原文地址:Authentication options | Basic authorization

If you want to use simple binds with user DN and password within a Java component, in order to authenticate users programatically, in practice one problem arises: Most users do not know their DN. Therefore they will not be able to enter it. And even if they know it, it would be frequently very laborious due to the length of the DN. It would be easier for a user if s/he only has to probvide a short, unique ID and the password, like in this web form:

Usually the ID is an attribute within the user's entry. In our sample data (Seven Seas), each user entry contains the uid attribute, for instance uid=hhornblo for Captain Hornblower:

dn: cn=Horatio Hornblower,ou=people,o=sevenSeas

objectclass: person

objectclass: organizationalPerson

objectclass: inetOrgPerson

objectclass: top

cn: Horatio Hornblower

description: Capt. Horatio Hornblower, R.N

givenname: Horatio

sn: Hornblower

uid: hhornblo

mail: hhornblo@royalnavy.mod.uk

userpassword: {SHA}nU4eI71bcnBGqeO0t9tXvY1u5oQ=

But how to authenticate a user who provides "hhornblo"/"pass" instead of "cn=Horatio Hornblower,ou=people,o=sevenSeas"/"pass" with the help of ApacheDS?

An algorithm

In order to accomplish this task programmatically, one option is to perform the following steps

Arguments

  • uid of a user (e.g. "hhornblo")
  • password proclaimed to be correct for the user

Steps

  • Bind to ApacheDS anonymously, or with the DN of a technical user. In both cases it must be possible to search the directory afterwards (authorization has to be configured that way)
  • Perform a search operation with an appropriate filter to find the user entry for the given ID, in our case "(&(objectClass=inetorgperson)(uid=hhornblo))"
    • If the search result is empty, the user does not exist -- terminate
    • If the search result contains more than one entry, the given ID is not unique, this is likely a data error within your directory
  • Bind to ApacheDS with the DN of the entry found in the previous search, and the password provided as argument
    • If the bind operation fails, the password is wrong, and the result is false (not authenticated)
    • If the bind is successful, authenticate the user

How to authenticate a user by uid and password?的更多相关文章

  1. 《Django By Example》第四章 中文 翻译 (个人学习,渣翻)

    书籍出处:https://www.packtpub.com/web-development/django-example 原作者:Antonio Melé (译者注:祝大家新年快乐,这次带来<D ...

  2. PHP7函数大全(4553个函数)

    转载来自: http://www.infocool.net/kb/PHP/201607/168683.html a 函数 说明 abs 绝对值 acos 反余弦 acosh 反双曲余弦 addcsla ...

  3. Realm Configuration HOW-TO--官方

    来源:https://secure.gettinglegaldone.com/docs/realm-howto.html Quick Start This document describes how ...

  4. PHP类和函数注释大全

    每次要用PHP的某个功能的时候,都要去查一下,于是决定将PHP所有类和函数都整理出来,加上注释 大致实现 将php.jar文件解压,取出目录stubs 将stubs中的所有php文件中的注释去掉,并做 ...

  5. CentOS7安装OpenLDAP+MySQL+PHPLDAPadmin

    安装环境:CentOS 7 1.安装和设置数据库 在CentOS7下,默认安装的数据库为MariaDB,属于MySQL数据库的一个分支,所以我还是使用了MariaDB.安装命令为: [root@loc ...

  6. Ansible入门与实践

    一.ansible介绍 Ansible是一个简单的自动化运维管理工具,基于Python语言实现,由Paramiko和PyYAML两个关键模块构建,可用于自动化部署应用.配置.编排task(持续交付.无 ...

  7. Aerospike系列:4:简单的增删改查aql

    [root@localhost bin]# aql --help Usage: aql OPTIONS OPTIONS -h <host> The hostname to the serv ...

  8. OpenLDAP搭建全过程

    目        的:搭建一套完整的OpenLDAP系统,实现账号的统一管理.                     1:OpenLDAP服务端的搭建                     2:P ...

  9. LDAP第三天 MySQL+LDAP 安装

    https://www.easysoft.com/applications/openldap/back-sql-odbc.html      OpenLDAP 使用 SQLServer 和 Oracl ...

随机推荐

  1. CDOJ 1048 Bob's vector 三分

    Bob's vector 题目连接: http://acm.uestc.edu.cn/#/problem/show/1048 Description Bob has a vector with mm ...

  2. PAT甲级1095. Cars on Campus

    PAT甲级1095. Cars on Campus 题意: 浙江大学有6个校区和很多门.从每个门口,我们可以收集穿过大门的汽车的进/出时间和车牌号码.现在有了所有的信息,你应该在任何特定的时间点告诉在 ...

  3. HAproxy + keepalived 实现双机热备

    一.HAProxy简介: HAProxy提供高可用性.负载均衡以及基于TCP和HTTP应用的代理,支持虚拟主机,它是免费.快速并且可靠的一种解决方案.HAProxy特别适用于那些负载特大的web站点, ...

  4. How to use transparent PNG icons with Delphi ImageList

    http://www.aha-soft.com/faq/delphi-imagelist-png.htm Query: "Embarcadero Delphi ImageList does ...

  5. ReflectionToStringBuilder使用

    <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-lang3 ...

  6. 两步改动CentOS主机名称

    在CentOS系统中,改动主机名称的过程例如以下: 1. 改动network文件 编辑network文件.配置例如以下: vi /etc/sysconfig/network 配置 NETWORKING ...

  7. 数学图形(2.23)Cylindric sine wave柱面正弦曲线

    柱面正弦曲线 #http://www.mathcurve.com/courbes3d/couronnetangentoidale/couronnetangentoidale.shtml vertice ...

  8. Ubuntu 字体设置:使用Windows 字体

    基础知识 Sans-serif=无衬线体=黑体:并不是具体一款字体,而是一类字体,选择它其实等于选择这类字体中优先级最高的那款字体. Serif=衬线体=白体:同上 Monospace=等宽字体,意思 ...

  9. C 语言高效编程的几招——A few action of efficient C language programming

    编写高效简洁的C 语言代码,是许多软件工程师追求的目标.本文就工作中的一些体会和经验做相关的阐述,不对的地方请各位指教. 第1 招:以空间换时间 计算机程序中最大的矛盾是空间和时间的矛盾,那么,从这个 ...

  10. go语言基础之运算符

    一.运算符分类 1.1 算术运算符 运算符 术语 示例 结果 + 加 10 + 5 15 - 减 10 - 5 5 * 乘 10 * 5 50 / 除 10 / 5 2 % 取模(取余) 10 % 3 ...