[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Trying to understand how authentication works



> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Nik Clayton

> Hi folks,

> I'm trying to understand how the access control mechanisms in openldap
> work, and, I admit, I'm confused.  Trawling the mailing list archives
> didn't help any, and the FAQ left me more confused.
...
> "*" and "anonymous" I understand.

> "users" doesn't make sense.  It says "Authenticated users", but I can't
> see anywhere in the documentation where it explains how a user is
> supposed to authenticate themselves.

> "self" doesn't make sense either.  How is a 'user' associated with a
> 'target entry'?

In the X.500 information model, any entry that has a "userPassword"
attribute
is a user, and that entry's DN and password may be used in an ldap_bind to
login to the directory. Anyone who binds with a valid DN and password is an
authenticated user. There are other ways to bind that don't involve the
userpassword
attribute, but this is the most basic instance of the concept. You should
probably
read up on X.500/LDAP fundamentals if you need more explanation.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc