[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: problems with authentication

At 09:57 PM 3/31/2002 -0500, you wrote:
You have to bind with a DN.

Allow the attributes the mail clients want to search to be read anonymously, that is the easiest way. All they usually need is cn, sn, givenname, and mail (usually), they you don't need to bother with binding.

if I leave this info to be read anonymously, aren't I risking getting hacked , having addresses stolen, etc?

I do bind on DN when I use GQ on linux; I can bind by using cn=Douglas Rehg,dc=stooges,dc=org - but not with the uid. And the client on my windows machine (Eudora) wont bind on any combination of uid; cn,dc,dc; cn only; cn,ou,o.

Any ideas on why this might be?


<snip from orig email>

my ldif looks like this:
dn: cn=Douglas Rehg,ou=Morgan,o=stooges
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
sn: Rehg
cn: Douglas Rehg
userPassword: password
telephoneNumber: (555)555-5555
telephoneNumber: (555)555-5555
mail: drehg@fishcicle.com
uid: drehg
My slapd.conf looks like this:
# example config file - global configuration section
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
#include /usr/local/etc/schema/core.schema
#referral ldap://root.openldap.org
access to * by * read
# ldbm definition for the example.com
database ldbm
suffix "dc=stooges,dc=org"
suffix "o=stooges"
directory /var/lib/ldap/stooges
rootdn "cn=Admin,dc=stooges,dc=org"
rootpw secret
# indexed attribute definitions
index uid pres,eq
index cn,sn pres,eq,sub
index objectClass eq
# ldbm access control definitions
access to attr=userPassword
by self write
by anonymous auth
by dn="cn=Admin,dc=stooges,dc=org" write
by * none
access to *
by self write
by dn="cn=Admin,dc=stooges,dc=org" write
by users read