[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: access

To: OpenLDAP List <openldap-software@OpenLDAP.org>
Subject: Re: access
From: squeegy+ldap@squeegy.org
Date: Wed, 19 Jan 2000 16:29:12 -0500 (EST)
In-reply-to: <38838C15.4A3BF58E@wilcom.com>

I am trying password protect my ldap directory.  With no access lines
in the slapd.conf, I am able to search fine, anonymously.

I have the following in my slapd.conf

defaultaccess none
access to *
        by dn=".+, dc=amsite, dc=com" read

I have populated the database with the field userPassword.  
I am trying to log in to the database.  I tried 
ldapsearch -D "cn=User, dc=mydomain dc=com" -b "dc=mydomain, dc=com" -W
I got the following error:

ldap_bind: Inappropriate authentication

also I tried:

ldapsearch -D "cn=User" -b "dc=mydomain, dc=com" -W
and the error:

ldap_bind: Invalid credentials

I am trying also to connect to the directory with Netscape.  Netscape
wants email address and password.  does the email address have to be
part of the dn?

> squeegy+ldap@squeegy.org wrote:
> > 
> > Hi,
> > 
> > I have restricted access to my ldap server, now how do authenticate?
> > does LDAP hit the /etc/passwd file authentication?  So far i have
> 
> No. LDAP uses its own authentication to control access. The access is
> based upon Access Control Lists.
> 
> For the simplest possible setup, keep the rootpw in slapd.conf the
> default "secret".
> 
> Then bind to the directory as the manager (whatever you made the rootdn
> entry).
> 
> Then try to modify an entry from ud:
> 
> * cb o=Williams Communications, c=US
> 
> * bind Manager
>   Authenticating to the directory as "Manager"...
>   Enter your LDAP password: *********
>   Authentication successful.
> 
> * vedit David
> 
> ...
> 
> It should work for you.
> 
> As far as making the driectory editable by users try this: (Warning I
> don't really know how (in)secure this is in your slapd.conf:
> 
> defaultaccess read
> access to * by self write
>             by dn="cn=Manager, ou=SAM, o=Concentric Network, c=US" write
> 
> These should be the last line in your slapd.conf (or before a second
> database definition...
> 
> If you need more help with ACL's check the documentation (SLAPD/SLURPD
> Admin guid) there are some examples in there.
> 
> Hope that helps...
> 
> David
> 
> > seen
> > unable to access my ldap server since restricting it.  Thanks for the
> > help.
> > 
> > > squeegy+ldap@squeegy.org schrieb:
> > > >
> > > > Hi,
> > > >
> > > > Thanks to the help I have gotten here, I have
> > > > built my directory.  I want this directory to be used only by
> > > > those inside the company.  How do I password protect the
> > directory
> > > > and disable anonymous searches?
> > 
> > ___________________
> > 
> > Jt "The Squeegy" Chiodi
> > 
> > http://www.squeegy.org/
> > squeegy@squeegy.org
> 



___________________

Jt "The Squeegy" Chiodi

http://www.squeegy.org/
squeegy@squeegy.org

Follow-Ups:
- Re: access
  - From: squeegy+ldap@squeegy.org

References:
- Re: access
  - From: David Buttrick <david.buttrick@wilcom.com>

Prev by Date: Re: ldap forms?
Next by Date: [Fwd: backup]
Index(es):
- Chronological
- Thread