LDAP authentication without a site-wide user/password?

41 views

Skip to first unread message

Daniel Drucker

unread,

Jan 7, 2021, 4:09:42 PM1/7/21

to xnat_discussion

The way I understand the LDAP plugin to work, you need to provide a userdn and password which the plugin then uses to talk to the LDAP server and ask whether the person logging in is authorized.

Is it possible to instead use the person logging in's credentials directly? For example, I can check using 'ldapwhoami' whether a particular login is valid:

$ ldapwhoami -vvv -H ldaps://ldap.example.org:636 -D cn=myusername,cn=users,dc=example,dc=org -x -W

ldap_initialize( ldaps://ldap.example.org:636/??base )

Enter LDAP Password: enter the wrong password

ldap_bind: Invalid credentials (49)

additional info: 80090308: LdapErr: DSID-0C090453, comment: AcceptSecurityContext error, data 52e, v3839

$ ldapwhoami -vvv -H ldaps://ldap.example.org:636 -D cn=myusername,cn=users,dc=example,dc=org -x -W

ldap_initialize( ldaps://ldap.example.org:636/??base )

Enter LDAP Password: enter correct password

u:EXAMPLE\myusername

Result: Success (0)

Can the LDAP plugin work that way?

Daniel

Reply all

Reply to author

Forward

0 new messages