Date: Fri, 10 Jun 2016 10:29:06 -0400 From: Peter Wemm <peter@wemm.org> To: freebsd-current@freebsd.org Subject: Re: [CFT] ypldap testing against OpenLDAP and Microsoft Active Directory Message-ID: <575ACEB2.2030307@wemm.org> In-Reply-To: <b5d81132-63e6-6d53-c97d-5c709e748e2b@FreeBSD.org> References: <CAG=rPVeiPvfBdnmieEHG_0Jp8ZxvTQr-sLdSkutWD5cYhdk9SA@mail.gmail.com> <7c39e5ac-3ed7-f19a-e175-d27af07eea47@delphij.net> <CAG=rPVfjzjh=Qb8Y%2BFsXgoLOA0UCf_mgJu32=wHUHjPjMFjvyA@mail.gmail.com> <b5d81132-63e6-6d53-c97d-5c709e748e2b@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6/9/16 6:49 PM, Matthew Seaman wrote: > On 09/06/2016 18:34, Craig Rodrigues wrote: >> There is still value to ypldap as it is now, and getting feedback from >> users (especially Active Directory) would be very useful. >> If someone could document a configuration which uses IPSEC or OpenSSH >> forwarding, that would be nice. >> >> In future, maybe someone in OpenBSD or FreeBSD will implement things like >> LDAP over SSL. > > What advantages does ypldap offer over nss-pam-ldapd (in ports) ? > nss-pam-ldapd can use both ldap+STARTTLS or ldaps to encrypt data in > transit, and I find it works very well for using OpenLDAP as a central > account database. I believe it works with AD, but haven't tried that > myself. > > Cheers, > > Matthew > > We used nss-pam-ldapd quite successfully in the freebsd.org cluster during our transition away from YP/NIS, for what it's worth. -- Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com; KI6FJV UTF-8: for when a ' or ... just won\342\200\231t do\342\200\246
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?575ACEB2.2030307>