14

What is anonymous binding? And, why do I need to use anonymous binding when the user provides his/her credentials for authentication?

Why do I need to bind to the ldap server anonymously and then use the credentials provided by the user for authentication?

Daniel Miladinov
  • 1,582
  • 9
  • 20
pavanred
  • 12,717
  • 14
  • 53
  • 59
  • 1
    Do you? I think you can bind directly with providing user/password. At least you can via jndi and openLDAP commandline interfaces. – bert Jan 10 '11 at 07:20

1 Answers1

16

In LDAP your full DN (needed to bind) could be anything, and often can change. A name change (since AD defaults to Full Name mapped to CN in the DN) or a move could change it. So expecting people to login with a full DN is not going to work.

So the backend system logs in anon, searches for some unique tidbit. Like email, or username or something, finds the proper DN, and then tries to login with the provided password.

Or else you use a service account for your backend system instead of anonymous binds.

geoffc
  • 4,030
  • 7
  • 44
  • 51
  • 1
    Thanks. I do not know much about how a LDAP server would be configured or maintained. But generally, how often and why(if possible) would the DN be changed? – pavanred Jan 10 '11 at 14:15
  • @pavanred: Every time the user is renamed or moved. In AD this might be more often than in other systems. – geoffc Jan 10 '11 at 17:45
  • @geoffc how to set this password for LDAP anonymous binding? – tasqyn Jul 31 '18 at 08:46