[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: DIGEST-MD5 returns 'user not found'

To: lemons_terry@emc.com
Subject: Re: DIGEST-MD5 returns 'user not found'
From: Howard Chu <hyc@symas.com>
Date: Tue, 03 Apr 2007 22:11:27 -0700
Cc: openldap-software@openldap.org
In-reply-to: <05AADEB492F5824996D28D504686739907B70FC8@CORPUSMX40A.corp.emc.com>
References: <CEC4708048E79E4CB20CDB491567EA3C0B92F3F3@mdg1ex03.g1.com> <05AADEB492F5824996D28D504686739907AF5362@CORPUSMX40A.corp.emc.com> <46114D68.6000708@symas.com> <05AADEB492F5824996D28D504686739907AF56C9@CORPUSMX40A.corp.emc.com> <46115B2F.5040904@symas.com> <05AADEB492F5824996D28D504686739907B70FC8@CORPUSMX40A.corp.emc.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9a3pre) Gecko/20070328 SeaMonkey/1.5a

lemons_terry@emc.com wrote:

Thanks, Howard; I think I'm beginning to understand this.

So, the AUTHENTICATION piece is done by SASL using digest_md5, an
'external' connection to TLS, etc.  But the AUTHORIZATION piece is
handled by the rules defined in the access control policy section of
slapd.conf, right?

Yes, basic principles of computer security. Authentication (who are you?) is distinct from Authorization (what are you allowed to do?).

Thanks tl


--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP     http://www.openldap.org/project/

References:
- RE: DIGEST-MD5 returns 'user not found'
  - From: "Chapman, Kyle" <Kyle_Chapman@G1.com>
- RE: DIGEST-MD5 returns 'user not found'
  - From: lemons_terry@emc.com
- Re: DIGEST-MD5 returns 'user not found'
  - From: Howard Chu <hyc@symas.com>
- RE: DIGEST-MD5 returns 'user not found'
  - From: lemons_terry@emc.com
- Re: DIGEST-MD5 returns 'user not found'
  - From: Howard Chu <hyc@symas.com>
- RE: DIGEST-MD5 returns 'user not found'
  - From: lemons_terry@emc.com

Prev by Date: LDAP C API : Sync prtocol
Next by Date: Re: make test question
Index(es):
- Chronological
- Thread