From owner-freebsd-current@freebsd.org Thu Jun 9 06:10:09 2016 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D55D4B70EA1 for ; Thu, 9 Jun 2016 06:10:09 +0000 (UTC) (envelope-from crodr001@gmail.com) Received: from mail-oi0-x22c.google.com (mail-oi0-x22c.google.com [IPv6:2607:f8b0:4003:c06::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8CC181A10 for ; Thu, 9 Jun 2016 06:10:09 +0000 (UTC) (envelope-from crodr001@gmail.com) Received: by mail-oi0-x22c.google.com with SMTP id s139so48193331oie.2 for ; Wed, 08 Jun 2016 23:10:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:from:date:message-id:subject:to; bh=4S8gmWlXeuJzsziIRyYMjHDwGychQKPq5R/y/CIrN4g=; b=dMOvZhReiIDBGsny421T9BvISosHSxa9xIYY0e3Dkg0bFiabd5S8AIFBj7CfCm/tRx iJ41X7YtBFMgQ9zssqbyrAc8ITBSImQ0Hfl7JE4v/BXMmNJDQpITUAdj3igrFAbvg2ql D1rxKp+Ka7+PMEKu8bgVKEFvElKJbjntid7xQqsZey0965FBA5niKXoqKVXdxl4wJNbY WC6VBFNJ6ZLwsCnfnWJwMStrx+wzYWR37/x9/vrsiC8BKzZPR2cpO4LbRs1yRrwS3Ulf UJBMLgeJqDF3Mt3/HiGb7x+0BFkeIvFfK7lKK0RTzNKBo5wfqGkwSohoNNAIycdTtcf9 6X6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=4S8gmWlXeuJzsziIRyYMjHDwGychQKPq5R/y/CIrN4g=; b=BsEJZLk2Phd8hV51X+G1P2d/VbXhhHWpSoljecrCmsmo1wROPbeBl6PzOyxRJWvEK9 xL4nCRbnPvQ1kolHM2CmkH4kqeMgeMVIu4uG6K0kAw4cxGTAj6Qt3mmfKxMitS31Lt9W EgiHPGwEqZY/0lEjDOWY0134o63Z+vCNckk29WAGLSYWfqkVg0lk8s4RTu5pf6FLH/pD ds+S6dw248YHySt1dBua8CtIwVVktlb0TFx75nap7v7PwscBGZnVplYJaA5yQ/5FjVXA utEMbJPK5ILgJ3MXqLjmQhlKp+H7p9/oygrBGv7XOB6Xbn7IhTtouivIcdO84/L708mh yndw== X-Gm-Message-State: ALyK8tJai66MN0rTZgdJ3cgmT4GzSPuLU+dVKN7jvdAKUU/q/4f4rz749sOEZ2p2vsP1J+yjLbZ03Uix74KMzQ== X-Received: by 10.157.56.101 with SMTP id r34mr5162337otd.154.1465452608885; Wed, 08 Jun 2016 23:10:08 -0700 (PDT) MIME-Version: 1.0 Sender: crodr001@gmail.com Received: by 10.157.8.113 with HTTP; Wed, 8 Jun 2016 23:10:08 -0700 (PDT) From: Craig Rodrigues Date: Wed, 8 Jun 2016 23:10:08 -0700 X-Google-Sender-Auth: 6vPZdaAopprw0yaoNE6aZ-4XXB8 Message-ID: Subject: [CFT] ypldap testing against OpenLDAP and Microsoft Active Directory To: freebsd-current Current Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2016 06:10:09 -0000 Hi, I have worked with Marcelo Araujo to port OpenBSD's ypldap to FreeBSD current. In latest current, it should be possible to put in /etc/rc.conf: nis_ypldap_enable="YES" to activate the ypldap daemon. When set up properly, it should be possible to log into FreeBSD, and have the backend password database come from an LDAP database such as OpenLDAP There is some documentation for setting this up, but it is OpenBSD specific: http://obfuscurity.com/2009/08/OpenBSD-as-an-LDAP-Client http://puffysecurity.com/wiki/ypldap.html#2 I did not bother porting the OpenBSD LDAP server to FreeBSD, so that information does not apply. I figure that openldap from ports should work fine. I was wondering if there is someone out there familiar enough with LDAP and has a setup they can test this stuff out with, provide feedback, and help improve the documentation for FreeBSD? I would also be interested in hearing from someone who can see if ypldap can work against a Microsoft Active Directory setup? Thanks. -- Craig