Re: Access Control Question

[Tod Thomas <tthomas@chubb.com>]

Actually its the security software.  It can use LDAP as an adjunct to its own
proprietary RDBM backend to perform authentication but in doing so (at least
in our version) binds to LDAP using cleartext passwords.  From an intranet
standpoint that *might* be acceptable but it would have to be over SSL to
really be effective.  What strikes me is that I could get the encrypted root
user authenticated whereas any other encrypted or clear text user failed.
This leads me to believe I inadvertantly mucked up something during testng,
so I'm going to give it try from the top again.

Thanks for the response - Tod

"Kurt D. Zeilenga" wrote:

> Sounds like you changed the syntax of userPassword to binary.
> OpenLDAP 1.2 requires it to be 'ces' if hashed passwords are
> in use.  (This is actually considered a bug)
>
> At 02:03 PM 11/22/99 -0500, Tod Thomas wrote:
> >Does anybody have some good references to help in debugging an access
> >control problem?  I have a third party security product that can use
> >LDAP to authenticate.  Right now it looks like the only user I can get
> >to authenticate is the rootdn, no other users seem to work.  I can see
> >the product connecting and performing a search using  a valid filter but
> >authentication fails anyway.  I was originally suspect of the security
> >software, or the possibility I had not compiled in the correct
> >encryption routines.  When I got the rootdn entry to work with its {SHA}
> >encrypted password it invalidated that theory.  Any ideas?
> >
> >Thanks - Tod
> >
> >
>
> ----
> Kurt D. Zeilenga                <kurt@boolean.net>
> Net Boolean Incorporated        <http://www.boolean.net/>