[nflug] openldap

Darin Perusich Darin.Perusich at cognigencorp.com
Wed Nov 19 10:47:43 EST 2008


The client doesn't dictate how communication will take place, the server
does. You configure the server to allow anonymous binds, or to use TLS,
or to require certificates, or SASL, etc, etc. Anonymous binds are
allowed by default but the server will only return a subset of the
information. Even if you bind as yourself and query your record the
server will still not return all values. Do a search and request your
userPassword field and you'll see what I mean, only certain account
types can view that attribute.

I would advice against preforming anonymous binds, instead create an
application or proxy user. And TLS should alway be used with passwords
or any sensitive data is passing over the wire.

Eric Benoit wrote:
> :) so many questions, wish I could take a class.
> 
> I'm trying to get a handle on the most common way to connect to an
> openldap server anonymously.
> 
> do most clients require the use of sasl or tls even when it's an
> anonymous bind?

-- 
Darin Perusich
Unix Systems Administrator
Cognigen Corporation
395 Youngs Rd.
Williamsville, NY 14221
Phone: 716-633-3463
Email: darinper at cognigencorp.com


More information about the nflug mailing list