I thought the ldapd server served up addresses and names, how or whyOne doesn't. Authentication using LDAP is done with an authenticated bind. Roughly speaking the pam_ldap module does something like this:
does one authenticate users based on this info? Isn't this info
usually public as far as the organization is concerned?
ldapsearch -h <host> -b ou=people,dc=example,dc=com uid=you
This gives a DN (Distinguished Name) that we can then use for an authenticated bind. Again, something like
ldapsearch -h <host> -D <DN> -w <password>
except that you don't bother with the actual searching. The pam_ldap module includes an option for running the LDAP connection over TLS so that all traffic is encrypted. Actually, with OpenLDAP this is necessary if you're going to want to change your password since it refuses to change passwords if the connection is sufficiently private.
People do this kind of thing so that they can have a central authentication database that can be used by a variety of different applications.
jch
-- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
