[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Authentication and Clients

To: Howard Chu <hyc@highlandsun.com>, Craig Morrison <craig@2cah.com>, OpenLDAP-Software@OpenLDAP.org
Subject: RE: Authentication and Clients
From: Norbert Klasen <norbert.klasen@daasi.de>
Date: Tue, 19 Mar 2002 14:46:12 +0100
Content-disposition: inline
In-reply-to: <NMEFLNHODBAOPDKNNJALIEDHCIAA.hyc@highlandsun.com>
References: <NMEFLNHODBAOPDKNNJALIEDHCIAA.hyc@highlandsun.com>

--On Montag, 18. März 2002 17:58 -0800 Howard Chu <hyc@highlandsun.com> wrote:

Netscape always does an anonymous search for your email address and then
tries to bind again using whatever entry it found. It seems stupid to me
that there's no way to configure it with an explicit bind DN but I've
tried various changes in the prefs file with no success.


from http://developer.netscape.com/docs/manuals/communicator/ldap45.htm

Netscape Communicator 4.5 supports simple LDAP authentication. This means that users may elect to send authentication credentials to the LDAP server before performing a search. However, LDAP authentication uses a distinguished name (DN) and a password, not a user name and password. Since relatively few users know their DN, and probably fewer can type it correctly, Communicator will try to find the DN based on the value of some other attribute. For example, Communicator can search the "mail" values for phil@netscape.com in order to find out that the DN is cn=Phil Peterson,o=Netscape Communications Corp.,c=US. So, unless the user's DN has been preconfigured in their preferences, Communicator's LDAP authentication requires the server to allow anonymous searching on at least one attribute.

Authentication Preferences The following lines of JavaScript preferences code show the preference objects added for LDAP authentication, and their default values: pref ("ldap_2.servers.megacorp.auth.enabled", false); pref ("ldap_2.servers.megacorp.auth.savePassword", false); pref ("ldap_2.servers.megacorp.auth.dn", ""); pref ("ldap_2.servers.megacorp.auth.password", ""); pref ("ldap_2.servers.megacorp.attributes.auth", "email address:mail"); Of particular note is the new attributes.auth setting. The auth attribute preference holds the human readable name (e.g. email address and LDAP attribute name (e.g. mail) of the attribute Communicator will search for when attempting to find the user's DN.


--
Norbert Klasen, Dipl.-Inform.
DAASI International GmbH                 phone: +49 7071 29 70336
Wilhelmstr. 106                          fax:   +49 7071 29 5114
72074 Tübingen                           email: norbert.klasen@daasi.de
Germany                                  web:   http://www.daasi.de

Follow-Ups:
- Re: Authentication and Clients
  - From: Craig Morrison <craig@2cah.com>

References:
- RE: Authentication and Clients
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: Re: Length of the attributes?
Next by Date: Re: Authentication and Clients
Index(es):
- Chronological
- Thread