Hi,
I am using openldap-2.4.19-4.x86_64 on fedora 12 machine. On client node, in /etc/ldap.conf file, we specify binddn and bindpw. If not specified, the request will be anonymous. I have on each client machine more than 500 users. I want to send the request to server as an authenticated user but users are 500+. Then, how do I specify this in binddn and bindpw. I don't want to specify 'root' (admin) in binddn and bindpw. I have rootbinddn as root's dn and his password in /etc/ldap.secret (mode 600).
As earlier said, anonymous request is creating 'I have no name!' problem while doing $ssh <user>@client, since I have given anonymous user auth access. If I specify anonymous read access, 'I have no name!' problem disappears but security is getting compromised. I think there is no problem with nscd daemon, since it is stopped or even I uninstalled that, the problem still persists.
On Wednesday, 14 December 2011 09:13:11 Jayavant Patil wrote:
Hi,
I am using openldap-2.4.19-4.x86_64 on fedora 12 machine. On clientnode, in /etc/ldap.conf file, we specify binddn and bindpw. If not specified, the request will be anonymous. I have on each client machine more than 500 users. I want to send the request to server as an authenticated user but users are 500+. Then, how do I specify this in binddn and bindpw. I don't want to specify 'root' (admin) in binddn and bindpw. I have rootbinddn as root's dn and his password in /etc/ldap.secret (mode 600).
Create a (single, or per-host) "proxy user". I note that deploying Kerberos can be an option for the per-host "proxy user" which has additional benefits.
Regards, Buchan
Hi,
On Wed, Dec 14, 2011 at 1:13 PM, Buchan Milne bgmilne@staff.telkomsa.netwrote:
**
On Wednesday, 14 December 2011 09:13:11 Jayavant Patil wrote:
Hi,
I am using openldap-2.4.19-4.x86_64 on fedora 12 machine. On client
node, in /etc/ldap.conf file, we specify binddn and bindpw. If not
specified, the request will be anonymous. I have on each client machine
more than 500 users. I want to send the request to server as an
authenticated user but users are 500+. Then, how do I specify this in
binddn and bindpw. I don't want to specify 'root' (admin) in binddn and
bindpw. I have rootbinddn as root's dn and his password in
/etc/ldap.secret
(mode 600).
Create a (single, or per-host) "proxy user". I note that deploying
Kerberos can be an option for >the per-host "proxy user" which has additional benefits.
Regards,
Buchan
But, Kerberos is a third party authentication service. Can we install it in our own premises(within intranet)?
openldap-technical@openldap.org
-
Buchan Milne -
Jayavant Patil