LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
Reload this Page Ldap Authentication
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 08-25-2004, 08:39 AM   #1
joeyBig
LQ Newbie
 
Registered: Jul 2004
Posts: 23

Rep: Reputation: 15
Ldap Authentication

I have a small technical problem in Ldap. I'm able to retreive all the attributes except userpassword from Ldap server. I have the following code.
access to *
by self write
by anonymous auth
by * read


what is wrong with above code.

Thanks in advance.
Joe
 
Old 08-25-2004, 10:00 AM   #2
Hko
Senior Member
 
Registered: Aug 2002
Location: Groningen, The Netherlands
Distribution: Debian
Posts: 2,536

Rep: Reputation: 111Reputation: 111
You are probably binding anonymously to the LDAP-server. userPassword's are special in that not everybody can read all userPassword attributes.

So, like you "code" says ("by anonymous auth"), you can only authenticate as a non-anonymous user to the LDAP-server. You will then be able to see your own (encrypted) userPassword. Only the LDAP-server's "root" (which can be any CN within your directory) can read all userPassword's. Such an account can be specified within slapd.conf with:
Code:
rootdn "cn=admin,dc=yourdomain"
rootpw = secret
or better, encrypt this special password with: slappasswd -h '{MD5}'
Code:
rootdn "cn=admin,dc=yourdomain"
rootpw = {MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ==
You could probably configure access-rules to give everybody (maybe including anonymous users) read-access to the userPassword attributes, but that's certainly not recommended! (if at all possible).

I suggest these ACL's (Access Control List):
Code:
access to attribute=userPassword
        by dn="cn=admin,dc=nodomain" write
        by anonymous auth
        by self write
        by * none

access to *
        by dn="cn=admin,dc=nodomain" write
        by * read
and then not have the "rootdn" and "rootpw" lines in slapd.conf.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ldap authentication goestin Linux - Networking 2 12-27-2005 11:27 AM
LDAP Authentication and su da_kidd_er Linux - Networking 1 12-27-2005 11:24 AM
ldap authentication box_l Mandriva 0 03-22-2004 03:24 AM
ldap cleartext authentication Clemente Linux - Software 0 09-18-2003 03:40 AM
LDAP Authentication Staceman Linux - Software 0 07-31-2003 08:14 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 02:26 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration