Hello list,
So, the application I am working on right now needs to have LDAP authentication build in, meaning that if the user enabled it, we will query about his basic data (email,pwd) on a user-setup LDAP directory. It used to work fine when I was testing with OpenLDAP. The code, essentially, is this:
connection.bind(self.bind_dn,self.password)
connection.search2(self.base_dn,1,"(& (userPassword=#{password}) (mail=#{email}))",nil,false,5,5000)
It binds and then searches for the user by mail and password. The entries must have a userPassword and mail attributes. It’s part of the core schema (I guess), so it works fine on OpenLDAP.
I then went to test with Active Directory. I thought it would be basically the same stuff, since it is a LDAP server too and speaks the same protocol. The issue, however, is that, even though we had an entry with mail and the password set, it was just no authenticating. I then changed the query to:
connection.search2(self.base_dn,1,"(mail=#{email})",nil,false,5,5000)
And then it did return the user entry.
The issue is the userPassword attribute (or is it unicodePwd?). From what I’ve read, you just can’t read it from an AD directory. If that’s true, how could LDAP authentication be implemented against an Active Directory repository?
I would appreciate some enlightenment
Cheers,
Marcelo.