SyntaxFix

[authentication] LDAP server which is my base dn

Hello I'm trying to use my ldap test server in order to authenticate users in openca.

I'm currently connecting through phpldapadmin with :

Login DN : cn=admin,dc=example,dc=com
Password : mypass

but on openca something is going wrong... in datasources.xml I found the settings of the ldap configuration and it asks for

<name>basedn</name>

which is the basedn for me ? I already tried

cn=admin,dc=example,dc=com

and

dc=example,dc=com

I can connect to my ldap with LDAP Admin explorer too.

Thanks !

This question is related to authentication ldap openca

The answer is

The base dn is dc=example,dc=com.

I don't know about openca, but I will try this answer since you got very little traffic so far.

A base dn is the point from where a server will search for users. So I would try to simply use admin as a login name.

If openca behaves like most ldap aware applications, this is what is going to happen :

  1. An ldap search for the user admin will be done by the server starting at the base dn (dc=example,dc=com).
  2. When the user is found, the full dn (cn=admin,dc=example,dc=com) will be used to bind with the supplied password.
  3. The ldap server will hash the password and compare with the stored hash value. If it matches, you're in.

Getting step 1 right is the hardest part, but mostly because we don't get to do it often. Things you have to look out for in your configuraiton file are :

  • The dn your application will use to bind to the ldap server. This happens at application startup, before any user comes to authenticate. You will have to supply a full dn, maybe something like cn=admin,dc=example,dc=com.
  • The authentication method. It is usually a "simple bind".
  • The user search filter. Look at the attribute named objectClass for your admin user. It will be either inetOrgPerson or user. There will be others like top, you can ignore them. In your openca configuration, there should be a string like (objectClass=inetOrgPerson). Whatever it is, make sure it matches your admin user's object Class. You can specify two object class with this search filter (|(objectClass=inetOrgPerson)(objectClass=user)).

Download an LDAP Browser, such as Apache's Directory Studio. Connect using your application's credentials, so you will see what your application sees.

Either you set LDAP_DOMAIN variable or you misconfigured it. Jump inside of ldap machine/container and run:

slapcat > backup.ldif

If it fails, check punctuation, quotes etc while you assigned variable "LDAP_DOMAIN" Otherwise you will find answer inside on backup.ldif file.

Source: Stackoverflow.com

Examples related to authentication

Set cookies for cross origin requests How Spring Security Filter Chain works What are the main differences between JWT and OAuth authentication? http post - how to send Authorization header? ASP.NET Core Web API Authentication Token based authentication in Web API without any user interface Custom Authentication in ASP.Net-Core Basic Authentication Using JavaScript Adding ASP.NET MVC5 Identity Authentication to an existing project LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

Examples related to ldap

LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 Querying Windows Active Directory server using ldapsearch from command line What are CN, OU, DC in an LDAP search? LDAP server which is my base dn Easy way to test an LDAP User's Credentials LDAP filter for blank (empty) attribute LDAP Authentication using Java How to create and add users to a group in Jenkins for authentication? Query to list all users of a certain group using wildcards in LDAP search filters/queries

Examples related to openca

LDAP server which is my base dn

Tags

Qwebpage Ribbon Simplification Hlsl C++builder-5 Bitmapfield Berkeley-db Django-syndication Messagedialog Scripting Objectpool Enhanced-rich-text Rediska Flex-builder-3 Hidden Nearlyfreespeech Smallcaps Vtune Review-board Gssapi Area Foreign-key-relationship Linegraph Opensearch Linq-to-nhibernate Git Princely Lightwindow Multipage Relational-database N900 Mathematical-typesetting Rowname Yahoo-api Previous-installation Dropdownbox Pseudo-streaming Unassigned-variable Jsr233 Rshd Monthcalendar Database-agnostic Turbogears Pleasewait Truncate-log Junitperf Dmp Scriptservice Viewstub Dbdeploy Xerces-c Isolatedstoragefile Control-template Securid Java-2d Invocationtargetexception Formatprovider Spatial-index System-requirements Copssh Nine-patch Itemspaneltemplate Printqueue File-handling Session-scope Crowdsourcing Nested-datalist Sysex Bindable-linq Forth Updatepanelanimationexte Memory-layout Many-to-many Inter-process-communicat Browsable Archiva Gatein Desktop-integration Servercontrols Vcdiff Spell-checking Bluepill Spectrogram Session-state-server Ec2-api-tools Perl-tidy Numerical Geo While-loop Detours Synchronizationcontext Green-threads Aida Scd2 Montage Cdecl Codeigniter-url Uudecode Database-tuning .net-3.0