LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 08-25-2004, 09:39 AM   #1
joeyBig
LQ Newbie
 
Registered: Jul 2004
Posts: 23

Rep: Reputation: 15
Ldap Authentication


I have a small technical problem in Ldap. I'm able to retreive all the attributes except userpassword from Ldap server. I have the following code.
access to *
by self write
by anonymous auth
by * read


what is wrong with above code.

Thanks in advance.
Joe
 
Old 08-25-2004, 11:00 AM   #2
Hko
Senior Member
 
Registered: Aug 2002
Location: Groningen, The Netherlands
Distribution: ubuntu
Posts: 2,530

Rep: Reputation: 108Reputation: 108
You are probably binding anonymously to the LDAP-server. userPassword's are special in that not everybody can read all userPassword attributes.

So, like you "code" says ("by anonymous auth"), you can only authenticate as a non-anonymous user to the LDAP-server. You will then be able to see your own (encrypted) userPassword. Only the LDAP-server's "root" (which can be any CN within your directory) can read all userPassword's. Such an account can be specified within slapd.conf with:
Code:
rootdn "cn=admin,dc=yourdomain"
rootpw = secret
or better, encrypt this special password with: slappasswd -h '{MD5}'
Code:
rootdn "cn=admin,dc=yourdomain"
rootpw = {MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ==
You could probably configure access-rules to give everybody (maybe including anonymous users) read-access to the userPassword attributes, but that's certainly not recommended! (if at all possible).

I suggest these ACL's (Access Control List):
Code:
access to attribute=userPassword
        by dn="cn=admin,dc=nodomain" write
        by anonymous auth
        by self write
        by * none

access to *
        by dn="cn=admin,dc=nodomain" write
        by * read
and then not have the "rootdn" and "rootpw" lines in slapd.conf.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ldap authentication goestin Linux - Networking 2 12-27-2005 12:27 PM
LDAP Authentication and su da_kidd_er Linux - Networking 1 12-27-2005 12:24 PM
ldap authentication box_l Mandriva 0 03-22-2004 04:24 AM
ldap cleartext authentication Clemente Linux - Software 0 09-18-2003 04:40 AM
LDAP Authentication Staceman Linux - Software 0 07-31-2003 09:14 AM


All times are GMT -5. The time now is 05:26 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration