[
https://issues.apache.org/jira/browse/OPENMEETINGS-964?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14029664#comment-14029664
]
Brad A LeBlanc commented on OPENMEETINGS-964:
---------------------------------------------
Also, having the two binds will allow admins to lock down LDAP searches to
specific credentials. The ldap service bind can have greater authority across
the structure for querying values, where the standard user account may have
less access.
> LDAP login should be refactored
> -------------------------------
>
> Key: OPENMEETINGS-964
> URL: https://issues.apache.org/jira/browse/OPENMEETINGS-964
> Project: Openmeetings
> Issue Type: Task
> Components: LDAP
> Affects Versions: 3.0.0
> Reporter: Maxim Solodovnik
> Assignee: Maxim Solodovnik
> Fix For: 3.1.0
>
>
> Detailed description is here OPENMEETINGS-943
> The correct way to handle this:
> First:
> if bind_dn and bind_pwd are set, first conect to the LDAP directory with
> these credentials
> if empty, then just use an nonymous bind to the directory
> Then
> if OM is set to AuthLDAP=NONE, just use the connection to retrieve
> informations from the directory
> -if OM is set to AuthLDAP=OPENLDAP (should be SEARCHANDBIND actually), search
> for the userDN and then perform a bind to the directory with userDN/provided
> PWD
> if OM is set to AuthLDAP=SIMPLEBIND, construct the userDN from the username,
> the user attribute (for instance cn or uid), and the userBase, and then
> perform a bind with userDN and provided PWD
> if OM is set to AuthLDAP=SIMPLE (to be backward compliant), let's try a bind
> with the provided user/password
--
This message was sent by Atlassian JIRA
(v6.2#6252)
