[CFT] ypldap testing against OpenLDAP and Microsoft Active Directory
Craig Rodrigues
rodrigc at freebsd.org
Thu Jun 9 22:34:14 UTC 2016
On Wed, Jun 8, 2016 at 11:41 PM, Xin Li <delphij at delphij.net> wrote:
>
> (I think the current implementation
> would do everything with plaintext protocol over wire, so while it
>
You are correct. This document http://puffysecurity.com/wiki/ypldap.html#2
states:
#
# ypldap cant use SSL or SASL...
# You must allow unsecured authentication with the following line
# Then setup OpenIKED VPN or use OpenSSH Socket or Port Forwording
#
There is still value to ypldap as it is now, and getting feedback from
users (especially Active Directory) would be very useful.
If someone could document a configuration which uses IPSEC or OpenSSH
forwarding, that would be nice.
In future, maybe someone in OpenBSD or FreeBSD will implement things like
LDAP over SSL.
--
Craig
More information about the freebsd-current
mailing list