are wildcards possible in OpenLDAP LDAPConnection.bind() dn string?_问答_开发者

are wildcards possible in OpenLDAP LDAPConnection.bind() dn string?

开发者 https://www.devze.com 2023-03-07 02:27 出处：网络

My specific problem is that when I attempt to bind with t开发者_开发知识库he following full dn, all is well

相关专题：ldap openldap

My specific problem is that when I attempt to bind with t开发者_开发知识库he following full dn, all is well

new LDAPConnection().bind(LDAPConnection.LDAP_V3, 
"uid=me@wherever.com,ou=Lev1,ou=Lev2,o=Company", "secret".getBytes());

however, when I attempt to bind with an incomplete dn, I am getting an Invalid Credentials exception.

new LDAPConnection().bind(LDAPConnection.LDAP_V3,
"uid=me@wherever.com,ou=Lev1,o=Company", "secret".getBytes());

Is their some form of wildcarding that is possible, such as "uid=me@wherever.com,ou=Lev1,ou=*,o=Company"?

No. It sounds like you might be confusing bind() with search(). bind() is authentication against the directory, like logging in. Binding with a wildcarded dn would be like having a login with a wildcarded username. Doesn't really make sense.

To do a wildcard like this you have to do a search first and select which one you want to perform the bind. This may mean you need to bind with an id which can perform the search. ;)

No, the use of wildcards is not possible in the way you describe. However, SASL provides a mechanism to accomplish the desired behavior. Your directory server administrator may be able to configure the directory server to map identities to an authorization ID wherein the client need not know the distinguished name of the identity with which to authenticate the LDAP connection. Professional-quality directory server software will provide a variety of identity mapping capabilities.