Date: Tue, 25 Mar 2008 18:17:27 +0100 From: Robert Jesacher <jessy@sicha.net> To: Outback Dingo <outbackdingo@gmail.com> Cc: Tim Judd <tajudd@gmail.com>, Jon Theil Nielsen <jontheil@gmail.com>, freebsd-questions@freebsd.org Subject: Re: A general purpose LDAP solution? Message-ID: <47E933A7.30007@sicha.net> In-Reply-To: <5635aa0d0803250638i43b3813fn31a7d3fc28325f55@mail.gmail.com> References: <8f82c35c0803231523i52e55906tfd3cf96b36fe70d7@mail.gmail.com> <8f82c35c0803231526n5a429cb5t1c81a7f98dfb19ea@mail.gmail.com> <8f82c35c0803241540k36c8d551tfcfd172d6a4a7f9b@mail.gmail.com> <47E83215.8030705@gmail.com> <20080325131140.GA1746@valkyrie> <5635aa0d0803250638i43b3813fn31a7d3fc28325f55@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
You could follow one of the general purpose samba-ldap documentations out there, because AFAIK samba is the most influencing service to depend on ldap. I cannot recall what I used but you can have a look at: http://gentoo-wiki.com/HOWTO_LDAP_SAMBA_PDC_Basic_Setup http://www.samba-ldap.de/samba-3-pdc-mit-ldap.html the first one covers gentoo, the latter is written in german... but you get the point. One suggestion from my side is to use a OU base instead of DC based if you are using multiple (internet-)domains. To specify who can use what service, you can use ldap query-filters (eg. for apache create a group "webusers" and so on) At tme moment I use openldap for web, mail (Postfix & cyrus-imap), samba and a per user address-book. Kerberos (heimdal) and radius is also possible, but I do not use it at the moment. If you require it, I can provide you with more information or even relevant parts of the config-files. br, Robert Jesacher On 25/03/2008 14:38 Outback Dingo wrote: > As would I also like to > > On Tue, Mar 25, 2008 at 8:11 PM, Trey Sizemore <trey@fastmail.fm> wrote: > >> On Mon Mar 24, 2008 04:58PM, Tim Judd wrote: >>> Jon Theil Nielsen wrote: >>>> I asked this on freebsd-net@ but got no replies. So now I ask the same >>>> question here. >>>> >>>>> Hi list! >>>>> >>>> > >>>> > I have speculated a lot about implementation of (Open)LDAP on my >>>> > sever. By I haven't yet found the right (and logical) way to do it. >>>> > I'm running FreeBSD 7.0-Release with some different server >> applications >>>> > - Samba PDC >>>> > - Virtual mail server (Postfix, MySQL, Courier-IMAP) >>>> > - VPN (currently with mpd4) >>>> > - Apache-2.2.8 web server (with PHP and MySQL) >>>> > I would like to implement LDAP for: >>>> > - authentication of UNIX/login users >>>> > - authentication of Samba users >>>> > - authentication/authorization of virtual mail users >>>> > For the first part, I got useful information from a previsous >> thread >>>> > ( >> http://unix.derkeiler.com/Mailing-Lists/FreeBSD/questions/2008-02/msg01047.html >> ) >>>> > and for the second part, i guess there is sufficient howtos to make >> it >>>> > work. >>>> > My biggest question right now is if is possible to combine all >> three >>>> > things in one data structure. And which in which order I should >> make >>>> > the different implimentions. >>>> > Excuse my total lack of understanding, but is it possible to have a >>>> > structure with a superior unit such as OU=<some organization> which >>>> > could contain several virtual domains and the actual doamin for my >>>> > PDC? >>>> > >>>> > -- >>>> > Jon Theil Nielsen >>>> >>>> Oh, i forgot one more thing: I would also like to be able to >>>> authenticate VPN users the same way. >>>> -- >>>> Jon Theil Nielsen >>>> >>> It's easy to find out if LDAP is a global solution for you. See if LDAP >>> is an available option in each port's config. >>> >>> I just finished setting up a LDAP-based email system. Samba is capable, >>> unix logins are capable. There's a good chance everything is. >>> >>> I liked the virtual part of everything, so I stopped after getting email >>> working. I didn't want to open up my system to all sorts of unix/samba >>> logins that might exploit or give me problems. >>> >>> The email system I documented isn't ready for publishing. I'm having >>> some select friends review it and proofread it first. >>> >>> If there's any interest here, I will provide a 2nd publishing to the >>> general public as a draft. Not to be used exclusively yet. >>> >>> Jon, you should be able to get most if not all of it working though. >>> >>> --Tim >> I would like to see the documentation as well. >> >> -- >> Cheers, >> Trey >> ---- >> >> The universe is change; our life is what our thoughts make it. >> --Antoninus, Marcus Aurelius >> >> Linux valkyrie 2.6.22.17-0.1-bigsmp i686 GNU/Linux >> 9:10am up 11:11, 7 users, load average: 0.98, 0.98, 1.06 >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to " >> freebsd-questions-unsubscribe@freebsd.org" >> > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47E933A7.30007>