Re: Re LDAP help

Well, not really. I don't have an LDAP server set up, because that's the
University's server. I am using pam_ldap to try to authenticate from that,
but to directly auth against that, I'd need to avhe the user enter their
really ugly DN. Not what I want to do at this point.

j----- k-----

On Monday 21 March 2005 12:06, damien hull wrote:
> Is this OpenLDAP?
>
> If it is it sounds like you have something configured wrong. I'm trying
> to learn OpenLDAP and from what I've read the DN should be the username
> followed by the root DN.
>
> Example root DN: dn=acme,dn=com
>
> Example DN: cn=jason,dn=acme,dn=com
>
> If you configure things write you can use a relative DN (RDN).
>
> Example: cn=jason
>
> I'm not sure how to set this up. I can get OpenLDAP running but I can't
> log on. The only user I have is the admin account. If I connect
> anonymously it works fine. This allows me to brows and search the
> directory but I can't change anything. The directory is read only.
>
> I should mention that I'm trying to setup an address book in LDAP. I'm
> saving user authentication for later.
>
> On Mon, 2005-03-21 at 09:11 -0900, Joshua Kugler wrote:
> > Hello all -
> >
> > I have a server on which I would like to athenticate users via our
>
> enterprise
>
> > LDAP server. This is probably a matter of being pointed to the right
>
> docs,
>
> > but initial googling hasn't gotten me anywhere.
> >
> > My situation is probably a bit different than most in that we need to
>
> do a
>
> > "two phase" bind.
> >
> > All users in the directory have a unique ID. Mine is 1PDH3JZL01.
> > Understandably, users don't want to type this in every time they
>
> login, and
>
> > most don't even know theirs since it's an internal ID used to keep
>
> things
>
> > unique. Thus, the user when enter another piece of unique
>
> information, such
>
> > their e-mail address, corporation username, or user ID which is an
>
> eight digit
>
> > number. None of these are the DN, only "1PDH3JZL01" (in my case) is
>
> the DN.
>
> > Well, what has to happen is this:
> >
> > Enter coporation username
> > Anonymous bind to lookup dn (distinguishing name) from LDAP server
> > Bind a second time with the found dn as well as the supplied password
> > If second bind succeeds, the user is authenticated. If not, login
>
> fails.
>
> > It seems, though that pam_ldap only wants to do a single phase bind,
>
> thus I'm
>
> > stuck.
> >
> > Also, there is are pam_login_* directives in /etc/ldap.conf, but I
>
> can't seem
>
> > to find any man pages or other docs (/usr/share/doc/pam_ldap-170
>
> doesn't have
>
> > anything), and I can't find the relevant docs on
> > http://www.padl.com/OSS/pam_ldap.html .
> >
> > Does anyone have any tips or pointers?
> >
> > Thanks!
> >
> > j----- k-----
>
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.

-- 
Joshua Kugler
CDE System Administrator
http://distance.uaf.edu/
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.