Chapter 1, Gateway Features 9
Non-Anonymous Searching
Non-Anonymous Searching
Release 3.0 of the gateway allows anonymous searching only. This provides
only the most basic permissions for accessing information in the user directory.
The release 4.0 gateway provides the same functionality but in addition
supports non-anonymous searching. A bind DN and bind password, stored in a
file named binddnfile, can be set up for users to authenticate to the Directory
Server. User permissions for directory access can be defined in the Netscape
If authentication credentials exist for a user on the Directory Server, these
override the bind DN and bind password in the gateway’s binndnfile. When
authentication credentials expire or are invalid, the gateway attempts to
authenticate the user to the directory using the binddnfile. When no binddnfile
is specified, the gateway instance binds anonymously.
The location of the binddnfile containing bind DNs and bind passwords for
individual users and groups of users is specified in the gateway’s .conf file.
See Also
“binddnfile” on page 81
Do Not Server Up binddnfile over HTTP
The binddnfile contains highly sensitive information. Do not store it under
<NSHOME>/dsgw or in any directory that is served up over HTTP (for instance,
/bin/slapd/server is a good place to store the binddnfile).