[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Where/when does authentication happen? (follow-up)

To: "Douglas Partridge" <dpartridge@altamira-group.com>
Subject: Re: Where/when does authentication happen? (follow-up)
From: "Alan Sparks" <asparks@cpd.harris.com>
Date: Fri, 10 Mar 2000 10:15:25 -0800
Cc: <openldap-software@OpenLDAP.org>

This only adds a userpassword attribute.  It does not in-and-of-itself
enforce anything.  Users can still bind to the server anonymously...

unless:
You've taken a look at ACLs (access control lists), and added one or more to
the config that state what an anonymous bind can see (if anything), and what
rights someone accrues by binding to a specific DN using the password
contained in the userpassword attribute.

-Alan

-----Original Message-----
From: Douglas Partridge <dpartridge@altamira-group.com>
Cc: openldap-software@OpenLDAP.org <openldap-software@OpenLDAP.org>
Date: Friday, March 10, 2000 10:09 AM
Subject: RE: Where/when does authentication happen? (follow-up)


>> ldappasswd -b "o=company,c=us" -D "cn=admin,o=company,c=us"
>> -W -H sha -h
>> ldapserver -t "cn=dpartridge,o=company,c=us"
>
>Is this adding a p/w to the "dpartridge" entry - and if so, which
>field is adding it?  Does this "enforce" passwords in the sense that
>users *must* provide valid credentials before any access is granted?
>Again, what I am attempting to do is just have one user/pw that
>everyone will use.  Thanks for helping a newbie out.
>
>- Doug
>
>
>> -----Original Message-----
>> From: Dustin Sallings [mailto:dustin@spy.net]
>> Sent: Friday, March 10, 2000 9:32 AM
>> To: Douglas Partridge
>> Cc: openldap-software@OpenLDAP.org
>> Subject: Re: Where/when does authentication happen?
>>
>>
>> On Fri, 10 Mar 2000, Douglas Partridge wrote:
>>
>> # dn: o=Company, c=US
>> # o: Company
>> # objectclass: organization
>> #
>> # dn: cn=dpartridge, o=Company, c=US
>> # cn: Doug Partridge
>> # sn: Partridge
>> # mail: dpartridge@company.com
>> # objectclass: person
>>   objectclass: top
>>
>> # dn: cn=jsmith, o=Company, c=US
>> # cn: Joe Smith
>> # sn: Smith
>> # mail: jsmith@company.com
>> # objectclass: person
>>   objectclass: top
>>
>> That really doesn't make all that much of a difference
>> there, but
>> it's recommended.  What you're actually asking, is how to get your
>> credentials in there.  Without a userPassword attribute, you
>> can't bind to
>> any of those dn's.  The ldappasswd command will let you set
>> the passwords:
>>
>> ldappasswd -b "o=company,c=us" -D "cn=admin,o=company,c=us"
>> -W -H sha -h
>> ldapserver -t "cn=dpartridge,o=company,c=us"
>>
>> --
>> dustin sallings                            The world is
>> watching America,
>> http://2852210114/~dustin/                 and America is watching
>TV.
>>
>

Prev by Date: RE: Where/when does authentication happen? (follow-up)
Next by Date: Re: why is dn indexed ??
Index(es):
- Chronological
- Thread