how to do Ldap Server Authentication?
https://stackoverflow.com/questions/10349093
-
04-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have set up a Ldap Server somewhere. I can bind to it, can add, modify, delete entry in the database. Now when it come to authentication isnt it as simple as giving the username and password to the server, asking it to search for an entry matching the two? And furthermore, isnt it the 'userPassword' field that contains the password for a user in there?
Now, I tried to set up splunk to authenticate from my Ldap server, i provided the username and password, but it failed authentication. Isnt it that 'userPassword' field that splunk checks? What should be the possible reason?
Solution
LDAP servers are generally not going to allow you to search on the userPassword attribute, for obvious security reasons. (and the password attribute is likely stored in hashed form anyway, so a straight search would not work.)
Instead, the usual way to do LDAP authentication is:
- prompt for username & password
- Bind to LDAP with your application's account, search for
usernameto get the full distinguished name (dn) of the user's LDAP entry - Make a new LDAP connection, and attempt to bind using the user's dn & password
(If you know how to construct the dn from the username, you can skip step 2, but it's generally a good idea to search first - that way you're less sensitive to things like changes in the OU structure of the LDAP directory)
OTHER TIPS
Typically you would search using the username value provided on uid or cn values within the LDAP Tree.
-jim
I think this code will help you resolve the issue of authentication. I've answered to resolve the issue. You can check out this Question http://bit.ly/TIJMte
