用户认证是否需要LDAP绑定帐户? [英] Is LDAP binding account required for user authentication?

问题描述

我正在为我的组织创建一个门户，我希望用户使用其组织成员的ID和密码登录到该门户.

I am making a portal for my organization in which I want the user to login to that portal with their organization acoount's ID and password.

为此，我将LDAP身份验证与Java结合使用.

For this purpose I am using LDAP authentication with Java.

通读了几篇文章后，我发现了以下身份验证步骤:

After reading through quite a few articles, I found the following steps for authentication:

1. 使用某些绑定或技术帐户绑定到LDAP服务器

1. bind to LDAP server using some binding or technical account

在尝试登录的LDAP服务器中搜索用户详细信息

search for the user details in LDAP server who is trying to log in

尝试使用用户的专有名称和密码再次绑定到服务器.

try to bind to server again with user's Distinguished name and password.

问题1:就这些吗?

以上过程是否完全正确，或者由于我是新手程序员而缺少一些信息?那么 binding 在概念上是什么意思?

Question 1: Is that all?

Is the above process exactly correct or I am missing some info as I am a novice programmer? And what does binding mean conceptually?

我想知道绑定帐户有什么需要?如果直接尝试将LDAP服务器与用户的凭证绑定，并且成功，那么我可以给他访问权限吗?

I wonder what is the need of binding account? If directly I try to bind the LDAP server with user's credential and if it is successful, then can I give him the access?

我有JXplorer工具，可以使用自己的组织机构的凭据连接到LDAP服务器.所以我在想首先用其他帐户绑定到LDAP服务器的需求是什么?

I have JXplorer tool in which i am able to connect to LDAP server with my own organization's credential. So I was thinking what is the need of first binding to LDAP server with some other account?

推荐答案

问题1-以上过程是否正确

question 1- Is the above process exactly correct

是的

问题2-我想知道需要绑定帐户吗?

question 2- I wonder what is the need of binding account?

是的.您需要搜索目录以查找用户DN，并且您不希望未经身份验证的普通公众能够搜索该目录.

Yes. You need to search the directory to find the user DN, and you don't want the general unauthenticated public to be able to search the directory.

如果我直接尝试将ldap服务器与用户的凭证绑定，并且如果成功，那么我可以给他访问权限吗?

if directly I try to bind the ldap server with user's credential and if it is successful, then can I give him the access?

您首先没有用户的凭据.您具有他的登录名，电子邮件地址或CN，或者他用来标识自己的名称，但这仅是某些条目的属性.您需要找到该条目并获取其DN以进行身份​​验证.

You don't have the user's credentials to start with. You have his login name, or email address, or CN, or something that he uses to identity himself, but which is only an attribute of some entry. You need to find that entry and get its DN for authentication.

我有jexplorer工具，可以使用自己的组织机构的凭据连接到LDAP服务器.所以我在想首先用其他帐户绑定到LDAP服务器的需求是什么?

I have jexplorer tool in which I am able to connect to LDAP server with my own organization's credentials. So i was thinking what is the need of first binding to LDAP server with some other account?

请参见上文.您不希望用户必须像使用JXplorer一样记住他的整个DN.

See above. You don't want the user to have to remember his entire DN the way you do with JXplorer.

这篇关于用户认证是否需要LDAP绑定帐户?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！