[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP and authentication

To: Aidan Dysart <adysart@nonlineardynamics.com>
Subject: Re: LDAP and authentication
From: "Kurt D. Zeilenga" <kurt@boolean.net>
Date: Sat, 11 Dec 1999 10:39:27 -0800
Cc: openldap-software@OpenLDAP.org
In-reply-to: <Pine.LNX.4.10.9912091439250.877-100000@ebony.int.nonlinear dynamics.com>

At 03:12 PM 12/9/99 -0500, Aidan Dysart wrote:
>I suppose I could periodically sync the userPassword attribute by extracting
>the encrypted passwords from /etc/passwdand and use ldapmodify to update
>the records, but that sucks. I'd rather have password changes reflected
>immediately in both /etc/passwd and in LDAP. and the syncing process could
>be quite costly if my number of users gets to be large.

We have code on devel branch which allows the server to check the provided
password against that provided by UNIX password databases.  Basically,
you can put "{UNIX}user" into userPassword and the server will fetch
the crypt(3) password and use this in the comparison with the user
provided value.

The 1.2 patch that this work is based upon is available as ITS#212.
About the only difference is scheme name.  We choose UNIX instead
of EXT.

>I've got the passwd database backend setup properly in slapd.conf:

back-passwd doesn't support bind.   Adding such would be a nice
exercise for someone interested in learning about backends.

----
Kurt D. Zeilenga		<kurt@boolean.net>
Net Boolean Incorporated	<http://www.boolean.net/>

Prev by Date: OpenLDAP 1.2.8 Released
Next by Date: Re: Adding a new entry vs. adding a new attribute
Index(es):
- Chronological
- Thread