[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authentication

To: openldap-software@OpenLDAP.org
Subject: Re: Authentication
From: Daniel Tiefnig <openldap@qmail.infonova.at>
Date: Thu, 2 Aug 2001 14:18:35 +0200
Organization: Infonova
References: <01080216020003.01063@office.interoffice>

"Devdas Bhagat" <devdas@worldgatein.net> wrote...
> Can I have an application open a connection to OpenLDAP-2.0.11
> and repeatedly bind to it as different users for the purpose of
> authentication? With just one connection opened and all required
> data being handled over the same channel.
> Essentially
> bind, retrieve data, repeat with different values.

that's possible, i'd say.. at least perLDAP (www.perldap.org) offers a
function to do this:

if ($conn->simpleAuth($dn, $PASS))
  print "authenticated!\n";
else
  print "failed!\n";

you may repeat this function several times with different dn/pass.
have a look at:
http://www.mozilla.org/directory/faq/perldap-faq.html#_ldap_10

> Is this workable, or would storing user passwords encrypted in LDAP
> and having each application verify them individually be better?

your storing userpasswords in LDAP anyway, i think. which solution is better
depends on the usecase, i'd say. opening multiple connections allows you to
benefit from a multithreaded LDAP e.g.

daniel

Follow-Ups:
- Re: Authentication
  - From: Devdas Bhagat <devdas@worldgatein.net>

References:
- Authentication
  - From: Devdas Bhagat <devdas@worldgatein.net>

Prev by Date: AW: LDAPADD, LDAPMODIFY
Next by Date: Advanced ACLs
Index(es):
- Chronological
- Thread