[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: New admin is flailing wildly



At 2003-12-21T18:51:13Z, Peter Marschall <peter@adpm.de> writes:

> You can enable slapd's LDAPv2 cmpatibility in slpad.conf
> (I do not have the corect command at hand)

Just fixed that with the "allow bind_v2"; thanks!

But on further reflection, I think my problem is more fundamental.  For
simplicity's sake, I've reorganized my database to:

  ou=lan,dc=honeypot,dc=net - Unix passwd, services, hosts, etc.
  ou=addressbook,dc=honeypot,dc=net - Shared address book

The LDAP host is kanga.honeypot.net.  If I'm on kanga, I can use ldapsearch
to browse through the database, either anonymously or with '-D' referring to
the rootdn configured in slapd.conf.  However, I want to use dn's other than
"rootdn" to authenticate.  For example, when connecting with Evolution, I'd
like to use either:

    cn=Kirk Strauser,ou=addressbook,dc=honeypot,dc=net

  or

    uid=kirk,ou=People,ou=lan,dc=honeypot,dc=net

I could use some recommendations.  The first dn above is an entry in my
addressbook.  Does it seem reasonable to authenticate from that base, or is
that a security no-no?  The second dn maps to my Unix passwd list.

At any rate, given what I want to do, should I be looking at SASL or
concentrating elsewhere?  I'm ready to scrap my whole setup and start over
From scratch, testing as I go until I get a working system, if that's what
it takes.
-- 
Kirk Strauser
In Googlis non est, ergo non est.

Attachment: pgp1N3NGzQJFp.pgp
Description: PGP signature