SyntaxFix

[directory] Easy way to test an LDAP User's Credentials

Is there an easy way to test the credentials of a user against an LDAP instance? I know how to write a Java program that would take the 'User DN' and password, and check it against the LDAP instance. However is there any easier way? Specially a method that not only authenticates the user, but also lists all the user's roles.

This question is related to directory ldap opends opendj

The answer is

Use ldapsearch to authenticate. The opends version might be used as follows:

ldapsearch --hostname hostname --port port \
    --bindDN userdn --bindPassword password \
    --baseDN '' --searchScope base 'objectClass=*' 1.1

Note, if you don't know your full bind DN, you can also just use your normal username or email with -U

ldapsearch -v -h contoso.com -U [email protected] -w 'MY_PASSWORD' -b 'DC=contoso,DC=com' '(objectClass=computer)'

ldapwhoami -vvv -h <hostname> -p <port> -D <binddn> -x -w <passwd>, where binddn is the DN of the person whose credentials you are authenticating.

On success (i.e., valid credentials), you get Result: Success (0). On failure, you get ldap_bind: Invalid credentials (49).

You should check out Softerra's LDAP Browser (the free version of LDAP Administrator), which can be downloaded here :

http://www.ldapbrowser.com/download.htm

I've used this application extensively for all my Active Directory, OpenLDAP, and Novell eDirectory development, and it has been absolutely invaluable.

If you just want to check and see if a username\password combination works, all you need to do is create a "Profile" for the LDAP server, and then enter the credentials during Step 3 of the creation process :

enter image description here

By clicking "Finish", you'll effectively issue a bind to the server using the credentials, auth mechanism, and password you've specified. You'll be prompted if the bind does not work.

Authentication is done via a simple ldap_bind command that takes the users DN and the password. The user is authenticated when the bind is successfull. Usually you would get the users DN via an ldap_search based on the users uid or email-address.

Getting the users roles is something different as it is an ldap_search and depends on where and how the roles are stored in the ldap. But you might be able to retrieve the roles during the lap_search used to find the users DN.

Source: Stackoverflow.com

Examples related to directory

Moving all files from one directory to another using Python What is the reason for the error message "System cannot find the path specified"? Get folder name of the file in Python How to rename a directory/folder on GitHub website? Change directory in Node.js command prompt Get the directory from a file path in java (android) python: get directory two levels up How to add 'libs' folder in Android Studio? How to create a directory using Ansible Troubleshooting misplaced .git directory (nothing to commit)

Examples related to ldap

LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 Querying Windows Active Directory server using ldapsearch from command line What are CN, OU, DC in an LDAP search? LDAP server which is my base dn Easy way to test an LDAP User's Credentials LDAP filter for blank (empty) attribute LDAP Authentication using Java How to create and add users to a group in Jenkins for authentication? Query to list all users of a certain group using wildcards in LDAP search filters/queries

Examples related to opends

Easy way to test an LDAP User's Credentials

Examples related to opendj

Easy way to test an LDAP User's Credentials

Tags

Hibernate.cfg.xml Cpython Inequalities N-queens Rollover-effect Cc-mode Multiplayer Itemsource Line Indexed-image Middle-tier Package-managers Zend-acl Apache-dbi Script-debugging Distinct-on Invalidoperationexception Icon-language Entityobject Background-color Complex-event-processing Temporal-database Display-dpi Feedly Circular-dependency Zimbra Sorteddictionary Ripple Weborb Object-graph Hierarchical-clustering Data-presentation Jpgraph For-xml-path Datapager Flot Outputcache Theorem Firefly-mv Catalog Information-management Recursive-databinding Noborder Yui-compressor Reformat Aforge Django-fixtures Setup-deployment Memory-alignment Basecamp Exchange-server Code-caching Clang-static-analyzer Rdma Database-testing Cortex-a8 Info-hash Scene Window-handles Designview Typedarray Opengl-4 Modified-preorder-tree-t Underflow Sprite-sheet Couchdb-futon Pageload Remarks Kiosk Ondrawitem Nonblocking Reporting-tools Efv4 Jbossmq Dummy-data Open-session-in-view Pardiso Game-center Sqljdbc Applet Clique-problem Jquery-masonry Classnotfoundexception Message Flex-skins Ora-02014 Python-extensions Jgrasp Otcl Constructor Clientside-caching Abcl Healthvault Autoeventwireup Autoresize Listactivity Sample-data Logparser Rating-system Aasm