Re: Sun Java System Directory Server Authentication

Tech-Archive recommends: Speed Up your PC by fixing your registry


We run into requirements to use LDAP for authentication all the time.
Even if LDAP wasn't designed for true authentication (and isn't
particularly developer friendly for it), it's extremely common.

Previously as a gov't contractor the majority of our applications
included LDAP authentication, usually against non-AD servers. Now in
a university marketplace many of our customers use LDAP authentication
as well, some for AD but some not. Also it's quite common for COTS
products to include LDAP as an authentication means.

So even if LDAP wasn't originally designed for authentication (and
this is the first I heard it isn't) it certainly is used for
authentication and telling clients/developers that they can't use LDAP
this way 'cause it isn't designed to be used for authentication is
foolish.

My $0.02.

Sam

------------------------------------------------------------
We're hiring! B-Line Medical is seeking Mid/Sr. .NET
Developers for exciting positions in medical product
development in MD/DC. Work with a variety of technologies
in a relaxed team environment. See ads on Dice.com.


On Thu, 14 Dec 2006 22:22:18 -0000, Jon Skeet [C# MVP]
<skeet@xxxxxxxxx> wrote:

Willy Denoyette [MVP] <willy.denoyette@xxxxxxxxxx> wrote:

<snip good stuff>

It's not entirely uncommon to want to authenticate using an LDAP server
- it's sufficiently common that there's an Apache module for the
purpose, for instance.

That's true if you have a secured webserver, for which you don't want
to open the corporate firewall to have access to your most precious
directory servers (and or Domain Controller(s) on Windows) from the
internet. . In this case you can set-up a "private" LDAP server (or a
simple DB server) on the Webserver machine just to authenticate
external clients, but here we aren't talking about a Directory Server
right?

Well, for whatever reason, and regardless of whether or not it's always
a good idea (which it may be in some small companies which use an LDAP
server for other purposes and don't want to have a separate service for
genuine authentication) I believe it's not uncommon to use LDAP this
way...

.

Relevant Pages

  • Re: [opensuse] LDAP served network
    ... One LDAP server and one LDAP client. ... I use pam to configure the various services to perform ... an ldap authentication. ...
    (SuSE)
  • Re: [opensuse] LDAP served network
    ... One LDAP server and one LDAP client. ... Server_1 is file a group file server with several shares with common ... I think so, I've all my server performing an ssh ldap authentication, ... I use pam to configure the various services to perform ...
    (SuSE)
  • LDAP Weirdness (Solaris 9)
    ... I'm having a very odd problem with LDAP authentication on a Solaris 9 ... The LDAP server is running OpenLDAP with a self-signed ... that you would expect for an account that doesn't exist. ...
    (comp.unix.solaris)
  • Re: Directory Services, LDAP or similar
    ... In other projects, we managed the user authentication by creating tables that define all users and its allowed capacities, then the application queryies that data to verify if a user has access to some feature or not. ... The above ID and password are sent to the service at login time. ... They are using Novell eDirectory at the enterprise level; yes it's LDAP. ... We already do that for three different DB servers; ...
    (borland.public.delphi.non-technical)
  • Re: noob on slapd with sasl errors
    ... If I may share advice based on my own trials & tribulations with LDAP ... people who need network authentication and the current state of ... context of network authentication, LDAP really is just a protocol used ... I have no idea how sasl works and why it is needed here, or even more, ...
    (Ubuntu)