Date: Thu, 9 Jun 2016 18:49:53 -0400 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-current@freebsd.org Subject: Re: [CFT] ypldap testing against OpenLDAP and Microsoft Active Directory Message-ID: <b5d81132-63e6-6d53-c97d-5c709e748e2b@FreeBSD.org> In-Reply-To: <CAG=rPVfjzjh=Qb8Y%2BFsXgoLOA0UCf_mgJu32=wHUHjPjMFjvyA@mail.gmail.com> References: <CAG=rPVeiPvfBdnmieEHG_0Jp8ZxvTQr-sLdSkutWD5cYhdk9SA@mail.gmail.com> <7c39e5ac-3ed7-f19a-e175-d27af07eea47@delphij.net> <CAG=rPVfjzjh=Qb8Y%2BFsXgoLOA0UCf_mgJu32=wHUHjPjMFjvyA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Es5OKPpun0CiEi4BdPEEsDH8EXs78R7bF Content-Type: multipart/mixed; boundary="xjgH5SXE5GQnoj6c0IxraP1U77wAoW4rF" From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-current@freebsd.org Message-ID: <b5d81132-63e6-6d53-c97d-5c709e748e2b@FreeBSD.org> Subject: Re: [CFT] ypldap testing against OpenLDAP and Microsoft Active Directory References: <CAG=rPVeiPvfBdnmieEHG_0Jp8ZxvTQr-sLdSkutWD5cYhdk9SA@mail.gmail.com> <7c39e5ac-3ed7-f19a-e175-d27af07eea47@delphij.net> <CAG=rPVfjzjh=Qb8Y+FsXgoLOA0UCf_mgJu32=wHUHjPjMFjvyA@mail.gmail.com> In-Reply-To: <CAG=rPVfjzjh=Qb8Y+FsXgoLOA0UCf_mgJu32=wHUHjPjMFjvyA@mail.gmail.com> --xjgH5SXE5GQnoj6c0IxraP1U77wAoW4rF Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 09/06/2016 18:34, Craig Rodrigues wrote: > There is still value to ypldap as it is now, and getting feedback from > users (especially Active Directory) would be very useful. > If someone could document a configuration which uses IPSEC or OpenSSH > forwarding, that would be nice. >=20 > In future, maybe someone in OpenBSD or FreeBSD will implement things li= ke > LDAP over SSL. What advantages does ypldap offer over nss-pam-ldapd (in ports) ? nss-pam-ldapd can use both ldap+STARTTLS or ldaps to encrypt data in transit, and I find it works very well for using OpenLDAP as a central account database. I believe it works with AD, but haven't tried that myself. Cheers, Matthew --xjgH5SXE5GQnoj6c0IxraP1U77wAoW4rF-- --Es5OKPpun0CiEi4BdPEEsDH8EXs78R7bF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJXWfKRXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATiVIQAIyghOOMqmxboxfZN5uY2grS xCdpycp8QVa88IOOZQaroZxo3htStrKCuGnPJap4sjLtGb9DUj/NOFQWTKlg339B eO9vtfgceaI52Nn4e6io4bdie1pDnC5hNUMiVc/cCSmO8EHeYck59+iDsSF/lWk7 LJXv9IFXrxgf4kLEOhDv8C1ei1YtvJqdeeJ3joWxy1Lj8UQe8KAO62bvRIxms7hL FAbK5igiOg0YOeroBUQTzoBjsrL8Z6xd5wvXXnUqHSheNmguIUbMe4TenEuc9+qe Nt36K6CfHj/KaZHK4VARC7O1DY9i4rJ9K/gcoRcglQE5pYb3lWV9sRepsxQ5nd5/ 6Agq7IYUS7Iu1EM/rjXL/L1UR526AKrB6wxG/3ncUfUE9O0qHGLdqiYx64qvLIXW uLCWO4U6QscLRaMCuF+kZmejIUykBwQ9CJYYJxbxNW4A7/Oqwpez7jEIHXz2b8D3 bMkW5KebVqvSW3FW79A6BSmscK+o/By/6X2l2y3wzLdX4fphRuYnO4/hpyBNSAQD oyDu9aFOQ0HyvmLKNLbW+ducQFSdugIGI8+QwXrzq/JCYsW3iTVdckHiDRo+Gs0q ZlZMycy76lb4SR0eaF5crC7OskxDkwry0iWBMLaCwIZXTuK5Q2OiX0opAX/4tn+0 rmEWrJyTt0lWspiLKfBD =WKO1 -----END PGP SIGNATURE----- --Es5OKPpun0CiEi4BdPEEsDH8EXs78R7bF--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b5d81132-63e6-6d53-c97d-5c709e748e2b>