[nycbug-talk] OpenLDAP Server on FreeBSD-9

nycbug at wynn.com nycbug at wynn.com
Tue Jul 24 19:19:19 EDT 2012 

> On Tue, Jul 24, 2012 at 01:07:27PM -0400, nycbug at wynn.com wrote:
> > Greeting-
> > 
> > I have finally decided it is time to cry UNCLE!  I have been trying for some
> > many weeks to get an openldap server up and running for central auth of my 
> > flock of FreeBSD and GNU/Linux boxes (GNU/Linux is on the way out) with 
> > no luck.  
> 
> I enjoy the quote from the ldap for rocket scientists page.
> The bad news is that IOHO never has so much been written so
> incomprehensibly about a single topic with the possible exceptions of
> BIND and ... and ...   (they end the sentence there.)  :)
> 
> I have my own, aged page, at
> http://home.roadrunner.com/~computertaijutsu/ldap.html mostly done in
> Linux on CentOS, not used on FreeBSD, though I think at one point a BSD
> box authenticated off it.

Greeting-

I just took a fast scan of your page.  It looks to have better info than any
that I have found so far.  I am working on only 4 hours of sleep today, so 
I will probably actually read it tomorrow and then see if I can make my server
actually work.

I am really starting to hate LDAP and while I hate the "let's re-invent the
wheel thing that happens much of the time in GNU/Linux land......I think
LDAP needs to be replaced.  NIS while insecure was dead simple to set up.
The combination of HESIOD and KERBOS which I used on my own network and as a
HACK-TARGET at one of the HOPE conventions was a bit more complex, but nothing
a mid-level SA could not handle, so either I am the worst 30+ year SA in the 
world or LDAP should retire from the arena.  My thinking is that something
like using NIS for serving out /etc/passwd (note no passwords there) and RADIUS
to do the auth would be simpler and would also be fairly secure.  I bet that
if we actually put some thought to it we could come up with something even
better.

I sure hope I can make the next meeting.....have missed them the last few 
months.

Thanks to everyone that responded.  When I get this actually working I will
document it for others.

-Brett

More information about the talk mailing list