[Date Prev][Date Next]
Re: LDAP Directory Design help needed !!!
Todd Nguyen wrote:
I am trying to get my web application to interface with my LDAP Server
for user authentication. I am pretty new to LDAP so if please any
guidance on this is greatly appreciated. I have a few questions that I
really need help, these are
1. I try to avoid to use clear text password for my rootpw defined in
the slapd.conf file, I try to use ldappasswd to encrypt it but I have
not luck, could someone provide me some examples on how to use this
2. Since my main objective is to store the user information including
user id and password for my web-based client authentication, I then
create a simple LDAP directory which contain the following
information. My question is that is it the right way to define my user
authentication directory ??? Should I use the existing objectclass and
the corresponding attributes such as userpassword or I should define
my own objectclass and attributes???
After loading my example.ldif into LDAP database using ldapadd
command, my clear-text password got encrypted (I am not which
encryption). For instance, my uid=johns with userpassword=foo is
encrypted into DKSJFL. In that case, how do I authenticate the
user-entered password with the password store in the LDAP database. I
am using Java JNDI to access to my LDAP Server right now. Should I use
the SEARCH operation to fetch out my password and decrypt (????which
decryption should I use) for a given user id and then compare the two
strings....Is it the most optimal way to this ??????
Thanks in advance for all your help....
# Organization for NetZero Corporation
#dn: o=example, c=US
# Organizational Unit for NetZero Corporation
#dn: ou=People, o=example, c=US
# People in the Organization Unit
dn: uid=johns, ou=People, o=example, c=US
I just would like to know which kind of web server you are using ?
I'm using apache + php + openldap. What I do in my authentication page,
is ask for the uid and the password, then do an ldap bind according to this
if the bind works, i'm authentified. else, I have a "no authorization"
I think this is a good methode as I don't have to care how password are
encrypted in LDAP.
Maybe someone on the list could confirm this is a good way to do what
you want ?
- le Centre -
a Mad Cow Tribe product
(Very uncommon, but we should please everybody anyway, even disturbed minds)