I am making a portal for my organization in which I want the user to login to that portal with their organization acoount's ID and password.
For this purpose I am using LDAP authentication with Java.
After reading through quite a few articles, I found the following steps for authentication:
bind to LDAP server using some binding or technical account
search for the user details in LDAP server who is trying to log in
try to bind to server again with user's Distinguished name and password.
Is the above process exactly correct or I am missing some info as I am a novice programmer? And what does binding mean conceptually?
I wonder what is the need of binding account? If directly I try to bind the LDAP server with user's credential and if it is successful, then can I give him the access?
I have JXplorer
tool in which i am able to connect to LDAP server with my own organization's credential. So I was thinking what is the need of first binding to LDAP server with some other account?
Binding is the step where the LDAP server authenticates the client and, if the client is successfully authenticated, allows the client access to the LDAP server based on that client's privileges.
A user cannot access information stored within an LDAP database or directory without first authenticating (proving they are who they say they are). The database typically contains user, group, and permission information and delivers requested information to connected applications.
In order to authenticate a user with an LDAP directory you first need to obtain their DN as well as their password. With a login form, people typically enter a simple identifier such as their username or email address. You don't expect them to memorise the DN of their directory entry.
Simple authentication: This encompasses three possible approaches – anonymous authentication, unauthenticated authentication, and name/password authentication.
question 1- Is the above process exactly correct
Yes.
question 2- I wonder what is the need of binding account?
Yes. You need to search the directory to find the user DN, and you don't want the general unauthenticated public to be able to search the directory.
if directly I try to bind the ldap server with user's credential and if it is successful, then can I give him the access?
You don't have the user's credentials to start with. You have his login name, or email address, or CN, or something that he uses to identity himself, but which is only an attribute of some entry. You need to find that entry and get its DN for authentication.
I have jexplorer tool in which I am able to connect to LDAP server with my own organization's credentials. So i was thinking what is the need of first binding to LDAP server with some other account?
See above. You don't want the user to have to remember his entire DN the way you do with JXplorer.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With