[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: LDAP support in NetBSD -- my test results
On 6/11/08, Quentin Garnier <cube%cubidou.net@localhost> wrote:
> On Wed, Jun 11, 2008 at 03:27:45PM -0400, matthew sporleder wrote:
> > I have done some testing of newly ldap-enabled NetBSD components and
> > found them to work pretty well.
> > My environment was netbsd-current i386 hitting osx running a
> > hand-compiled openldap 2.4.
> > A brief summary:
> > ldap* tools (ldapmodify -- ldapadd and friends are just modules of
> > modify) work perfectly with ldap and ldaps configured with
> > /etc/openldap/ldap.conf and ~/.ldaprc
> > postfix works with ldap and ldaps. (I only tested that aliases were
> > queried) This is is configured in main.cf and external cf files.
> > amd only seems to support ldap (no ldaps).
> Do you know if any of those can be configured to use the global
> ldap.conf settings?
I don't know. But I'll give my opinion anyway:
Even the openldap libraries require some "user-only settings" which
have to be set in ~/.ldaprc and can't be read from ldap.conf, so you
would still end up with two config spots (most stuff in ldap.conf, the
rest in ~postfix/.ldaprc, ~root/.ldaprc, etc). However, I agree that
it would be nice to have a set of defaults that the various apps
respected- server and protocol at least.
> When I first used dovecot in an LDAP environment, I patched it so it
> could handle a ldaps server or a "use the library's default" setting
> (I think that part of the patch has been lost in a later version of
> dovecot, unfortunately).
> My experience is that the admin is much happier when there is only one
> place to configure the ldap server settings.
> Also, what kind of tls configuration were you using?
I was using self-signed certs that I generated with openssl. I was
connecting on ldaps (port 636, not starttls/-Z port 389).
Main Index |
Thread Index |