Queries an LDAP server using provided user credentials. Authentication failures result in an error. Successful authentication removes the password field and continues to the following component.
Credentials used are:
- User identifier from the "user_id" parameter
- Password from the "password" parameter
Host spec: URI for the LDAP server
Base filter string: A filter string used as the query. The user id can be referenced by placing "#USER_ID" in the filterstr. See example below.
Bind DN: Distinguished name used for binding to the LDAP server.
Bind password: Password used for initial bind.
Base DN: Distinguished name at which to start the search.
An LDAP authenticator with the fields:
- Base filter string: (&(objectclass=person)(CN=#USER_ID))
and POST parameters:
- user_id = jane_doe
will perform a lookup using a constructed filter string of (&(objectclass=person)(CN=jane_doe)).
Errors will occur in the following cases:
- The user_id or password parameters are not present
- Binding to the LDAP server failed
- More than one user with the given user_id was found
- The user id/password combination was incorrect