1 |
On 19 February 2014 05:11:12 CET, Pandu Poluan <pandu@××××××.info> wrote: |
2 |
>On Feb 18, 2014 1:13 PM, "J. Roeleveld" <joost@××××××××.org> wrote: |
3 |
>> |
4 |
>> On 18 February 2014 06:03:02 CET, Pandu Poluan <pandu@××××××.info> |
5 |
>wrote: |
6 |
>> >Hello list! |
7 |
>> > |
8 |
>> >I'm planning to replace an Active Directory server currently |
9 |
>> >functioning |
10 |
>> >*only* as an LDAP server, with a dedicated Linux-based LDAP server. |
11 |
>> > |
12 |
>> >Now, the function of the LDAP server is at the moment: |
13 |
>> >* Provide the settings database for Axigen email server |
14 |
>> >* Provide group membership for BlueCoat proxy (who allowed to access |
15 |
>> >what) |
16 |
>> >* Provide group membership for FreeRADIUS |
17 |
>> >* Provide group membership for Fortinet VPN |
18 |
>> > |
19 |
>> >The day-to-day management will be handled be another division, and |
20 |
>I'm |
21 |
>> >quite sure that they prefer a GUI, so the solution really should |
22 |
>have a |
23 |
>> >GUI |
24 |
>> >support (either Windows-based 'client' or web-based admin console). |
25 |
>> > |
26 |
>> >Apparently, there are now many implementations of LDAP in the *nix |
27 |
>> >world, |
28 |
>> >such as OpenLDAP, OpenDS, ApacheDS, and 389DS. |
29 |
>> > |
30 |
>> >Have any of you experiences with them? Which one do you think is the |
31 |
>> >most |
32 |
>> >mature and supported? And, quite importantly, which one has a GUI |
33 |
>> >front-end? |
34 |
>> > |
35 |
>> >Rgds, |
36 |
>> >-- |
37 |
>> |
38 |
>> Openldap has a webbased gui: phpldapadmin. |
39 |
>> |
40 |
>> Both are in the tree. |
41 |
>> |
42 |
>> I use this myself for all the user accounts. Allowing me to only |
43 |
>maintain |
44 |
>a single repository for all the services and desktops. |
45 |
>> |
46 |
>> Not been able to get ms windows to authenticate against it though. |
47 |
>But |
48 |
>that requires further tools to be properly configured. (Think samba as |
49 |
>a DC) |
50 |
>> |
51 |
> |
52 |
>Interesting... thanks for the heads up! |
53 |
> |
54 |
>MS Windows authentication is not necessary, since this AD server is not |
55 |
>used for that purpose... |
56 |
> |
57 |
>Rgds, |
58 |
>-- |
59 |
|
60 |
If MS Windows is not necessary, then I can help with the config. |
61 |
I got the following authenticating succesfully: |
62 |
Linux accounts (PAM) |
63 |
Apache |
64 |
Egroupware |
65 |
OpenKM |
66 |
Samba |
67 |
Squirrelmail and gallery authenticate against Apache |
68 |
|
69 |
For these I can help you with the necessary config. For others we'll need to see what to configure where. |
70 |
|
71 |
And backups are really easy with no downtime. (Export to LDIF) |
72 |
|
73 |
-- |
74 |
|
75 |
Joost |
76 |
-- |
77 |
Sent from my Android device with K-9 Mail. Please excuse my brevity. |