eDir as LDAP authentication store
Eric Rothweiler
jetadmin at gmail.com
Tue Aug 19 10:42:59 BST 2008
If you don't know the difference between a bind and a compare, a simple
question to answer that is "Are you using a proxy user for LDAP?" A compare
requires a proxy account (a different user acting on behalf of the
application to check user credentials against LDAP on query)
On 8/17/08, Jon Dustin <jdustin at usm.maine.edu> wrote:
>
> >>> On 8/13/2008 at 11:52 AM, "Scott Etienne" <Setienne at enesco.com> wrote:
> > We are using eDirectory for end-user LDAP authentication. From my
> experience,
> > last login time does not reflect LDAP authentication queries. It would be
> > nice if, like Last Login Time, there were a counter for last LDAP
> > authentication.
> >
> > I know I ought to be able to work around this by turning on ldap logging
> and
> > keep log files in perpetuity for future searches, but I don't see this as
> a
> > good long-term solution.
>
> As long as your LDAP authentications are BINDs, then the NDS attribute of
> "last login time" will be updated. If your LDAP just issues a COMPARE, it
> will not.
>
> Otherwise, configure logging to rotate logfiles hourly and save the logs
> somewhere. The logs will be quite verbose, but can be handy for other
> reasons.
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell
>
More information about the Novell
mailing list