On Mar 29, 2006, at 4:13 PM, Mario Olimpio de Menezes wrote:
On Wednesday 29 March 2006 09:38, you wrote:
On Mar 29, 2006, at 2:21 PM, Mario Olimpio de Menezes wrote:
On Tuesday 28 March 2006 21:55, Georges Racinet wrote:
Also worth of notice: all attempts to fetch the user's password
from
CPS will return an empty string. This is primarily to ensure
protection
how one is supposed to authenticate?
can I still fetch the user password from the LDAP or is exactly
this that is
prevented in CPS?
This is exactly what's prevented.
The auth part has nothing to do with fetching the password. Instead,
at login time, the LDAP server asks the user to send his password and
does the checking itself. This is standard. That's why I wrote that
it's transparent for auth questions. Authentication against
protected passwords has always been possible in CPS: it's just not
CPS' problem.
Ok! I thought the auth was done comparing the encrypted password
stored on
ldap with the one supplied by the user when login.
I see now, that auth is performed trying to connect to the ldap
server using
user credentials; if it succeed, user is authenticated; otherwise,
it's not.
Exactly. IIRC, it tries to retrieve the user's entry with the user's
creds.
Anonymous bind is used just to search members for directory (email,
phone
number, etc) purposes, right?
I'm not sure what you mean with 'anonymous' in that context. CPS uses
its own LDAP user (cn=cps,ou=applications,... in CPSLDAPConfig) for
those purposes and implements afterwards its own ACL rules via schemas.
PS: I put back the cc to the list that I forgot last time.
---------
Georges Racinet Nuxeo SAS
[EMAIL PROTECTED] http://nuxeo.com
Tel: +33 (0) 1 40 33 71 73
_______________________________________________
cps-users mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/cps-users
