How to do password authentication for a user using LDAP?

前端 未结 1 1881
一整个雨季
一整个雨季 2021-02-08 10:05

I am writing a client app (using OpenLDAP libraries) for which the users gets authenticated via LDAP server.

Here is the sample, hard coded, program that fails to compa

相关标签:
1条回答
  • 2021-02-08 10:50

    This is not really the right way to perform a password check on LDAP, what you should do is attempt to bind using the dn obtained from the first search and the password supplied.

    i.e. you perform a second bind to verify the password. If the bind fails then the password is incorrect.

    Something akin to:

        if ( (dn = ldap_get_dn( ld, e )) != NULL ) {
            printf( "dn: %s\n", dn );
            /* rebind */
            ldap_initialize(&ld2, LDAP_SERVER);
            rc = ldap_simple_bind_s(ld2, dn, "secret");
            printf("%d\n", rc);
            if (rc != 0) {
                printf("Failed.\n");
            } else {
                printf("Works.\n");
                ldap_unbind(ld2);
            }
            ldap_memfree( dn );
        }
    

    For security reasons indicating that the username is incorrect (i.e. the search for the user account fails) is generally considered excessive disclosure, and should be avoided.

    0 讨论(0)
提交回复
热议问题