[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Authentication and Clients





--On Montag, 18. März 2002 17:58 -0800 Howard Chu <hyc@highlandsun.com> wrote:

Netscape always does an anonymous search for your email address and then
tries to bind again using whatever entry it found. It seems stupid to me
that there's no way to configure it with an explicit bind DN but I've
tried various changes in the prefs file with no success.

from http://developer.netscape.com/docs/manuals/communicator/ldap45.htm

Netscape Communicator 4.5 supports simple LDAP authentication. This means that users may elect to send authentication credentials to the LDAP server before performing a search.
However, LDAP authentication uses a distinguished name (DN) and a password, not a user name and password. Since relatively few users know their DN, and probably fewer can type it correctly, Communicator will try to find the DN based on the value of some other attribute. For example, Communicator can search the "mail" values for phil@netscape.com in order to find out that the DN is cn=Phil Peterson,o=Netscape Communications Corp.,c=US. So, unless the user's DN has been preconfigured in their preferences, Communicator's LDAP authentication requires the server to allow anonymous searching on at least one attribute.


Authentication Preferences
The following lines of JavaScript preferences code show the preference objects added for LDAP authentication, and their default values:
pref ("ldap_2.servers.megacorp.auth.enabled", false);
pref ("ldap_2.servers.megacorp.auth.savePassword", false);
pref ("ldap_2.servers.megacorp.auth.dn", "");
pref ("ldap_2.servers.megacorp.auth.password", "");
pref ("ldap_2.servers.megacorp.attributes.auth", "email address:mail");
Of particular note is the new attributes.auth setting. The auth attribute preference holds the human readable name (e.g. email address and LDAP attribute name (e.g. mail) of the attribute Communicator will search for when attempting to find the user's DN.



-- Norbert Klasen, Dipl.-Inform. DAASI International GmbH phone: +49 7071 29 70336 Wilhelmstr. 106 fax: +49 7071 29 5114 72074 Tübingen email: norbert.klasen@daasi.de Germany web: http://www.daasi.de