[ale] How LDAP works with authentication
Christopher Fowler
cfowler at outpostsentinel.com
Wed Oct 12 18:14:54 EDT 2005
On Wed, 2005-10-12 at 17:34 -0400, Nate Murchison wrote:
> The original email led me to guess that you expect a client program to
> authenticate a user
> using an LDAP server, but not necessarily be able to change the record
> on the LDAP server.
> It that is true, it is a simpler problem than having write access,
> that implies authentication by
> the LDAP server itself. That raises the question: what is your LDAP
> server? OpenLDAP?
Correct. We have a customer with many users. They claim to use LDAP to
store all their user records. When a user logs into Winbloze that
desktop authenticates via LDAP.
What I want to do is to allow our device to authenticate in the same
manner using the same records. I do not want to have to create a
special format that will force them to keep double entries of all users.
I do not want write. I simply need to authenticate a user via the
password that is store in LDAP.
What Im trying to figure out is that if I can implement getpwnam(const
char *user) to get data from LDAP instead of /etc/passwd.
I have no clue what they use. I have OpenLDAP on my desktop but have
not configured it. I imagine they use something standard so that all
their devices authenticate via that method.
>
> LDAP itself is merely a protocol that allows creation/update/retrieval
> of records that can be
> anything you have a schema for. If you have control of the server and
> you can grow your
> own user authentication client, you can use practically any encoding
> you like. If you are
> going to have passwords stored in plaintext, then you certainly want
> SSL.
>
> MD5 encoding is common enough to simplify testing.
More information about the Ale
mailing list