[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Directory Design help needed !!!

Todd Nguyen wrote:

Hi All,

I am trying to get my web application to interface with my LDAP Server for user authentication. I am pretty new to LDAP so if please any guidance on this is greatly appreciated. I have a few questions that I really need help, these are

1. I try to avoid to use clear text password for my rootpw defined in the slapd.conf file, I try to use ldappasswd to encrypt it but I have not luck, could someone provide me some examples on how to use this utility.

2. Since my main objective is to store the user information including user id and password for my web-based client authentication, I then create a simple LDAP directory which contain the following information. My question is that is it the right way to define my user authentication directory ??? Should I use the existing objectclass and the corresponding attributes such as userpassword or I should define my own objectclass and attributes???

After loading my example.ldif into LDAP database using ldapadd command, my clear-text password got encrypted (I am not which encryption). For instance, my uid=johns with userpassword=foo is encrypted into DKSJFL. In that case, how do I authenticate the user-entered password with the password store in the LDAP database. I am using Java JNDI to access to my LDAP Server right now. Should I use the SEARCH operation to fetch out my password and decrypt (????which decryption should I use) for a given user id and then compare the two strings....Is it the most optimal way to this ??????

Thanks in advance for all your help....

# Organization for NetZero Corporation
#dn: o=example, c=US
#objectclass: top
#objectclass: organization
#o: example

# Organizational Unit for NetZero Corporation
#dn: ou=People, o=example, c=US
#objectclass: top
#objectclass: organizationalUnit
#ou: People

# People in the Organization Unit
dn: uid=johns, ou=People, o=example, c=US
objectclass: top
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: smith
sn: john
givenname: john
uid: johns
ou: People
userpassword: bar


I just would like to know which kind of web server you are using ?
I'm using apache + php + openldap. What I do in my authentication page, is ask for the uid and the password, then do an ldap bind according to this
if the bind works, i'm authentified. else, I have a "no authorization" page.
I think this is a good methode as I don't have to care how password are encrypted in LDAP.

Maybe someone on the list could confirm this is a good way to do what you want ?



- le Centre - a Mad Cow Tribe product

(Very uncommon, but we should please everybody anyway, even disturbed minds)