Hello,
for a mail relay setup I need to check a login and password against ldap by trying to bind with authentication.
In my slapd.conf I have these lines (among others):
suffix "dc=mail" rootdn "cn=admin,ou=users,dc=mail"
access to attrs=userPassword by anonymous auth by * none
How do I tell OpenLDAP to authenticate against cn=<login>,ou=users,dc=mail and its userPassword attribute?
Kind regards Marten
On Wed, 9 Dec 2009, Marten Lehmann wrote:
How do I tell OpenLDAP to authenticate against cn=<login>,ou=users,dc=mail and its userPassword attribute?
Depends slightly on what program from the OpenLDAP Software you're using, but one simple example would be:
$ ldapwhoami -xH ldap://server.host.domain:port/ -D "cn=<login>,ou=users,dc=mail" -w secret
where "secret" is the cleartext (i.e. not hashed, and not base64) of the credentials stored in cn=<login>'s userPassword.
rootdn "cn=admin,ou=users,dc=mail"
access to attrs=userPassword by anonymous auth by * none
How do I tell OpenLDAP to authenticate against cn=<login>,ou=users,dc=mail and its userPassword attribute?
You don't. You've got the wording a bit wrong. :-) Your configuration will allow an LDAP client to authenticate against this OpenLDAP instance with a user defined in your directory. Supposing you have an entry
dn: cn=mta,ou=users,dc=mail cn: mta userPassword: <something> objectclass: person sn: mta
What you probably want to do is to tell your LDAP client (your MTA?) to bind to OpenLDAP as "cn=mta,ou=users,dc=mail" with that entry's password.
-JP
openldap-software@openldap.org
-
Aaron Richton -
Jan-Piet Mens -
Marten Lehmann