[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password-less operation

To: Jean-Luc Wasmer <openldap@2012.jl.wasmer.ca>, openldap-technical@openldap.org
Subject: Re: Password-less operation
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Tue, 07 Feb 2012 15:41:49 -0800
Content-disposition: inline
In-reply-to: <20120207232233.GA14524@oggy.wasmer.ca>
References: <20120207232233.GA14524@oggy.wasmer.ca>

--On Tuesday, February 07, 2012 6:22 PM -0500 Jean-Luc Wasmer<openldap@2012.jl.wasmer.ca> wrote:

Hi,

The user db on my system is stored in LDAP and integrated with PAM and
NSS. The LDAP db also contain address book data for each user. I would
like to be able to call ldap utilities (e.g. ldapsearch) without having
the user to enter his/her password everytime. I would also like for
scripts running as those users to have access to the respective LDAP
entries. I noticed ldapsearch supports SASL binds, so I was wondering if
that could be used in conjunction with Kerberos to accomplish my goal
(from what I understand, the kinit command would have to be called before
ldapsearch). Is there any other way to do this?


Read the admin guide.

<http://www.openldap.org/doc/admin24/security.html#Pass-Through%20authentication>
<http://www.openldap.org/doc/admin24/sasl.html#GSSAPI>

--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

References:
- Password-less operation
  - From: Jean-Luc Wasmer <openldap@2012.jl.wasmer.ca>

Prev by Date: Re: Chinese characters in mail search causes failed assertion in slapd
Next by Date: Re: ldapmodify is crashing the slapd process
Index(es):
- Chronological
- Thread