RE: [ActiveDir] Anonymous bind

[joe]

> It's not so easy rewrite the source code,   Note my tongue was very firmly in cheek for that comment I made below about it being easy.... Just spouting the Open Source Company line. When you make that change, spin up your database of dependencies and such so you can monitor when modules change that are in that dependecy list for what you are modifying so you can test the new changes others make to the dependent modules and that you make to that authentication module...   Modifying open source is cool and all but only when you can quickly get your changes back into the base code set. Otherwise maintenance is a nightmare...     joe       From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aitzol Naberan Burga�a Sent: Tuesday, May 18, 2004 10:18 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Anonymous bind It's not so easy rewrite the source code, I will need spend a lot of time to understand the source and to change it. But I think that I have to do it, and change the bind method (I think it will work...). OpenGroupware is for unix systems, you can learn more in www.opengroupware.org Thanks -- Aitzol Naberan Burga�a CodeSyntax [EMAIL PROTECTED] www.codesyntax.com Tel: 943  82 17 80 joe(e)k dio: Ah. Interesting, so it sounds like they want to compare the hashes instead of actually use the authentication of the system. Well since it is OpenSource, that should be easy to rewrite and correct huh. :o)   You can open up the anonymous search but if they need to see the password, you are dead in the water right there. You either can't use AD, can't use that product, or you need to modify the authentication routines.   I have never heard of that product, is it *nix only or do they have Win32 ports?      joe     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Aitzol Naberan Burga�a Sent: Tuesday, May 18, 2004 9:21 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Anonymous bind I'm trying to authentificate OpenGroupware (open source groupware suite) against Active Directory. The problem is that OpenGroupware's authentification method is a litle bit curious:  It tries to do an anonymous bind to the ldap server before it will try to bind as the user name supplied at the login prompt.  Active Directory will allow an anonymous bind, so that part is successful, but it does not allow an anonymous search. I'm not sure where authentification fails, because I have read thet OpenGroupware search a password and when doesn't find it fails. -- Aitzol Naberan Burga�a CodeSyntax [EMAIL PROTECTED] www.codesyntax.com Tel: 943  82 17 80 joe(e)k dio: Correct.   Aitzol, what problem are you trying to solve?     joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Brent Westmoreland Sent: Tuesday, May 18, 2004 8:41 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Anonymous bind I know that the unicodePwd attributes can never be read by way of ldap, you will probably find that this is true for userPassword also. http://support.microsoft.com/default.aspx?scid=kb;EN-US;269190 On May 18, 2004, at 6:29 AM, Aitzol Naberan Burga�a wrote: Hi all How can I grant "read" access to userPasswor attribute? Thanks -- Aitzol Naberan Burga�a CodeSyntax [EMAIL PROTECTED] www.codesyntax.com Tel: 943  82 17 80 List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/