[jira] [Commented] (OPENMEETINGS-964) LDAP login should be refactored

Thu, 12 Jun 2014 11:19:44 -0700 

    [ 
https://issues.apache.org/jira/browse/OPENMEETINGS-964?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14029542#comment-14029542
 ] 

Jarrod Holder commented on OPENMEETINGS-964:
--------------------------------------------

For us, we use an internally created attribute besides DN as the users login.  
In essence it's a simplified DN if you will.  user.something.ourorg  rather 
than cn=user,ou=something,o=ourorg.  We use this format across several of our 
web services that our teachers/students use.  They all authenticate to Novell 
eDirectory via ldap.

Plus, CNs are not always unique for us.  There may be a bdavis under one OU and 
a bdavis under another OU.

So, in our setup, the first bind would need to be done to lookup the actual DN 
needed to perform the secondary bind to authorize the user.

Hope that makes sense.  Worked great in the 2.x days.

> LDAP login should be refactored
> -------------------------------
>
>                 Key: OPENMEETINGS-964
>                 URL: https://issues.apache.org/jira/browse/OPENMEETINGS-964
>             Project: Openmeetings
>          Issue Type: Task
>          Components: LDAP
>    Affects Versions: 3.0.0
>            Reporter: Maxim Solodovnik
>            Assignee: Maxim Solodovnik
>             Fix For: 3.1.0
>
>
> Detailed description is here OPENMEETINGS-943
> The correct way to handle this:
> First:
> if bind_dn and bind_pwd are set, first conect to the LDAP directory with 
> these credentials
> if empty, then just use an nonymous bind to the directory
> Then
> if OM is set to AuthLDAP=NONE, just use the connection to retrieve 
> informations from the directory
> -if OM is set to AuthLDAP=OPENLDAP (should be SEARCHANDBIND actually), search 
> for the userDN and then perform a bind to the directory with userDN/provided 
> PWD
> if OM is set to AuthLDAP=SIMPLEBIND, construct the userDN from the username, 
> the user attribute (for instance cn or uid), and the userBase, and then 
> perform a bind with userDN and provided PWD
> if OM is set to AuthLDAP=SIMPLE (to be backward compliant), let's try a bind 
> with the provided user/password



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to