On 10/06/16 16:29, Peter Wemm wrote:
On 6/9/16 6:49 PM, Matthew Seaman wrote:
On 09/06/2016 18:34, Craig Rodrigues wrote:
There is still value to ypldap as it is now, and getting feedback from
users (especially Active Directory) would be very useful.
If someone could document a configuration which uses IPSEC or OpenSSH
forwarding, that would be nice.
In future, maybe someone in OpenBSD or FreeBSD will implement things
like
LDAP over SSL.
What advantages does ypldap offer over nss-pam-ldapd (in ports) ?
nss-pam-ldapd can use both ldap+STARTTLS or ldaps to encrypt data in
transit, and I find it works very well for using OpenLDAP as a central
account database. I believe it works with AD, but haven't tried that
myself.
Cheers,
Matthew
We used nss-pam-ldapd quite successfully in the freebsd.org cluster
during our transition away from YP/NIS, for what it's worth.
Did you try the OpenLDAP nssov overlay? It replaces nslcd by
reimplementing the protocol spoken between nslcd and nss_ldap/pam_ldap
directly inside slapd. This allows slapd to cache or replicate the data
locally without resorting to the broken nscd.
_______________________________________________
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
