ldap 仅使用证书的身份验证
[英]ldap authentication using only certificates
问题描述
Is it possible to do LDAPS authentication using client certificates?
是否可以使用客户端证书进行 LDAPS 身份验证? if so/how?如果是这样/如何?
I found the below but it still uses a bind method using user and password.我找到了以下内容,但它仍然使用使用用户和密码的绑定方法。
Python+LDAP+SSL Python+LDAP+SSL
I don't want to use user and password.我不想使用用户名和密码。 Currently using LDAPS from python to AD DC via port 3269.当前使用从 python 到 AD DC 的 LDAPS,通过端口 3269。
It seems python-ldap always require user and password?似乎 python-ldap 总是需要用户名和密码? are there alternative libraries/languages/toolsets/apis that do support client certificates?是否有支持客户端证书的替代库/语言/工具集/api?
1 个解决方案
解决方案1
1 已采纳 2021-04-26 05:52:16
LDAP standards defines a specific operation to authenticate a user based on the underlying transport security layer (TLS): the LDAP SASL EXTERNAL BIND. LDAP 标准定义了基于底层传输安全层 (TLS) 对用户进行身份验证的特定操作:LDAP SASL 外部绑定。
When the connection is secured by TLS and the server was configured to require client authentication, then when the client sends a BIND SASL EXTERNAL request, the server retrieves the client identity and tries to map it to an internal user for authorization.当连接由 TLS 保护并且服务器被配置为需要客户端身份验证时,当客户端发送 BIND SASL EXTERNAL 请求时,服务器会检索客户端身份并尝试将其 map 给内部用户进行授权。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.