Date: Mon, 13 Jun 2016 14:46:04 +0200 From: Jan Bramkamp <crest@rlwinm.de> To: freebsd-current@freebsd.org Subject: Re: [CFT] ypldap testing against OpenLDAP and Microsoft Active Directory Message-ID: <6f2f1234-1d12-7796-f0b5-9da5a44585db@rlwinm.de> In-Reply-To: <575ACEB2.2030307@wemm.org> References: <CAG=rPVeiPvfBdnmieEHG_0Jp8ZxvTQr-sLdSkutWD5cYhdk9SA@mail.gmail.com> <7c39e5ac-3ed7-f19a-e175-d27af07eea47@delphij.net> <CAG=rPVfjzjh=Qb8Y%2BFsXgoLOA0UCf_mgJu32=wHUHjPjMFjvyA@mail.gmail.com> <b5d81132-63e6-6d53-c97d-5c709e748e2b@FreeBSD.org> <575ACEB2.2030307@wemm.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10/06/16 16:29, Peter Wemm wrote: > On 6/9/16 6:49 PM, Matthew Seaman wrote: >> On 09/06/2016 18:34, Craig Rodrigues wrote: >>> There is still value to ypldap as it is now, and getting feedback from >>> users (especially Active Directory) would be very useful. >>> If someone could document a configuration which uses IPSEC or OpenSSH >>> forwarding, that would be nice. >>> >>> In future, maybe someone in OpenBSD or FreeBSD will implement things >>> like >>> LDAP over SSL. >> >> What advantages does ypldap offer over nss-pam-ldapd (in ports) ? >> nss-pam-ldapd can use both ldap+STARTTLS or ldaps to encrypt data in >> transit, and I find it works very well for using OpenLDAP as a central >> account database. I believe it works with AD, but haven't tried that >> myself. >> >> Cheers, >> >> Matthew >> >> > > We used nss-pam-ldapd quite successfully in the freebsd.org cluster > during our transition away from YP/NIS, for what it's worth. Did you try the OpenLDAP nssov overlay? It replaces nslcd by reimplementing the protocol spoken between nslcd and nss_ldap/pam_ldap directly inside slapd. This allows slapd to cache or replicate the data locally without resorting to the broken nscd.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6f2f1234-1d12-7796-f0b5-9da5a44585db>