From owner-freebsd-questions@FreeBSD.ORG Tue Mar 25 17:35:26 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 700C6106564A for ; Tue, 25 Mar 2008 17:35:26 +0000 (UTC) (envelope-from jessy@sicha.net) Received: from msg.ecetra.com (swamp.ecetra.com [193.164.224.245]) by mx1.freebsd.org (Postfix) with ESMTP id C91ED8FC16 for ; Tue, 25 Mar 2008 17:35:25 +0000 (UTC) (envelope-from jessy@sicha.net) Received: from vie-rje.office.ecetra.com (vie-rje.office.ecetra.com [10.251.148.179]) by msg.ecetra.com (8.13.6/8.13.6) with ESMTP id m2PHHRgw032132; Tue, 25 Mar 2008 18:17:27 +0100 Message-ID: <47E933A7.30007@sicha.net> Date: Tue, 25 Mar 2008 18:17:27 +0100 From: Robert Jesacher User-Agent: Thunderbird 2.0.0.12 (X11/20080311) MIME-Version: 1.0 To: Outback Dingo References: <8f82c35c0803231523i52e55906tfd3cf96b36fe70d7@mail.gmail.com> <8f82c35c0803231526n5a429cb5t1c81a7f98dfb19ea@mail.gmail.com> <8f82c35c0803241540k36c8d551tfcfd172d6a4a7f9b@mail.gmail.com> <47E83215.8030705@gmail.com> <20080325131140.GA1746@valkyrie> <5635aa0d0803250638i43b3813fn31a7d3fc28325f55@mail.gmail.com> In-Reply-To: <5635aa0d0803250638i43b3813fn31a7d3fc28325f55@mail.gmail.com> X-Enigmail-Version: 0.95.1 OpenPGP: id=1932FF4D Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Tim Judd , Jon Theil Nielsen , freebsd-questions@freebsd.org Subject: Re: A general purpose LDAP solution? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Mar 2008 17:35:26 -0000 You could follow one of the general purpose samba-ldap documentations out there, because AFAIK samba is the most influencing service to depend on ldap. I cannot recall what I used but you can have a look at: http://gentoo-wiki.com/HOWTO_LDAP_SAMBA_PDC_Basic_Setup http://www.samba-ldap.de/samba-3-pdc-mit-ldap.html the first one covers gentoo, the latter is written in german... but you get the point. One suggestion from my side is to use a OU base instead of DC based if you are using multiple (internet-)domains. To specify who can use what service, you can use ldap query-filters (eg. for apache create a group "webusers" and so on) At tme moment I use openldap for web, mail (Postfix & cyrus-imap), samba and a per user address-book. Kerberos (heimdal) and radius is also possible, but I do not use it at the moment. If you require it, I can provide you with more information or even relevant parts of the config-files. br, Robert Jesacher On 25/03/2008 14:38 Outback Dingo wrote: > As would I also like to > > On Tue, Mar 25, 2008 at 8:11 PM, Trey Sizemore wrote: > >> On Mon Mar 24, 2008 04:58PM, Tim Judd wrote: >>> Jon Theil Nielsen wrote: >>>> I asked this on freebsd-net@ but got no replies. So now I ask the same >>>> question here. >>>> >>>>> Hi list! >>>>> >>>> > >>>> > I have speculated a lot about implementation of (Open)LDAP on my >>>> > sever. By I haven't yet found the right (and logical) way to do it. >>>> > I'm running FreeBSD 7.0-Release with some different server >> applications >>>> > - Samba PDC >>>> > - Virtual mail server (Postfix, MySQL, Courier-IMAP) >>>> > - VPN (currently with mpd4) >>>> > - Apache-2.2.8 web server (with PHP and MySQL) >>>> > I would like to implement LDAP for: >>>> > - authentication of UNIX/login users >>>> > - authentication of Samba users >>>> > - authentication/authorization of virtual mail users >>>> > For the first part, I got useful information from a previsous >> thread >>>> > ( >> http://unix.derkeiler.com/Mailing-Lists/FreeBSD/questions/2008-02/msg01047.html >> ) >>>> > and for the second part, i guess there is sufficient howtos to make >> it >>>> > work. >>>> > My biggest question right now is if is possible to combine all >> three >>>> > things in one data structure. And which in which order I should >> make >>>> > the different implimentions. >>>> > Excuse my total lack of understanding, but is it possible to have a >>>> > structure with a superior unit such as OU= which >>>> > could contain several virtual domains and the actual doamin for my >>>> > PDC? >>>> > >>>> > -- >>>> > Jon Theil Nielsen >>>> >>>> Oh, i forgot one more thing: I would also like to be able to >>>> authenticate VPN users the same way. >>>> -- >>>> Jon Theil Nielsen >>>> >>> It's easy to find out if LDAP is a global solution for you. See if LDAP >>> is an available option in each port's config. >>> >>> I just finished setting up a LDAP-based email system. Samba is capable, >>> unix logins are capable. There's a good chance everything is. >>> >>> I liked the virtual part of everything, so I stopped after getting email >>> working. I didn't want to open up my system to all sorts of unix/samba >>> logins that might exploit or give me problems. >>> >>> The email system I documented isn't ready for publishing. I'm having >>> some select friends review it and proofread it first. >>> >>> If there's any interest here, I will provide a 2nd publishing to the >>> general public as a draft. Not to be used exclusively yet. >>> >>> Jon, you should be able to get most if not all of it working though. >>> >>> --Tim >> I would like to see the documentation as well. >> >> -- >> Cheers, >> Trey >> ---- >> >> The universe is change; our life is what our thoughts make it. >> --Antoninus, Marcus Aurelius >> >> Linux valkyrie 2.6.22.17-0.1-bigsmp i686 GNU/Linux >> 9:10am up 11:11, 7 users, load average: 0.98, 0.98, 1.06 >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to " >> freebsd-questions-unsubscribe@freebsd.org" >> > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"