[
https://issues.apache.org/jira/browse/OPENMEETINGS-964?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14032340#comment-14032340
]
Thibault Le Meur commented on OPENMEETINGS-964:
-----------------------------------------------
[QUOTE]So OM admin will be responsible for creating users and set the user type
to be "ldap"[/QUOTE]
Yes, if LDAP_Provisionning=NONE or AUTOUPDATE
(If LDAP_Provisionning=AUTOCREATE, OM Admin has no LDAP user account to create
into OM DB.)
[QUOTE]Authentication NONE: I would propose to use this for anonymous search
bind[/QUOTE]
I would argue that "NONE" is different from use an "Anonymous" identity to bind
to the directory.
I would be ok to rename Authentication=NONE by Authentication=NOUSERBIND
Anonymous-bind should only be performed on LDAP in the follwoing cases:
* in SEARCHANDBIND mode if you can search for users entries' DN with an
anonymous bind. In this case I have proposed to let applicationDN/password
empty. However one could add a param to define if a anonymous LDAP-bind should
be used to search for users' DN
* Authentication=NOUSERBIND, LDAP_Provisionning=AUTOUPDATE and the LDAP
directory can be read anonymously (I mean read, and not only searched). In
this case I have proposed to let applicationDN/password empty. However one
could add a param to define if a anonymous LDAP-bind should be used to read
users' attributes.
> LDAP login should be refactored
> -------------------------------
>
> Key: OPENMEETINGS-964
> URL: https://issues.apache.org/jira/browse/OPENMEETINGS-964
> Project: Openmeetings
> Issue Type: Task
> Components: LDAP
> Affects Versions: 3.0.0
> Reporter: Maxim Solodovnik
> Assignee: Maxim Solodovnik
> Fix For: 3.1.0
>
>
> Detailed description is here OPENMEETINGS-943
> The correct way to handle this:
> First:
> if bind_dn and bind_pwd are set, first conect to the LDAP directory with
> these credentials
> if empty, then just use an nonymous bind to the directory
> Then
> if OM is set to AuthLDAP=NONE, just use the connection to retrieve
> informations from the directory
> -if OM is set to AuthLDAP=OPENLDAP (should be SEARCHANDBIND actually), search
> for the userDN and then perform a bind to the directory with userDN/provided
> PWD
> if OM is set to AuthLDAP=SIMPLEBIND, construct the userDN from the username,
> the user attribute (for instance cn or uid), and the userBase, and then
> perform a bind with userDN and provided PWD
> if OM is set to AuthLDAP=SIMPLE (to be backward compliant), let's try a bind
> with the provided user/password
--
This message was sent by Atlassian JIRA
(v6.2#6252)
