The translation is temporarily closed for contributions due to maintenance, please come back later.

Source string Read only

(itstool) path: info/copyright
Context English State
_ translator-credits
LDAP Authentication

<personname> <firstname>Toby</firstname> <surname>Burress</surname> </personname> <affiliation> <_:address-1/> </affiliation>
<year>2007</year> <year>2008</year> <holder>The FreeBSD Documentation Project</holder>
FreeBSD is a registered trademark of the FreeBSD Foundation.
Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the <quote>™</quote> or the <quote>®</quote> symbol.
This document is intended as a guide for the configuration of an LDAP server (principally an <application>OpenLDAP</application> server) for authentication on FreeBSD. This is useful for situations where many servers need the same user accounts, for example as a replacement for <application>NIS</application>.
This document is intended to give the reader enough of an understanding of LDAP to configure an LDAP server. This document will attempt to provide an explanation of <package>net/nss_ldap</package> and <package>security/pam_ldap</package> for use with client machines services for use with the LDAP server.
When finished, the reader should be able to configure and deploy a FreeBSD server that can host an LDAP directory, and to configure and deploy a FreeBSD server which can authenticate against an LDAP directory.
This article is not intended to be an exhaustive account of the security, robustness, or best practice considerations for configuring LDAP or the other services discussed herein. While the author takes care to do everything correctly, they do not address security issues beyond a general scope. This article should be considered to lay the theoretical groundwork only, and any actual implementation should be accompanied by careful requirement analysis.
Configuring LDAP
LDAP stands for <quote>Lightweight Directory Access Protocol</quote> and is a subset of the X.500 Directory Access Protocol. Its most recent specifications are in <link xlink:href="">RFC4510</link> and friends. Essentially it is a database that expects to be read from more often than it is written to.
The LDAP server <link xlink:href="">OpenLDAP</link> will be used in the examples in this document; while the principles here should be generally applicable to many different servers, most of the concrete administration is <application>OpenLDAP</application>-specific. There are several server versions in ports, for example <package>net/openldap24-server</package>. Client servers will need the corresponding <package>net/openldap24-client</package> libraries.
There are (basically) two areas of the LDAP service which need configuration. The first is setting up a server to receive connections properly, and the second is adding entries to the server's directory so that FreeBSD tools know how to interact with it.
Setting Up the Server for Connections
This section is specific to <application>OpenLDAP</application>. If you are using another server, you will need to consult that server's documentation.
Installing <application>OpenLDAP</application>


No matching activity found.

Browse all component changes

Source information

Source string comment
(itstool) path: info/copyright
Source string location
String age
a year ago
Source string age
a year ago
Translation file
articles/ldap-auth.pot, string 5