How to build LDAP integration for my web app?

Question

My company develops and sells a SaaS application that has hundreds of customers. Some of our customers have asked us to support LDAP integration for authenticating user acco

Answer 1

As always remember to validate the authentication test to be sure that the password sent is not blank.

A bind with a user name and no password is considered an Anonymous bind, according to the standard, and looks like it has succeeded! When in fact, it really did not.

This is an issue for the application to handle, since the LDAP server is just following the standard, an annoying standard, but a standard nonetheless.