[英]How to bind and query LDAP server without specifying user credentials
Currently my Mac has been successfully configured to be in Active Directory Domain. 目前,我的Mac已成功配置为位于Active Directory域中。 (System Preferences -> Users & Groups -> Login Options -> Network Account Server)
(系统偏好设置->用户和组->登录选项->网络帐户服务器)
We are developing a Mac application that has following requirements: 我们正在开发具有以下要求的Mac应用程序:
If we explicitly specify logged-in user's credentials, 如果我们明确指定登录用户的凭据,
• we are able to bind to the LDAP server •我们能够绑定到LDAP服务器
• we are able to search the users & their attributes in LDAP server. •我们能够在LDAP服务器中搜索用户及其属性。
If we do not specify logged-in user's credentials, 如果我们未指定登录用户的凭据,
• we are able to bind to the LDAP server •我们能够绑定到LDAP服务器
• but it does not allow us to search the users & their attributes in LDAP server. •但是,它不允许我们在LDAP服务器中搜索用户及其属性。
We are currently using OpenLDAP framework for LDAP operations. 我们目前正在使用OpenLDAP框架进行LDAP操作。
Is there a way with which we can use logged-in user's credentials implicitly while communicating with the LDAP server? 与LDAP服务器通信时,有没有一种方法可以隐式使用登录用户的凭证?
Can you please guide us how we can query LDAP server (search users & their attributes in LDAP server) without specifying logged-in user's credentials explicitly. 您能否指导我们如何查询LDAP服务器(在LDAP服务器中搜索用户及其属性),而无需明确指定登录用户的凭据。
Any kind of help is highly appreciated. 任何帮助都将受到高度赞赏。
Is there a way with which we can use logged-in user's credentials implicitly while communicating with the LDAP server?
与LDAP服务器通信时,有没有一种方法可以隐式使用登录用户的凭证?
Maybe. 也许。
IF you CAN set up Kerberos (and SPNEGO is using a WEB browser) you might be able to obtain a "ticket" that you could then use a GSSAPI to Authenticate the user. 如果可以设置Kerberos (并且SPNEGO使用的是WEB浏览器),则可以获取“凭单”,然后可以使用GSSAPI对用户进行身份验证。
You would probably be more secure if you used a one of the many third-party Access Manager Products to perform these services due to the inherent security risks involved. 如果您使用许多第三方Access Manager产品之一来执行这些服务,则可能会更安全,因为它涉及固有的安全风险。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.