[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: how to add users to LDAP and test authentication?



--On Tuesday, February 16, 2016 4:00 PM +0100 Marc Patermann <hans.moser@ofd-z.niedersachsen.de> wrote:


Am 16.02.2016 um 14:56 Uhr schrieb Mary Kao:
I have very simple requirements for "users" e.g. representative of user
accounts with userid and password.
a "user" for "authentication" in LDAP ist mostly an object you can bind
to.
The easiest way to bind to an LDAP server is "simple" bind, by which you
send the DN of the object and the password.
In this case the object has a password field - userpassword.

So choose an objectclass with userpassword - i.e. inetorgperson - and
create an object with this.

I generally dislike the fact people just tend to default to inetOrgPerson. That objectClass is to be used for a person, not accounts, which is what it appears Mary is talking about. A person may have multiple accounts (i.e., there is NOT a 1:1 mapping of between a person and an account). For example, at a previous job, where we deployed with an understanding of the difference, I had a single person account, and multiple account objects (my general account, my test account, my root principle account (we used kerberos)), etc. There may be a number of reasons why a given individual may have more than one account. We used the seeAlso attribute to provide a pointer between account(s) and the person.

--Quanah

--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration
A division of Synacor, Inc