Authentication using LDAP

Published 05-24-2006 8:51 PM | jokiz
One of the requirements for our current application is to authenticate the users using their LDAP server.  We were able to use it for authentication for our current setup.  

By the way, the NativeObject property of the DirectoryEntry class should be included in the API Hall of Shame of Brad Adams.  It should have been a method maybe named as Bind().

I was surprised this afternoon when i changed the password to an empty string and the authentication was still successful.  It was supposed to catch a COMException but it did not.  Turns out that having an empty string is similar to anonymous login which is currently enabled for the server.
Filed under: ,

Comments

# cruizer said on May 24, 2006 4:00 PM:

what LDAP server are you using? in our previous company we tested on OpenLDAP (open source) and of course MS Active Directory

# jokiz said on May 24, 2006 8:01 PM:

client is using netscape