[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: passwd backend operational?



Jorge Amador Arenas Quezada writes:
>> 1.- in some information collected in internet found references about
>> the backend passwd support claiming about not use this module because
>> is not fully implemented (the read only condition is not a problem
>> because i only want to authenticate my users in passwd) ... my first
>> question is ... is operational this module ?

As the slapd-passwd(5) manpage says, "This backend is provided for
demonstration purposes only".

>> May 20 23:03:01 server slapd[6781]: conn=77 op=0 BIND
>> (...)
>> text=operation not supported within naming context

Right.  Search is the only operation that backend supports.

Though I suppose it could be useful to update it so it can be used for
authentication.  And to add an option which prohibits the "search the
entire passwd file/database", since getpwent() is not reentrant so
other passwd lookups are blocked while it's searching...

On the other hand, I think you can authenticate with passwords from
getpwnam() already: Put
   userPassword: {UNIX}username
in an entry, then it'll have that user's password.

>> database        passwd
>> (...)
>> directory       /var/lib/ldap
>> index objectClass                       eq,pres

And it does not use "directory" nor indexes, since it does not
maintain any data.  It gets its data from getpwent()/getpwnam().

-- 
Regards,
Hallvard