How to authenticate a user by uid and password?

标签：des   style   blog   class   code   java   

原文地址：Authentication options | Basic authorization

If you want to use simple binds with user DN and password within a Java component, in order to authenticate users programatically, in practice one problem arises: Most users do not know their DN. Therefore they will not be able to enter it. And even if they know it, it would be frequently very laborious due to the length of the DN. It would be easier for a user if s/he only has to probvide a short, unique ID and the password, like in this web form:

Usually the ID is an attribute within the user‘s entry. In our sample data (Seven Seas), each user entry contains the uid attribute, for instance uid=hhornblo for Captain Hornblower:

dn: cn=Horatio Hornblower,ou=people,o=sevenSeas
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: top
cn: Horatio Hornblower
description: Capt. Horatio Hornblower, R.N
givenname: Horatio
sn: Hornblower
uid: hhornblo
mail: hhornblo@royalnavy.mod.uk
userpassword: {SHA}nU4eI71bcnBGqeO0t9tXvY1u5oQ=

But how to authenticate a user who provides "hhornblo"/"pass" instead of "cn=Horatio Hornblower,ou=people,o=sevenSeas"/"pass" with the help of ApacheDS?

An algorithm

In order to accomplish this task programmatically, one option is to perform the following steps

Arguments

• uid of a user (e.g. "hhornblo")
• password proclaimed to be correct for the user

Steps

• Bind to ApacheDS anonymously, or with the DN of a technical user. In both cases it must be possible to search the directory afterwards (authorization has to be configured that way)
• Perform a search operation with an appropriate filter to find the user entry for the given ID, in our case "(&(objectClass=inetorgperson)(uid=hhornblo))"
  • If the search result is empty, the user does not exist -- terminate
  • If the search result contains more than one entry, the given ID is not unique, this is likely a data error within your directory
• Bind to ApacheDS with the DN of the entry found in the previous search, and the password provided as argument
  • If the bind operation fails, the password is wrong, and the result is false (not authenticated)
  • If the bind is successful, authenticate the user

How to authenticate a user by uid and password?,布布扣,bubuko.com

How to authenticate a user by uid and password?

标签：des   style   blog   class   code   java   

原文地址：http://www.cnblogs.com/eastson/p/3720237.html