plugin-LoginLdap icon indicating copy to clipboard operation
plugin-LoginLdap copied to clipboard

Published 20 hours ago verified publisher icon matomo-org

Why a separate user for LDAP bind, why not bind with the user-supplied u+p?

Open bluikko opened this issue 9 years ago • 2 comments

Is there a reason why LoginLdap requires a separate user+password for LDAP bind, instead of binding as the user+password that the user supplied when attempting to login?

bluikko avatar Sep 15 '16 10:09 bluikko

Using the supplied username+password might be reasonable when logging into the backend. To import new LDAP users as an admin there has to be a bind user, as you're only inserting the username of the new user.

kkugelmann avatar Sep 23 '16 13:09 kkugelmann

That is not entirely true.

It depends on the configuration of the LDAP server, specifically AD is preconfigured to accept things like the UPN (userPrincipalName) and samAccountName and not a DN

serverhorror avatar Apr 11 '19 00:04 serverhorror