[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: non-kerberos authentication against ldap server

To: openldap-software@OpenLDAP.org
Subject: Re: non-kerberos authentication against ldap server
From: Dieter Kluenter <dieter@dkluenter.de>
Date: Sat, 10 May 2003 08:34:10 +0200
In-reply-to: <20030509233810.72923.qmail@web41601.mail.yahoo.com> (Dave Snoopy's message of "Fri, 9 May 2003 16:38:10 -0700 (PDT)")
References: <20030509233810.72923.qmail@web41601.mail.yahoo.com>
User-agent: Gnus/5.1001 (Gnus v5.10.1) XEmacs/21.4 (Portable Code, linux)

Dave Snoopy <kingsnoopy7@yahoo.com> writes:

> I've setup my openldap server, and can connect to it
> with the rootdn and rootpw specified in my slapd.conf
> file.
>
> I added some users too, which conform to the
> inetOrgPerson schema. One thing I don't understand is
> how to allow these users to authenticate against my
> LDAP server (in case they want to query it). Is there
> another module I need to setup on my server so that it
> knows how to authenticate users? Even for simple
> plaintext authentication? 
>
> If so, how do I link that module to the actual users
> in my LDAP directory? Or will that happen
> automatically based on the bind dn?
>
> I'd appreciate any help, or if someone could just
> point me to some documentation.

You need to define ACL's and probabely saslregexp's in slapd.conf,
depending on your authentification mechanism.See guide-2.1. for this
part.
If you want to authenticate against a X.509 certificate, and thus
start a tls session, you have to configure your openssl.cnf to meet
your DIT structure.

-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter@schevolution.com
http://www.schevolution.com/tour

References:
- non-kerberos authentication against ldap server
  - From: Dave Snoopy <kingsnoopy7@yahoo.com>

Prev by Date: Re: SSL/TLS Question
Next by Date: OpenLDAP Chaining
Index(es):
- Chronological
- Thread