Re: Confused about LDAP authentication with Active Directory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



* Davide Bianchi <davide@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> [2009-02-26 19:33]:
> Well, to be picky, an 100% compliant LDAP server doesn't require to
> bind to do a first-level query, so you should be able to get your DN
> without the need for a fixed username/password.

Making a "query" without a "bind" in one sentence makes no sense to
me. Be it an anonymous bind or a bind with a dn supplies, you bind,
then you search. But this is all besides the point.
There might be cases where you already know (or don't need) the user's
DN, so a bind-search before the bind might not always be needed.

But it seems it's currently simply not possible to configure either
a. to use the provided username "as is", or 
b. to fill in a DN-template (e.g. uid=%s,ou=users,dc=example,dc=org)
so this is all rather pointless, until someone contributes code.

Also note that while the bind-search-bind might not be necessary in
some cases, it should also not pose any problems, neither security nor
performance wise. If your DSA can't handle an anonymous bind+search
before the bind you're in trouble anyway (e.g. need to index the
attribute which is used for searching).

cheers,
-pete

-- 
peter.schober@xxxxxxxxxxxx - vienna university computer center
Universitaetsstrasse 7, A-1010 Wien, Austria/Europe
Tel. +43-1-4277-14155, Fax. +43-1-4277-9140

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux