[ale] How LDAP works with authentication

Christopher Fowler cfowler at outpostsentinel.com
Wed Oct 12 18:14:54 EDT 2005


On Wed, 2005-10-12 at 17:34 -0400, Nate Murchison wrote:
> The original email led me to guess that you expect a client program to
> authenticate a user
> using an LDAP server, but not necessarily be able to change the record
> on the LDAP server.
> It that is true, it is a simpler problem than having write access,
> that implies authentication by 
> the LDAP server itself.  That raises the question: what is your LDAP
> server? OpenLDAP?

Correct.  We have a customer with many users.  They claim to use LDAP to
store all their user records.  When a user logs into Winbloze that
desktop authenticates via LDAP.

What I want to do is to allow our device to authenticate in the same
manner using the same records.  I do not want to have to create a
special format that will force them to keep double entries of all users.

I do not want write.  I simply need to authenticate a user via the
password that is store in LDAP.

What Im trying to figure out is that if I can implement getpwnam(const
char *user) to get data from LDAP instead of /etc/passwd.

I have no clue what they use.  I have OpenLDAP on my desktop but have
not configured it.  I imagine they use something standard so that all
their devices authenticate via that method.

> 
> LDAP itself is merely a protocol that allows creation/update/retrieval
> of records that can be
> anything you have a schema for.  If you have control of the server and
> you can grow your
> own user authentication client, you can use practically any encoding
> you like.  If you are
> going to have passwords stored in plaintext, then you certainly want
> SSL.
> 
> MD5 encoding is common enough to simplify testing.





More information about the Ale mailing list