[Date Prev][Date Next] [Chronological] [Thread] [Top]

Please assist - LDAP authentication

To: <openldap-software@OpenLDAP.org>
Subject: Please assist - LDAP authentication
From: "Douglas Partridge" <dpartridge@altamira-group.com>
Date: Mon, 28 Feb 2000 16:50:36 -0800
Importance: Normal

I have been searching for the answer to this problem for the past few
days .... all to no avail (and I seem to be getting awfully confused
in the process).  Any assistance would be greatly appreciated.  Here
is the situation in a nutshell.

The impression I get from the <http://www.openldap.org> examples is
that everyone is authenticating with their unique user/pw and thus
unauthenticated users (dn= "") could be denied access. In our
implementation, we are only using LDAP for e-mail address resolution
for Win & Mac users. Currently no authentication is required, users
need only know the name of the server and the search base. Now for
security reasons  we would like to remove *anonymous* accessibility
(we would like to make the data available to remote users outside the
firewall). To that end I am trying to configure the server so that it
will only answer queries from one *authenticated* account. Here are my
questions: Is this an account that is only valid within LDAP or is it
a *real* Linux user account?. And how do I configure the SLAPD.CONF
file to facilitate this as there are currently no access controls
within the file.
Thanks in advance.

Douglas Partridge

Follow-Ups:
- Re: Please assist - LDAP authentication
  - From: Dustin Sallings <dustin@spy.net>

Prev by Date: attribute syntaxe
Next by Date: Re: Please assist - LDAP authentication
Index(es):
- Chronological
- Thread