRsaXfoX/48BmQIqNvd+mUYOhl40WpFPW8DjPgCZwqYJ8U1J1lk5D1vUMgh6EWZuioGdwDVPHQjb19LRbvjiFzt/Rq4WxKRQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=GHHKksgg4nJQ9E5+nPoQsrfolCn1P5w3IIj8Q4eriE+7lcLIdEWtPq2BBo0kgEJZxFTdJbr+7w7eEkdpzYN4ET5seuR831InGe1xLW38BnHq2EcydlAKS2w4h1OXKxkgCF5DX35NhE27SryGuTPgHAbeAGqmVHwfOanuG05f3lk= Received: by 10.35.48.11 with SMTP id a11mr9598031pyk.63.1206399749084; Mon, 24 Mar 2008 16:02:29 -0700 (PDT) Received: from ?10.2.2.55? ( [165.236.195.249]) by mx.google.com with ESMTPS id w29sm10164979pyg.5.2008.03.24.16.02.28 (version=SSLv3 cipher=RC4-MD5); Mon, 24 Mar 2008 16:02:28 -0700 (PDT) Message-ID: <47E83215.8030705@gmail.com> Date: Mon, 24 Mar 2008 16:58:29 -0600 From: Tim Judd User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 SeaMonkey/1.1.8 MIME-Version: 1.0 To: Jon Theil Nielsen References: <8f82c35c0803231523i52e55906tfd3cf96b36fe70d7@mail.gmail.com> <8f82c35c0803231526n5a429cb5t1c81a7f98dfb19ea@mail.gmail.com> <8f82c35c0803241540k36c8d551tfcfd172d6a4a7f9b@mail.gmail.com> In-Reply-To: <8f82c35c0803241540k36c8d551tfcfd172d6a4a7f9b@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: A general purpose LDAP solution? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Mar 2008 23:02:30 -0000 Jon Theil Nielsen wrote: > I asked this on freebsd-net@ but got no replies. So now I ask the same > question here. > >> Hi list! >> > > > > I have speculated a lot about implementation of (Open)LDAP on my > > sever. By I haven't yet found the right (and logical) way to do it. > > I'm running FreeBSD 7.0-Release with some different server applications > > - Samba PDC > > - Virtual mail server (Postfix, MySQL, Courier-IMAP) > > - VPN (currently with mpd4) > > - Apache-2.2.8 web server (with PHP and MySQL) > > I would like to implement LDAP for: > > - authentication of UNIX/login users > > - authentication of Samba users > > - authentication/authorization of virtual mail users > > For the first part, I got useful information from a previsous thread > > (http://unix.derkeiler.com/Mailing-Lists/FreeBSD/questions/2008-02/msg01047.html) > > and for the second part, i guess there is sufficient howtos to make it > > work. > > My biggest question right now is if is possible to combine all three > > things in one data structure. And which in which order I should make > > the different implimentions. > > Excuse my total lack of understanding, but is it possible to have a > > structure with a superior unit such as OU= which > > could contain several virtual domains and the actual doamin for my > > PDC? > > > > -- > > Jon Theil Nielsen > > Oh, i forgot one more thing: I would also like to be able to > authenticate VPN users the same way. > -- > Jon Theil Nielsen > It's easy to find out if LDAP is a global solution for you. See if LDAP is an available option in each port's config. I just finished setting up a LDAP-based email system. Samba is capable, unix logins are capable. There's a good chance everything is. I liked the virtual part of everything, so I stopped after getting email working. I didn't want to open up my system to all sorts of unix/samba logins that might exploit or give me problems. The email system I documented isn't ready for publishing. I'm having some select friends review it and proofread it first. If there's any interest here, I will provide a 2nd publishing to the general public as a draft. Not to be used exclusively yet. Jon, you should be able to get most if not all of it working though. --Tim