原文地址:Authentication options | Basic authorization

If you want to use simple binds with user DN and password within a Java component, in order to authenticate users programatically, in practice one problem arises: Most users do not know their DN. Therefore they will not be able to enter it. And even if they know it, it would be frequently very laborious due to the length of the DN. It would be easier for a user if s/he only has to probvide a short, unique ID and the password, like in this web form:

Usually the ID is an attribute within the user's entry. In our sample data (Seven Seas), each user entry contains the uid attribute, for instance uid=hhornblo for Captain Hornblower:

dn: cn=Horatio Hornblower,ou=people,o=sevenSeas

objectclass: person

objectclass: organizationalPerson

objectclass: inetOrgPerson

objectclass: top

cn: Horatio Hornblower

description: Capt. Horatio Hornblower, R.N

givenname: Horatio

sn: Hornblower

uid: hhornblo

mail: hhornblo@royalnavy.mod.uk

userpassword: {SHA}nU4eI71bcnBGqeO0t9tXvY1u5oQ=

But how to authenticate a user who provides "hhornblo"/"pass" instead of "cn=Horatio Hornblower,ou=people,o=sevenSeas"/"pass" with the help of ApacheDS?

An algorithm

In order to accomplish this task programmatically, one option is to perform the following steps

Arguments

  • uid of a user (e.g. "hhornblo")
  • password proclaimed to be correct for the user

Steps

  • Bind to ApacheDS anonymously, or with the DN of a technical user. In both cases it must be possible to search the directory afterwards (authorization has to be configured that way)
  • Perform a search operation with an appropriate filter to find the user entry for the given ID, in our case "(&(objectClass=inetorgperson)(uid=hhornblo))"
    • If the search result is empty, the user does not exist -- terminate
    • If the search result contains more than one entry, the given ID is not unique, this is likely a data error within your directory
  • Bind to ApacheDS with the DN of the entry found in the previous search, and the password provided as argument
    • If the bind operation fails, the password is wrong, and the result is false (not authenticated)
    • If the bind is successful, authenticate the user

How to authenticate a user by uid and password?的更多相关文章

  1. 《Django By Example》第四章 中文 翻译 (个人学习,渣翻)

    书籍出处:https://www.packtpub.com/web-development/django-example 原作者:Antonio Melé (译者注:祝大家新年快乐,这次带来<D ...

  2. PHP7函数大全(4553个函数)

    转载来自: http://www.infocool.net/kb/PHP/201607/168683.html a 函数 说明 abs 绝对值 acos 反余弦 acosh 反双曲余弦 addcsla ...

  3. Realm Configuration HOW-TO--官方

    来源:https://secure.gettinglegaldone.com/docs/realm-howto.html Quick Start This document describes how ...

  4. PHP类和函数注释大全

    每次要用PHP的某个功能的时候,都要去查一下,于是决定将PHP所有类和函数都整理出来,加上注释 大致实现 将php.jar文件解压,取出目录stubs 将stubs中的所有php文件中的注释去掉,并做 ...

  5. CentOS7安装OpenLDAP+MySQL+PHPLDAPadmin

    安装环境:CentOS 7 1.安装和设置数据库 在CentOS7下,默认安装的数据库为MariaDB,属于MySQL数据库的一个分支,所以我还是使用了MariaDB.安装命令为: [root@loc ...

  6. Ansible入门与实践

    一.ansible介绍 Ansible是一个简单的自动化运维管理工具,基于Python语言实现,由Paramiko和PyYAML两个关键模块构建,可用于自动化部署应用.配置.编排task(持续交付.无 ...

  7. Aerospike系列:4:简单的增删改查aql

    [root@localhost bin]# aql --help Usage: aql OPTIONS OPTIONS -h <host> The hostname to the serv ...

  8. OpenLDAP搭建全过程

    目        的:搭建一套完整的OpenLDAP系统,实现账号的统一管理.                     1:OpenLDAP服务端的搭建                     2:P ...

  9. LDAP第三天 MySQL+LDAP 安装

    https://www.easysoft.com/applications/openldap/back-sql-odbc.html      OpenLDAP 使用 SQLServer 和 Oracl ...

随机推荐

  1. VK Cup 2016 - Qualification Round 2 C. Road Improvement dfs

    C. Road Improvement 题目连接: http://www.codeforces.com/contest/638/problem/C Description In Berland the ...

  2. hdu 4111 Alice and Bob 记忆化搜索 博弈论

    Alice and Bob Time Limit: 20 Sec  Memory Limit: 256 MB 题目连接 http://acm.hdu.edu.cn/showproblem.php?pi ...

  3. Android/Java 中的 String, StringBuffer, StringBuilder的区别和使用

    Android 中的 String, StringBuffer 和 StringBuilder 是移动手机开发中经常使用到的字符串类.做为基础知识是必须要理解的,这里做一些总结. A.区别 可以从以下 ...

  4. TCP长连接与短链接

    1. TCP连接 当网络通信时采用TCP协议时,在真正的读写操作之前,server与client之间必须建立一个连接,当读写操作完成后,双方不再需要这个连接时它们可以释放这个连接,连接的建立是需要三次 ...

  5. webstrom内置压缩工具YUI-compressor详解

    压缩工具层次不穷,各有优点,选择适合的压缩工具为将来做项目开发使用是一件很重要的事情!!在这介绍YUI-compressor 英文官网:http://yui.github.io/yuicompress ...

  6. POJ 3384 Feng Shui (半平面交)

    Feng Shui Time Limit: 2000MS   Memory Limit: 65536K Total Submissions: 3743   Accepted: 1150   Speci ...

  7. springmvc 配置和spring配置?

    最近在接触mybatis,之间使用springmvc时,配置文件一直是,web.xml+XX-servlet.xml 的配置(xx为web.xml中servlet name名称).为了整合mybati ...

  8. Oracle学习(八):处理数据

    1.知识点:能够对比以下的录屏进行阅读 SQL> --SQL语句 SQL> --1. DML语句(Data Manipulation Language 数据操作语言): insert up ...

  9. android新组件RecyclerView使用介绍和进阶使用,替用Gallery

    简介: RecyclerView是support-v7包中的新组件,是一个强大的滑动组件,与经典的ListView相比,同样拥有item回收复用的功能,但是直接把viewholder的实现封装起来,用 ...

  10. 2009年末最强梅麻呂3D动画游戏大作 汉化补丁

    [游戏名称]:Yin荡游戯Ω(前编)-闇の眷族vs女ドラゴン- (名字请自己补) [游戏厂商]:梅麻吕3D [发售日期]:2010年04月16日 游戏评价: 梅麻呂的3D作品能够说是如今3D动画中最好 ...