Is there a way to authenticate a user to LDAP with email (mail) and not cn or DN? We are using ruby ldap, and possibly active-ldap (we have been having problem with it, though). All we need to do is authenticate a user and then create a membership in our system based on the authentication success.
A:
Why not just look up the user's DN using their email address, and then authenticate?
dbyrne
2010-05-28 14:49:22
We ended up using one primary account to gain us access, then using that access, we could easily search for the user's email address and then authenticate the password.
smcdrc
2010-10-15 17:49:41
A:
Login to ldap with a administrative user and search the user by email and password with a filter:
require 'rubygems'
require 'net/ldap'
ldap = Net::LDAP.new :host => server_ip_address,
:port => 389,
:auth => {
:method => :simple,
:username => "cn=manager,dc=example,dc=com",
:password => "opensesame"
}
filter = Net::LDAP::Filter.eq( "email", "[email protected]" )
treebase = "ou=Users,dc=example,dc=com"
@auth = false
ldap.search( :base => treebase, :filter => filter ) do |entry|
ldap2 = Net::LDAP.new :host => server_ip_address,
:port => 389,
:auth => {
:method => :simple,
:username => entry.dn,
:password => "joe's password"
}
@auth = true if ldap2.bind
end
puts "user authenticated" if @auth
clyfe
2010-05-28 15:04:51