Thanks for the article...in my case, I have to skip over the entire section on
server configuration, because the server is out of my control.
And as to the configuration of the client, it seems the client is looking to
be able to simply query the LDAP server with the entered username and
password, instead of doing a lookup on some unique info (but not the DN), and
then query based on the DN and password given. See my original post below
for more info.
j----- k-----
On Monday 21 March 2005 12:31, Alaska Computer Support Services wrote:
> http://linsec.ca/bin/view/Main/OpenLDAPAuth
>
> I used the docs from Mandrake to get started with OpenLDAP
> authentication. I couldn't find the exact docs I used but I did find
> the above link which may help you find what your missing.
>
> Good Luck,
> Tim
>
> On Mon, 21 Mar 2005 09:11:55 -0900, Joshua Kugler <joshua.kugler@uaf.edu>
wrote:
> > Hello all -
> >
> > I have a server on which I would like to athenticate users via our
> > enterprise LDAP server. This is probably a matter of being pointed to
> > the right docs, but initial googling hasn't gotten me anywhere.
> >
> > My situation is probably a bit different than most in that we need to do
> > a "two phase" bind.
> >
> > All users in the directory have a unique ID. Mine is 1PDH3JZL01.
> > Understandably, users don't want to type this in every time they login,
> > and most don't even know theirs since it's an internal ID used to keep
> > things unique. Thus, the user when enter another piece of unique
> > information, such their e-mail address, corporation username, or user ID
> > which is an eight digit number. None of these are the DN, only
> > "1PDH3JZL01" (in my case) is the DN.
> >
> > Well, what has to happen is this:
> >
> > Enter coporation username
> > Anonymous bind to lookup dn (distinguishing name) from LDAP server
> > Bind a second time with the found dn as well as the supplied password
> > If second bind succeeds, the user is authenticated. If not, login fails.
> >
> > It seems, though that pam_ldap only wants to do a single phase bind, thus
> > I'm stuck.
> >
> > Also, there is are pam_login_* directives in /etc/ldap.conf, but I can't
> > seem to find any man pages or other docs (/usr/share/doc/pam_ldap-170
> > doesn't have anything), and I can't find the relevant docs on
> > http://www.padl.com/OSS/pam_ldap.html .
> >
> > Does anyone have any tips or pointers?
> >
> > Thanks!
> >
> > j----- k-----
> > --
> > Joshua Kugler
> > CDE System Administrator
> > http://distance.uaf.edu/
> > ---------
> > To unsubscribe, send email to <aklug-request@aklug.org>
> > with 'unsubscribe' in the message body.
>
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
-- Joshua Kugler CDE System Administrator http://distance.uaf.edu/ --------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.Received on Mon Mar 21 16:40:01 2005
This archive was generated by hypermail 2.1.8 : Mon Mar 21 2005 - 16:40:01 AKST