[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: using LDAP for authentication
This is what i gathered after plowing thru mailing list
seems that it is not in the FAQ or admin guide
my authentication method is based on entries in the /etc/passwd file
for SASL n other stuffs, need to search the mailing list.
add the following chunk into ur slapd.conf
-----------------------------------------
password-hash {UNIX}
#there are several password authentication methods available
#{UNIX}uid allows authentication using username and password in /etc/passwd
#add and edit your ACL (access control list)
defaultaccess none
#allows no one to have default access
access to attr=userpassword
by * search
by * none
#allows everyone to bind to userPassword
access to attr=mail
by users read
by anonymous read
by * none
#required for netscape ldap client
access to attr=entry
by self write
by users write
by anonymous read
by * none
#required field when using authentication
access to *
by users read
#allows authenticated users to read the rest of the fields
--------------------------------------------
your ldif entry should be something like
dn: cn=bobo,dc=blah.net
objectClass: organizationalRole
cn: bobo
mail: bobo@blah.net
description: Bobo the Farter
userpassword: {UNIX}bobo
----- Original Message -----
From: "Jeremy Lunn" <jeremy@austux.net>
To: <openldap-software@OpenLDAP.org>
Sent: Wednesday, December 20, 2000 12:15 PM
Subject: using LDAP for authentication
> I know I've already posted something simular to this but no one has
> replied. But just wondering what docs I should read before using LDAP
> for authentication? I am just wondering what the directives should be
> called and can't seem to find it anywhere.
>
> Also for choosing what things users should have access to, is having
> like objectclass=mail for users who can have access to the mail server
> the best way to do this?
>
> Thanks,
>
> --
> Jeremy Lunn
> Melbourne, Australia