[gentoo-user] LDAP server questions

[gentoo-user] LDAP server questions

[Pandu Poluan]

[-- Attachment #1: Type: text/plain, Size: 927 bytes --]

Hello list!

I'm planning to replace an Active Directory server currently functioning
*only* as an LDAP server, with a dedicated Linux-based LDAP server.

Now, the function of the LDAP server is at the moment:
* Provide the settings database for Axigen email server
* Provide group membership for BlueCoat proxy (who allowed to access what)
* Provide group membership for FreeRADIUS
* Provide group membership for Fortinet VPN

The day-to-day management will be handled be another division, and I'm
quite sure that they prefer a GUI, so the solution really should have a GUI
support (either Windows-based 'client' or web-based admin console).

Apparently, there are now many implementations of LDAP in the *nix world,
such as OpenLDAP, OpenDS, ApacheDS, and 389DS.

Have any of you experiences with them? Which one do you think is the most
mature and supported? And, quite importantly, which one has a GUI front-end?

Rgds,
--

[-- Attachment #2: Type: text/html, Size: 1082 bytes --]

Re: [gentoo-user] LDAP server questions

[J. Roeleveld]

On 18 February 2014 06:03:02 CET, Pandu Poluan <pandu@poluan.info> wrote:
>Hello list!
>
>I'm planning to replace an Active Directory server currently
>functioning
>*only* as an LDAP server, with a dedicated Linux-based LDAP server.
>
>Now, the function of the LDAP server is at the moment:
>* Provide the settings database for Axigen email server
>* Provide group membership for BlueCoat proxy (who allowed to access
>what)
>* Provide group membership for FreeRADIUS
>* Provide group membership for Fortinet VPN
>
>The day-to-day management will be handled be another division, and I'm
>quite sure that they prefer a GUI, so the solution really should have a
>GUI
>support (either Windows-based 'client' or web-based admin console).
>
>Apparently, there are now many implementations of LDAP in the *nix
>world,
>such as OpenLDAP, OpenDS, ApacheDS, and 389DS.
>
>Have any of you experiences with them? Which one do you think is the
>most
>mature and supported? And, quite importantly, which one has a GUI
>front-end?
>
>Rgds,
>--

Openldap has a webbased gui: phpldapadmin.

Both are in the tree.

I use this myself for all the user accounts. Allowing me to only maintain a single repository for all the services and desktops.

Not been able to get ms windows to authenticate against it though. But that requires further tools to be properly configured. (Think samba as a DC)

--
Joost
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: [gentoo-user] LDAP server questions

[Pandu Poluan]

[-- Attachment #1: Type: text/plain, Size: 1669 bytes --]

On Feb 18, 2014 1:13 PM, "J. Roeleveld" <joost@antarean.org> wrote:
>
> On 18 February 2014 06:03:02 CET, Pandu Poluan <pandu@poluan.info> wrote:
> >Hello list!
> >
> >I'm planning to replace an Active Directory server currently
> >functioning
> >*only* as an LDAP server, with a dedicated Linux-based LDAP server.
> >
> >Now, the function of the LDAP server is at the moment:
> >* Provide the settings database for Axigen email server
> >* Provide group membership for BlueCoat proxy (who allowed to access
> >what)
> >* Provide group membership for FreeRADIUS
> >* Provide group membership for Fortinet VPN
> >
> >The day-to-day management will be handled be another division, and I'm
> >quite sure that they prefer a GUI, so the solution really should have a
> >GUI
> >support (either Windows-based 'client' or web-based admin console).
> >
> >Apparently, there are now many implementations of LDAP in the *nix
> >world,
> >such as OpenLDAP, OpenDS, ApacheDS, and 389DS.
> >
> >Have any of you experiences with them? Which one do you think is the
> >most
> >mature and supported? And, quite importantly, which one has a GUI
> >front-end?
> >
> >Rgds,
> >--
>
> Openldap has a webbased gui: phpldapadmin.
>
> Both are in the tree.
>
> I use this myself for all the user accounts. Allowing me to only maintain
a single repository for all the services and desktops.
>
> Not been able to get ms windows to authenticate against it though. But
that requires further tools to be properly configured. (Think samba as a DC)
>

Interesting... thanks for the heads up!

MS Windows authentication is not necessary, since this AD server is not
used for that purpose...

Rgds,
--

[-- Attachment #2: Type: text/html, Size: 2232 bytes --]

Re: [gentoo-user] LDAP server questions

[J. Roeleveld]

On 19 February 2014 05:11:12 CET, Pandu Poluan <pandu@poluan.info> wrote:
>On Feb 18, 2014 1:13 PM, "J. Roeleveld" <joost@antarean.org> wrote:
>>
>> On 18 February 2014 06:03:02 CET, Pandu Poluan <pandu@poluan.info>
>wrote:
>> >Hello list!
>> >
>> >I'm planning to replace an Active Directory server currently
>> >functioning
>> >*only* as an LDAP server, with a dedicated Linux-based LDAP server.
>> >
>> >Now, the function of the LDAP server is at the moment:
>> >* Provide the settings database for Axigen email server
>> >* Provide group membership for BlueCoat proxy (who allowed to access
>> >what)
>> >* Provide group membership for FreeRADIUS
>> >* Provide group membership for Fortinet VPN
>> >
>> >The day-to-day management will be handled be another division, and
>I'm
>> >quite sure that they prefer a GUI, so the solution really should
>have a
>> >GUI
>> >support (either Windows-based 'client' or web-based admin console).
>> >
>> >Apparently, there are now many implementations of LDAP in the *nix
>> >world,
>> >such as OpenLDAP, OpenDS, ApacheDS, and 389DS.
>> >
>> >Have any of you experiences with them? Which one do you think is the
>> >most
>> >mature and supported? And, quite importantly, which one has a GUI
>> >front-end?
>> >
>> >Rgds,
>> >--
>>
>> Openldap has a webbased gui: phpldapadmin.
>>
>> Both are in the tree.
>>
>> I use this myself for all the user accounts. Allowing me to only
>maintain
>a single repository for all the services and desktops.
>>
>> Not been able to get ms windows to authenticate against it though.
>But
>that requires further tools to be properly configured. (Think samba as
>a DC)
>>
>
>Interesting... thanks for the heads up!
>
>MS Windows authentication is not necessary, since this AD server is not
>used for that purpose...
>
>Rgds,
>--

If MS Windows is not necessary, then I can help with the config.
I got the following authenticating succesfully:
Linux accounts (PAM)
Apache
Egroupware
OpenKM
Samba
Squirrelmail and gallery authenticate against Apache

For these I can help you with the necessary config. For others we'll need to see what to configure where.

And backups are really easy with no downtime. (Export to LDIF)

--

Joost
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.