To begin with than you very much for your mail
is really helpful so as to understand whether we are on the right way or
not..
after testing anything you said everything seems great apart from the one
below
I didnt really get what i can find out with the commands shown here
As root:
>
> For KDC's access to LDAP:
>
> [r...@tiger ~]# cat .ldaprc
> SASL_MECH EXTERNAL
> URI ldapi:///
> [r...@tiger ~]# ldapwhoami
> SASL/EXTERNAL authentication started
> SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
> SASL SSF: 0
> dn:uid=account admin,ou=system accounts,dc=ranger,dc=dnsalias,dc=com
>
>
> For nss_ldap etc. to enumerate users (e.g., would be identical on
> client-only
> hosts), so that proxy users are not required, and access is host-specific
> with
> no clear-text credentials on clients:
>
> I don't know what you are trying to achieve.
>
> It's pointless without knowing what you are trying to achieve.
>
> now about my project i have a gentoo server where i set the ldap
database...there i will update and also retrieve some users attributes(with
a search on the ldap tree) from this database with a php application
before i reach to that point i would like to have the maximum security level
available
So do you think that if i use ldap_bind on the php side forces the hole
session to go on the secure way even if i dont use sasl_bind ...
>
> If you have Kerberos, why do you want to provide a password? You should
> instead be happy with a SASL GSSAPI bind, which is authenticated (but, not
> by
> password transfer in clear text to slapd).
this password i am talking about is the one the users have on the ldap
database as an attribute that is why i think it should be better to be
required on the search being done
>
--
Manolis Vlachakis
Nelly's Family Hotel
Visit : www.nellys-hotel.gr
www.nellys.gr
Skype : manolis.vlachakis
