| Questions? Send me an email at eric@ypass.net and I'll try to help.
Binding to the directory server:
- Binding as root:
To bind to the directory server as "root," you should use the "RootDN"
and the RootDN's password. This gives you full read/write access to the
server.
- Binding as self:
"self" is a keyword that means that a user is bind to the directory server
with their own entry. This usually gives them read access to their entry,
and write access to certain attributes within their entry such as their
password, their shell, their gecos field, etc.
- Binding as anonymous:
Binding as anonymous is equivalent to anonymous FTP access. There is no
real authentication performed, and the user should have very limited
access.
Based on how a user is bound to the directory server, you can impose a number of access
restrictions. We will go over some sample access restrictions later. With OpenLDAP,
access restrictions are incredibly granular. You can specify which entries can and
can't be read (or searched for), and you can specify which attributes can and can't be read.
As always, with power comes complexity. The access restrictions for one network's needs can vary
quite a bit from another's.
Previous: Intro to LDAP | Next: Schema
|
