The answer depend on the application ( typically how it determines the user
DN and what it checks and what type of authentication it uses)
The absolute minimum for simple authentication is to have an userpassword
so any entry with an objectclass allowing userpassword is fine.
(typically those having "simpleSecurityObject" objectclass or those
derived from "person" objeclass)
That is enough for applications like ldasearch or ldapmodify that do not do
any other check than trying to authenticate to the ldap server.
But some application have more strict requirement (typically looking for
For example Unix/Linux authentication over LDAP requires entries with
other applications looks for "person" or "inetorgperson" ...
On Tue, Dec 21, 2021 at 2:28 PM Denis Morejon <denis.morejon(a)etecsa.cu>
I have just installed a 389ds. I can use "cn=Directory Manager" in other
application's configuration when setting them up to authenticate with
ldap, but I can't use another ldap user created. How can I set
permission for user to do that? Or what kind of attribute should the
Thanks in advance
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
Do not reply to spam on the list, report it:
389 Directory Server Development Team