September 9, 2016 at 5:51 pm #12967sixartParticipant
I have a composed DN “uid=test+cn=m.rossi,dc=example,dc=org”. Is it possible to authenticate using only uid or cn??
For example “uid=test,dc=example,dc=org” or “cn=m.rossi,dc=example,dc=org”
Can anyone help me??
Thanks in advance
DarioSeptember 9, 2016 at 6:17 pm #12969Bill NelsonParticipant
You authenticate against an LDAP server using the bindDN and the password associated with the bindDN. If you are attempting to bind with the entry “uid=test+cn=m.rossi,dc=example,dc=org”, then as far as I know, you would need to specify the full DN.
Now, what you “could” do is what we call the 3 step method of authentication.
1. Perform a search against the server for “uid=test”.
2. That returns the full DN of the entry found.
3. Authenticate using the DN returned in step 2.
This, of course, assumes that uid=test is unique in the server, or at least unique in the container in which your are performing your search.September 9, 2016 at 7:10 pm #12970Chris RiddParticipant
Bill’s right – the DN of the entry is “uid=test+cn=m.rossi,dc=example,dc=org” and the other two values you’re showing (“uid=test,dc=example,dc=org” and “cn=m.rossi,dc=example,dc=org”) are different DNs which could belong to different entries.
So you need to either bind with the real DN of the entry, or do a multi-step search + bind as Bill described (this is a very common technique), or as another option use a SASL bind and configure the server’s identity mapper so that “u:test” maps to your entry.
You must be logged in to reply to this topic.