Date: Tue, 14 Jun 2016 12:25:15 -0500 From: Eric van Gyzen <eric@vangyzen.net> To: Matthew Seaman <matthew@FreeBSD.org>, freebsd-current@freebsd.org Subject: Re: [CFT] ypldap testing against OpenLDAP and Microsoft Active Directory Message-ID: <003f57a2-4df3-3cb0-0e31-4dcbd8856802@vangyzen.net> In-Reply-To: <b5d81132-63e6-6d53-c97d-5c709e748e2b@FreeBSD.org> References: <CAG=rPVeiPvfBdnmieEHG_0Jp8ZxvTQr-sLdSkutWD5cYhdk9SA@mail.gmail.com> <7c39e5ac-3ed7-f19a-e175-d27af07eea47@delphij.net> <CAG=rPVfjzjh=Qb8Y%2BFsXgoLOA0UCf_mgJu32=wHUHjPjMFjvyA@mail.gmail.com> <b5d81132-63e6-6d53-c97d-5c709e748e2b@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 06/ 9/16 05:49 PM, Matthew Seaman wrote: > On 09/06/2016 18:34, Craig Rodrigues wrote: >> There is still value to ypldap as it is now, and getting feedback from >> users (especially Active Directory) would be very useful. >> If someone could document a configuration which uses IPSEC or OpenSSH >> forwarding, that would be nice. >> >> In future, maybe someone in OpenBSD or FreeBSD will implement things like >> LDAP over SSL. > What advantages does ypldap offer over nss-pam-ldapd (in ports) ? > nss-pam-ldapd can use both ldap+STARTTLS or ldaps to encrypt data in > transit, and I find it works very well for using OpenLDAP as a central > account database. I believe it works with AD, but haven't tried that > myself. nss-pam-ldapd works very well with Active Directory. At work, dozens of people use it on their workstations and hundreds of people use it on the build servers. We've been doing this for years with no issues. Well, we've caused some issues for ourselves, of course... ;) Eric
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003f57a2-4df3-3cb0-0e31-4dcbd8856802>