[Date Prev][Date Next]
Please assist - LDAP authentication
I have been searching for the answer to this problem for the past few
days .... all to no avail (and I seem to be getting awfully confused
in the process). Any assistance would be greatly appreciated. Here
is the situation in a nutshell.
The impression I get from the <http://www.openldap.org> examples is
that everyone is authenticating with their unique user/pw and thus
unauthenticated users (dn= "") could be denied access. In our
implementation, we are only using LDAP for e-mail address resolution
for Win & Mac users. Currently no authentication is required, users
need only know the name of the server and the search base. Now for
security reasons we would like to remove *anonymous* accessibility
(we would like to make the data available to remote users outside the
firewall). To that end I am trying to configure the server so that it
will only answer queries from one *authenticated* account. Here are my
questions: Is this an account that is only valid within LDAP or is it
a *real* Linux user account?. And how do I configure the SLAPD.CONF
file to facilitate this as there are currently no access controls
within the file.
Thanks in advance.