No announcement yet.

Authenticate users against an LDAP directory.

  • Filter
  • Time
  • Show
Clear All
new posts

  • Authenticate users against an LDAP directory.


    I have been running a Win2003 server AD happily for a while but this ldap query is new to me. I am aware the AD runs an ldap service and I would like to find out how to address/access that service. I am trying to "point" an application to the ldap directory service for user authentication.

    It is asking for our LDAP server details.

    Where I would find the corresponding required parameters?

    I have included some examples.

    ldap host: ldap://localhost:389
    I understand that the ldap host would be ldap://servername:389

    Base DN: ou=Users,dc=example,dc=com
    If my domain is what would this be?

    Bind DN:
    Not sure what this is or why it would be required.

    Bind Password:
    Not sure what this is or why it would be required.

    Search Attribute: uid
    I understand that this is the variable the application will use to search (UserID).

    Any help appreciated.

    Last edited by netman839; 14th June 2007, 14:30.

  • #2
    Re: Authenticate users against an LDAP directory.

    "Users" is not an OU - it is a container, hence the Base DN would be:

    Bind DN is the distinguished name of the account you will use in order to gain access to AD - annonynous binds in W2K3 AD are restricted to only very basic lookups and it is not a good idea to open those.
    Example of Bind DN would be:

    Bind password is the password of the account above.

    Search attribute: AD does not use "uid" attribute as long as R2 or SFU schema extensions are not deployed. You would probably want to use 'sAMAccountName' attribute (the NT-style user account name).
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"


    • #3
      Re: Authenticate users against an LDAP directory.

      Our office looked into finding a way to authenticate a program against Windows Directory Services a few years ago and ended up not pursuing it. It's my understanding that Windows LDAP is still "evolving" but I believe it finally did become compliant to some sort of "LDAP Standard". You may want to checkout OpenLDAP.ORG

      This book sounds promising but I've never seen it first hand or been given any references that it is good or bad

      "If you design or program software for network computing or are interested in directory services, LDAP: Programming Directory-Enabled Applications with Lightweight Directory Access Protocol is an essential resource to help you understand the LDAP API; learn how to write LDAP programs; understand how to LDAP-enable an existing application; and learn how to use a set of command-line LDAP tools to search and update directory information."

      Good luck!