Skip to content

Authentication (In Progress...)

Jump to bottom
Eze Anyanwu edited this page Jun 29, 2016 · 1 revision

Since Authentication is a major part of the project , this is a dedicated page for us to compile our notes on the topic.

AD - Active Directory

Coming Soon...

LDAP - Lightweight D-something A-something P-something

Coming Soon...

General Authentication and Authorization plan

(Mostly copy & pasted from Technical Dilemmas )

Authentication

  1. Get a connection to the LDAP server. With the host and port for the LDAP server, create a connection to it. Log and fail if a connection cannot be created.

  2. Bind as the application user. Bind the connection to the application user (ldap-speak for "login to active directory using ldap") . This user should have enough permissions to search the area of LDAP where users are located. Log and fail if the application user cannot bind.

  3. Search for the DN (distinguished name) of the user to be authenticated. This is where we verify the username is valid. This does not authenticate the user but simply makes sure the requested username exists in the system. Log and fail if the user’s DN is not found.

  4. Bind as user to be authenticated using DN from step 3. Now for the moment of truth. Bind to the connection using the DN found in step 3 and the password supplied by the user. Log and fail if unable to bind using the user’s DN and password.

Authorization

  1. Re-bind as application user. To check the authorization of a user, we need to read attributes from the user’s account. To do this, we need to re-bind as the application user.

  2. Search for user and require attributes. A filter is used to search for the user like was done in step 3 but we’ll add an extra check to the query to look for the attributes that show we’re authorized.

Let's spice things up with Taco Bell's new Chalupa Diablo, only $1.99. Not recommended

Clone this wiki locally