AKLUG Archive: Re: LDAP help (Was Re: Late night LDAP)

From: Alaska Computer Support Services <akpchelp@gmail.com>
Date: Mon Mar 21 2005 - 12:31:54 AKST

http://linsec.ca/bin/view/Main/OpenLDAPAuth

I used the docs from Mandrake to get started with OpenLDAP
authentication. I couldn't find the exact docs I used but I did find
the above link which may help you find what your missing.

Good Luck,
Tim

On Mon, 21 Mar 2005 09:11:55 -0900, Joshua Kugler <joshua.kugler@uaf.edu> wrote:
> Hello all -
>
> I have a server on which I would like to athenticate users via our enterprise
> LDAP server. This is probably a matter of being pointed to the right docs,
> but initial googling hasn't gotten me anywhere.
>
> My situation is probably a bit different than most in that we need to do a
> "two phase" bind.
>
> All users in the directory have a unique ID. Mine is 1PDH3JZL01.
> Understandably, users don't want to type this in every time they login, and
> most don't even know theirs since it's an internal ID used to keep things
> unique. Thus, the user when enter another piece of unique information, such
> their e-mail address, corporation username, or user ID which is an eight digit
> number. None of these are the DN, only "1PDH3JZL01" (in my case) is the DN.
>
> Well, what has to happen is this:
>
> Enter coporation username
> Anonymous bind to lookup dn (distinguishing name) from LDAP server
> Bind a second time with the found dn as well as the supplied password
> If second bind succeeds, the user is authenticated. If not, login fails.
>
> It seems, though that pam_ldap only wants to do a single phase bind, thus I'm
> stuck.
>
> Also, there is are pam_login_* directives in /etc/ldap.conf, but I can't seem
> to find any man pages or other docs (/usr/share/doc/pam_ldap-170 doesn't have
> anything), and I can't find the relevant docs on
> http://www.padl.com/OSS/pam_ldap.html .
>
> Does anyone have any tips or pointers?
>
> Thanks!
>
> j----- k-----
> --
> Joshua Kugler
> CDE System Administrator
> http://distance.uaf.edu/
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
>
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Mon Mar 21 12:32:06 2005

This archive was generated by hypermail 2.1.8 : Mon Mar 21 2005 - 12:32:06 AKST