LDAP get Users DN by Username and Domainname

0
votes

I have some understanding problems of LDAP. When i use an Active Directory Server i can bind with username@domain and a password.

When i use ApacheDS i must give it the full DN of the user and a password.

So i have the folowing Questions:

  • How do i find out the full dn of a User on a ApacheDS Server with anonymous privilegs and only the knowledge of username, domain (and password)?
  • Is this evenposible? Is the ApacheDS Server even made to be an
  • alternative to Active Directory?
2
active-directoryldap
Do you have anywhere to stuff a LDAP search query? If yes, search for a user with listed userPrincipalName attribute, should return one user by its actual DN. Then you query with DN and password, if it matches the user.Vesper

2 Answers

2
votes

Generally, LDAP authentication is done in two steps:

  1. Map a given unique user identifier (uid) to its distinguished name using a search operation with a filter like (&(objectClass=user)(uid=%s))
  2. Use a bind operation with that dn to authenticate against your LDAP server.

Active Directory comes with a convenience feature: You can bind using a couple of supported identifiers and AD will do the mapping internally for you.

ApacheDS isn't a plug-and-play substitute for AD, but it's extensible. A Java developer can easily write an authentication interceptor providing the same internal mapping as AD.

1
votes

As marabu said you can simulate the authentication using a search on the directory before doing the bind.

You can also look for SASL authentication which provides other ways to authenticate.

Here are a list of ApacheDS supported SASL mechanism : http://directory.apache.org/apacheds/advanced-ug/4.1.2-sasl-authn.html