用户认证是否需要LDAP绑定账号? [英] Is LDAP binding account required for user authentication?

问题描述

我正在为我的组织创建一个门户，我希望用户在其中使用他们组织帐户的 ID 和密码登录该门户.

I am making a portal for my organization in which I want the user to login to that portal with their organization acoount's ID and password.

为此，我将 LDAP 身份验证与 Java 结合使用.

For this purpose I am using LDAP authentication with Java.

看了好几篇文章，发现认证步骤如下:

After reading through quite a few articles, I found the following steps for authentication:

1. 使用某些绑定或技术帐户绑定到 LDAP 服务器

1. bind to LDAP server using some binding or technical account

在尝试登录的 LDAP 服务器中搜索用户详细信息

search for the user details in LDAP server who is trying to log in

尝试使用用户的专有名称和密码再次绑定到服务器.

try to bind to server again with user's Distinguished name and password.

问题 1:仅此而已吗?

上述过程是否完全正确，还是因为我是新手程序员而遗漏了一些信息?binding 在概念上是什么意思?

Question 1: Is that all?

Is the above process exactly correct or I am missing some info as I am a novice programmer? And what does binding mean conceptually?

不知道绑定账号需要什么?如果我直接尝试用用户的凭据绑定LDAP服务器并且成功，那么我可以给他访问权限吗?

I wonder what is the need of binding account? If directly I try to bind the LDAP server with user's credential and if it is successful, then can I give him the access?

我有 JXplorer 工具，我可以在其中使用我自己组织的凭据连接到 LDAP 服务器.所以我在想首先用其他帐户绑定到LDAP服务器需要什么?

I have JXplorer tool in which i am able to connect to LDAP server with my own organization's credential. So I was thinking what is the need of first binding to LDAP server with some other account?

推荐答案

问题 1- 以上过程是否完全正确

question 1- Is the above process exactly correct

是的.

问题 2- 我想知道绑定帐户需要什么?

question 2- I wonder what is the need of binding account?

是的.需要搜索目录才能找到用户DN，不希望一般未经认证的公众也能搜索到目录.

Yes. You need to search the directory to find the user DN, and you don't want the general unauthenticated public to be able to search the directory.

如果我直接尝试用用户的凭据绑定ldap服务器并且成功，那么我可以给他访问权限吗?

if directly I try to bind the ldap server with user's credential and if it is successful, then can I give him the access?

您没有用户的凭据.你有他的登录名，或电子邮件地址，或 CN，或他用来标识自己的东西，但这只是某个条目的一个属性.您需要找到该条目并获取其 DN 以进行身份​​验证.

You don't have the user's credentials to start with. You have his login name, or email address, or CN, or something that he uses to identity himself, but which is only an attribute of some entry. You need to find that entry and get its DN for authentication.

我有 jexplorer 工具，我可以在其中使用我自己组织的凭据连接到 LDAP 服务器.所以我在想首先使用其他帐户绑定到 LDAP 服务器需要什么?

I have jexplorer tool in which I am able to connect to LDAP server with my own organization's credentials. So i was thinking what is the need of first binding to LDAP server with some other account?

见上.您不希望用户像使用 JXplorer 那样记住他的整个 DN.

See above. You don't want the user to have to remember his entire DN the way you do with JXplorer.

这篇关于用户认证是否需要LDAP绑定账号?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！