[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Security-Authentication??



OpenLDAP will not "ask" for a password.  You can configure
it to not permit entries to be served unless an
authenticated bind is performed first.

Look at the faq-o-matic on www.openldap.org for some info on
doing this.  You have a good start, but to avoid serving
anything without the auth'ed bind first you need an access
rule something like:

access to *
	by dn=".+" read
	by * none

BTW, the "asking for password" is the responsibility of the
client which talks to the LDAP server.
-Alan

On Thu, 01 Feb 2001 09:52:11 +0530
 "srihari  parimi" <srihari.par@wipro.com> wrote:
> Hi
> 
> In this connection I would like to give the example of
> Netscape
> Directory Server installed in my organization. When a
> user wants to
> access his entry , he is prompted for login name and
> password.
> The way the user is granted login to his database is
> probably the
> uid is prepended to the base DN , to make up the DN for
> that user,
> in the following manner :
> 
> dn:uid=xyz,dc=alpha,dc=example,dc=com - password being
> whatever
> password user supplies. Assuming that the base DN is
> dc=alpha,
> dc=example,dc=com
> 
> There is a mention about this in the Netscape Directory
> Server
> documentation.
> 
> There could also be another mechanism by which OpenLDAP
> server
> 'serves' the /etc/passwd database - I am not sure how it
> works .
> 
> Hope this helps and not entirely irrelevant to the
> question .
> 
> Thanks
> Hari
> 
> 
> 
> 
> Anita Suriarajan wrote:
> > 
> > Hello,
> > 
> >    I need to be asked for the password when i try to
> access the entry in the
> > directory, How do i go about it??
> > 
> >  I have included access control specifier in the
> slapd.conf file and each
> > entry in the directory is having userPassword attribute
> and what shud i need
> > to do, to go furthur??
> > 
> > slapd.conf:
> > access to attrs=userPassword,telephoneNumber
> >        by self write
> >        by anonymous auth
> >        by dn="cn=Admin,dc=iperia,dc=com" write
> >        by * none
> > access to *
> >        by self write
> >        by dn="cn=Admin,dc=iperia,dc=com" write
> >        by * read
> > 
> > and each entry is like
> > dn: cn=xyz abc,ou=Sales,ou=Employees,dc=iperia,dc=com
> > objectClass: Top
> > objectClass: organizationalUnit
> > objectClass: person
> > userPassword: {crypt}xyz
> > ou: Sales
> > cn: xyz
> > sn: abc
> > 
> > Thanx
> > Anita