On Sat, Dec 20, 2003 at 06:09:51PM +0000, John Haxby wrote: > Jay Daniels wrote: > > >I thought the ldapd server served up addresses and names, how or why > >does one authenticate users based on this info? Isn't this info > >usually public as far as the organization is concerned? > > > > > One doesn't. Authentication using LDAP is done with an authenticated > bind. Roughly speaking the pam_ldap module does something like this: > > ldapsearch -h <host> -b ou=people,dc=example,dc=com uid=you > > This gives a DN (Distinguished Name) that we can then use for an > authenticated bind. Again, something like > > ldapsearch -h <host> -D <DN> -w <password> > > except that you don't bother with the actual searching. The pam_ldap > module includes an option for running the LDAP connection over TLS so > that all traffic is encrypted. Actually, with OpenLDAP this is > necessary if you're going to want to change your password since it > refuses to change passwords if the connection is sufficiently private. > > People do this kind of thing so that they can have a central > authentication database that can be used by a variety of different > applications. > > jch ---end quoted text--- Why do you have to make it so complicated;) jay -- Sometimes I feel like a rat in a cage... -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
