From owner-freebsd-questions@FreeBSD.ORG Tue May 20 02:17:22 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B6D037B401 for ; Tue, 20 May 2003 02:17:22 -0700 (PDT) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id CB86243F85 for ; Tue, 20 May 2003 02:17:20 -0700 (PDT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [127.0.0.1]) h4K9HFNF084342 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 20 May 2003 10:17:15 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)h4K9HFC6084341; Tue, 20 May 2003 10:17:15 +0100 (BST) (envelope-from matthew) Date: Tue, 20 May 2003 10:17:15 +0100 From: Matthew Seaman To: Gunnar Flygt , FreeBSD Questions Message-ID: <20030520091715.GA84136@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , Gunnar Flygt , FreeBSD Questions References: <20030520085515.GA2696@sr.se> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="UlVJffcvxoiEqYs2" Content-Disposition: inline In-Reply-To: <20030520085515.GA2696@sr.se> User-Agent: Mutt/1.5.4i X-Spam-Status: No, hits=-7.5 required=5.0 tests=EMAIL_ATTRIBUTION,IN_REP_TO,PGP_SIGNATURE_2, QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES, USER_AGENT_MUTT version=2.54 X-Spam-Checker-Version: SpamAssassin 2.54 (1.174.2.17-2003-05-11-exp) Subject: Re: Where do I find information how to verify FBSD login via LDAP X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 May 2003 09:17:22 -0000 --UlVJffcvxoiEqYs2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, May 20, 2003 at 10:55:15AM +0200, Gunnar Flygt wrote: > It's all in the Subject. I want to verify users to an external > FTP server by using OpenLDAP. Where do I find documentation, > or HowTo's? >=20 > I plan to have the LDAP server within our Company network, and the > FTP server on a DMZ in the firewall >=20 > All as secure as possible You're going to need certainly the pam_ldap and maybe the nss_ldap functionality on the FTP server. The Pluggable Authentication Module pam_ldap can be installed via the security/pam_ldap port, and I believe it works well on recent FreeBSD 4.x. That's possibly all you need to authenticate users via LDAP. However, you might also need to use the Name Service Switch nss_ldap module: this depends on the introduction of the name service switch functionality, which is, as far as I know, still an on-going work in 5-CURRENT. According to the Makefile for the net/nss_ldap port: .if ${OSVERSION} < 500112 IGNORE=3D NSS modules only supported on FreeBSD 5.1 or later .endif As for HOWTOs --- the documentation at http://www.openldap.org/ is pretty good, and there's some good stuff accessible from http://www.padl.com/Contents/Documentation.html (PADL are the authors of the pam_ldap and nss_ldap modules). A lot of the Linux documentation has much that is relevant to FreeBSD. The O'Reilly "LDAP System Administration" nutshell book is also bang up to date (published March 2003) and well worth reading. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --UlVJffcvxoiEqYs2 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE+yfKbdtESqEQa7a0RAiTAAKCFFAoQaoqrbbYye4mSK7vn1FPkIgCeORhe aaojw1UNoRaarnWUF3slbWA= =ztYE -----END PGP SIGNATURE----- --UlVJffcvxoiEqYs2--