[Date Prev][Date Next] [Chronological] [Thread] [Top]

Using OpenLDAP with authentication in email clients, please help



Hi Guys,

I really search everywhere on the OpenLDAP site, on other LDAP related sites
and on the Internet, but can't solve it myself:

We would like to use OpenLDAP for directory services in our company. This
server should be accessible to employees of our company, but no-one else.

The directory should be accessible on the road, from offices in other
countries, ..., to people that are in the directory only.

I installed OpenLDAP and populated it with our directory information. When
no ACL is present in the slapd.conf file, it works fine with Netscape
Communicator, Outlook Express, Eudora, ....

But with ACL present, I barely get Netscape to work (I have to give my email
address and password for every query, it doesn't remember it), In Eudora
there's no place to put account/password and Outlook fails to login and
reverts to anonymous lookup which (obviously) returns 0 matches.

With ldapsearch from remote machines and with LDAP clients like Ldapper, it
works fine.

So please: If you have a recipe for using Outlook (Eudora and Netscape are
more than welcome too!) with OpenLDAP restricted to people in the directory
only, please share it with me.

My slapd.conf is below.

Thanks!

- Stan

--

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /etc/openldap/slapd.at.conf
include         /etc/openldap/slapd.oc.conf
schemacheck     off
#referral       ldap://root.openldap.org/

pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args
#loglevel 488

#######################################################################
# ldbm database definitions
#######################################################################

database        ldbm
suffix          "dc=Company, dc=com"
rootdn          "cn=xxx, dc=Company, dc=com"
rootpw          xxx
# cleartext passwords, especially for the rootdn, should
# be avoid.  See slapd.conf(5) for details.
directory       /var/lib/ldap

lastmod on 
sizelimit 50
defaultaccess none

# anonymous may compare (to bind using Netscape)
access to attr=mail
  by self read
  by dn=".+" read
  by * search

access to attr=userPassword
  by self write
  by dn="^$$" compare
  by * none

access to attr=entry
  by * read

access to *
  by self write
  by dn=".+" read
  by dn="^$$" compare
  by * none