[Date Prev][Date Next] [Chronological] [Thread] [Top]

How to do password encrption and linux Navigator 4.5 interoperability problems

To: "OpenLDAP-software@OpenLDAP.org" <OpenLDAP-software@OpenLDAP.org>
Subject: How to do password encrption and linux Navigator 4.5 interoperability problems
From: ramana.ramachandran@wcom.com
Date: Fri, 25 Jun 1999 10:27:38 -0500
Organization: MCI

hi
I am a LDAP newbie so bear with me.

I am writing a personal addressbook application with users entering
their info via the web which will get processed using a java servlet.The
client access is using (say) Netscape navigator.

I got LDAP 1.2.3 configured on my linux machine ( redhat 5.1). I added
an organization and a person to the database and I was able to use
ldapsearch (for 'objectclasses=*') successfully. But when I use netscape
navigator 4.5 on linux (and setup the LDAP server to localhost) I get
errors (Server error 0xffffffff. I am writing this from memory, If
needed, I will give the exact error message when I get home. Sorry)but I
do get the entries too (sometime I get it, othertime its blank). Is
there some interoperablility problems that I should know about?

I want an userid/passwd kind of access to the whole DIT. i.e
(1) Only valid users can browse the directory. Don't like the clear-text
as a way of authentication. (see below for crypt)
(2) self write should be available
(3) some persons can be nominated to be admin for a sub-tree
(4) These admin(s) should have write for the whole sub-tree

I have been looking at the access conf and I am kind of unclear how to
set it up. Any body who can help me a little with ACL? The acl given
below doesn't cut it.

# acl information
access to dn=".*, o=ORG, c=US"
        by self write
        by dn="cn=root, o=ORG, c=US" write
        by dn=".*, o=ORG, c=US" read
        by * none

After browsing the the archives, I was able to see that I need to put
{crypt} and then crypt the passwd of the root dn in slapd.conf (I wish
it was better documented). Using the java API how would I add
userPassword to the person class. My guess is that userPassword should
also have {crypt}preceding the password? Right? Any help would be
greatly appreciated. Anyway, ldapsearch is able to search the object
even though I didn't enter my passwd. How so?

$ ldapsearch  -h localhost -b "o=ORG,c=US" 'objectclass=*'
o=ORG, c=US
o=ORG
userpassword={crypt} XXXX8NiQHwUVE
objectclass=organization


Servlet question
================
(1) Which java package to use Netscape's ldapsdk_java or jndi? Will they
work with the openldap server (stable) 1.2.3?
(2) Can I extend the schema and still add entries using the java
toolkit?

Navigator question
==================
(1) The navigator has a secure login/passwd option. How does it work?
Does it use crypt to check? Can there be any (supported) mechanism like
MD5 etc? BTW Rob Gabbard <rgabb@sgi.com> in one of the mailing list
indicated that "auth'd binds from Nestcape DO work!" but did not say
what kind of authentication he was using. 

I know I have asked a lot of questions. If your are with me to this
point then I owe a big thanks (even if you didn't answer!)
Thanks a bunch
ramana

Follow-Ups:
- Re: How to do password encrption and linux Navigator 4.5 interoperability problems
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: Problem in the search with OpenLDAP
Next by Date: Re: How to do password encrption and linux Navigator 4.5 interoperability problems
Index(es):
- Chronological
- Thread