[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP and authentication

At 03:12 PM 12/9/99 -0500, Aidan Dysart wrote:
>I suppose I could periodically sync the userPassword attribute by extracting
>the encrypted passwords from /etc/passwdand and use ldapmodify to update
>the records, but that sucks. I'd rather have password changes reflected
>immediately in both /etc/passwd and in LDAP. and the syncing process could
>be quite costly if my number of users gets to be large.

We have code on devel branch which allows the server to check the provided
password against that provided by UNIX password databases.  Basically,
you can put "{UNIX}user" into userPassword and the server will fetch
the crypt(3) password and use this in the comparison with the user
provided value.

The 1.2 patch that this work is based upon is available as ITS#212.
About the only difference is scheme name.  We choose UNIX instead
of EXT.

>I've got the passwd database backend setup properly in slapd.conf:

back-passwd doesn't support bind.   Adding such would be a nice
exercise for someone interested in learning about backends.

Kurt D. Zeilenga		<kurt@boolean.net>
Net Boolean Incorporated	<http://www.boolean.net/>