什么是 LDAP 匿名绑定? [英] What is LDAP anonymous binding?

问题描述

什么是匿名绑定?而且，当用户提供他/她的凭据进行身份验证时，为什么我需要使用匿名绑定?

What is anonymous binding? And, why do I need to use anonymous binding when the user provides his/her credentials for authentication?

为什么我需要匿名绑定到ldap服务器，然后使用用户提供的凭据进行身份验证?

Why do I need to bind to the ldap server anonymously and then use the credentials provided by the user for authentication?

推荐答案

在 LDAP 中，您的完整 DN(需要绑定)可以是任何东西，并且经常可以更改.名称更改(因为 AD 默认为映射到 DN 中的 CN 的全名)或移动可能会更改它.因此，期望人们使用完整的 DN 登录是行不通的.

In LDAP your full DN (needed to bind) could be anything, and often can change. A name change (since AD defaults to Full Name mapped to CN in the DN) or a move could change it. So expecting people to login with a full DN is not going to work.

所以后端系统匿名登录，搜索一些独特的花絮.像电子邮件、用户名或其他东西，找到正确的 DN，然后尝试使用提供的密码登录.

So the backend system logs in anon, searches for some unique tidbit. Like email, or username or something, finds the proper DN, and then tries to login with the provided password.

或者，您为后端系统使用服务帐户而不是匿名绑定.

Or else you use a service account for your backend system instead of anonymous binds.

这篇关于什么是 LDAP 匿名绑定?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！