From owner-freebsd-current@freebsd.org  Thu Jun  9 22:49:59 2016
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B8387B7097C
 for <freebsd-current@mailman.ysv.freebsd.org>;
 Thu,  9 Jun 2016 22:49:59 +0000 (UTC)
 (envelope-from matthew@FreeBSD.org)
Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk
 [IPv6:2001:8b0:151:1:c4ea:bd49:619b:6cb3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "smtp.infracaninophile.co.uk",
 Issuer "infracaninophile.co.uk" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 3A6101FCA
 for <freebsd-current@freebsd.org>; Thu,  9 Jun 2016 22:49:59 +0000 (UTC)
 (envelope-from matthew@FreeBSD.org)
Received: from liminal.local (unknown [38.64.177.98])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 (Authenticated sender: m.seaman@infracaninophile.co.uk)
 by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id C560B101CC
 for <freebsd-current@freebsd.org>; Thu,  9 Jun 2016 22:49:54 +0000 (UTC)
Authentication-Results: smtp.infracaninophile.co.uk;
 dmarc=none header.from=FreeBSD.org
Authentication-Results: smtp.infracaninophile.co.uk/C560B101CC;
 dkim=none; dkim-atps=neutral
Subject: Re: [CFT] ypldap testing against OpenLDAP and Microsoft Active
 Directory
To: freebsd-current@freebsd.org
References: <CAG=rPVeiPvfBdnmieEHG_0Jp8ZxvTQr-sLdSkutWD5cYhdk9SA@mail.gmail.com>
 <7c39e5ac-3ed7-f19a-e175-d27af07eea47@delphij.net>
 <CAG=rPVfjzjh=Qb8Y+FsXgoLOA0UCf_mgJu32=wHUHjPjMFjvyA@mail.gmail.com>
From: Matthew Seaman <matthew@FreeBSD.org>
Message-ID: <b5d81132-63e6-6d53-c97d-5c709e748e2b@FreeBSD.org>
Date: Thu, 9 Jun 2016 18:49:53 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0)
 Gecko/20100101 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <CAG=rPVfjzjh=Qb8Y+FsXgoLOA0UCf_mgJu32=wHUHjPjMFjvyA@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="Es5OKPpun0CiEi4BdPEEsDH8EXs78R7bF"
X-Virus-Scanned: clamav-milter 0.99.1 at smtp.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=-0.4 required=5.0 tests=BAYES_00,RDNS_NONE,
 SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.1
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
 smtp.infracaninophile.co.uk
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jun 2016 22:49:59 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--Es5OKPpun0CiEi4BdPEEsDH8EXs78R7bF
Content-Type: multipart/mixed; boundary="xjgH5SXE5GQnoj6c0IxraP1U77wAoW4rF"
From: Matthew Seaman <matthew@FreeBSD.org>
To: freebsd-current@freebsd.org
Message-ID: <b5d81132-63e6-6d53-c97d-5c709e748e2b@FreeBSD.org>
Subject: Re: [CFT] ypldap testing against OpenLDAP and Microsoft Active
 Directory
References: <CAG=rPVeiPvfBdnmieEHG_0Jp8ZxvTQr-sLdSkutWD5cYhdk9SA@mail.gmail.com>
 <7c39e5ac-3ed7-f19a-e175-d27af07eea47@delphij.net>
 <CAG=rPVfjzjh=Qb8Y+FsXgoLOA0UCf_mgJu32=wHUHjPjMFjvyA@mail.gmail.com>
In-Reply-To: <CAG=rPVfjzjh=Qb8Y+FsXgoLOA0UCf_mgJu32=wHUHjPjMFjvyA@mail.gmail.com>

--xjgH5SXE5GQnoj6c0IxraP1U77wAoW4rF
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 09/06/2016 18:34, Craig Rodrigues wrote:
> There is still value to ypldap as it is now, and getting feedback from
> users (especially Active Directory) would be very useful.
> If someone could document a configuration which uses IPSEC or OpenSSH
> forwarding, that would be nice.
>=20
> In future, maybe someone in OpenBSD or FreeBSD will implement things li=
ke
> LDAP over SSL.

What advantages does ypldap offer over nss-pam-ldapd (in ports) ?
nss-pam-ldapd can use both ldap+STARTTLS or ldaps to encrypt data in
transit, and I find it works very well for using OpenLDAP as a central
account database.  I believe it works with AD, but haven't tried that
myself.

	Cheers,

	Matthew



--xjgH5SXE5GQnoj6c0IxraP1U77wAoW4rF--

--Es5OKPpun0CiEi4BdPEEsDH8EXs78R7bF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJ8BAEBCgBmBQJXWfKRXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC
QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATiVIQAIyghOOMqmxboxfZN5uY2grS
xCdpycp8QVa88IOOZQaroZxo3htStrKCuGnPJap4sjLtGb9DUj/NOFQWTKlg339B
eO9vtfgceaI52Nn4e6io4bdie1pDnC5hNUMiVc/cCSmO8EHeYck59+iDsSF/lWk7
LJXv9IFXrxgf4kLEOhDv8C1ei1YtvJqdeeJ3joWxy1Lj8UQe8KAO62bvRIxms7hL
FAbK5igiOg0YOeroBUQTzoBjsrL8Z6xd5wvXXnUqHSheNmguIUbMe4TenEuc9+qe
Nt36K6CfHj/KaZHK4VARC7O1DY9i4rJ9K/gcoRcglQE5pYb3lWV9sRepsxQ5nd5/
6Agq7IYUS7Iu1EM/rjXL/L1UR526AKrB6wxG/3ncUfUE9O0qHGLdqiYx64qvLIXW
uLCWO4U6QscLRaMCuF+kZmejIUykBwQ9CJYYJxbxNW4A7/Oqwpez7jEIHXz2b8D3
bMkW5KebVqvSW3FW79A6BSmscK+o/By/6X2l2y3wzLdX4fphRuYnO4/hpyBNSAQD
oyDu9aFOQ0HyvmLKNLbW+ducQFSdugIGI8+QwXrzq/JCYsW3iTVdckHiDRo+Gs0q
ZlZMycy76lb4SR0eaF5crC7OskxDkwry0iWBMLaCwIZXTuK5Q2OiX0opAX/4tn+0
rmEWrJyTt0lWspiLKfBD
=WKO1
-----END PGP SIGNATURE-----

--Es5OKPpun0CiEi4BdPEEsDH8EXs78R7bF--