[389-users] Re: Permission to let a user be used in authentication for other applications
Hi Denis,
The answer depend on the application ( typically how it determines the user
DN and what it checks and what type of authentication it uses)
The absolute minimum for simple authentication is to have an userpassword
attribute.
so any entry with an objectclass allowing userpassword is fine.
(typically those having "simpleSecurityObject" objectclass or those
derived from "person" objeclass)
That is enough for applications like ldasearch or ldapmodify that do not do
any other check than trying to authenticate to the ldap server.
But some application have more strict requirement (typically looking for
specific objectclass)
For example Unix/Linux authentication over LDAP requires entries with
"posixAccount"
other applications looks for "person" or "inetorgperson" ...
Regards
Pierre
On Tue, Dec 21, 2021 at 2:28 PM Denis Morejon <denis.morejon(a)etecsa.cu>
wrote:
Hi:
I have just installed a 389ds. I can use "cn=Directory Manager" in other
application's configuration when setting them up to authenticate with
ldap, but I can't use another ldap user created. How can I set
permission for user to do that? Or what kind of attribute should the
user has?
Thanks in advance
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
--
--
389 Directory Server Development Team
Attachments:
- attachment.html (text/html — 3.1 KB)