On 13/12/10 17:56 -0800, Any Joe wrote:
I need some pointers on how to integrate a third party web-based auth system and OpenLDAP. Our reqs are as follows
We dont store passwords (or hashes) in LDAP and they are dont-care for us; for backward compatibility we may still have some admin/admin-password credentials on LDAP). In other words, reg-users are not authenticated against LDAP, but we use LDAP for directories and corp-info repository purposes.
Third party app will authenticate and may access user info in LDAP depending on the applications
Users will be created, deleted and modified on LDAP directories, but again passwords are dont-cares
It sounds like you are wanting to use LDAP simply as a data store - your users will not need to authenticate directly to the LDAP server.
If that's the case, then you should work out what user information you want to store, such as email address, phone number, name, etc. Object classes person, organizationalPerson, or residentialPerson might be a good place to start.
Doing a google search for 'ldap tutorial' has some good examples, and the ldap mailing list at:
http://www.umich.edu/~dirsvcs/ldap/mailinglist.html
is another good resource.