[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Bind dn connection



Hi kurt,
Thanks for the reply, and suggestions.

Following up on the same issue, is it possible that I
can have more than one bind dns configured?
Currently in slapd.conf, I have my rootdn as
"cn=Manager, dc=company, dc=com".
Can I add another dn that can be used for
authentication? ex: cn=service1,dc=company,dc=com.
The idea was that for each service if I have a bind
dn, that way users for that service identity can
authenticate based on the service bind dn. I am adding
a service name attribute to each user entry.
On the clients end, I am just using simple LDAP
queries to get data from the server,no updations
required.

Thanking you in advance,
Prachi Sonalkar.

--- "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> wrote:

> At 02:28 PM 6/12/2006, Prachi Sonalkar wrote:
> >Hi all,
> >I am currently setting up LDAP server user
> Openldap,
> >and I need to specify few bind dns, specific to
> >various sevice applications in the organization.
> >I need to also set up a limit on number of bind dn
> >connections,
> 
> I assume you want to limit the number of connections
> a particular authentication identity (or, maybe,
> authorization identity) may have open to a
> particular
> server.  At present, no such mechanism exists.
> 
> >which I am not aware how to do (I tried
> >to dig in through the Openldap FAQs)
> >I tried to configure ldap.conf with bind dn and
> bindpw
> >values as follows:
> >domain  company.com
> >server  company.com:389
> >BASE    dc=company,dc=com
> >binddn  "cn=service1,dc=company,dc=com"
> >bindpw  password
> 
> domain, server, and bindpw are not valid OpenLDAP
> ldap.conf(5) directives.  See ldap.conf(5) for
> details.
> 
> Anyways, OpenLDAP ldap.conf(5) provides defaults for
> the LDAP client library.  As it seems to me that you
> are
> looking for some server-side administrative control,
> I
> do not see how this file could be relevant.
> 
> >but the specified bind dn and password are not
> >accepted to establish a bind to the LDAP server.
> 
> Given the above, that's not surprising.
> 
> >The idea is to enable authorized services establish
> a
> >persistent bind connection with the LDAP server;
> 
> Seems like you seek information about a particular
> directory application/client.  If so, you should
> do so on a list about that application/client.
> 
> >and
> >also limit the number of such bind connections at
> LDAP
> >end.
> 
> Regarding server limits, see above note.
> 
> >Has someone tried this, and can suggest me what is
> >going wrong?
> >
> >Any help will be appreciated!
> >
> >Thanks,
> >PS.
> >
> >
> >
> >__________________________________________________
> >Do You Yahoo!?
> >Tired of spam?  Yahoo! Mail has the best spam
> protection around 
> >http://mail.yahoo.com 
> 
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com