Heroux, Bernard R wrote:
Hi,
Has anyone had issues with NDS and LDAP Authentication for E-Directory?
We have 6.5 and it appears that the only way we can log in is by
providing the fully qualified dn name ie (cn=vbrand,dc=xerox, c=us).
This seems awefully cumbersome for a user to need to key in this info.
Isn't there a way they can just enter vbrand and password?
If so, how did people deal with this for NDS? Did you use the RootDSE
under the hood, hiding details from the user. And if so, how do you
handle different domain regions?
Usually the client is configured to use a specific suffix (e.g.
dc=xerox,dc=us), and the suffix either allows anonymous search or there
is an authenticated proxy agent. The first step is to get the login ID,
then do a subtree search for it - ldapsearch ... -s sub -b
dc=xerox,dc=us (cn=vbrand) to get the DN. The the last step is the
client app does an LDAP BIND with the DN and the password given by the
user. This is what authentication mechanisms like pam_ldap do.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Standard8
Sent: Thursday, March 09, 2006 5:23 PM
To: [email protected]
Subject: Re: Handling Failover
Rich Megginson wrote:
Standard8 wrote:
Rich Megginson wrote:
Michael Pratt wrote:
Thanks for the update Anton. Do you know when a possible patch
would be ready? We're trying to migrate to SSL as soon as we can,
and due to the processes in place, I have to account for about a
week extra to bring in external source code and compile (unless the
binaries are being distributed, but I didn't see any recent ones on
the Mozilla FTP site).
I'm going to put binaries for v5.17 as soon as I get ftp access,
which should be any day now.
Does that mean we've tagged the tree for v5.17 already?
I've made a preliminary tag for v5.17, which could become the official
tag if there's nothing else to do. Did you have anything else in mind
for the short term?
My only concern at the moment is that when SeaMonkey or Thunderbird
switch to xulrunner, the configure script will need to be changed (or
parameters posted to it (building with xulrunner means the nspr stuff is
under objdir/xulrunner/.... But we could pick that up when its really
needed - its probably not urgent for another couple of months.
_______________________________________________
dev-tech-ldap mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-ldap
_______________________________________________
dev-tech-ldap mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-ldap
