I can be used for any of it.
Here, we use OpenLDAP for authentication (login) and authorization (who can login via sshd
allowed groups, who can sudo) on our group's systems – this requires the information
being available as well as configuring the clients to USE that information. We also use it
to store inventory data which is neither authn or authz (hey, OpenLDAP is a decent hammer
and the problem at the time looked like a nail).
Corporate uses Microsoft Active Directory (based on LDAP) – which is used for authn,
authz, and a plethora of other uses (mail settings, location info, managing host
Perhaps googling "what is LDAP for" would be a good place to start with your
From: openldap-technical [mailto:email@example.com] On Behalf Of
Sent: Monday, August 10, 2015 5:16 AM
To: Nick Milas <nick(a)eurobjects.com>; openldap-technical(a)openldap.org
Subject: Re: Is Openldap a Authorization or Authentication system?
Thanks for the explanation. Does AAI mean Authentication Authorization Identity and SSO
mean Single Sign On?
As per your example of OpenLDAP + Kerberos or Radius. is Openldap used for Authentication
and Kerberos or Radius server for Authorization? Please clarify.
On Mon, 10 Aug 2015 at 17:37 Nick Milas
On 10/8/2015 2:16 μμ, Kaushal Shriyan wrote:
I am not sure if i understand the difference between Authorization
Authentication. Does Openldap support both or it supports or
configured as Authorization or Authentication server? I will
appreciate if somebody can help me understand with some examples.
From Wikipedia: "Authentication is the act of confirming the truth of
an attribute of a datum or entity. This might involve confirming the
identity of a person or software program, tracing the origins of an
artifact, or ensuring that a product is what its packaging and labeling
claims to be." That's how we know who an application talks to.
From Wikipedia: "Authorization is the function of specifying access
rights to resources." After authentication we know the person, but we
still unsure whether it's supposed to access a given resource and hence
the need for authorization.
To get to know Openldap, read: http://www.openldap.org/doc/admin24/
Everything depends on what you are trying to do, your project needs.
An example for AAI services would be something like OpenLDAP + Kerberos
or Radius. Google for AAI / SSO systems.
This message is private and confidential. If you have received it in error, please notify
the sender and remove it from your system.