Date: Wed, 8 Jun 2016 23:41:50 -0700 From: Xin Li <delphij@delphij.net> To: Craig Rodrigues <rodrigc@freebsd.org>, freebsd-current Current <freebsd-current@freebsd.org> Cc: d@delphij.net, =?UTF-8?B?6LW15paw?= <quakelee@gmail.com> Subject: Re: [CFT] ypldap testing against OpenLDAP and Microsoft Active Directory Message-ID: <7c39e5ac-3ed7-f19a-e175-d27af07eea47@delphij.net> In-Reply-To: <CAG=rPVeiPvfBdnmieEHG_0Jp8ZxvTQr-sLdSkutWD5cYhdk9SA@mail.gmail.com> References: <CAG=rPVeiPvfBdnmieEHG_0Jp8ZxvTQr-sLdSkutWD5cYhdk9SA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --uFnBlcCoesH5DcAExaw1g3lGLqvsk791E Content-Type: multipart/mixed; boundary="npWp36kqiqKR4DonWdt9n0Jb87WrbrQi8" From: Xin Li <delphij@delphij.net> To: Craig Rodrigues <rodrigc@freebsd.org>, freebsd-current Current <freebsd-current@freebsd.org> Cc: d@delphij.net, =?UTF-8?B?6LW15paw?= <quakelee@gmail.com> Message-ID: <7c39e5ac-3ed7-f19a-e175-d27af07eea47@delphij.net> Subject: Re: [CFT] ypldap testing against OpenLDAP and Microsoft Active Directory References: <CAG=rPVeiPvfBdnmieEHG_0Jp8ZxvTQr-sLdSkutWD5cYhdk9SA@mail.gmail.com> In-Reply-To: <CAG=rPVeiPvfBdnmieEHG_0Jp8ZxvTQr-sLdSkutWD5cYhdk9SA@mail.gmail.com> --npWp36kqiqKR4DonWdt9n0Jb87WrbrQi8 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 6/8/16 23:10, Craig Rodrigues wrote: > Hi, >=20 > I have worked with Marcelo Araujo to port OpenBSD's ypldap to FreeBSD > current. >=20 > In latest current, it should be possible to put in /etc/rc.conf: >=20 > nis_ypldap_enable=3D"YES" > to activate the ypldap daemon. >=20 > When set up properly, it should be possible to log into FreeBSD, and ha= ve > the backend password database come from an LDAP database such > as OpenLDAP >=20 > There is some documentation for setting this up, but it is OpenBSD spec= ific: >=20 > http://obfuscurity.com/2009/08/OpenBSD-as-an-LDAP-Client > http://puffysecurity.com/wiki/ypldap.html#2 >=20 > I did not bother porting the OpenBSD LDAP server to FreeBSD, so that > information > does not apply. I figure that openldap from ports should work fine. >=20 > I was wondering if there is someone out there familiar enough with LDAP= > and has a setup they can test this stuff out with, provide feedback, an= d > help > improve the documentation for FreeBSD? Looks like it would be a fun weekend project. I've cc'ed a potential person who may be interested in this as well. But will this worth the effort? (I think the current implementation would do everything with plaintext protocol over wire, so while it extends life for legacy applications that are still using NIS/YP, it doesn't seem to be something that we should recommend end user to use?) > I would also be interested in hearing from someone who can see if > ypldap can work against a Microsoft Active Directory setup? Cheers, --npWp36kqiqKR4DonWdt9n0Jb87WrbrQi8-- --uFnBlcCoesH5DcAExaw1g3lGLqvsk791E Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXWQ+xAAoJEJW2GBstM+ns2W4QAJa7Dmemc8bD7r3QpzepP9jJ LunLnPxCSqA2NHvjdxIihcWTH9g3JIqJZAK3qvIJJHud1jIPVKDG2uVyvbgHSweT gsAVr1l9zKrLo+nQoUksxNIulDfmGRAxSrwlclwIFUs98BS/D9RQPRbssTqZh3kK RmPOPbBS0N1TEKbgcobsFTBK/VLhV2e6H35MPTQSpL6rCzgkCgVXbjkTynVYJTpH Aze4LqevCb0U6ot1scczhPfUuqZTL0BT9+mKB+yEyef3jYuUf7e9NZrouImHNGpE ftPjyVOXeTq7sDB3vOeQa0BPUz6RWui15SCq6DAImmighAKaGeKCu2py8Ha8LbOl /IydKQ8s1beQIK8dKYxQTxenIlbieJE8pRpqnmf7yR7q3xoSfnD/Y35sTBeS4Mmz zW7wIbqpUJv71Mu9pyN0fKv/86Allj+8TXFBlSF3IO1GMYKnPou/r06a4B/26mjt 7J2AcLRY/YvxiUM04NBUL8jpBigkybXRV3VAbX2HSgEolZLB36oO6z1Ha7DT0U+0 8C9UAYllkktejRQUyZ6QTAxZHNUzMsOZtoynHLSIkyBNL60DB2bjXG4MnwP5d0G5 VYX41n5cfnHVLxrkREg0z0J5XxBjJ38dfW2qhJ0RdB2sZ1tCXO1v8X+/varOqWMh 9Hjc+86Dj3chRMsEe+X2 =oKAe -----END PGP SIGNATURE----- --uFnBlcCoesH5DcAExaw1g3lGLqvsk791E--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7c39e5ac-3ed7-f19a-e175-d27af07eea47>