Reputation: 2385
what LDAP credentials are needed
I am new to LDAP. I have LDAP server on which the info of the user is stored. As a part of my project, i want to authenticate the user from that centralized LDAP server.
I am provided with some application user. Details are as
Bind DN: uid=uidxx, ou=applications, dc=dcxx
password=passxx
and IP address and the port of the server.
I am not getting how can i authenticate the other users with their password. And here what uidxx and passxx are for?
And also i am not getting the significance of cn. Very less documentation of it available for this.
Thank you.
Upvotes: 0
Views: 146
Answers (1)
Reputation: 11134
When an LDAP client connects to an LDAP server, the connection is unauthenticated. To change the authorization state of the connection, the LDAP client transmits a BIND request to the server. In its simplest form, a BIND request contains a distinguished name and a password, and should be transmitted to the server via a secure connection which can be started SSL or promoted from a non-secure connection to a secure connection using the StartTLS LDAP extended operation. The server compares the password with the password stored in the entry whose primary key is the distinguished name - the password might be hashed, encrypted with a reversible encryption scheme, encoded, or even stored as clear text. If the server, by whatever means, is able to match the proffered password with the password stored in the entry, then the authentication has succeeded and the authorization state is changed to a state representing the access rights and privileges of the entry whose primary key is the distinguished name and the BIND operation was successful.
cn or commonName is an alias for an attribute OID and might be present in the entry whose primary key is the distinguished name. uid is an alias for an OID and in this example represents a relative distinguished name or put another way, a component of the distinguished name. The password is the password to use in the BIND request as described above. In the example, the distinguished name is uid=uidxx,ou=applications,dc=dcxx.
The entry of the specified uid might look like:
dn: uid=uidxx,ou=applications,dc=dcxx
objectClass: top
objectClass: inetOrgPerson
uid: uidxx
cn: Darth Vader
sn: Skywalker
userPassword: {SSHA512}asdkfasldjhdj
The uid is a component of the dn uid=uidxx,ou=applications,dc=dcxx. The password specified is compared against the userPassword in the example entry. uid and password have nothing to do with the ou.
see also
Upvotes: 2
Related Questions
- Setting up LDAP authorization using OpenLDAP
- authentication using LDAP
- LDAP Authentication Requirements and How to do it
- Username and Password for LDAP Authentication
- ldap authentication issue with the right credentials
- Authentication using Secure LDAP (ie LDAPS) in C#
- How to authenticate in LDAP?
- How to Authenticate LDAP in .NET
- LDAP server - usage
- Which parameter is used for authentication in LDAP