[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: passwd backend operational?

To: Jorge Amador Arenas Quezada <jorgeaaq@csags.com.mx>
Subject: Re: passwd backend operational?
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Wed, 23 May 2007 22:29:22 +0200
Cc: openldap-software@openldap.org
In-reply-to: <465361A6.7050400@csags.com.mx>
References: <4653604B.5080405@csags.com.mx> <465361A6.7050400@csags.com.mx>

Jorge Amador Arenas Quezada writes:
>> 1.- in some information collected in internet found references about
>> the backend passwd support claiming about not use this module because
>> is not fully implemented (the read only condition is not a problem
>> because i only want to authenticate my users in passwd) ... my first
>> question is ... is operational this module ?

As the slapd-passwd(5) manpage says, "This backend is provided for
demonstration purposes only".

>> May 20 23:03:01 server slapd[6781]: conn=77 op=0 BIND
>> (...)
>> text=operation not supported within naming context

Right.  Search is the only operation that backend supports.

Though I suppose it could be useful to update it so it can be used for
authentication.  And to add an option which prohibits the "search the
entire passwd file/database", since getpwent() is not reentrant so
other passwd lookups are blocked while it's searching...

On the other hand, I think you can authenticate with passwords from
getpwnam() already: Put
   userPassword: {UNIX}username
in an entry, then it'll have that user's password.

>> database        passwd
>> (...)
>> directory       /var/lib/ldap
>> index objectClass                       eq,pres

And it does not use "directory" nor indexes, since it does not
maintain any data.  It gets its data from getpwent()/getpwnam().

-- 
Regards,
Hallvard

References:
- passwd backend operational?
  - From: Jorge Amador Arenas Quezada <jorgeaaq@csags.com.mx>

Prev by Date: Re: Access control entries problem
Next by Date: RE: Logging in OpenLDAP
Index(es):
- Chronological
- Thread