View Issue Details

IDProjectCategoryView StatusLast Update
0024638mantisbtldappublic2018-08-13 02:33
Reporterjingshaochen Assigned Toatrol  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionno change required 
Product Version2.15.0 
Summary0024638: LDAP authentication does not need to bind a service account
Description

When using ldap authenticate, one can directly use user supplied username and password to bind to ldap server, if succeed, then the user information will be returned and we know the user is authenticated successfully. There is no need to have a service account for the purpose of authenticating other users. That means $g_ldap_bind_passwd is not needed.

TagsNo tags attached.

Activities

atrol

atrol

2018-07-29 16:11

developer   ~0060334

From what I understand there are situations where a service account is needed, see https://stackoverflow.com/questions/25519666/is-ldap-binding-account-required-for-user-authentication

jingshaochen

jingshaochen

2018-07-31 21:45

reporter   ~0060341

Agree. With more complex structure, you have to use a service account to find the DN first.

atrol

atrol

2018-08-01 01:36

developer   ~0060342

Thanks for the feedback.