原文地址:Authentication options | Basic authorization

If you want to use simple binds with user DN and password within a Java component, in order to authenticate users programatically, in practice one problem arises: Most users do not know their DN. Therefore they will not be able to enter it. And even if they know it, it would be frequently very laborious due to the length of the DN. It would be easier for a user if s/he only has to probvide a short, unique ID and the password, like in this web form:

Usually the ID is an attribute within the user's entry. In our sample data (Seven Seas), each user entry contains the uid attribute, for instance uid=hhornblo for Captain Hornblower:

dn: cn=Horatio Hornblower,ou=people,o=sevenSeas

objectclass: person

objectclass: organizationalPerson

objectclass: inetOrgPerson

objectclass: top

cn: Horatio Hornblower

description: Capt. Horatio Hornblower, R.N

givenname: Horatio

sn: Hornblower

uid: hhornblo

mail: hhornblo@royalnavy.mod.uk

userpassword: {SHA}nU4eI71bcnBGqeO0t9tXvY1u5oQ=

But how to authenticate a user who provides "hhornblo"/"pass" instead of "cn=Horatio Hornblower,ou=people,o=sevenSeas"/"pass" with the help of ApacheDS?

An algorithm

In order to accomplish this task programmatically, one option is to perform the following steps

Arguments

  • uid of a user (e.g. "hhornblo")
  • password proclaimed to be correct for the user

Steps

  • Bind to ApacheDS anonymously, or with the DN of a technical user. In both cases it must be possible to search the directory afterwards (authorization has to be configured that way)
  • Perform a search operation with an appropriate filter to find the user entry for the given ID, in our case "(&(objectClass=inetorgperson)(uid=hhornblo))"
    • If the search result is empty, the user does not exist -- terminate
    • If the search result contains more than one entry, the given ID is not unique, this is likely a data error within your directory
  • Bind to ApacheDS with the DN of the entry found in the previous search, and the password provided as argument
    • If the bind operation fails, the password is wrong, and the result is false (not authenticated)
    • If the bind is successful, authenticate the user

How to authenticate a user by uid and password?的更多相关文章

  1. 《Django By Example》第四章 中文 翻译 (个人学习,渣翻)

    书籍出处:https://www.packtpub.com/web-development/django-example 原作者:Antonio Melé (译者注:祝大家新年快乐,这次带来<D ...

  2. PHP7函数大全(4553个函数)

    转载来自: http://www.infocool.net/kb/PHP/201607/168683.html a 函数 说明 abs 绝对值 acos 反余弦 acosh 反双曲余弦 addcsla ...

  3. Realm Configuration HOW-TO--官方

    来源:https://secure.gettinglegaldone.com/docs/realm-howto.html Quick Start This document describes how ...

  4. PHP类和函数注释大全

    每次要用PHP的某个功能的时候,都要去查一下,于是决定将PHP所有类和函数都整理出来,加上注释 大致实现 将php.jar文件解压,取出目录stubs 将stubs中的所有php文件中的注释去掉,并做 ...

  5. CentOS7安装OpenLDAP+MySQL+PHPLDAPadmin

    安装环境:CentOS 7 1.安装和设置数据库 在CentOS7下,默认安装的数据库为MariaDB,属于MySQL数据库的一个分支,所以我还是使用了MariaDB.安装命令为: [root@loc ...

  6. Ansible入门与实践

    一.ansible介绍 Ansible是一个简单的自动化运维管理工具,基于Python语言实现,由Paramiko和PyYAML两个关键模块构建,可用于自动化部署应用.配置.编排task(持续交付.无 ...

  7. Aerospike系列:4:简单的增删改查aql

    [root@localhost bin]# aql --help Usage: aql OPTIONS OPTIONS -h <host> The hostname to the serv ...

  8. OpenLDAP搭建全过程

    目        的:搭建一套完整的OpenLDAP系统,实现账号的统一管理.                     1:OpenLDAP服务端的搭建                     2:P ...

  9. LDAP第三天 MySQL+LDAP 安装

    https://www.easysoft.com/applications/openldap/back-sql-odbc.html      OpenLDAP 使用 SQLServer 和 Oracl ...

随机推荐

  1. JDK源码(1.7) -- java.util.Queue<E>

    java.util.Queue<E> 源码分析(JDK1.7) -------------------------------------------------------------- ...

  2. [转]Android Studio开发入门-引用jar及so文件

    注意: 1.jar包在app的libs目录 2.so文件放在src/main”目录中名为“jniLibs”的目录 一.引用jar文件    1.将jar文件复制.粘贴到app的libs目录中:    ...

  3. MAC 版本 phpstorm 配置 theme

    mac 版本的配置文件在:./Library/Preferences/WebIde70/colors/ 将文件复制到这个目录中,然后phpStorm设置中,IDE设置->editor->f ...

  4. URAL 1099. Work Scheduling (一般图匹配带花树)

    1099. Work Scheduling Time limit: 0.5 secondMemory limit: 64 MB There is certain amount of night gua ...

  5. Java-方法的覆写

    class  parent {  void print()  {  System.out.println("parent");  } } class child extends p ...

  6. JS返回数组种类和个数(面试常问)

    <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title> ...

  7. C# 如何做类似微博和QQ的授权登录

    记录下吧,dotnet下有这个http://dotnetopenauth.net/开源的框架可以用来实现服务端和客户端的实现,具体的使用方法还真研究,第一次接触OAuth这个概念

  8. AIR:使用 HTML + Javascript 开发桌面应用

    背景 断断续续用Winform和WPF开发过一些小工具,始终不得其法门,在玩Flex的时候就接触过AIR,最近发现可以用HTML + Javascript开发AIR应用,本文就尝试一下(Hello,W ...

  9. .NET:为什么不能在子类或外部发布C#事件

    背景 一个朋友问了一个问题:“为什么不能在子类或外部发布C#事件?”,我说我不知道,要看看生产的IL代码,下面我们看看. 测试 代码 using System; using System.Collec ...

  10. android RecyclerView (三):ItemAnimator 详解

    本文继上篇 ItemDecoration 之后,是深入理解 RecyclerView 系列的第二篇,关注于 ItemAnimator,主要是分析 RecyclerView Animators 这个库的 ...