[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP and authentication

To: openldap-software@OpenLDAP.org
Subject: LDAP and authentication
From: Aidan Dysart <adysart@nonlineardynamics.com>
Date: Thu, 9 Dec 1999 15:12:32 -0500 (EST)

I'm a little new to LDAP (yes, you've heard that before). I've looked
through the list archives and scoured the web, and I'm still a little
confused about the various aspects of authentication.

Ideally, what I'd like to have is person objects in an ldbm database with
the userPassword attribute derived from /etc/passwd. And, I don't want to
use LDAP as my primary authentication source.

I suppose I could periodically sync the userPassword attribute by extracting
the encrypted passwords from /etc/passwdand and use ldapmodify to update
the records, but that sucks. I'd rather have password changes reflected
immediately in both /etc/passwd and in LDAP. and the syncing process could
be quite costly if my number of users gets to be large.

I've got the passwd database backend setup properly in slapd.conf:

database passwd
file     /etc/passwd
suffix   o=passwd

Can I somehow corrdinate it with the user entries in my ldbm database?
maybe the userPassword attribute of a person object in my ldbm database
can be a pointer to the password attribute of the passwd database.
possible? also, how do i keep the other miscellaneous accounts (ie. root,
nobody, bin, daemon, etc.) from showing up in ldap? am I totally off
track?

I've seen alot of discussion about using PAM with LDAP, but doesn't that
require that the LDAP database be the primary source of authentication?
ie. /etc/passwd & /etc/shadow aren't used. is this true? 

Sorry, these may seem like obvious questions, but it's all quite
confusing for me. We all know abot the lack of good documentation.
thanks.

-- 
Aidan Dysart | adysart@nonlineardynamics.com | www.nonlineardynamics.com

Prev by Date: Help??
Next by Date: LDAP with outlook 2000
Index(es):
- Chronological
- Thread