[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: using -W/-w <binddnpasswd>
On 5 May, Cibu C Johny wrote:
> What is the purpose of -W or -w <binddnpasswd> ?
> Rather, how can I configure such way that the ldapsearch requires
> password and what attribute carry the password for an individual
> entry?
Those two options are used to specify the credentials passed to the
ldap server. -W prompts you for the password and -w specifies one on
the command line.
Now, to authenticate users to need to add a few access options to your
slapd.conf file. For example, to allow access to certain attributes by
certain people only use something like this
access to dn=".*,ou=People,dc=dragoninc,dc=on,dc=ca" attr=userpassword,ntpassword,lmpassword
by dn="uid=root,ou=People,dc=dragoninc,dc=on,dc=ca" write
by * none
to change the default permission to disallow everyone, use
defaultaccess none
ACL's are checked top to bottom, so be careful of the order.
Now to configure an entry to have a password, you need to create an
userpassword attribute. The format is
{crypt}standard unix encrypted password
and/or
{md5}md5 hash of the password
and/or
{sha1}sha1 hash of the password
note that the {} portion is actual text and required. So the password
"password" would be something like
{crypt}MRZzirkQbIFEk
or
{md5}5f4dcc3b5aa765d61d8327deb882cf99
--
Doug Nazar
Dragon Computer Consultants Inc.
Tel: (416) 708-1578 Fax: (416) 708-8081