[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: using LDAP for authentication

This is what i gathered after plowing thru mailing list
seems that it is not in the FAQ or admin guide
my authentication method is based on entries in the /etc/passwd file

for SASL n other stuffs, need to search the mailing list.

add the following chunk into ur slapd.conf
password-hash {UNIX}
#there are several password authentication methods available
#{UNIX}uid allows authentication using username and password in /etc/passwd

#add and edit your ACL (access control list)

defaultaccess    none
#allows no one to have default access

access to attr=userpassword
        by * search
        by * none
#allows everyone to bind to userPassword

access to attr=mail
        by users read
        by anonymous read
        by * none
#required for netscape ldap client

access to attr=entry
        by self write
        by users write
        by anonymous read
        by * none
#required field when using authentication

access to *
        by users read
#allows authenticated users to read the rest of the fields

your ldif entry should be something like

dn: cn=bobo,dc=blah.net
objectClass: organizationalRole
cn: bobo
mail: bobo@blah.net
description: Bobo the Farter
userpassword: {UNIX}bobo

----- Original Message -----
From: "Jeremy Lunn" <jeremy@austux.net>
To: <openldap-software@OpenLDAP.org>
Sent: Wednesday, December 20, 2000 12:15 PM
Subject: using LDAP for authentication

> I know I've already posted something simular to this but no one has
> replied.  But just wondering what docs I should read before using LDAP
> for authentication?  I am just wondering what the directives should be
> called and can't seem to find it anywhere.
> Also for choosing what things users should have access to, is having
> like objectclass=mail for users who can have access to the mail server
> the best way to do this?
> Thanks,
> --
> Jeremy Lunn
> Melbourne, Australia