A page in your DokuWiki was added or changed. Here are the details: Date : 2017/10/11 14:46 Browser : Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:54.0) Gecko/20100101 Firefox/54.0 IP-Address : 193.248.50.71 Hostname : LStLambert-656-1-262-71.w193-248.abo.wanadoo.fr Old Revision: http://ltb-project.org/documentation/general/auth_ldap_best_practices?rev=1485342542 New Revision: http://ltb-project.org/documentation/general/auth_ldap_best_practices Edit Summary: User : coudot
@@ -1,9 +1,18 @@ ====== Best practices for LDAP authentication ====== - ===== Introdution ===== + ===== Introduction ===== - You will find here some best practices to code LDAP authentication in your applications. + You will find here some best practices to code LDAP authentication in your applications: + * Use a filter to recover user DN: do not build DN with a concatenation of login and branch + * Use service account to query LDAP: some directories will not allow anonymous access - - Use a filter to recover user DN: do not build DN with a concat of login and branch - - Use service account to query LDAP: some directories will not allow anonymous access + ===== Search and Bind ===== + Here is a standard LDAP authentication workflow: + - A search is done with the user identifier in the filter, for example: + * Search base: ou=users,dc=example,dc=com + * Search filter: (&(uid=<user identifier>)(objectClass=person)) + * Search scope: one + * Search attributes: uid + - The DN of the user is found in the result + - A bind is done with the DN found and the password submitted by the user -- This mail was generated by DokuWiki at http://ltb-project.org/
_______________________________________________ ltb-changes mailing list [email protected] https://lists.ltb-project.org/cgi-bin/mailman/listinfo/ltb-changes
