From owner-freebsd-questions Thu Jun 21 7:46:56 2001 Delivered-To: freebsd-questions@freebsd.org Received: from shumai.marcuscom.com (rdu26-228-058.nc.rr.com [66.26.228.58]) by hub.freebsd.org (Postfix) with ESMTP id 12D0737B403 for ; Thu, 21 Jun 2001 07:46:50 -0700 (PDT) (envelope-from marcus@marcuscom.com) Received: from localhost (marcus@localhost) by shumai.marcuscom.com (8.11.3/8.11.3) with ESMTP id f5LEjp527520; Thu, 21 Jun 2001 10:45:51 -0400 (EDT) (envelope-from marcus@marcuscom.com) X-Authentication-Warning: shumai.marcuscom.com: marcus owned process doing -bs Date: Thu, 21 Jun 2001 10:45:51 -0400 (EDT) From: Joe Clarke To: Bill Moran Cc: Jaime , Subject: Re: LDAP authentication/serving In-Reply-To: <3B31F469.F71D7765@iowna.com> Message-ID: <20010621104530.H27505-100000@shumai.marcuscom.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG pam_ldap _does_ compile on FreeBSD, and it is in the ports collection (/usr/ports/security/pam_ldap). I ported it myself. Joe Clarke On Thu, 21 Jun 2001, Bill Moran wrote: > > > Can anyone tell me (if RTFM, please point to an M to R ;) ) how to > > > set up FreeBSD to either: > > > A) Act as an LDAP server > > Install openLDAP (ports or package) then follow the docs at openLDAP.org > to set up your databases. OpenLDAP isn't ready to run right off the > install, you have to set up the databases first. Since different > database schema are possible, you must configure those before the > openLDAP server will even start. There are schema provided, but none are > set up to use by default. > > > > or > > > B) Authenticate off of another server's LDAP data. > > Use pam_ldap and set up your LDAP server with the NIS schema. > Unfortunately, pam_ldap does not install with FreeBSD, and is not in the > ports or packages. It's also written for Linux and doesn't compile > wihout a big hammer. > > > > The details are rather simple. I'm about to start using MacOS X > > > Server for workstation authentication at my job. It allows authentication > > > to be pulled from an LDAP server if it follows a certain pattern (which I > > > have documentation for) or to serve its own data out via LDAP. > > Get a copy of the schema for OS X (that "pattern" is called a schema in > LDAP terminology) and configure your LDAP server to work off that > schema, see the docs. > > > > I've never been able to get LDAP running properly off of any > > > server, so I really don't know what steps to take first or how to > > > structure things or even what to expect. So any advise on how to get > > > started would be appreciated. Also, any advise on which way to control > > > things (serve passwords from MacOS X Server or FreeBSD) would be > > > appreciated. > > If the OS X schema is compliant with the NIS schema, you'll be able to > serve passwords out to everyone (FreeBSD & Mac). If not, you can > probably still get it working for everyone by combining the two schema. > Also, there are perl scripts available to convert UNIX password files to > LDIF files that can be imported to LDAP servers. So if you've already > got some of your auth info in FreeBSD, you can easily export it to LDAP. > (I don't remember the link, if you can't find it contact me and I'll > track down where I got them from) > > Hope this helps, > Bill > > -- > If a bird in the hand is worth two in the bush, > then what can I get for two hands in the bush? > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message