Re: [Unity-idm-discuss] LDAP authentication with empty system DN/password

[David P. <d....@hz...>]

Dear Krzysztof,

thanks for the quick reply. We are trying to use the LDAP authenticator. 
Setting "Bind as" to "user" still requires system DN and system password (see 
screenshot attached).

David

Am Dienstag, 2. März 2021, 13:37:41 CET schrieb Krzysztof Benedyczak:
> Dear David,
> 
> W dniu 02.03.2021 o 09:32, David Pape pisze:
> > Dear developers,
> > 
> > at our research centre, we are currently evaluating the usage of Unicore
> > with Unity as an identity manager. More precisely, we are looking to
> > integrate it with our LDAP server.
> > 
> > The problem we are facing at the moment, is that our LDAP test instance
> > which is used by multiple parties, has both an empty system DN as well as
> > empty system password set. This seems to be an issue when trying to
> > connect from Unity, as it is not possible to leave these fields empty.
> > 
> > I would like to know whether there is a workaround or backdoor that would
> > allow us to connect to our test instance.
> 
> In what context you use ldap in your setup? Is it users store with
> credentials (and so in unity ldap authenticator is used) or you have
> users with credential stored in unity and ldap is used to enrich user
> records with additional attributes?
> 
> In the first case it should be possible to change "binding as" option to
> user - then user's credential is used to authorize all operations to
> LDAP, and "system" credentials should not be required. Also the "system"
> user can be any LDAP user that can run queries about other users in LDAP.
> 
> 
> HTH,
> Krzysztof
-- 
David Pape

Researcher
Computational Science Department (FWCC)
Department of Information Services and Computing (FWC)
Building 312, Room 7
Helmholtz-Zentrum Dresden-Rossendorf e.V.
Bautzner Landstr. 400 | 01328 Dresden | Germany
http://www.hzdr.de

Board of Directors: Prof. Dr. Sebastian M. Schmidt, Dr. Diana Stiller
Company Registration Number VR 1693, Amtsgericht Dresden