I hear too!!! And that is why we are having this talk here around ypldap. Best, 2016-06-16 10:50 GMT+08:00 Outback Dingo <outbackdingo_at_gmail.com>: > > > On Wed, Jun 15, 2016 at 10:15 PM, Marcelo Araujo <araujobsdport_at_gmail.com> > wrote: > >> No worries Nikolai! If one day I will do it, will be on 12-RELEASE. >> >> Br, >> >> 2016-06-15 20:03 GMT+08:00 Nikolai Lifanov <lifanov_at_mail.lifanov.com>: >> >> > On 06/14/2016 21:05, Marcelo Araujo wrote: >> > > 2016-06-15 8:17 GMT+08:00 Chris H <bsd-lists_at_bsdforge.com>: >> > > >> > >> On Thu, 9 Jun 2016 17:55:58 +0800 Marcelo Araujo < >> > araujobsdport_at_gmail.com> >> > >> wrote >> > >> >> > >>> Hey, >> > >>> >> > >>> Thanks for the CFT Craig. >> > >>> >> > >>> 2016-06-09 14:41 GMT+08:00 Xin Li <delphij_at_delphij.net>: >> > >>> >> > >>>> >> > >>>> >> > >>>> On 6/8/16 23:10, Craig Rodrigues wrote: >> > >>>>> Hi, >> > >>>>> >> > >>>>> I have worked with Marcelo Araujo to port OpenBSD's ypldap to >> FreeBSD >> > >>>>> current. >> > >>>>> >> > >>>>> In latest current, it should be possible to put in /etc/rc.conf: >> > >>>>> >> > >>>>> nis_ypldap_enable="YES" >> > >>>>> to activate the ypldap daemon. >> > >>>>> >> > >>>>> When set up properly, it should be possible to log into FreeBSD, >> and >> > >> have >> > >>>>> the backend password database come from an LDAP database such >> > >>>>> as OpenLDAP >> > >>>>> >> > >>>>> There is some documentation for setting this up, but it is OpenBSD >> > >>>> specific: >> > >>>>> >> > >>>>> http://obfuscurity.com/2009/08/OpenBSD-as-an-LDAP-Client >> > >>>>> http://puffysecurity.com/wiki/ypldap.html#2 >> > >>>>> >> > >>>>> I did not bother porting the OpenBSD LDAP server to FreeBSD, so >> that >> > >>>>> information >> > >>>>> does not apply. I figure that openldap from ports should work >> fine. >> > >>>>> >> > >>>>> I was wondering if there is someone out there familiar enough with >> > >> LDAP >> > >>>>> and has a setup they can test this stuff out with, provide >> feedback, >> > >> and >> > >>>>> help >> > >>>>> improve the documentation for FreeBSD? >> > >>>> >> > >>>> Looks like it would be a fun weekend project. I've cc'ed a >> potential >> > >>>> person who may be interested in this as well. >> > >>>> >> > >>>> But will this worth the effort? (I think the current implementation >> > >>>> would do everything with plaintext protocol over wire, so while it >> > >>>> extends life for legacy applications that are still using NIS/YP, >> it >> > >>>> doesn't seem to be something that we should recommend end user to >> > use?) >> > >>>> >> > >>> >> > >>> I can see two good point to use ypldap that would be basically for >> > users >> > >>> that needs to migrate from NIS to LDAP or need to make some >> integration >> > >>> between legacy(NIS) and LDAP during a transition period to LDAP. >> > >>> >> > >>> As mentioned, NIS is 'plain text' not safe by its nature, however >> there >> > >> are >> > >>> still lots of people out there using NIS, and ypldap(8) is a good >> tool >> > to >> > >>> help these people migrate to a more safe tool like LDAP. >> > >>> >> > >>> >> > >>>> >> > >>>>> I would also be interested in hearing from someone who can see if >> > >>>>> ypldap can work against a Microsoft Active Directory setup? >> > >>>> >> > >>>> Cheers, >> > >>>> >> > >>>> >> > >>> All my tests were using OpenLDAP, I used the OpenBSD documentation >> to >> > >> setup >> > >>> everything, and the file share/examples/ypldap/ypldap.conf can be a >> > good >> > >>> start to anybody that wants to start to work with ypldap(8). >> > >>> >> > >>> Would be nice hear from other users how was their experience using >> > ypldap >> > >>> with MS Active Directory and perhaps some HOWTO how they made all >> the >> > >> setup >> > >>> would be amazing to have. >> > >>> >> > >>> Also, would be useful to know who are still using NIS and what kind >> of >> > >>> setup(user case), maybe even the reason why they are still using it. >> > >> >> > >> Honestly, I think the best way to motivate people to do the right >> > thing(tm) >> > >> Would be to remove Yellow Pages from the tree, entirely. :-) >> > >> It's been dead for *years*, and as you say, isn't safe, anyway.. >> > >> >> > > >> > > Yes, I have a plan for that, but I don't believe it will happens >> before >> > > FreeBSD 12-RELEASE. >> > > >> > >> > Please don't, at least for now. NIS is fast, simple, reliable, and works >> > on first boot without additional software. I have passwords in >> > Kerberos, so the usual cons doesn't apply. This is very valuable to me. >> > >> > It's not hurting anyone. What's the motivation behind removing it? >> > > > Removing NIS is a BAD idea, there are still plenty of people that use it, > and plenty of businesses rely on it, I still hear people asking for it > > > >> > >> > > >> > >> >> > >> --Chris >> > >>> >> > >>> >> > >>> Best, >> > >>> -- >> > >>> >> > >>> -- >> > >>> Marcelo Araujo (__)araujo_at_FreeBSD.org >> > >>> \\\'',)http://www.FreeBSD.org <http://www.freebsd.org/> \/ \ ^ >> > >>> Power To Server. .\. /_) >> > >>> _______________________________________________ >> > >>> freebsd-current_at_freebsd.org mailing list >> > >>> https://lists.freebsd.org/mailman/listinfo/freebsd-current >> > >>> To unsubscribe, send any mail to " >> > >> freebsd-current-unsubscribe_at_freebsd.org" >> > >> >> > >> >> > >> _______________________________________________ >> > >> freebsd-current_at_freebsd.org mailing list >> > >> https://lists.freebsd.org/mailman/listinfo/freebsd-current >> > >> To unsubscribe, send any mail to " >> > freebsd-current-unsubscribe_at_freebsd.org" >> > >> >> > > >> > > >> > > >> > >> > _______________________________________________ >> > freebsd-current_at_freebsd.org mailing list >> > https://lists.freebsd.org/mailman/listinfo/freebsd-current >> > To unsubscribe, send any mail to " >> freebsd-current-unsubscribe_at_freebsd.org" >> > >> >> >> >> -- >> >> -- >> Marcelo Araujo (__)araujo_at_FreeBSD.org >> \\\'',)http://www.FreeBSD.org <http://www.freebsd.org/> \/ \ ^ >> Power To Server. .\. /_) >> _______________________________________________ >> freebsd-current_at_freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-current >> To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org >> " >> > > -- -- Marcelo Araujo (__)araujo_at_FreeBSD.org \\\'',)http://www.FreeBSD.org <http://www.freebsd.org/> \/ \ ^ Power To Server. .\. /_)Received on Thu Jun 16 2016 - 00:54:06 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:05 UTC