[Date Prev][Date Next]
Re: Bind dn connection
- To: Kurt@OpenLDAP.org, openldap-software@OpenLDAP.org
- Subject: Re: Bind dn connection
- From: Prachi Sonalkar <email@example.com>
- Date: Wed, 14 Jun 2006 09:36:19 -0700 (PDT)
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=QeRHN3TBotTZgaJKTLQju1mzH/Ck1jtIhzzxVrPzlGOITUB8x7k14Wng7G8OzX2An7CuTRkbmP5SGutM0C8PxFCLlbTzgWmCtNhiHX32spYTnQVy+de0CGmbXW8FLW0gd+Qz7Yh/ASCard39R0LHWU0Ld+8gt7yVABS7TKIWrLw= ;
- In-reply-to: <22.214.171.124.0.20060612153246.03cf1f80@OpenLDAP.org>
Thanks for the reply, and suggestions.
Following up on the same issue, is it possible that I
can have more than one bind dns configured?
Currently in slapd.conf, I have my rootdn as
"cn=Manager, dc=company, dc=com".
Can I add another dn that can be used for
authentication? ex: cn=service1,dc=company,dc=com.
The idea was that for each service if I have a bind
dn, that way users for that service identity can
authenticate based on the service bind dn. I am adding
a service name attribute to each user entry.
On the clients end, I am just using simple LDAP
queries to get data from the server,no updations
Thanking you in advance,
--- "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> wrote:
> At 02:28 PM 6/12/2006, Prachi Sonalkar wrote:
> >Hi all,
> >I am currently setting up LDAP server user
> >and I need to specify few bind dns, specific to
> >various sevice applications in the organization.
> >I need to also set up a limit on number of bind dn
> I assume you want to limit the number of connections
> a particular authentication identity (or, maybe,
> authorization identity) may have open to a
> server. At present, no such mechanism exists.
> >which I am not aware how to do (I tried
> >to dig in through the Openldap FAQs)
> >I tried to configure ldap.conf with bind dn and
> >values as follows:
> >domain company.com
> >server company.com:389
> >BASE dc=company,dc=com
> >binddn "cn=service1,dc=company,dc=com"
> >bindpw password
> domain, server, and bindpw are not valid OpenLDAP
> ldap.conf(5) directives. See ldap.conf(5) for
> Anyways, OpenLDAP ldap.conf(5) provides defaults for
> the LDAP client library. As it seems to me that you
> looking for some server-side administrative control,
> do not see how this file could be relevant.
> >but the specified bind dn and password are not
> >accepted to establish a bind to the LDAP server.
> Given the above, that's not surprising.
> >The idea is to enable authorized services establish
> >persistent bind connection with the LDAP server;
> Seems like you seek information about a particular
> directory application/client. If so, you should
> do so on a list about that application/client.
> >also limit the number of such bind connections at
> Regarding server limits, see above note.
> >Has someone tried this, and can suggest me what is
> >going wrong?
> >Any help will be appreciated!
> >Do You Yahoo!?
> >Tired of spam? Yahoo! Mail has the best spam
> protection around
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around