[英]Username and Password for LDAP Authentication
A client asked us if we support LDAP authentication for a Single-Sign-On (SSO). 一位客户询问我们是否支持单点登录(SSO)的LDAP身份验证。 I Googled around and learnt a bit about LDAP. 我在Google周围搜索并了解了一些有关LDAP的知识。
However, I don't understand whether I should run the bind
operation on some credentials that will be given to me as the app and then look for the user that tried to log in, or I should call the bind
on the credentials the user attempts to login from through our app and as long as the credentials are valid, I consider that the user is logged in. 但是,我不明白是否应该对将作为应用程序提供给我的某些凭据运行bind
操作,然后寻找尝试登录的用户,还是应该对用户尝试的凭据调用bind
通过我们的应用程序登录,并且只要凭据有效,我就认为该用户已登录。
Thank you. 谢谢。
It's done in three steps: 分三个步骤完成:
If any of this fails ie including (2), it's a login failure, and note that you don't tell the user which step: you don't tell him 'no such user' or 'invalid password'. 如果其中任何一个失败(包括(2)),则表示登录失败,请注意,您没有告诉用户哪个步骤:您没有告诉他“没有这样的用户”或“无效的密码”。 You just tell him 'invalid credentials' or similar for both. 您只需告诉他“无效的凭据”或两者均类似。 Otherwise you're leaking information to an attacker. 否则,您会将信息泄漏给攻击者。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.