powered by Jive Software

LDAP: dynamic dn

Folks,

Our ldap server is set up w/ssl and uses a dynamic dn to authenticate. So a user logs in with the uid and password. We search on the user’‘s uid and upon finding it attempt to bind as the user with a dn consisting of a unique id that’'s found from the resulting search (along with their password).

Is this something that wildfire supports out of the box or does some custom code need to be developed? Any pointers?

Thanks,

Ken

Ken,

I’‘m not sure I’‘ve heard of dynamic DN’'s in this way before. However, the out-of-box LDAP support may still work for you. There are a couple of basic scenarios:

  1. Authentication. This is done by trying to bind to the LDAP server using the username and password. The username field is configurable – uid, or whatever your server uses.

  2. Load user data. This is done by looking up a user via username (uid, etc as above). The resulting DN (from the search) is then used to find all needed information about the user.

I’‘m not sure if that’‘s clear enough. If you’'re familiar with Java LDAP code, you could definitely dig into the source to see if it will work for you. Otherwise, I imagine that some minor customizations would do the trick.

Best Regards,

Matt

Matt,

Thanks for the reply.

  1. Authentication. This is done by trying to bind to

the LDAP server using the username and password. The

username field is configurable – uid, or whatever

your server uses.

Sorry if I wasn’‘t clear. A user enters their username/password. We do a search on the user’‘s username and if we’'re succesful return their unique “uuid”. When then attempt to authentication using a dn based on that unique uuid and their supplied password.

Ken

Ken,

That sounds like it should work using the default code. Let us know if you run into problems.

Regards,

Matt

Sorry Matt . I didn’'t know there was a follow up. Anyway … tried it. Doe wildfire use a method of verifiying authentication by attempting to bind to the ldap sever using the user supplied credentials? If so, how do I designate the dn used to bind?

Thanks,

Kenwrick