Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 25 Mar 2008 18:17:27 +0100
From:      Robert Jesacher <jessy@sicha.net>
To:        Outback Dingo <outbackdingo@gmail.com>
Cc:        Tim Judd <tajudd@gmail.com>, Jon Theil Nielsen <jontheil@gmail.com>, freebsd-questions@freebsd.org
Subject:   Re: A general purpose LDAP solution?
Message-ID:  <47E933A7.30007@sicha.net>
In-Reply-To: <5635aa0d0803250638i43b3813fn31a7d3fc28325f55@mail.gmail.com>
References:  <8f82c35c0803231523i52e55906tfd3cf96b36fe70d7@mail.gmail.com>	<8f82c35c0803231526n5a429cb5t1c81a7f98dfb19ea@mail.gmail.com>	<8f82c35c0803241540k36c8d551tfcfd172d6a4a7f9b@mail.gmail.com>	<47E83215.8030705@gmail.com> <20080325131140.GA1746@valkyrie> <5635aa0d0803250638i43b3813fn31a7d3fc28325f55@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
You could follow one of the general purpose samba-ldap documentations
out there, because AFAIK samba is the most influencing service to depend
on ldap. I cannot recall what I used but you can have a look at:

http://gentoo-wiki.com/HOWTO_LDAP_SAMBA_PDC_Basic_Setup
http://www.samba-ldap.de/samba-3-pdc-mit-ldap.html

the first one covers gentoo, the latter is written in german... but you
get the point.

One suggestion from my side is to use a OU base instead of DC based if
you are using multiple (internet-)domains.

To specify who can use what service, you can use ldap query-filters (eg.
for apache create a group "webusers" and so on)

At tme moment I use openldap for web, mail (Postfix & cyrus-imap), samba
and a per user address-book. Kerberos (heimdal) and radius is also
possible, but I do not use it at the moment.

If you require it, I can provide you with more information or even
relevant parts of the config-files.

br,
Robert Jesacher




On 25/03/2008 14:38 Outback Dingo wrote:
> As would I also like to
> 
> On Tue, Mar 25, 2008 at 8:11 PM, Trey Sizemore <trey@fastmail.fm> wrote:
> 
>> On Mon Mar 24, 2008 04:58PM, Tim Judd wrote:
>>> Jon Theil Nielsen wrote:
>>>> I asked this on freebsd-net@ but got no replies. So now I ask the same
>>>> question here.
>>>>
>>>>> Hi list!
>>>>>
>>>>  >
>>>>  >  I have speculated a lot about implementation of (Open)LDAP on my
>>>>  >  sever. By I haven't yet found the right (and logical) way to do it.
>>>>  >  I'm running FreeBSD 7.0-Release with some different server
>> applications
>>>>  >  - Samba PDC
>>>>  >  - Virtual mail server (Postfix, MySQL, Courier-IMAP)
>>>>  >  - VPN (currently with mpd4)
>>>>  >  - Apache-2.2.8 web server (with PHP and MySQL)
>>>>  >  I would like to implement LDAP for:
>>>>  >  - authentication of UNIX/login users
>>>>  >  - authentication of Samba users
>>>>  >  - authentication/authorization of virtual mail users
>>>>  >  For the first part, I got useful information from a previsous
>> thread
>>>>  >  (
>> http://unix.derkeiler.com/Mailing-Lists/FreeBSD/questions/2008-02/msg01047.html
>> )
>>>>  >  and for the second part, i guess there is sufficient howtos to make
>> it
>>>>  >  work.
>>>>  >  My biggest question right now is if is possible to combine all
>> three
>>>>  >  things in one data structure. And which in which order I should
>> make
>>>>  >  the different implimentions.
>>>>  >  Excuse my total lack of understanding, but is it possible to have a
>>>>  >  structure with a superior unit such as OU=<some organization> which
>>>>  >  could contain several virtual domains and the actual doamin for my
>>>>  >  PDC?
>>>>  >
>>>>  >  --
>>>>  > Jon Theil Nielsen
>>>>
>>>> Oh, i forgot one more thing: I would also like to be able to
>>>>  authenticate VPN users the same way.
>>>>  --
>>>> Jon Theil Nielsen
>>>>
>>> It's easy to find out if LDAP is a global solution for you.  See if LDAP
>>> is an available option in each port's config.
>>>
>>> I just finished setting up a LDAP-based email system.  Samba is capable,
>>> unix logins are capable.  There's a good chance everything is.
>>>
>>> I liked the virtual part of everything, so I stopped after getting email
>>> working.  I didn't want to open up my system to all sorts of unix/samba
>>> logins that might exploit or give me problems.
>>>
>>> The email system I documented isn't ready for publishing.  I'm having
>>> some select friends review it and proofread it first.
>>>
>>> If there's any interest here, I will provide a 2nd publishing to the
>>> general public as a draft.  Not to be used exclusively yet.
>>>
>>> Jon, you should be able to get most if not all of it working though.
>>>
>>> --Tim
>> I would like to see the documentation as well.
>>
>> --
>> Cheers,
>> Trey
>> ----
>>
>> The universe is change; our life is what our thoughts make it.
>>                 --Antoninus, Marcus Aurelius
>>
>> Linux valkyrie 2.6.22.17-0.1-bigsmp i686 GNU/Linux
>>  9:10am  up  11:11,  7 users,  load average: 0.98, 0.98, 1.06
>> _______________________________________________
>> freebsd-questions@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "
>> freebsd-questions-unsubscribe@freebsd.org"
>>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47E933A7.30007>