Using ldap everywhere ...

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

Using ldap everywhere ...

a. e.
Hi everybody,



I'm trying to set up a web/mail/dns/ftp/etc. ... using ldap everywhere...

But It seems that serving ns zones over ldap is not possible on OpenBSD... The
sdb-ldap backend is not in the OpenBSD ports...

For the Apache vhosts, i've found that module mod_ldapvhost. But it's almost
not documented...



I can manage easily the link between Postfix/ldap Ftp/ldap courrier/ldap.



Do you have some advices, comments, links to provide for the setup of dns/ldap
& apache/ldap on OpenBSD ?...

I really don't want to do this on ubuntu...



Regards.

ae.

_________________________________________________________________
Tiliphonez gratuitement ` tous vos proches avec Windows Live Messenger  !
Tilichargez-le maintenant !
http://www.windowslive.fr/messenger/1.asp

Reply | Threaded
Open this post in threaded view
|

Re: Using ldap everywhere ...

a. e.
> Hi everybody,
>
>
>
> I'm trying to set up a web/mail/dns/ftp/etc. ... using ldap everywhere...
>
> But It seems that serving ns zones over ldap is not possible on OpenBSD...
The
> sdb-ldap backend is not in the OpenBSD ports...
>
> For the Apache vhosts, i've found that module mod_ldapvhost. But it's
almost
> not documented...
>
>
>
> I can manage easily the link between Postfix/ldap Ftp/ldap courrier/ldap.
>
>
>
> Do you have some advices, comments, links to provide for the setup of
dns/ldap
> & apache/ldap on OpenBSD ?...
>
> I really don't want to do this on ubuntu...
>
>
>
> Regards.
>
> ae.

I really need your point of view and your advices about this... could anyone
help ?...

Regards
ae.

_________________________________________________________________
Vous voulez savoir ce que vous pouvez faire avec le nouveau Windows Live ?
Lancez-vous !
http://www.microsoft.com/windows/windowslive/default.aspx

Reply | Threaded
Open this post in threaded view
|

Re: Using ldap everywhere ...

Alexander Hall
In reply to this post by a. e.
Since you seem to get few responses to this, I'll give you my $.02 here:

After years of using OpenBSD, I've come to the conclusion that OpenBSD
is best served with as little fuzz as possible (using what's in the base
system if at all possible). Of course you can install ISC bind if that
helps and mod_ldapvhost too but I really fear all that will give you in
the end is a frankenstein system that requires quite a struggle to keep
up-to-date and patched etc.

Asking for howto's (not even finding any from the googling you seem to
have done) on how to setup this is to me a warning sign that things are
going to be messy at best. Those you'll find, if any, will likely be
quite outdated.

But what the heck - go ahead! Take one service at the time, and have fun
trying. You'll definitely learn stuff on the way. If you succeed you can
even write a howto for others in the same situation! :-)

/Alexander (who has never really used ldap, btw)

a. e. wrote:

> Hi everybody,
>
>
>
> I'm trying to set up a web/mail/dns/ftp/etc. ... using ldap everywhere...
>
> But It seems that serving ns zones over ldap is not possible on OpenBSD... The
> sdb-ldap backend is not in the OpenBSD ports...
>
> For the Apache vhosts, i've found that module mod_ldapvhost. But it's almost
> not documented...
>
>
>
> I can manage easily the link between Postfix/ldap Ftp/ldap courrier/ldap.
>
>
>
> Do you have some advices, comments, links to provide for the setup of dns/ldap
> & apache/ldap on OpenBSD ?...
>
> I really don't want to do this on ubuntu...
>
>
>
> Regards.
>
> ae.
>
> _________________________________________________________________
> Tiliphonez gratuitement ` tous vos proches avec Windows Live Messenger  !
> Tilichargez-le maintenant !
> http://www.windowslive.fr/messenger/1.asp

Reply | Threaded
Open this post in threaded view
|

Re: Using ldap everywhere ...

Marc Balmer-2
Am 04.03.2009 um 15:15 schrieb Alexander Hall:

> Since you seem to get few responses to this, I'll give you my $.02  
> here:
>
> After years of using OpenBSD, I've come to the conclusion that  
> OpenBSD is best served with as little fuzz as possible (using what's  
> in the base system if at all possible). Of course you can install  
> ISC bind if that helps and mod_ldapvhost too but I really fear all  
> that will give you in the end is a frankenstein system that requires  
> quite a struggle to keep up-to-date and patched etc.

Using a module in httpd does not frankensteinice your system.  modules  
are there to
extend the webserver.  and mod_ldapvhost is particularly stable and  
used on some
larger webserver, trust me, I know the developer... (though the module  
certainly has
some rough edges)

>
> Asking for howto's (not even finding any from the googling you seem  
> to have done) on how to setup this is to me a warning sign that  
> things are going to be messy at best. Those you'll find, if any,  
> will likely be quite outdated.
>
> But what the heck - go ahead! Take one service at the time, and have  
> fun trying. You'll definitely learn stuff on the way. If you succeed  
> you can even write a howto for others in the same situation! :-)
>
> /Alexander (who has never really used ldap, btw)
>
> a. e. wrote:
>> Hi everybody,
>> I'm trying to set up a web/mail/dns/ftp/etc. ... using ldap  
>> everywhere...
>> But It seems that serving ns zones over ldap is not possible on  
>> OpenBSD... The
>> sdb-ldap backend is not in the OpenBSD ports...
>> For the Apache vhosts, i've found that module mod_ldapvhost. But  
>> it's almost
>> not documented...
>> I can manage easily the link between Postfix/ldap Ftp/ldap courrier/
>> ldap.
>> Do you have some advices, comments, links to provide for the setup  
>> of dns/ldap
>> & apache/ldap on OpenBSD ?...
>> I really don't want to do this on ubuntu...
>> Regards.
>> ae.
>> _________________________________________________________________
>> Tiliphonez gratuitement ` tous vos proches avec Windows Live  
>> Messenger  ! Tilichargez-le maintenant !
>> http://www.windowslive.fr/messenger/1.asp

Reply | Threaded
Open this post in threaded view
|

Re: Using ldap everywhere ...

a. e.
In reply to this post by Alexander Hall
I totally agree with what you say...

But the goal of our jobs is to satisfy the user and to help him to get what he
wants. Saying that i'm not saying I will forget security, performance and
stability.

My specific goal is to manage, over openldap the maximum of services. I've
been using OpenBSD since the 2.9. My web hosting server is up and running for
so many years. I've always managed to get everything functionnal with the
minimum possible of mess. I'm trying to advocate that OS because I think it's
the only really secured and capable to manage a real High Performance and High
Usage system. I've switched so many servers from Linux to OpenBsd everywhere I
worked...

Otherwise, if I accept the point of view that it's better to use an OpenBSD
out of the box without a lot of custimization and with the minimum of software
installed, I should accept the fact that I can't do all I want with that OS
(All I want as server). that also means that For some usages I have to use
Linux. I love Linux as a desktop. But I really want to only use OpenBSD as
server.

Anyway thank's A LOT for the response, sincerly, and excuse my poor frenchy
english.

Best Regards
ae.


> Date: Wed, 4 Mar 2009 15:15:18 +0100
> From: [hidden email]
> To: [hidden email]
> Subject: Re: Using ldap everywhere ...
>
> Since you seem to get few responses to this, I'll give you my $.02 here:
>
> After years of using OpenBSD, I've come to the conclusion that OpenBSD
> is best served with as little fuzz as possible (using what's in the base
> system if at all possible). Of course you can install ISC bind if that
> helps and mod_ldapvhost too but I really fear all that will give you in
> the end is a frankenstein system that requires quite a struggle to keep
> up-to-date and patched etc.
>
> Asking for howto's (not even finding any from the googling you seem to
> have done) on how to setup this is to me a warning sign that things are
> going to be messy at best. Those you'll find, if any, will likely be
> quite outdated.
>
> But what the heck - go ahead! Take one service at the time, and have fun
> trying. You'll definitely learn stuff on the way. If you succeed you can
> even write a howto for others in the same situation! :-)
>
> /Alexander (who has never really used ldap, btw)
>
> a. e. wrote:
> > Hi everybody,
> >
> >
> >
> > I'm trying to set up a web/mail/dns/ftp/etc. ... using ldap everywhere...
> >
> > But It seems that serving ns zones over ldap is not possible on OpenBSD...
The
> > sdb-ldap backend is not in the OpenBSD ports...
> >
> > For the Apache vhosts, i've found that module mod_ldapvhost. But it's
almost
> > not documented...
> >
> >
> >
> > I can manage easily the link between Postfix/ldap Ftp/ldap courrier/ldap.
> >
> >
> >
> > Do you have some advices, comments, links to provide for the setup of
dns/ldap

> > & apache/ldap on OpenBSD ?...
> >
> > I really don't want to do this on ubuntu...
> >
> >
> >
> > Regards.
> >
> > ae.
> >
> > _________________________________________________________________
> > Tiliphonez gratuitement ` tous vos proches avec Windows Live Messenger !
> > Tilichargez-le maintenant !
> > http://www.windowslive.fr/messenger/1.asp
>

_________________________________________________________________
Dicouvrez toutes les possibilitis de communication avec vos proches
http://www.microsoft.com/windows/windowslive/default.aspx

Reply | Threaded
Open this post in threaded view
|

Re: Using ldap everywhere ...

a. e.
In reply to this post by Marc Balmer-2
> CC: [hidden email]
> From: [hidden email]
> To: [hidden email]
> Subject: Re: Using ldap everywhere ...
> Date: Wed, 4 Mar 2009 16:51:15 +0100
>
> Am 04.03.2009 um 15:15 schrieb Alexander Hall:
>
> > Since you seem to get few responses to this, I'll give you my $.02
> > here:
> >
> > After years of using OpenBSD, I've come to the conclusion that
> > OpenBSD is best served with as little fuzz as possible (using what's
> > in the base system if at all possible). Of course you can install
> > ISC bind if that helps and mod_ldapvhost too but I really fear all
> > that will give you in the end is a frankenstein system that requires
> > quite a struggle to keep up-to-date and patched etc.
>
> Using a module in httpd does not frankensteinice your system. modules
> are there to
> extend the webserver. and mod_ldapvhost is particularly stable and
> used on some
> larger webserver, trust me, I know the developer... (though the module
> certainly has
> some rough edges)


Hi,



Thank's for the reaction...
Could you point me to a documentation of the mod_ldapvhost ?... Because My
apache has the module loaded and activated. The OpenLdap server loads the
vhost schema. But apache doesn't even try to connect to the ldap server...


> >
> > Asking for howto's (not even finding any from the googling you seem
> > to have done) on how to setup this is to me a warning sign that
> > things are going to be messy at best. Those you'll find, if any,
> > will likely be quite outdated.
> >
> > But what the heck - go ahead! Take one service at the time, and have
> > fun trying. You'll definitely learn stuff on the way. If you succeed
> > you can even write a howto for others in the same situation! :-)
> >
> > /Alexander (who has never really used ldap, btw)
> >
> > a. e. wrote:
> >> Hi everybody,
> >> I'm trying to set up a web/mail/dns/ftp/etc. ... using ldap
> >> everywhere...
> >> But It seems that serving ns zones over ldap is not possible on
> >> OpenBSD... The
> >> sdb-ldap backend is not in the OpenBSD ports...
> >> For the Apache vhosts, i've found that module mod_ldapvhost. But
> >> it's almost
> >> not documented...
> >> I can manage easily the link between Postfix/ldap Ftp/ldap courrier/
> >> ldap.
> >> Do you have some advices, comments, links to provide for the setup
> >> of dns/ldap
> >> & apache/ldap on OpenBSD ?...
> >> I really don't want to do this on ubuntu...
> >> Regards.
> >> ae.
> >> _________________________________________________________________
> >> Tiliphonez gratuitement ` tous vos proches avec Windows Live
> >> Messenger ! Tilichargez-le maintenant !
> >> http://www.windowslive.fr/messenger/1.asp
>


_________________________________________________________________
Dicouvrez toutes les possibilitis de communication avec vos proches
http://www.microsoft.com/windows/windowslive/default.aspx

Reply | Threaded
Open this post in threaded view
|

Re: Using ldap everywhere ...

Piotr Sikora
In reply to this post by a. e.
> But It seems that serving ns zones over ldap is not possible on OpenBSD...
> The
> sdb-ldap backend is not in the OpenBSD ports...

You can add dlz-ldap backend to OpenBSD's bind.

All you need to do (assuming that you've got OpenBSD's sources in /usr/src
and bind-9.4.2-P2.tar.gz unpacked in your working directory):
1) cp -R bind-9.4.2-P2/contrib /usr/src/usr.sbin/bind/
2) cp bind-9.4.2-P2/configure /usr/src/usr.sbin/bind/
3) edit configure script and remove all *tests* from ac_config_files
4) add "--with-dlz-ldap=yes" to CONFIGURE_OPTS in Makefile.bsd-wrapper
5) rebuild bind

Best regards,
Piotr Sikora < [hidden email] >

Reply | Threaded
Open this post in threaded view
|

Re: Using ldap everywhere ...

Alexander Hall
In reply to this post by Marc Balmer-2
Marc Balmer wrote:

> Am 04.03.2009 um 15:15 schrieb Alexander Hall:
>
>> Since you seem to get few responses to this, I'll give you my $.02 here:
>>
>> After years of using OpenBSD, I've come to the conclusion that OpenBSD
>> is best served with as little fuzz as possible (using what's in the
>> base system if at all possible). Of course you can install ISC bind if
>> that helps and mod_ldapvhost too but I really fear all that will give
>> you in the end is a frankenstein system that requires quite a struggle
>> to keep up-to-date and patched etc.
>
> Using a module in httpd does not frankensteinice your system.  modules
> are there to
> extend the webserver.  and mod_ldapvhost is particularly stable and used
> on some
> larger webserver, trust me, I know the developer... (though the module
> certainly has
> some rough edges)

I stand corrected. I incorrectly assumed it was some old unmaintained
non-ported piece of software. I'm sorry if I offended anyone. :-)

>> Asking for howto's (not even finding any from the googling you seem to
>> have done) on how to setup this is to me a warning sign that things
>> are going to be messy at best. Those you'll find, if any, will likely
>> be quite outdated.
>>
>> But what the heck - go ahead! Take one service at the time, and have
>> fun trying. You'll definitely learn stuff on the way. If you succeed
>> you can even write a howto for others in the same situation! :-)
>>
>> /Alexander (who has never really used ldap, btw)
>>
>> a. e. wrote:
>>> Hi everybody,
>>> I'm trying to set up a web/mail/dns/ftp/etc. ... using ldap
>>> everywhere...
>>> But It seems that serving ns zones over ldap is not possible on
>>> OpenBSD... The
>>> sdb-ldap backend is not in the OpenBSD ports...
>>> For the Apache vhosts, i've found that module mod_ldapvhost. But it's
>>> almost
>>> not documented...
>>> I can manage easily the link between Postfix/ldap Ftp/ldap
>>> courrier/ldap.
>>> Do you have some advices, comments, links to provide for the setup of
>>> dns/ldap
>>> & apache/ldap on OpenBSD ?...
>>> I really don't want to do this on ubuntu...
>>> Regards.
>>> ae.
>>> _________________________________________________________________
>>> Tiliphonez gratuitement ` tous vos proches avec Windows Live
>>> Messenger  ! Tilichargez-le maintenant !
>>> http://www.windowslive.fr/messenger/1.asp

Reply | Threaded
Open this post in threaded view
|

Re: Using ldap everywhere ...

Alexander Hall
In reply to this post by a. e.
a. e. wrote:

> I totally agree with what you say...
>
> But the goal of our jobs is to satisfy the user and to help him to get what he
> wants. Saying that i'm not saying I will forget security, performance and
> stability.
>
> My specific goal is to manage, over openldap the maximum of services. I've
> been using OpenBSD since the 2.9. My web hosting server is up and running for
> so many years. I've always managed to get everything functionnal with the
> minimum possible of mess. I'm trying to advocate that OS because I think it's
> the only really secured and capable to manage a real High Performance and High
> Usage system. I've switched so many servers from Linux to OpenBsd everywhere I
> worked...
>
> Otherwise, if I accept the point of view that it's better to use an OpenBSD
> out of the box without a lot of custimization and with the minimum of software
> installed, I should accept the fact that I can't do all I want with that OS
> (All I want as server). that also means that For some usages I have to use
> Linux. I love Linux as a desktop. But I really want to only use OpenBSD as
> server.

Using third-party software on OpenBSD (preferrably from ports/packages)
is not a bad thing but for _me_, migrating back to what's in base
(sendmail with real users instead of postfix with virtual tables) has
made my systems much easier to maintain, plus I get important fixes
delivered (as patches) at the uncommon event that a critical bug should
be found.

I realize I misread your post a bit and that my answer was a little
off-topic, but, hey, I seem to have bumped the thread at least! :-P

/Alexander

Reply | Threaded
Open this post in threaded view
|

load of IBM & Cisco gear up for auction

Wim Wauters
In reply to this post by a. e.
If there's any UK developers on this list with cash to spend or budget
to burn;
Woolworths backoffice and serverroom equipment is being auctioned of.

There's lots of little IBM servers and a few IBM laptops and Cisco routers -
full details here:

http://www.hilcoind.com/sales/sale.asp?SALE_ID=1269&SALE_REFERENCE_ID=TIGAXLQCDR213200931733&F_PG=17&F_MPP=20&F_PAST_SALE=

--
With Friendly Regards,
Wim Wauters T/A Unisoft Design

IT network & system administrator
for professionals & small to medium size businesses
http://www.UnisoftDesign.co.uk

Data Recovery & Password Recovery
http://www.DataServices247.com


Tel. 0870 1660 724

Fax. 0871 900 7824

========================================================

Reply | Threaded
Open this post in threaded view
|

Re: load of IBM & Cisco gear up for auction

michal-49
wim wauters wrote:

> If there's any UK developers on this list with cash to spend or budget
> to burn;
> Woolworths backoffice and serverroom equipment is being auctioned of.
>
> There's lots of little IBM servers and a few IBM laptops and Cisco
> routers -
> full details here:
>
> http://www.hilcoind.com/sales/sale.asp?SALE_ID=1269&SALE_REFERENCE_ID=TIGAXLQCDR213200931733&F_PG=17&F_MPP=20&F_PAST_SALE= 
>
>
Cheers Chief ;)

Reply | Threaded
Open this post in threaded view
|

Re: Using ldap everywhere ...

a. e.
In reply to this post by Piotr Sikora
> > But It seems that serving ns zones over ldap is not possible on OpenBSD...
> > The
> > sdb-ldap backend is not in the OpenBSD ports...
>
> You can add dlz-ldap backend to OpenBSD's bind.
>
> All you need to do (assuming that you've got OpenBSD's sources in /usr/src
> and bind-9.4.2-P2.tar.gz unpacked in your working directory):
> 1) cp -R bind-9.4.2-P2/contrib /usr/src/usr.sbin/bind/
> 2) cp bind-9.4.2-P2/configure /usr/src/usr.sbin/bind/
> 3) edit configure script and remove all *tests* from ac_config_files
> 4) add "--with-dlz-ldap=yes" to CONFIGURE_OPTS in Makefile.bsd-wrapper
> 5) rebuild bind
>
> Best regards,
> Piotr Sikora < [hidden email] >
>

Thank you !
I'll try this way. I'll come back to tell you how it is... ^^

Anyway I'm still looking for a documentation about mod_ldapvhost ...

Regards
ae.

_________________________________________________________________
Dicouvrez toutes les possibilitis de communication avec vos proches
http://www.microsoft.com/windows/windowslive/default.aspx

Reply | Threaded
Open this post in threaded view
|

Re: Using ldap everywhere ...

Marc Balmer-2
Am 05.03.2009 um 19:24 schrieb a. e.:

>>> But It seems that serving ns zones over ldap is not possible on  
>>> OpenBSD...
>>> The
>>> sdb-ldap backend is not in the OpenBSD ports...
>>
>> You can add dlz-ldap backend to OpenBSD's bind.
>>
>> All you need to do (assuming that you've got OpenBSD's sources in /
>> usr/src
>> and bind-9.4.2-P2.tar.gz unpacked in your working directory):
>> 1) cp -R bind-9.4.2-P2/contrib /usr/src/usr.sbin/bind/
>> 2) cp bind-9.4.2-P2/configure /usr/src/usr.sbin/bind/
>> 3) edit configure script and remove all *tests* from ac_config_files
>> 4) add "--with-dlz-ldap=yes" to CONFIGURE_OPTS in Makefile.bsd-
>> wrapper
>> 5) rebuild bind
>>
>> Best regards,
>> Piotr Sikora < [hidden email] >
>>
>
> Thank you !
> I'll try this way. I'll come back to tell you how it is... ^^
>
> Anyway I'm still looking for a documentation about mod_ldapvhost ...

There is none.  Sorry.

>
> Regards
> ae.
>
> _________________________________________________________________
> Dicouvrez toutes les possibilitis de communication avec vos proches
> http://www.microsoft.com/windows/windowslive/default.aspx