| 1 |
On 19 February 2014 05:11:12 CET, Pandu Poluan <pandu@××××××.info> wrote: |
| 2 |
>On Feb 18, 2014 1:13 PM, "J. Roeleveld" <joost@××××××××.org> wrote: |
| 3 |
>> |
| 4 |
>> On 18 February 2014 06:03:02 CET, Pandu Poluan <pandu@××××××.info> |
| 5 |
>wrote: |
| 6 |
>> >Hello list! |
| 7 |
>> > |
| 8 |
>> >I'm planning to replace an Active Directory server currently |
| 9 |
>> >functioning |
| 10 |
>> >*only* as an LDAP server, with a dedicated Linux-based LDAP server. |
| 11 |
>> > |
| 12 |
>> >Now, the function of the LDAP server is at the moment: |
| 13 |
>> >* Provide the settings database for Axigen email server |
| 14 |
>> >* Provide group membership for BlueCoat proxy (who allowed to access |
| 15 |
>> >what) |
| 16 |
>> >* Provide group membership for FreeRADIUS |
| 17 |
>> >* Provide group membership for Fortinet VPN |
| 18 |
>> > |
| 19 |
>> >The day-to-day management will be handled be another division, and |
| 20 |
>I'm |
| 21 |
>> >quite sure that they prefer a GUI, so the solution really should |
| 22 |
>have a |
| 23 |
>> >GUI |
| 24 |
>> >support (either Windows-based 'client' or web-based admin console). |
| 25 |
>> > |
| 26 |
>> >Apparently, there are now many implementations of LDAP in the *nix |
| 27 |
>> >world, |
| 28 |
>> >such as OpenLDAP, OpenDS, ApacheDS, and 389DS. |
| 29 |
>> > |
| 30 |
>> >Have any of you experiences with them? Which one do you think is the |
| 31 |
>> >most |
| 32 |
>> >mature and supported? And, quite importantly, which one has a GUI |
| 33 |
>> >front-end? |
| 34 |
>> > |
| 35 |
>> >Rgds, |
| 36 |
>> >-- |
| 37 |
>> |
| 38 |
>> Openldap has a webbased gui: phpldapadmin. |
| 39 |
>> |
| 40 |
>> Both are in the tree. |
| 41 |
>> |
| 42 |
>> I use this myself for all the user accounts. Allowing me to only |
| 43 |
>maintain |
| 44 |
>a single repository for all the services and desktops. |
| 45 |
>> |
| 46 |
>> Not been able to get ms windows to authenticate against it though. |
| 47 |
>But |
| 48 |
>that requires further tools to be properly configured. (Think samba as |
| 49 |
>a DC) |
| 50 |
>> |
| 51 |
> |
| 52 |
>Interesting... thanks for the heads up! |
| 53 |
> |
| 54 |
>MS Windows authentication is not necessary, since this AD server is not |
| 55 |
>used for that purpose... |
| 56 |
> |
| 57 |
>Rgds, |
| 58 |
>-- |
| 59 |
|
| 60 |
If MS Windows is not necessary, then I can help with the config. |
| 61 |
I got the following authenticating succesfully: |
| 62 |
Linux accounts (PAM) |
| 63 |
Apache |
| 64 |
Egroupware |
| 65 |
OpenKM |
| 66 |
Samba |
| 67 |
Squirrelmail and gallery authenticate against Apache |
| 68 |
|
| 69 |
For these I can help you with the necessary config. For others we'll need to see what to configure where. |
| 70 |
|
| 71 |
And backups are really easy with no downtime. (Export to LDIF) |
| 72 |
|
| 73 |
-- |
| 74 |
|
| 75 |
Joost |
| 76 |
-- |
| 77 |
Sent from my Android device with K-9 Mail. Please excuse my brevity. |
Archives