Menu
What is anonymous binding? And, why do I need to use anonymous binding when the user provides his/her credentials for authentication?
Why do I need to bind to the ldap server anonymously and then use the credentials provided by the user for authentication?
773
Anonymous bind is a Bind Request using Simple Authentication with a zero-length bind DN and/or a zero-length password. Anonymous bind may be used to destroy any previous authentication performed on a connection and return it to an unauthenticated state.
Binding is the step where the LDAP server authenticates the client and, if the client is successfully authenticated, allows the client access to the LDAP server based on that client's privileges.
Anonymous authentication in context of LDAP means that the client may authenticate to the server by specifying a zero length username (the bind DN) and a zero length password (which is uaually mapped to the userPassword attribute of a user DN entry).
Simple bind authentication is the most common way to authenticate LDAP clients. In a simple bind, the client either binds anonymously, that is, with an empty bind DN, or by providing a DN and a password. Directory Proxy Server binds to a data source to validate the credentials and to authenticate the client.
In LDAP your full DN (needed to bind) could be anything, and often can change. A name change (since AD defaults to Full Name mapped to CN in the DN) or a move could change it. So expecting people to login with a full DN is not going to work.
So the backend system logs in anon, searches for some unique tidbit. Like email, or username or something, finds the proper DN, and then tries to login with the provided password.
Or else you use a service account for your backend system instead of anonymous binds.
159
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
