[MGNLLDAP-3] Allow user authentication without accessing directory with admin credentials Created: 04/Dec/06  Updated: 27/Nov/13  Resolved: 03/May/07

Status: Closed
Project: LDAP Connector
Component/s: None
Affects Version/s: 1.0-rc1
Fix Version/s: 1.2

Type: Task Priority: Critical
Reporter: Sameer Charles Assignee: Sameer Charles
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
dependency
is depended upon by MGNLLDAP-12 Should not expect password attribute Closed
duplicate
is duplicated by MGNLLDAP-35 Allow anonymous binding Closed
Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Date of First Response:

 Description   

LDAP authentication module is a subset of LDAPAuthorization module which needs to access much more information and that's why it needs
admin access to the directory.
Clearly its not possible to have this permission in most organizations so we need to change this behaviour and instead use self authentication model



 Comments   
Comment by Yuanhua Qu [ 27/Apr/07 ]

This fits our need of security. We also requested, instead of connecting to LDAP with generic credentials, to actually use the credentials of the person we're authenticating to connect to the LDAP store.

I just tested the ldap authentification with the fixed version of ldap module Sameer sent to me on April 17,2007 and it worked.

It looks like there is no need for admin credentials and user authentication works fine without following set in map file:

  1. Security principle name, remove this line if server is not secured
    #java.naming.security.principal=CN=Administrator,CN=Users,DC=win2003srv,dc=obinary,dc=com
  1. Password, only if security principle is defined
    #java.naming.security.credentials=******
Comment by Yuanhua Qu [ 27/Apr/07 ]

Sorry about the typo for date in previous message. It should be April 27,2007.

Generated at Mon Feb 12 02:20:38 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.