Date: Thu, 21 Jun 2001 10:45:51 -0400 (EDT) From: Joe Clarke <marcus@marcuscom.com> To: Bill Moran <wmoran@iowna.com> Cc: Jaime <jaime@snowmoon.com>, <freebsd-questions@FreeBSD.ORG> Subject: Re: LDAP authentication/serving Message-ID: <20010621104530.H27505-100000@shumai.marcuscom.com> In-Reply-To: <3B31F469.F71D7765@iowna.com>
next in thread | previous in thread | raw e-mail | index | archive | help
pam_ldap _does_ compile on FreeBSD, and it is in the ports collection (/usr/ports/security/pam_ldap). I ported it myself. Joe Clarke On Thu, 21 Jun 2001, Bill Moran wrote: > > > Can anyone tell me (if RTFM, please point to an M to R ;) ) how to > > > set up FreeBSD to either: > > > A) Act as an LDAP server > > Install openLDAP (ports or package) then follow the docs at openLDAP.org > to set up your databases. OpenLDAP isn't ready to run right off the > install, you have to set up the databases first. Since different > database schema are possible, you must configure those before the > openLDAP server will even start. There are schema provided, but none are > set up to use by default. > > > > or > > > B) Authenticate off of another server's LDAP data. > > Use pam_ldap and set up your LDAP server with the NIS schema. > Unfortunately, pam_ldap does not install with FreeBSD, and is not in the > ports or packages. It's also written for Linux and doesn't compile > wihout a big hammer. > > > > The details are rather simple. I'm about to start using MacOS X > > > Server for workstation authentication at my job. It allows authentication > > > to be pulled from an LDAP server if it follows a certain pattern (which I > > > have documentation for) or to serve its own data out via LDAP. > > Get a copy of the schema for OS X (that "pattern" is called a schema in > LDAP terminology) and configure your LDAP server to work off that > schema, see the docs. > > > > I've never been able to get LDAP running properly off of any > > > server, so I really don't know what steps to take first or how to > > > structure things or even what to expect. So any advise on how to get > > > started would be appreciated. Also, any advise on which way to control > > > things (serve passwords from MacOS X Server or FreeBSD) would be > > > appreciated. > > If the OS X schema is compliant with the NIS schema, you'll be able to > serve passwords out to everyone (FreeBSD & Mac). If not, you can > probably still get it working for everyone by combining the two schema. > Also, there are perl scripts available to convert UNIX password files to > LDIF files that can be imported to LDAP servers. So if you've already > got some of your auth info in FreeBSD, you can easily export it to LDAP. > (I don't remember the link, if you can't find it contact me and I'll > track down where I got them from) > > Hope this helps, > Bill > > -- > If a bird in the hand is worth two in the bush, > then what can I get for two hands in the bush? > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010621104530.H27505-100000>