Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

LDAP server which is my base dn

Tags:

authentication

ldap

openca

Hello I'm trying to use my ldap test server in order to authenticate users in openca.

I'm currently connecting through phpldapadmin with :

Login DN : cn=admin,dc=example,dc=com
Password : mypass

but on openca something is going wrong... in datasources.xml I found the settings of the ldap configuration and it asks for

<name>basedn</name>

which is the basedn for me ? I already tried

cn=admin,dc=example,dc=com

and

dc=example,dc=com

I can connect to my ldap with LDAP Admin explorer too.

Thanks !

like image 775
invader7 Avatar asked Jun 08 '13 12:06

invader7

People also ask

How do you find base DN and Bind DN?

To find the Bind DN, run the following command with the example username of test1 from the command line of the AD server: dsquery user -name test1. should receive the Bind DN "CN=test1, OU=outest2, OU=outest, DC=pantac2, DC=org"

What is group base DN in LDAP?

The user or group DN is added onto the base DN, and will be used as the starting place to look for users and groups. This is helpful when your users are located at a different location to the groups they're a part of. For example, consider the following: Base DN: dc=example,dc=local. Group DN: ou=Groups.

What is base distinguished name in LDAP?

The LDAP distinguished name (DN) of the base entry in the repository indicates the starting point for searches in the LDAP directory server. Specifying a subtree as the base entry limits the set of eligible users and groups when you log in to IBM Content Navigator.

1 Answers

The base dn is dc=example,dc=com.

I don't know about openca, but I will try this answer since you got very little traffic so far.

A base dn is the point from where a server will search for users. So I would try to simply use admin as a login name.

If openca behaves like most ldap aware applications, this is what is going to happen :

  1. An ldap search for the user admin will be done by the server starting at the base dn (dc=example,dc=com).
  2. When the user is found, the full dn (cn=admin,dc=example,dc=com) will be used to bind with the supplied password.
  3. The ldap server will hash the password and compare with the stored hash value. If it matches, you're in.

Getting step 1 right is the hardest part, but mostly because we don't get to do it often. Things you have to look out for in your configuraiton file are :

  • The dn your application will use to bind to the ldap server. This happens at application startup, before any user comes to authenticate. You will have to supply a full dn, maybe something like cn=admin,dc=example,dc=com.
  • The authentication method. It is usually a "simple bind".
  • The user search filter. Look at the attribute named objectClass for your admin user. It will be either inetOrgPerson or user. There will be others like top, you can ignore them. In your openca configuration, there should be a string like (objectClass=inetOrgPerson). Whatever it is, make sure it matches your admin user's object Class. You can specify two object class with this search filter (|(objectClass=inetOrgPerson)(objectClass=user)).

Download an LDAP Browser, such as Apache's Directory Studio. Connect using your application's credentials, so you will see what your application sees.

like image 189
ixe013 Avatar answered Sep 18 '22 11:09

ixe013
Sign in to Comment

Related questions

Migrating from Restful Authentication to Devise
How can I handle Exceptions raised by django-social-auth?
psql: FATAL: password authentication failed for user windows 8
Suppress redirect on API URLs in ASP.NET Core
Appropriate choice of authentication class for python REST API used by web app
Devise not displaying error messge during an authentication failure?
Check if twitter username exists
Java LDAP Authentication using username and password
Failed user login on production server using Symfony framework (Authentication request could not be processed due to...)
Authentication with JWT Laravel 5 without password
How to cURL an Authenticated Django App?
ASP.Net Identity 2.0 AccessFailedCount not incrementing
SignInAsync vs AuthenticateAsync
Kafka SASL zookeeper authentication
Can I use NSURLCredentialStorage for HTTP Basic Authentication?
How to handle expired session using Spring Security and jQuery?
Using OAuth for server-to-server authentication?
Django users and authentication from external source
How can my server securely authenticate iPhone in-app purchase?
CodeIgniter authentication + user privileges

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!