[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Security-Authentication??
OpenLDAP will not "ask" for a password. You can configure
it to not permit entries to be served unless an
authenticated bind is performed first.
Look at the faq-o-matic on www.openldap.org for some info on
doing this. You have a good start, but to avoid serving
anything without the auth'ed bind first you need an access
rule something like:
access to *
by dn=".+" read
by * none
BTW, the "asking for password" is the responsibility of the
client which talks to the LDAP server.
-Alan
On Thu, 01 Feb 2001 09:52:11 +0530
"srihari parimi" <srihari.par@wipro.com> wrote:
> Hi
>
> In this connection I would like to give the example of
> Netscape
> Directory Server installed in my organization. When a
> user wants to
> access his entry , he is prompted for login name and
> password.
> The way the user is granted login to his database is
> probably the
> uid is prepended to the base DN , to make up the DN for
> that user,
> in the following manner :
>
> dn:uid=xyz,dc=alpha,dc=example,dc=com - password being
> whatever
> password user supplies. Assuming that the base DN is
> dc=alpha,
> dc=example,dc=com
>
> There is a mention about this in the Netscape Directory
> Server
> documentation.
>
> There could also be another mechanism by which OpenLDAP
> server
> 'serves' the /etc/passwd database - I am not sure how it
> works .
>
> Hope this helps and not entirely irrelevant to the
> question .
>
> Thanks
> Hari
>
>
>
>
> Anita Suriarajan wrote:
> >
> > Hello,
> >
> > I need to be asked for the password when i try to
> access the entry in the
> > directory, How do i go about it??
> >
> > I have included access control specifier in the
> slapd.conf file and each
> > entry in the directory is having userPassword attribute
> and what shud i need
> > to do, to go furthur??
> >
> > slapd.conf:
> > access to attrs=userPassword,telephoneNumber
> > by self write
> > by anonymous auth
> > by dn="cn=Admin,dc=iperia,dc=com" write
> > by * none
> > access to *
> > by self write
> > by dn="cn=Admin,dc=iperia,dc=com" write
> > by * read
> >
> > and each entry is like
> > dn: cn=xyz abc,ou=Sales,ou=Employees,dc=iperia,dc=com
> > objectClass: Top
> > objectClass: organizationalUnit
> > objectClass: person
> > userPassword: {crypt}xyz
> > ou: Sales
> > cn: xyz
> > sn: abc
> >
> > Thanx
> > Anita