LDAP User Authentication
SurgeLDAP supports two ways for users to have a login to SurgeLDAP. Via a seperate user.dat file or using a valid DN entry within the database.
User.dat File

SurgeLDAP uses a 'user.dat' file that is used to determine valid login accounts. This file is used to restrict access to various location with in the data all based on DN's. This user.dat file is location is SurgeLDAP workarea

ie.     c:\surgeldap            (windows)
         /usr/local/surgeldap (Unix)

When you install SurgeLDAP a default user.dat file will be created that looks like this:

#
# username:password:dn_base_tree:access
#
# Access
# ------
# ALL - Access to all Functions and data
# NONE - No Access to any Functions
#
# SEARCH - Search and Compare Entries
# MODIFY - Add and Delete Entries
# ADD - Add Entries
# DEL - Delete Entries
# MODRN - ModDN
# EXTENDED - Extended Request
#
# HIDDEN1 - Allows viewing of Level 1 Hidden fields.
# HIDDEN2 - Allows viewing of Level 2 Hidden fields.
# HIDDEN3 - Allows viewing of Level 3 Hidden fields.
# HIDDEN.. -
# HIDDEN10 - Allows viewing of Level 10 Hidden fields.
#                      (userPassword and pass_answer)
# HIDDEN.. -
# HIDDEN12 - Allows viewing of Level 12 Hidden fields.
#                       (createTimestamp/creatorsName)
#                      (modifyTimestamp/modifiersName)
# HIDDEN.. -
# HIDDEN20 - Allows viewing of Level 255 Hidden fields.
# Anyone with equal to or higher level is allow access.
# ie. Level 15 also has access to Level 1 to level 15.
#
#
# ADMIN - Allow Access to Admin side
#
# NOTE: The order they appear in this file maters.
#

# Guest Login
::*:search

# Manager Login
manager:man_pass:*:ALL,HIDDEN20,ADMIN

# Other Login's
# user:pass:dc=com:search
# user:pass:cn=brad,dc=netwin,dc=co,dc=nz:search,modify

Each user can have more than 1 matching access limits like this:

user:pass:dc=com:search
user:pass:cn=brad,dc=netwin,dc=co,dc=nz:search,modify
user:pass:dc=netwin,dc=co,dc=nz:search,add

Were in the above case the user is allow to search any DN from 'dc=com' they are allowed to add any DN from 'dc=netwin,dc=co,dc=nz' and they are allowed to modify 'cn=brad,dc=netwin,dc=co,dc=nz'.

The usernames are also allowed to be a DN entries. These DN entries do not need to physically exists within the database:

cn=brad,dc=netwin,dc=co,dc=nz:pass:dc=com:search

The default 'user.dat' has setup a guest account (::*:search), which is used for any connections that have not yet authenated or that have failed authenation.

Their are 2 other main settings these are:
HIDDENxx - This sets up the users security level, users with 10 or higher security level are allowed to view and edit the 'userPassword' field of a record. While only users with 12 or higher are allowed to view the records Timestamp.
ADMIN - Only users that have setup the 'ADMIN' flag can be used to login into the administion web interface located at the URL like the following:

http://127.0.0.1:6680/admin.cgi
DN Users

SurgeLDAP also supports valid DN entries which exists with in the database.

cn=brad,dc=netwin,dc=co,dc=nz

If any appication does authenated using a DN that does not apear in the user.dat file then the password is matched agaisnt the records password (ie 'userPassword' field). If this matches they will have read/write access to this record.