Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

LDAP user authentication

 
Maulin Vasavada
Ranch Hand
Posts: 1873
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi all,
i'm little confused about the following,
i am familiar with authenticate user using his login/password with the database but now considering the LDAP, how can i do similar thing?
in database i have a table,
Users (userid, password, fname, lname);
i want to migrate this database to LDAP (assuming i have resources to configure LDAP server and change the LDAP schema or whatever to the point i need)....so that when user logs in i can pass username/password to the program and check if the user is valid or not against the ldap.
how do i do that?
i'm confused as i saw the example on SUN's JNDI tutorial at this site but from that example it seems LDAP server is having CREDENTIALS information somewhere other than the LDAP hierarchy itself (the DIT i mean)...
what i want to have is,
DIT as o=myorg,user=me,password=personal,lname=vasavada,fname=maulin sort of LDAP storage and then check against that DIT when user logs in...
please let me know if i am not making any sense here..
regards
maulin
 
Cindy Glass
"The Hood"
Sheriff
Posts: 8521
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The slapd.conf holds some configuration information for your LDAP installation. One of the things that it has is a credentials attribute that holds the administrative password to the server.
If you don't have the proper credentials, you can't update an entry in the LDAP.
 
Maulin Vasavada
Ranch Hand
Posts: 1873
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi Cindy
okay. so more questions,
1. if i want to update LDAP content (e.g. change home address for some user) i need authorized password to be provided in SECURITY_CREDENTIALS assuming we are using Simple authentication.
Now, this "authorized" password would follow the ACL defined by the LDAP server. so if two users - Admin1 and SuperUser1 are authorized to update some node in DIT (and its children) then i have to use any of those two as SECURITY_CREDENTIALS right?
2. if i want to just "read" the content in the LDAP (to list all users or a profile for a particular user) then also the SECURITY_CREDENTIALS i use would go through the ACL as in first step, right? So, if "Only" Admin1 and SuperUser1 are assigned rights to even "read" any user profile then i have to use any of those two...
3. does, by default, users have "read" rights to their profile node in LDAP?
e.g. if i'm a user=maulin in LDAP (not an admin in any sense) and i have a node for myself that is,
o=usa, ou=ca, ou=la, cn=maulin (tho shd be read in reversed order as per LDAP convention) then,
can i use my password to query my data in LDAP via JNDI program?

hope now i make more sense.
the problem is i've never been ldap admin (or any other admin in any respect) so i see ldap fromthe end user perspective who needs to use LDAP via JNDI and build an application that can manage user profiles...
regards
maulin
 
Maulin Vasavada
Ranch Hand
Posts: 1873
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi Cindy,
also i am not sure if all of these would be better answered in "Security" forum...if u feel so you can put this little novice kid amidst "big security guards" to feel scared (just kiddin...)
and thanks for the help so far...
regards
maulin
 
Cindy Glass
"The Hood"
Sheriff
Posts: 8521
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The programmer needs to provide the password (hopefully encrypted) in the class that wants to read or update the ldap data. REAL people don't use that field .
Now that you mention it you might get better answers in that forum.
OK - I will move this.
 
Maulin Vasavada
Ranch Hand
Posts: 1873
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
anybody there?
regards
maulin
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic