[nycbug-talk] OpenLDAP Server on FreeBSD-9
nycbug at wynn.com
nycbug at wynn.com
Tue Jul 24 19:19:19 EDT 2012
> On Tue, Jul 24, 2012 at 01:07:27PM -0400, nycbug at wynn.com wrote:
> > Greeting-
> >
> > I have finally decided it is time to cry UNCLE! I have been trying for some
> > many weeks to get an openldap server up and running for central auth of my
> > flock of FreeBSD and GNU/Linux boxes (GNU/Linux is on the way out) with
> > no luck.
>
> I enjoy the quote from the ldap for rocket scientists page.
> The bad news is that IOHO never has so much been written so
> incomprehensibly about a single topic with the possible exceptions of
> BIND and ... and ... (they end the sentence there.) :)
>
> I have my own, aged page, at
> http://home.roadrunner.com/~computertaijutsu/ldap.html mostly done in
> Linux on CentOS, not used on FreeBSD, though I think at one point a BSD
> box authenticated off it.
Greeting-
I just took a fast scan of your page. It looks to have better info than any
that I have found so far. I am working on only 4 hours of sleep today, so
I will probably actually read it tomorrow and then see if I can make my server
actually work.
I am really starting to hate LDAP and while I hate the "let's re-invent the
wheel thing that happens much of the time in GNU/Linux land......I think
LDAP needs to be replaced. NIS while insecure was dead simple to set up.
The combination of HESIOD and KERBOS which I used on my own network and as a
HACK-TARGET at one of the HOPE conventions was a bit more complex, but nothing
a mid-level SA could not handle, so either I am the worst 30+ year SA in the
world or LDAP should retire from the arena. My thinking is that something
like using NIS for serving out /etc/passwd (note no passwords there) and RADIUS
to do the auth would be simpler and would also be fairly secure. I bet that
if we actually put some thought to it we could come up with something even
better.
I sure hope I can make the next meeting.....have missed them the last few
months.
Thanks to everyone that responded. When I get this actually working I will
document it for others.
-Brett
More information about the talk
mailing list