[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Need to configure openLDAP client to request authenication in LDAP version 2 format

To: Quanah Gibson-Mount <quanah@zimbra.com>
Subject: Re: Need to configure openLDAP client to request authenication in LDAP version 2 format
From: Howard Chu <hyc@symas.com>
Date: Tue, 24 Jun 2008 11:52:42 -0700
Cc: Buchan Milne <bgmilne@staff.telkomsa.net>, kenglund <kenglund@sbc.edu>, openldap-technical@openldap.org
In-reply-to: <D1E625CDA8280B40DC088A33@[192.168.1.199]>
References: <5EB6068878B8463A87578ABBF9857F45@kenglundd630> <EE852B90CDA96CA80F36EBF9@[192.168.1.199]> <200806241838.51141.bgmilne@staff.telkomsa.net> <D1E625CDA8280B40DC088A33@[192.168.1.199]>
User-agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9.0.1pre) Gecko/2008062211 SeaMonkey/2.0a1pre

Quanah Gibson-Mount wrote:

--On Tuesday, June 24, 2008 6:38 PM +0200 Buchan Milne
<bgmilne@staff.telkomsa.net>  wrote:

On Tuesday 24 June 2008 18:20:28 Quanah Gibson-Mount wrote:
--On Monday, June 23, 2008 11:28 AM -0400 kenglund<kenglund@sbc.edu>
wrote:
Hello,

I am installing a new version of our Zope/Plone software for hosting
our web portal.  The new software is using a product called PloneLDAP,
which (I think) in turn requests authentication using openLDAP client.
openLDAP is authenticating through our mail server, which wants bind
requests in version 2 format. Modification of the mail server software
to use version 3 authentication does not seem to be an option, as
(according to my Tech guy) it is "really not LDAP", but has an "LDAP
Like" interface.  The interface requires the bind to look like this:

Either your tech guy is on crack, since LDAP v3 is the current LDAP
protocol version, and has been for many years, or you have a
misunderstanding somewhere along the way of what they were saying.

Or, the software in question *really* only does do LDAPv2. This is the
case  with a lot of proprietary software from supposedly reputable
vendors.


Whether or not the software only does LDAPv2 in no way relates to saying
that "ldapv3 is really not ldap".  That's why I said either the guy is on
crack, or there was a misunderstanding (i.e., the software only does
ldapv2, and trying to do ldapv3 would be a hack, etc).

Given the description in the original post, it's all a hack no matter how you look at it.

Anyway, the question is moot. There is no ldap.conf option to make the client library use LDAPv2 - the library always uses LDAPv2 by default, so any naive software that doesn't explicitly choose LDAPv3 is getting LDAPv2 anyway.

As for making an LDAP Bind request using a simple username instead of a DN - the OpenLDAP library just passes whatever name was given to it. It's up to the calling application to decide what format that name will use, and of course the remote server has to recognize that name format. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

References:
- Need to configure openLDAP client to request authenication in LDAP version 2 format
  - From: "kenglund" <kenglund@sbc.edu>
- Re: Need to configure openLDAP client to request authenication in LDAP version 2 format
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: Need to configure openLDAP client to request authenication in LDAP version 2 format
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>
- Re: Need to configure openLDAP client to request authenication in LDAP version 2 format
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: Need to configure openLDAP client to request authenication in LDAP version 2 format
Next by Date: Re: slapd replication (push based)
Index(es):
- Chronological
- Thread