On Friday, 12 August 2011 16:30:26 Mehmet wrote: > Hi everyone, > > Your great replies to my previous question encouraged me to ask your > opinion on another issue that is not directly related to perl-LDAP, but > rather to LDAP itself. I am sorry if this is out-of-context, and please > ignore this email if you think it is, but here it comes: > > Is there a way to use methods that require write access (add, delete, etc) > without providing a password? I want my script run as a cronjob and I do > not want to keep the password in a file or the code itself. In particular, > I would like to give LDAP-write access to a unix user, say "ldap". I was > wondering if it is possible to tell ldap server that 'ldap' user is the > Manager? If not, is there a good way to hide the password in Perl?
You may prefer to ask this on a forum / mailing list that is relevant to the LDAP server software you are using. I note that OpenLDAP supports using SASL/External authentication with authz- regexp to map a SASL identity to a DN, that may be of use for you, either with certificate-based authentication, or uid-based authentication in the case of connections to the unix socket (using -H ldapi:///). For example: [root@tiger ~]# ldapwhoami -Y EXTERNAL -H ldapi:/// SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 dn:uid=account admin,ou=system accounts,dc=ranger,dc=dnsalias,dc=com Regards, Buchan
