Solaris 8 with OpenLDAP: Security


Binding to the directory server:
  • Binding as root:
    To bind to the directory server as "root," you should use the "RootDN" and the RootDN's password. This gives you full read/write access to the server.

  • Binding as self:
    "self" is a keyword that means that a user is bind to the directory server with their own entry. This usually gives them read access to their entry, and write access to certain attributes within their entry such as their password, their shell, their gecos field, etc.

  • Binding as anonymous:
    Binding as anonymous is equivalent to anonymous FTP access. There is no real authentication performed, and the user should have very limited access.
Based on how a user is bound to the directory server, you can impose a number of access restrictions. We will go over some sample access restrictions later. With OpenLDAP, access restrictions are incredibly granular. You can specify which entries can and can't be read (or searched for), and you can specify which attributes can and can't be read.

As always, with power comes complexity. The access restrictions for one network's needs can vary quite a bit from another's.

Previous: Intro to LDAP | Next: Schema