[jira] [Commented] (OPENMEETINGS-964) LDAP login should be refactored

Sat, 14 Jun 2014 23:33:26 -0700 

    [ 
https://issues.apache.org/jira/browse/OPENMEETINGS-964?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14031794#comment-14031794
 ] 

Maxim Solodovnik commented on OPENMEETINGS-964:
-----------------------------------------------

I have additional question:

Am I right thinking
1) Additional bind is necessary to check password only? All user attributes can 
be retrieved using search query?

2) what is the difference between SIMPLE and SIMPLEBIND?

Why I'm asking: The library I'm currently using for LDAP authentication 
requires to search for user to get details, so I would like to perform:
1) login as admin/anonymous
2) search for user, get all details
3) bind as user found in 2

Is this wrong sequence for some LDAP providers? Is there any reason these steps 
should not be used in some cases?

Thanks in advance

> LDAP login should be refactored
> -------------------------------
>
>                 Key: OPENMEETINGS-964
>                 URL: https://issues.apache.org/jira/browse/OPENMEETINGS-964
>             Project: Openmeetings
>          Issue Type: Task
>          Components: LDAP
>    Affects Versions: 3.0.0
>            Reporter: Maxim Solodovnik
>            Assignee: Maxim Solodovnik
>             Fix For: 3.1.0
>
>
> Detailed description is here OPENMEETINGS-943
> The correct way to handle this:
> First:
> if bind_dn and bind_pwd are set, first conect to the LDAP directory with 
> these credentials
> if empty, then just use an nonymous bind to the directory
> Then
> if OM is set to AuthLDAP=NONE, just use the connection to retrieve 
> informations from the directory
> -if OM is set to AuthLDAP=OPENLDAP (should be SEARCHANDBIND actually), search 
> for the userDN and then perform a bind to the directory with userDN/provided 
> PWD
> if OM is set to AuthLDAP=SIMPLEBIND, construct the userDN from the username, 
> the user attribute (for instance cn or uid), and the userBase, and then 
> perform a bind with userDN and provided PWD
> if OM is set to AuthLDAP=SIMPLE (to be backward compliant), let's try a bind 
> with the provided user/password



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to