OpenDJ verify user's password option?

Question

I know simply a LDAP bind can do user password verification. But the thing is that an application server usually uses admin user (cn=Directory Manager) to do all CRUD operations.

By a simple bind operation, we have to create a ldap connection binds with that specific user's dn , which is annoying.

As I know ldapcompare is another alternative, but looks like OpenDJ ldapcompare can not compare plain-text-password(OpenDJ userPassword is encrypted).

But from some ldap browser(Apache LDAP Studio), there's a "Vefiry Password" which works very well.

Any idea ?

score 1 · Accepted Answer · answered Aug 11 '16 at 14:46

1

Using cn=DirectoryManager from an application server is a security issue, pretty much like running applications as root in the unix world.

Have you tried using the proxyAuth control? Here are a few relevant links:

answered Aug 11 '16 at 14:46

JnRouvignac

807
5
19

Thanks JnRouvignac. I will try the beautiful impersonation. – Feng Xi Aug 12 '16 at 03:25

OpenDJ verify user's password option?

1 Answers1