[MGNLLDAP-89] AD login Created: 01/Sep/15  Updated: 18/Mar/21  Resolved: 18/Mar/21

Status: Closed
Project: LDAP Connector
Component/s: None
Affects Version/s: 1.6, 1.6.3
Fix Version/s: None

Type: New Feature Priority: Neutral
Reporter: Andrea Castelli Assignee: Unassigned
Resolution: Won't Do Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Date of First Response:

 Description   

Hi,
LDAP Module requires an AdminUserDN to authenticate if using ADAuthenticationModule.

An important feature of AD is to use the same user to create the dircontext and login itself.
Another topic is security: writing clear text password in properties file is a bad practice for banks etc..

I appreciate that if the ADAutheticationModule is used than the AdminUserDN will be not mandatory. The user must login itself in AD (see the implementation of spring security for AD)

What do you think about it?

Best regards.
Andrea Castelli



 Comments   
Comment by Andrea Castelli [ 21/Sep/17 ]

Thank you for adding the password-encoder in the latest release.
But to help developer like me to avoid spending time with the security team it is important to provide the direct authentication without configuring a different computer account user.

This will save time for developer and so for Magnolia customer and the ldap module will be plug and play.

Comment by Milan Divilek [ 18/Mar/21 ]

AdminUserDN is not used only for user authentication, but also when resolving users out of user context (scheduler jobs, workflow, etc.). Unfortunately we can't get rid of it

Generated at Mon Feb 12 02:21:27 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.