[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Bind dn connection

To: Prachi Sonalkar <prachisonalkar@yahoo.com>
Subject: Re: Bind dn connection
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 14 Jun 2006 13:01:37 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <20060614163620.90583.qmail@web51503.mail.yahoo.com>
References: <7.0.1.0.0.20060612153246.03cf1f80@OpenLDAP.org> <20060614163620.90583.qmail@web51503.mail.yahoo.com>

At 09:36 AM 6/14/2006, Prachi Sonalkar wrote:
>Following up on the same issue, is it possible that I
>can have more than one bind dns configured?
>Currently in slapd.conf, I have my rootdn as
>"cn=Manager, dc=company, dc=com".
>Can I add another dn that can be used for
>authentication?

While you can only have one rootdn per database,
a database can hold numerous objects representing
identity (and holding credential information) which
the client could authentication as and act as.  And,
of course, the client could also authenticate using
information not held in the directory (through SASL).

For LDAP simple DN/password authentication, the
object should not only contain a userPassword attribute
with the password, the access controls must allow
"anonymous" to have "auth" access to the userPassword
attribute.  This is discussed in the Admin Guide,
the FAQ, the archives, and various other places.

Kurt

References:
- Re: Bind dn connection
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: Bind dn connection
  - From: Prachi Sonalkar <prachisonalkar@yahoo.com>

Prev by Date: Re: Trace the change on the directory [auf Viren überprüft]
Next by Date: Chaining or Referral
Index(es):
- Chronological
- Thread