Allow binding using credentials of user logging in
lambic - August 3, 2009 - 15:23
| Project: | LDAP integration |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | needs review |
| Issue tags: | ldapauth |
Description
For non-anonymous searching, I've added a checkbox under server settings/advanced configuration to allow it to use the credentials of the user trying to log in to perform the initial search.
#1
#2
In order to authenticate with the LDAP, a user DN in LDAP should be known. User authenticates with the LDAP not with his drupal username, but with his full LDAP DN. Therefore a search in LDAP is made to find out user's DN based on his drupal username. The search can be anonymous or with the credentials saved in the module configuration. The user's username and password cannot be used as the full user's DN in not yet known (the search finds it).
#3
#4
It works for us, it's also the way the WordPress LDAP plugin works. It will attempt an anonymous search, and if that fails it will use the bind username/password if it was given, otherwise it will attempt to use the credentials provided by the user. The third option, and the one that works for us, is apparently peculiar to Microsoft AD.
#5
#6
Any chance of getting this committed?
#7
I've rerolled this patch against the latest version, I hope we can get this committed sometime.