[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authentication process in openldap?



On Fri, 13 Oct 2000, Kurt D. Zeilenga wrote:
> At 10:36 PM 10/12/00 -0400, Salvador Ramirez wrote:
> >I'm trying to do netscape roaming with openldap. For this purpose
> >I have created some user's entries that includes the userPassword
> >attribute. This password was set by ldappasswd command. I'm quite
> >trouble figuring out how the openldap server authenticate the roaming
> >user. I compiled the openldap server with sasl support so it perhaps
> >is trying to authenticate the DN/password supplied in the netscape's
> >GUI against the sasl database and not the userPassword attribute
> >of the user's directory entry?
> 
> This Netscape client only supports simple bind.  OpenLDAP only
> supports simple bind through use of the userPassword attribute.
> That attribute however can indicate that server should use an
> external service to validate the user's password.  2.0 supports
> {UNIX}, {KERBEROS}, and {SASL}.  The string after the scheme
> should be user identity of the user in the external service.

OK, thanks. But could be happens if I used ldappasswd with the -x
option so the password is in the userPassword attribute but 
netscape still answer me with me that something faild on the 
authentication with the openldap server. Of course I double checked
that the openldap server is running and that the configuration on
the netscape client is ok? 
I looked at the debug output but it is quite unreadable for me,
could I include it on a email?

---sram
     "Don't listen to what I say; listen to what I mean!" --Feynman
Salvador Ramirez Flandes        PROFC, Universidad de Concepcion, CHILE 
http://www.profc.udec.cl/~sram                mailto:sram@profc.udec.cl