Date: Wed, 26 Mar 2008 00:53:05 +0700 From: "Outback Dingo" <outbackdingo@gmail.com> To: "Christopher Sean Hilton" <chris@vindaloo.com> Cc: Jon Theil Nielsen <jontheil@gmail.com>, freebsd-questions@freebsd.org Subject: Re: A general purpose LDAP solution? Message-ID: <5635aa0d0803251053r47802654m37bee99966152949@mail.gmail.com> In-Reply-To: <6325AD65-1AA1-4E62-A31B-2479FE38DCA8@vindaloo.com> References: <8f82c35c0803231523i52e55906tfd3cf96b36fe70d7@mail.gmail.com> <8f82c35c0803231526n5a429cb5t1c81a7f98dfb19ea@mail.gmail.com> <8f82c35c0803241540k36c8d551tfcfd172d6a4a7f9b@mail.gmail.com> <6325AD65-1AA1-4E62-A31B-2479FE38DCA8@vindaloo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
GOSA is another nice feature full LDAP manager in PHP, does samba, dns, mail, web, asterisk etc etc etc On Wed, Mar 26, 2008 at 12:02 AM, Christopher Sean Hilton < chris@vindaloo.com> wrote: > > On Mar 24, 2008, at 6:40 PM, Jon Theil Nielsen wrote: > > > I asked this on freebsd-net@ but got no replies. So now I ask the same > > question here. > >> Hi list! > >> > >> I have speculated a lot about implementation of (Open)LDAP on my > >> sever. By I haven't yet found the right (and logical) way to do it. > >> I'm running FreeBSD 7.0-Release with some different server > >> applications > >> - Samba PDC > >> - Virtual mail server (Postfix, MySQL, Courier-IMAP) > >> - VPN (currently with mpd4) > >> - Apache-2.2.8 web server (with PHP and MySQL) > >> I would like to implement LDAP for: > >> - authentication of UNIX/login users > >> - authentication of Samba users > >> - authentication/authorization of virtual mail users > >> For the first part, I got useful information from a previsous thread > >> ( > http://unix.derkeiler.com/Mailing-Lists/FreeBSD/questions/2008-02/msg01047.html > >> ) > >> and for the second part, i guess there is sufficient howtos to make > >> it > >> work. > >> > > Tim Judd's advice is good for a start. I'm currently using ldap for > authentication of: > > Jabber (directly) > WebDAV (through Apache2's mod_auth_ldap) > inbound email (imap/pop) > outbound email (smtp+auth) > > As a general rule the experience has been very positive. The biggest > issues that I've run into are maintenance of the underlying ldap > database which involves keeping tiny ldif files scattered around. > Certainly the biggest hassle is in doing ldapadd and ldapmodify from > the command line with all the torturous options that you have to > provide (BindDn, BindPassword, TargetDN). > > Nonetheless it's been a generally positive experience. In looking at > your list of applications it seems that most of them will support ldap > authentication directly. Mpd4 doesn't but it does support Radius so it > looks like you'll have to build radius to authenticate against LDAP > and then have mpd4 authenticate against radius. SMTP is similar. It > doesn't support authentication via LDAP directly. It uses SASL which > can also authenticate against LDAP. > > >> My biggest question right now is if is possible to combine all three > >> things in one data structure. And which in which order I should make > >> the different implimentions. > >> Excuse my total lack of understanding, but is it possible to have a > >> structure with a superior unit such as OU=<some organization> which > >> could contain several virtual domains and the actual doamin for my > >> PDC? > >> > > The answer to this question would be a set of non-conflicting ldap > schemas to support the functions that you need. If your needs are > simple authentication the schemas that ship with openldap will provide > fruit. If you want to make ldap your database for delivering mail to > virtual users there are a few path's out there. Courier had/has a > schema for supporting virtual users that could be banged into shape > but if I recall correctly it's support for keeping virtual domain > information in ldap is lacking. Phamm, /usr/ports/net/phamm completely > supports virtual domains and virtual users including delegation of > user management. E.g. the user hostmaster@example.com can reset > passwords for <user>@example.com. Phamm also has a neat web interface > for administration. However, when I was setting it up I found it more > overly complex for my needs. Like using a Formula 1 car for a grocery > run. However I think that it even works with the Samba schema so it > may be exactly what you want. > > >> -- > >> Jon Theil Nielsen > > > > Oh, i forgot one more thing: I would also like to be able to > > authenticate VPN users the same way. > > mpd4 + radius + ldap should get you where you want to be. > > -- Chris > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5635aa0d0803251053r47802654m37bee99966152949>