LDAP authentication without Principal and credentials

Foren

li li, geändert vor 9 Jahren.

LDAP authentication without Principal and credentials

New Member Beitrag: 1 Beitrittsdatum: 21.11.14 Neueste Beiträge

Hi,

I'm trying to login system using LDAP authentication, below is my configuration in Liferay,

Base Provider URL: ldap://10.200.0.145:389
Base DN: dc=nead,dc=danet
Authentication Search Filter: (&(objectCategory=person)(sAMAccountName=@screen_name@))

I have manual created LDAP account in "User" model so I think that I no longer need to use "Import" function

But I got the following error when I login using domain account/password:
"In order to perform this operation a successful bind must be completed on the connection"

My question is: "Principal" and "credentials" is required configuration? Can I just using LDAP url to do authentication?

Thanks

David H Nebinger, geändert vor 9 Jahren.

RE: LDAP authentication without Principal and credentials

Liferay Legend Beiträge: 14916 Beitrittsdatum: 02.09.06 Neueste Beiträge

There are two modes to LDAP integration.

The first is the import/export mode where you need credentials that can bind to LDAP and query for (and possibly update if you enable it) the LDAP tree for users.

The second is the actual authorization. In this step the principal and password are used to access LDAP to see if the screen name is valid and access the DN for the user attempting the login (because Liferay does not store that in the users_ table). Once it has that information, it uses the DN for the user and the given password to bind to the LDAP instance and, if bind successful, the user is considered logged in.

So yes, the principal and password are used and required in both cases.