Re: Idiots intro to LDAP - Where?

From: P.T. Breuer (ptb_at_oboe.it.uc3m.es)
Date: 09/10/04 

Date: Fri, 10 Sep 2004 17:46:11 GMT

William Park <opengeometry@yahoo.ca> wrote:
> I know thin-client. I read and understood BOOTP, DHCP, TFTP, all in one
> sitting. But, for the life of me, I can't understand LDAP or why it's
> being adopted all over.

One of the major reasons is that there are ldap clients and servers for
windows and they can be reasonably expected to be built into windows
o/s's or integrated easily, thus allowing windows and unix clients to
use the same authentication mechanisms (i.e. password file).

It also puts more power in the hands of a central organisation (and
thus is likely to be promoted by an organsiation) because hierarches
are integrated from the get-go, so central office can keep the
paswords for the florida and the singapore offices, and distribute them
all at once, and the florida and miami people will be looking only at
their little bit of the networked database.

While you could do that with nis+, nobody really used nis+ as it was a
pain in compatrison with nis. Nis didn't really have hierarchies unless
you made a real effort with the naming conventions.

Also there is a bit more security involved, though the present linux
implementations are a joke - as far as I can see authentication against
ldap involves you sending your password in the clear to the server,
which authenticates you against its coded password.

Hic.

Peter

Relevant Pages

  • Re: Sparc Solaris NIS client Linux NIS server
    ... >>If the number of accounts are small then ... >>fairly trivial to auto create NIS users based on Windows ... > LDAP works much, much better for providing single-source authentication. ...
    (comp.os.linux.setup)
  • Re: check a user password
    ... ADAM user you'll have perform an LDAP Bind operation, ... However, as I said in another thread, LDAP is not an *authentication* protocol nor is "LDAP server" an authentication service. ... The LDAP bind operation is meant to "validate" the LDAP clients credentials in order, for the server, to be able to perform directory "authorization" checks. ... between a SQL client and a SQL server, or an authenticated session between a "Windows" client and a "File server" service. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: PAM & LDAP - Pointer anyone?
    ... We tried PAM LDAP and ditched it. ... If you are worried about security, I would not recommend running NIS. ... instead by the FreeBSD ypbind and ypldapd. ... can be tightened so as to ensure password authentication only ever happens ...
    (FreeBSD-Security)
  • Re: NTLM authentication
    ... Well, it depends on so many things, like the OS versions, Domain versions client types (windows non windows) and the final purpose of the authentication act. ... The same remark here as above, some network manager will not allow you to authenticate using LDAP against a corporate Directory. ... more processing overhead ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: check a user password
    ... ADAM user you'll have perform an LDAP Bind operation, ... However, as I said in another thread, LDAP is not an *authentication* protocol nor is "LDAP ... client and a "File server" service (Windows or Samba, ... domain accounts" properties, one of the properties are the accounts ...
    (microsoft.public.dotnet.languages.csharp)