[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authentication process in openldap?

At 10:36 PM 10/12/00 -0400, Salvador Ramirez wrote:
>I'm trying to do netscape roaming with openldap. For this purpose
>I have created some user's entries that includes the userPassword
>attribute. This password was set by ldappasswd command. I'm quite
>trouble figuring out how the openldap server authenticate the roaming
>user. I compiled the openldap server with sasl support so it perhaps
>is trying to authenticate the DN/password supplied in the netscape's
>GUI against the sasl database and not the userPassword attribute
>of the user's directory entry?

This Netscape client only supports simple bind.  OpenLDAP only
supports simple bind through use of the userPassword attribute.
That attribute however can indicate that server should use an
external service to validate the user's password.  2.0 supports
{UNIX}, {KERBEROS}, and {SASL}.  The string after the scheme
should be user identity of the user in the external service.