问题描述

您好，我正在尝试使用ldap测试服务器来对openca中的用户进行身份验证.

Hello I'm trying to use my ldap test server in order to authenticate users in openca.

我当前正在通过phpldapadmin连接:

I'm currently connecting through phpldapadmin with :

但是在openca上出现了问题...在datasources.xml中，我找到了ldap配置的设置，并要求输入

but on openca something is going wrong... in datasources.xml I found the settings of the ldap configuration and it asks for

<name>basedn</name>

这是我的基础?我已经尝试过了

which is the basedn for me ? I already tried

cn=admin,dc=example,dc=com

和

dc=example,dc=com

我也可以使用LDAP Admin Explorer连接到我的ldap.

I can connect to my ldap with LDAP Admin explorer too.

谢谢！

推荐答案

基本dn是dc=example,dc=com.

我不了解openca，但由于您到目前为止的访问量很少，我将尝试使用此答案.

I don't know about openca, but I will try this answer since you got very little traffic so far.

基本dn是服务器搜索用户的起点.因此，我将尝试简单地使用admin作为登录名.

A base dn is the point from where a server will search for users. So I would try to simply use admin as a login name.

如果openca的行为类似于大多数ldap感知的应用程序，则将发生这种情况:

If openca behaves like most ldap aware applications, this is what is going to happen :

1. 服务器的ldap搜索将由服务器从基本dn(dc=example,dc=com)开始进行.
2. 找到用户后，将使用完整的dn(cn=admin,dc=example,dc=com)绑定提供的密码.
3. ldap服务器将对密码进行哈希处理并与存储的哈希值进行比较.如果匹配，您就可以进入.

1. An ldap search for the user admin will be done by the server starting at the base dn (dc=example,dc=com).
2. When the user is found, the full dn (cn=admin,dc=example,dc=com) will be used to bind with the supplied password.
3. The ldap server will hash the password and compare with the stored hash value. If it matches, you're in.

正确地执行步骤1是最困难的部分，但这主要是因为我们不经常这样做.您必须在配置文件中查找的内容是:

Getting step 1 right is the hardest part, but mostly because we don't get to do it often. Things you have to look out for in your configuraiton file are :

• 您的应用程序将使用dn绑定到ldap服务器.在任何用户进行身份验证之前，这都会在应用程序启动时发生.您将必须提供完整的dn，也许是cn=admin,dc=example,dc=com之类的东西.
• 身份验证方法.通常是简单绑定".
• 用户搜索过滤器.查看您的admin用户的名为objectClass的属性. inetOrgPerson或user.还会有类似top的其他名称，您可以忽略它们.在您的openca配置中，应该有一个类似于(objectClass=inetOrgPerson)的字符串.无论是什么，请确保它与您的管理员用户的对象类匹配.您可以使用此搜索过滤器(|(objectClass=inetOrgPerson)(objectClass=user))指定两个对象类.

• The dn your application will use to bind to the ldap server. This happens at application startup, before any user comes to authenticate. You will have to supply a full dn, maybe something like cn=admin,dc=example,dc=com.
• The authentication method. It is usually a "simple bind".
• The user search filter. Look at the attribute named objectClass for your admin user. It will be either inetOrgPerson or user. There will be others like top, you can ignore them. In your openca configuration, there should be a string like (objectClass=inetOrgPerson). Whatever it is, make sure it matches your admin user's object Class. You can specify two object class with this search filter (|(objectClass=inetOrgPerson)(objectClass=user)).

下载LDAP浏览器，例如 Apache的Directory Studio .使用应用程序的凭据进行连接，因此您将看到应用程序看到的内容.

Download an LDAP Browser, such as Apache's Directory Studio. Connect using your application's credentials, so you will see what your application sees.

这篇关于LDAP服务器是我的基本dn的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！