I know how to authenticate username and password using LDAP after reviewing this site and others. But my question is our client does not give permission to any username or password to bind itself to active directory. I mean there is admin kind of uname and password which is used to bind first and then you have to provide your actual username and password. Could anyone please let me know how could I accomplish this?
4
votes
1 Answers
1
votes
Typically you find some manner of binding, that allows you to search for the full DN of your target user, based on whatever information you got out of them. For example, you might ask for a username and password to log in with, and that username might be their sAMAccountName is AD. Or perhaps their email address in AD.
Then you would query either mail or sAMAccountname via a bind as an Admin user or as an anonymous bind, or something else they allow to find the full DN of that user.
Finally you would perhaps do a password compare to test the DN's password against the value they entered on the login page.
