Re LDAP help

From: damien hull <dhull@digitaloverload.net>
Date: Mon Mar 21 2005 - 12:06:05 AKST

Is this OpenLDAP?

If it is it sounds like you have something configured wrong. I'm trying
to learn OpenLDAP and from what I've read the DN should be the username
followed by the root DN.

Example root DN: dn=acme,dn=com

Example DN: cn=jason,dn=acme,dn=com

If you configure things write you can use a relative DN (RDN).

Example: cn=jason

I'm not sure how to set this up. I can get OpenLDAP running but I can't
log on. The only user I have is the admin account. If I connect
anonymously it works fine. This allows me to brows and search the
directory but I can't change anything. The directory is read only.

I should mention that I'm trying to setup an address book in LDAP. I'm
saving user authentication for later.

On Mon, 2005-03-21 at 09:11 -0900, Joshua Kugler wrote:
> Hello all -
>
> I have a server on which I would like to athenticate users via our
enterprise
> LDAP server. This is probably a matter of being pointed to the right
docs,
> but initial googling hasn't gotten me anywhere.
>
> My situation is probably a bit different than most in that we need to
do a
> "two phase" bind.
>
> All users in the directory have a unique ID. Mine is 1PDH3JZL01.
> Understandably, users don't want to type this in every time they
login, and
> most don't even know theirs since it's an internal ID used to keep
things
> unique. Thus, the user when enter another piece of unique
information, such
> their e-mail address, corporation username, or user ID which is an
eight digit
> number. None of these are the DN, only "1PDH3JZL01" (in my case) is
the DN.
>
> Well, what has to happen is this:
>
> Enter coporation username
> Anonymous bind to lookup dn (distinguishing name) from LDAP server
> Bind a second time with the found dn as well as the supplied password
> If second bind succeeds, the user is authenticated. If not, login
fails.
>
> It seems, though that pam_ldap only wants to do a single phase bind,
thus I'm
> stuck.
>
> Also, there is are pam_login_* directives in /etc/ldap.conf, but I
can't seem
> to find any man pages or other docs (/usr/share/doc/pam_ldap-170
doesn't have
> anything), and I can't find the relevant docs on
> http://www.padl.com/OSS/pam_ldap.html .
>
> Does anyone have any tips or pointers?
>
> Thanks!
>
> j----- k-----

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Mon Mar 21 12:06:13 2005

This archive was generated by hypermail 2.1.8 : Mon Mar 21 2005 - 12:06:13 AKST