Contributed by
Dengue
on
from the dc=foo,dc=bar dept.
I'm taking some time off from work, and have spent much of
my time
playing around with LDAP on OpenBSD.
Currently, I am running OpenLDAP from the 3.0/ports tree,
chrooted (slick eh?) and using LDAP to provide
authentication for Linux and (soon) Solaris hosts. I'm
also using it to provide Netscape Roaming profiles, global
addressbook, and mail routing (via the
Courier MTA
). Thread
performance issues aside
(running the test script from the Courier distribution
pegs slapd at ~90% for a long time on a P5/200 with plenty
of ram, and yes, directory entries are cached.), OpenBSD
looks like an excellent choice as a secure platform for a
mission-critical application like LDAP. Of course, I might
be biased <g>.
What I'd like to ask: Is anyone else out there doing work
with OpenLDAP on OpenBSD? And, while I'm at it, would
anyone
like to donate some faster equipment for
me
to play on?
I forgot to add: A really excellent tool for working with directories is Jarok Gawor's
LDAP BrowserEditor
, a java application that allows you to browse, edit, and create directory entries. It's also one of the few java applications that don't give me a headache, and runs well using the jdk-linux-1.3.1 package on my pokey P5.
I'm using LDAP to store all accounts for a small ISP. All servers are running OpenBSD 2.9 or 3.0.
There's one MySQL server, one LDAP server, two DNS/Mail/FTP servers, one NFS server and 6 web servers. The box with the MySQL server also runs a secondary OpenLDAP server to replicate the LDAP server content.
The DNS servers are running djbdns with a set of M4 macros to ease the maintenance (no LDAP there) .
The Mail servers are running Qmail-LDAP.
The FTP servers are running Pure-FTPd.
The web servers are Zeus.
Management of LDAP accounts is done with a custom set of PHP scripts.
Everything works very nicely and reliably. I only had troubles with OpenLDAP once : indexes got corrupted (don't know why... not even after a crash of slapd...) . I rebuilt them and everything went ok since.
So OpenBSD + LDAP is definitely something you can consider. We use LDAP not only for PosixAccount info, but also to add administrative info to customers. This is a real pleasure to have everything stored at the same place.
The OpenBSD 3.0 box running the main LDAP server has its kernel tuned with :
option BUFCACHEPERCENT=50
It speeds up a bit OpenLDAP operations.
Best regards,
-Frank.
By
Anonymous Coward ()
on
Do you use a program for the Netscape roaming profiles and global address book? Or just add the entries by hand?
Anyone able to get the Abzilla LDAP address book support in post 0.9.4 Mozilla release. I found the following link which seems to indicate that the feature can be enabled (can't seem to get it to work).
By dengue () on mailto:dengue(at)deadly.org
By Frank DENIS () j@pureftpd.org on http://www.pureftpd.org
There's one MySQL server, one LDAP server, two DNS/Mail/FTP servers, one NFS server and 6 web servers. The box with the MySQL server also runs a secondary OpenLDAP server to replicate the LDAP server content.
The DNS servers are running djbdns with a set of M4 macros to ease the maintenance (no LDAP there) .
The Mail servers are running Qmail-LDAP.
The FTP servers are running Pure-FTPd.
The web servers are Zeus.
Management of LDAP accounts is done with a custom set of PHP scripts.
Everything works very nicely and reliably. I only had troubles with OpenLDAP once : indexes got corrupted (don't know why... not even after a crash of slapd...) . I rebuilt them and everything went ok since.
So OpenBSD + LDAP is definitely something you can consider. We use LDAP not only for PosixAccount info, but also to add administrative info to customers. This is a real pleasure to have everything stored at the same place.
The OpenBSD 3.0 box running the main LDAP server has its kernel tuned with :
option BUFCACHEPERCENT=50
It speeds up a bit OpenLDAP operations.
Best regards,
-Frank.
By Anonymous Coward () on
By thelieber () liebermonster2000@yahoo.com on mailto:liebermonster2000@yahoo.com
http://browserwatch.internet.com/news/stories2001/news-20010918-1.html
By Tom Hensel () tom@rpdnet.de on mailto:tom@rpdnet.de
as I'm new to LDAP at all I'd love to read a good
HOWTO or whatever instructions.
Any hints? Thanks!