Hello list,
So, the application I am working on right now needs to have LDAP
authentication build in, meaning that if the user enabled it, we will
query
about his basic data (email,pwd) on a user-setup LDAP directory. It used
to
work fine when I was testing with OpenLDAP. The code, essentially, is
this:
connection.bind(self.bind_dn,self.password)
connection.search2(self.base_dn,1,"(& (userPassword=#{password})
(mail=#{email}))",nil,false,5,5000)
It binds and then searches for the user by mail and password. The
entries
must have a userPassword and mail attributes. It’s part of the core
schema
(I guess), so it works fine on OpenLDAP.
I then went to test with Active Directory. I thought it would be
basically
the same stuff, since it is a LDAP server too and speaks the same
protocol.
The issue, however, is that, even though we had an entry with mail and
the
password set, it was just no authenticating. I then changed the query
to:
connection.search2(self.base_dn,1,"(mail=#{email})",nil,false,5,5000)
And then it did return the user entry.
The issue is the userPassword attribute (or is it unicodePwd?). From
what
I’ve read, you just can’t read it from an AD directory. If that’s true,
how
could LDAP authentication be implemented against an Active Directory
repository?
I would appreciate some enlightenment
Cheers,
Marcelo.