At 2003-12-21T18:51:13Z, Peter Marschall <peter@adpm.de> writes:
> You can enable slapd's LDAPv2 cmpatibility in slpad.conf
> (I do not have the corect command at hand)
Just fixed that with the "allow bind_v2"; thanks!
But on further reflection, I think my problem is more fundamental. For
simplicity's sake, I've reorganized my database to:
ou=lan,dc=honeypot,dc=net - Unix passwd, services, hosts, etc.
ou=addressbook,dc=honeypot,dc=net - Shared address book
The LDAP host is kanga.honeypot.net. If I'm on kanga, I can use ldapsearch
to browse through the database, either anonymously or with '-D' referring to
the rootdn configured in slapd.conf. However, I want to use dn's other than
"rootdn" to authenticate. For example, when connecting with Evolution, I'd
like to use either:
cn=Kirk Strauser,ou=addressbook,dc=honeypot,dc=net
or
uid=kirk,ou=People,ou=lan,dc=honeypot,dc=net
I could use some recommendations. The first dn above is an entry in my
addressbook. Does it seem reasonable to authenticate from that base, or is
that a security no-no? The second dn maps to my Unix passwd list.
At any rate, given what I want to do, should I be looking at SASL or
concentrating elsewhere? I'm ready to scrap my whole setup and start over
From scratch, testing as I go until I get a working system, if that's what
it takes.
--
Kirk Strauser
In Googlis non est, ergo non est.
Attachment:
pgp1N3NGzQJFp.pgp
Description: PGP signature