I want to avoid the users of browsing the other users names , security (of course) and performance
thanks
views:
1212answers:
3
A:
What specifically are you trying to do with OpenLDAP?
Do you currently have an openLDAP server running and want to use it for authentications for your web application?
OpenLDAP by definition is a directory server. It's designed to let users browse the information of other users in the directory.
If you want to protect access to the LDAP server, I would use network level access restrictions to only let your IIS machine access it.
Sorry if I did not understand your question.
Alan
2008-11-18 22:01:11
A:
thanks for the answer, it is for memebership authentication to a specific website but I don´t want the user to know the other usernames but only after the authentication I want the users to type the username and password only. I will install the OpenLDAP because it is a requirment I have. but it shows several options, basic, SSHA, SASL , etc... and I am not sure which one will work for me and is more secure and good performance. Similar to login to a windows domain without browsing usernames..... thanks
Walther
A:
Use Maching/Network permissions to restrict access to your openLDAP server to ONLY your management machine, and your IIS machine. Thus only those two machines can browse your directories.
Use SSL for all communication with your openLDAP server. That will require connecting to port 636.
By default, openLDAP stores passwords in the clear; instead force it to use salted hash. OpenLDAP comes with a command line utility that will hash passwords for you.
Alan
2008-11-19 08:13:33