This topic has 2 replies, 3 voices, and was last updated 5 years, 11 months ago by Chris Ridd.

  • Author
  • #12967


    I have a composed DN “uid=test+cn=m.rossi,dc=example,dc=org”. Is it possible to authenticate using only uid or cn??
    For example “uid=test,dc=example,dc=org” or “cn=m.rossi,dc=example,dc=org”

    Can anyone help me??

    Thanks in advance

     Bill Nelson

    You authenticate against an LDAP server using the bindDN and the password associated with the bindDN. If you are attempting to bind with the entry “uid=test+cn=m.rossi,dc=example,dc=org”, then as far as I know, you would need to specify the full DN.

    Now, what you “could” do is what we call the 3 step method of authentication.

    1. Perform a search against the server for “uid=test”.
    2. That returns the full DN of the entry found.
    3. Authenticate using the DN returned in step 2.

    This, of course, assumes that uid=test is unique in the server, or at least unique in the container in which your are performing your search.

     Chris Ridd

    Bill’s right – the DN of the entry is “uid=test+cn=m.rossi,dc=example,dc=org” and the other two values you’re showing (“uid=test,dc=example,dc=org” and “cn=m.rossi,dc=example,dc=org”) are different DNs which could belong to different entries.

    So you need to either bind with the real DN of the entry, or do a multi-step search + bind as Bill described (this is a very common technique), or as another option use a SASL bind and configure the server’s identity mapper so that “u:test” maps to your entry.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?