[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Bind dn connection
- To: Kurt@OpenLDAP.org, openldap-software@OpenLDAP.org
- Subject: Re: Bind dn connection
- From: Prachi Sonalkar <prachisonalkar@yahoo.com>
- Date: Wed, 14 Jun 2006 09:36:19 -0700 (PDT)
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=QeRHN3TBotTZgaJKTLQju1mzH/Ck1jtIhzzxVrPzlGOITUB8x7k14Wng7G8OzX2An7CuTRkbmP5SGutM0C8PxFCLlbTzgWmCtNhiHX32spYTnQVy+de0CGmbXW8FLW0gd+Qz7Yh/ASCard39R0LHWU0Ld+8gt7yVABS7TKIWrLw= ;
- In-reply-to: <7.0.1.0.0.20060612153246.03cf1f80@OpenLDAP.org>
Hi kurt,
Thanks for the reply, and suggestions.
Following up on the same issue, is it possible that I
can have more than one bind dns configured?
Currently in slapd.conf, I have my rootdn as
"cn=Manager, dc=company, dc=com".
Can I add another dn that can be used for
authentication? ex: cn=service1,dc=company,dc=com.
The idea was that for each service if I have a bind
dn, that way users for that service identity can
authenticate based on the service bind dn. I am adding
a service name attribute to each user entry.
On the clients end, I am just using simple LDAP
queries to get data from the server,no updations
required.
Thanking you in advance,
Prachi Sonalkar.
--- "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> wrote:
> At 02:28 PM 6/12/2006, Prachi Sonalkar wrote:
> >Hi all,
> >I am currently setting up LDAP server user
> Openldap,
> >and I need to specify few bind dns, specific to
> >various sevice applications in the organization.
> >I need to also set up a limit on number of bind dn
> >connections,
>
> I assume you want to limit the number of connections
> a particular authentication identity (or, maybe,
> authorization identity) may have open to a
> particular
> server. At present, no such mechanism exists.
>
> >which I am not aware how to do (I tried
> >to dig in through the Openldap FAQs)
> >I tried to configure ldap.conf with bind dn and
> bindpw
> >values as follows:
> >domain company.com
> >server company.com:389
> >BASE dc=company,dc=com
> >binddn "cn=service1,dc=company,dc=com"
> >bindpw password
>
> domain, server, and bindpw are not valid OpenLDAP
> ldap.conf(5) directives. See ldap.conf(5) for
> details.
>
> Anyways, OpenLDAP ldap.conf(5) provides defaults for
> the LDAP client library. As it seems to me that you
> are
> looking for some server-side administrative control,
> I
> do not see how this file could be relevant.
>
> >but the specified bind dn and password are not
> >accepted to establish a bind to the LDAP server.
>
> Given the above, that's not surprising.
>
> >The idea is to enable authorized services establish
> a
> >persistent bind connection with the LDAP server;
>
> Seems like you seek information about a particular
> directory application/client. If so, you should
> do so on a list about that application/client.
>
> >and
> >also limit the number of such bind connections at
> LDAP
> >end.
>
> Regarding server limits, see above note.
>
> >Has someone tried this, and can suggest me what is
> >going wrong?
> >
> >Any help will be appreciated!
> >
> >Thanks,
> >PS.
> >
> >
> >
> >__________________________________________________
> >Do You Yahoo!?
> >Tired of spam? Yahoo! Mail has the best spam
> protection around
> >http://mail.yahoo.com
>
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com