Date: Thu, 21 Jun 2001 09:19:37 -0400 From: Bill Moran <wmoran@iowna.com> Cc: Jaime <jaime@snowmoon.com>, freebsd-questions@FreeBSD.ORG Subject: Re: LDAP authentication/serving Message-ID: <3B31F469.F71D7765@iowna.com> References: <Pine.BSF.4.21.0106202327120.10142-100000@shazam.int>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Can anyone tell me (if RTFM, please point to an M to R ;) ) how to > > set up FreeBSD to either: > > A) Act as an LDAP server Install openLDAP (ports or package) then follow the docs at openLDAP.org to set up your databases. OpenLDAP isn't ready to run right off the install, you have to set up the databases first. Since different database schema are possible, you must configure those before the openLDAP server will even start. There are schema provided, but none are set up to use by default. > > or > > B) Authenticate off of another server's LDAP data. Use pam_ldap and set up your LDAP server with the NIS schema. Unfortunately, pam_ldap does not install with FreeBSD, and is not in the ports or packages. It's also written for Linux and doesn't compile wihout a big hammer. > > The details are rather simple. I'm about to start using MacOS X > > Server for workstation authentication at my job. It allows authentication > > to be pulled from an LDAP server if it follows a certain pattern (which I > > have documentation for) or to serve its own data out via LDAP. Get a copy of the schema for OS X (that "pattern" is called a schema in LDAP terminology) and configure your LDAP server to work off that schema, see the docs. > > I've never been able to get LDAP running properly off of any > > server, so I really don't know what steps to take first or how to > > structure things or even what to expect. So any advise on how to get > > started would be appreciated. Also, any advise on which way to control > > things (serve passwords from MacOS X Server or FreeBSD) would be > > appreciated. If the OS X schema is compliant with the NIS schema, you'll be able to serve passwords out to everyone (FreeBSD & Mac). If not, you can probably still get it working for everyone by combining the two schema. Also, there are perl scripts available to convert UNIX password files to LDIF files that can be imported to LDAP servers. So if you've already got some of your auth info in FreeBSD, you can easily export it to LDAP. (I don't remember the link, if you can't find it contact me and I'll track down where I got them from) Hope this helps, Bill -- If a bird in the hand is worth two in the bush, then what can I get for two hands in the bush? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B31F469.F71D7765>