开发者

are wildcards possible in OpenLDAP LDAPConnection.bind() dn string?

My specific problem is that when I attempt to bind with t开发者_开发知识库he following full dn, all is well

new LDAPConnection().bind(LDAPConnection.LDAP_V3, 
"uid=me@wherever.com,ou=Lev1,ou=Lev2,o=Company", "secret".getBytes());

however, when I attempt to bind with an incomplete dn, I am getting an Invalid Credentials exception.

new LDAPConnection().bind(LDAPConnection.LDAP_V3,
"uid=me@wherever.com,ou=Lev1,o=Company", "secret".getBytes());

Is their some form of wildcarding that is possible, such as "uid=me@wherever.com,ou=Lev1,ou=*,o=Company"?


No. It sounds like you might be confusing bind() with search(). bind() is authentication against the directory, like logging in. Binding with a wildcarded dn would be like having a login with a wildcarded username. Doesn't really make sense.


To do a wildcard like this you have to do a search first and select which one you want to perform the bind. This may mean you need to bind with an id which can perform the search. ;)


No, the use of wildcards is not possible in the way you describe. However, SASL provides a mechanism to accomplish the desired behavior. Your directory server administrator may be able to configure the directory server to map identities to an authorization ID wherein the client need not know the distinguished name of the identity with which to authenticate the LDAP connection. Professional-quality directory server software will provide a variety of identity mapping capabilities.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜