[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: non-kerberos authentication against ldap server



Dave Snoopy <kingsnoopy7@yahoo.com> writes:

> I've setup my openldap server, and can connect to it
> with the rootdn and rootpw specified in my slapd.conf
> file.
>
> I added some users too, which conform to the
> inetOrgPerson schema. One thing I don't understand is
> how to allow these users to authenticate against my
> LDAP server (in case they want to query it). Is there
> another module I need to setup on my server so that it
> knows how to authenticate users? Even for simple
> plaintext authentication? 
>
> If so, how do I link that module to the actual users
> in my LDAP directory? Or will that happen
> automatically based on the bind dn?
>
> I'd appreciate any help, or if someone could just
> point me to some documentation.

You need to define ACL's and probabely saslregexp's in slapd.conf,
depending on your authentification mechanism.See guide-2.1. for this
part.
If you want to authenticate against a X.509 certificate, and thus
start a tls session, you have to configure your openssl.cnf to meet
your DIT structure.

-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter@schevolution.com
http://www.schevolution.com/tour