[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: using -W/-w <binddnpasswd>



On  5 May, Cibu C Johny wrote:
> What is the purpose of -W or -w <binddnpasswd> ?
> Rather, how can I configure such way that the ldapsearch requires
> password and what attribute carry the password for an individual
> entry?

Those two options are used to specify the credentials passed to the
ldap server. -W prompts you for the password and -w specifies one on
the command line.

Now, to authenticate users to need to add a few access options to your
slapd.conf file. For example, to allow access to certain attributes by
certain people only use something like this

access to dn=".*,ou=People,dc=dragoninc,dc=on,dc=ca" attr=userpassword,ntpassword,lmpassword
        by dn="uid=root,ou=People,dc=dragoninc,dc=on,dc=ca" write
        by * none

to change the default permission to disallow everyone, use

defaultaccess none


ACL's are checked top to bottom, so be careful of the order.


Now to configure an entry to have a password, you need to create an
userpassword attribute. The format is 

	{crypt}standard unix encrypted password
and/or
	{md5}md5 hash of the password
and/or
	{sha1}sha1 hash of the password

note that the {} portion is actual text and required. So the password
"password" would be something like

	{crypt}MRZzirkQbIFEk
or
	{md5}5f4dcc3b5aa765d61d8327deb882cf99


-- 
Doug Nazar
Dragon Computer Consultants Inc.
Tel: (416) 708-1578     Fax: (416) 708-8081