Ldap

From Wikanual

Contents 1 ldap 2 ldap parameters 2.1 ldap host 2.2 ldap user 2.3 ldap user password 2.4 ldap domain 2.5 ldap message 3 ldap log in logic 4 PASSWORD VALIDATION

ldap

Instead of managing INTERDUBS admin users for your segment in our system you can also use user information from your ldap system.

ldap parameters

Under utilities a root admin can edit the ldap parameter via the ldap configuration screen.

When you enter the parameters below then admin users will get authenticated against your system.

ldap host

The URL of your ldap host. An example would be:

ldaps://your.ldap.host:3269

where your.ldap.host is a valid domain name or IP address. If then ldap host is not empty, then INTERDUBS will try to use this address for authentications

ldap user

A valid user in the ldap database. It should have rights to look up other users. Not related to the admin users that will use INTERDUBS

ldap user password

The password of the ldap user in the ldap database.

ldap domain

The ldap domain for users using INTERDUBS . LDAPDOMAIN in the example below.

ldap message

The initial headline that will be displayed on the INTERDUBS admin screen, so that admins are aware that they have to use their ldap credentials.

ldap log in logic

Here in pseudo code the logic if a login validation. The user has entered USER and PASS and INTERDUBS has been configured with valid access to your ldap system as described above.

IF USER does NOT contain a @ AND LDAPDOMAIN is NOT empty
THEN append @ and LDAPDOMAIN to the USER 

Since allows people to either enter they user name or user@domain email.

FIND first record that has userPrincipalName set to USER

The system tries to locate a user with userPrincipalName set to USER. If the system finds a record then it proceeds below at PASSWORD VALIDATION. If there is no record with userPrincipalName set to USER, then it tries to

FIND first record that has mail set to USER

If a record gets found then the system will retrieve the userPrincipalName to use it below for PASSWORD VALIDATION.

If no record exists for this either then the system shows an error message

LDAP your-segment-name: user name could not be found

The error will get logged under failed login attempts and the system will exit.

PASSWORD VALIDATION

If the system did find a record then it will try to validate the record identified by the userPrincipalName and the PASS.

If this works then the system checks if a login with the login email set to USER already exists or not in INTERDUBS. If it does not then it will get created in the system.

If it does not authenticate then the system will display a message

LDAP your-segment-name: pwd wrong

and the failed attempt will get logged.