Re: LDAP for logon?

Patrick Richard (patr@cyberstore.ca)
Wed, 22 May 1996 15:43:02 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Mark Smith: "[Fwd: SLAPD 3.3 bug on AIX]"
Previous message: Piyush Lumba: "Re: LDAP for logon?"
In reply to: Patrick Richard: "Re: LDAP for logon?"

On May 22, 5:03am, Piyush Lumba wrote:
> Subject: Re: LDAP for logon?
> Is each ldap client (for simple access) also using SSL to communicate with
the
> ldap server in your implementation?

Yes (for instance, a WWW server that wants to get something out of the LDAP DB
would be the LDAP client in this case)

In our implementation the we have implemented ACLs (stored in the LDAP DB
itself) that will check the identity of any clients connecting via LDAP to the
LDAP db itself and grant them access to different parts of the DB (read only,
read/write, etc. etc.). The administrator can completely fine-tune the access
control because the objects that the ACLs are applied to are pulled right out
of the DB itself.

This lends itself to the funny scenario where it could be architecturally
possible to close the DB off completely (by denying the administrator access)
by not accespting connections from even the administrator.

This all must go through a 'bootstrap' process which happens when you install
the server so that you can administer the whole thing.

>
> thanks,
> Piyush
>
> On May 21, 3:18pm, Patrick Richard wrote:
> > Subject: Re: LDAP for logon?
> > We have added SSL to the Umich LDAP (as well as other DAP implementations)
and
> > are validating logons by having the logon daemon communicate via SSL to
the
> > LDAP DB
> >
> > On May 20, 10:20pm, Calvin Smith wrote:
> > > Subject: LDAP for logon?
> > > Has the Umich implementation of LDAP been used as a logon database for
> > > Unix workstations? Is it possible at all? Or is it too insecure for
that
> > > sort of thing.
> > > --
> > > -Calvin
> > > ---------------------------------------------------------------------
> > > "Information - the currency of the future"
cgs@cldc.howard.edu
> > > http://www.cldc.howard.edu/~cgs/
> > > ---------------------------------------------------------------------
> > >-- End of excerpt from Calvin Smith
> >
> >
> >
> > --
> > Pat Richard / patr@x509.com
> > ----
> > The first and only CA server on the Internet: http://x.509.com
> > http://www.xcert.com
> >
> >-- End of excerpt from Patrick Richard
>
>
>
> --
> Piyush Lumba
> Lucent Technologies, Bell Labs Innovations.
> Phone: 908-957-6015
> Fax: 908-957-4142
> email: lumba@mtgbcs.mt.att.com
>
>-- End of excerpt from Piyush Lumba

-- 
Pat Richard    /    patr@x509.com
----
The first and only CA server on the Internet: http://x.509.com
                                              http://www.xcert.com

Next message: Mark Smith: "[Fwd: SLAPD 3.3 bug on AIX]"
Previous message: Piyush Lumba: "Re: LDAP for logon?"
In reply to: Patrick Richard: "Re: LDAP for logon?"