Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 26 Mar 2008 00:53:05 +0700
From:      "Outback Dingo" <outbackdingo@gmail.com>
To:        "Christopher Sean Hilton" <chris@vindaloo.com>
Cc:        Jon Theil Nielsen <jontheil@gmail.com>, freebsd-questions@freebsd.org
Subject:   Re: A general purpose LDAP solution?
Message-ID:  <5635aa0d0803251053r47802654m37bee99966152949@mail.gmail.com>
In-Reply-To: <6325AD65-1AA1-4E62-A31B-2479FE38DCA8@vindaloo.com>
References:  <8f82c35c0803231523i52e55906tfd3cf96b36fe70d7@mail.gmail.com> <8f82c35c0803231526n5a429cb5t1c81a7f98dfb19ea@mail.gmail.com> <8f82c35c0803241540k36c8d551tfcfd172d6a4a7f9b@mail.gmail.com> <6325AD65-1AA1-4E62-A31B-2479FE38DCA8@vindaloo.com>

next in thread | previous in thread | raw e-mail | index | archive | help
GOSA is another nice feature full LDAP manager in PHP, does samba, dns,
mail, web, asterisk etc etc etc

On Wed, Mar 26, 2008 at 12:02 AM, Christopher Sean Hilton <
chris@vindaloo.com> wrote:

>
> On Mar 24, 2008, at 6:40 PM, Jon Theil Nielsen wrote:
>
> > I asked this on freebsd-net@ but got no replies. So now I ask the same
> > question here.
> >> Hi list!
> >>
> >> I have speculated a lot about implementation of (Open)LDAP on my
> >> sever. By I haven't yet found the right (and logical) way to do it.
> >> I'm running FreeBSD 7.0-Release with some different server
> >> applications
> >> - Samba PDC
> >> - Virtual mail server (Postfix, MySQL, Courier-IMAP)
> >> - VPN (currently with mpd4)
> >> - Apache-2.2.8 web server (with PHP and MySQL)
> >> I would like to implement LDAP for:
> >> - authentication of UNIX/login users
> >> - authentication of Samba users
> >> - authentication/authorization of virtual mail users
> >> For the first part, I got useful information from a previsous thread
> >> (
> http://unix.derkeiler.com/Mailing-Lists/FreeBSD/questions/2008-02/msg01047.html
> >> )
> >> and for the second part, i guess there is sufficient howtos to make
> >> it
> >> work.
> >>
>
> Tim Judd's advice is good for a start. I'm currently using ldap for
> authentication of:
>
>      Jabber (directly)
>      WebDAV (through Apache2's mod_auth_ldap)
>      inbound email (imap/pop)
>      outbound email (smtp+auth)
>
> As a general rule the experience has been very positive. The biggest
> issues that I've run into are maintenance of the underlying ldap
> database which involves keeping tiny ldif files scattered around.
> Certainly the biggest hassle is in doing ldapadd and ldapmodify from
> the command line with all the torturous options that you have to
> provide (BindDn, BindPassword, TargetDN).
>
> Nonetheless it's been a generally positive experience. In looking at
> your list of applications it seems that most of them will support ldap
> authentication directly. Mpd4 doesn't but it does support Radius so it
> looks like you'll have to build radius to authenticate against LDAP
> and then have mpd4 authenticate against radius. SMTP is similar. It
> doesn't support authentication via LDAP directly. It uses SASL which
> can also authenticate against LDAP.
>
> >> My biggest question right now is if is possible to combine all three
> >> things in one data structure. And which in which order I should make
> >> the different implimentions.
> >> Excuse my total lack of understanding, but is it possible to have a
> >> structure with a superior unit such as OU=<some organization> which
> >> could contain several virtual domains and the actual doamin for my
> >> PDC?
> >>
>
> The answer to this question would be a set of non-conflicting ldap
> schemas to support the functions that you need. If your needs are
> simple authentication the schemas that ship with openldap will provide
> fruit. If you want to make ldap your database for delivering mail to
> virtual users there are a few path's out there. Courier had/has a
> schema for supporting virtual users that could be banged into shape
> but if I recall correctly it's support for keeping virtual domain
> information in ldap is lacking. Phamm, /usr/ports/net/phamm completely
> supports virtual domains and virtual users including delegation of
> user management. E.g. the user hostmaster@example.com can reset
> passwords for <user>@example.com. Phamm also has a neat web interface
> for administration. However, when I was setting it up I found it more
> overly complex for my needs. Like using a Formula 1 car for a grocery
> run. However I think that it even works with the Samba schema so it
> may be exactly what you want.
>
> >> --
> >> Jon Theil Nielsen
> >
> > Oh, i forgot one more thing: I would also like to be able to
> > authenticate VPN users the same way.
>
> mpd4 + radius + ldap should get you where you want to be.
>
> -- Chris
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe@freebsd.org"
>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5635aa0d0803251053r47802654m37bee99966152949>