I have an LDAP resouce adapter setup in IDM (SUN directory server) that connects using a User DN and password.
We also authenticate our users into IDM via LDAP.
Since we had the adapter setup with User DN (distinguished name) it seemed that we would not do any anonymous binds to LDAP. However when anonymous bind was turned off on the directory server, the users cannot log into IDM.
Does the passthrough authentication not use the settings of the adapter to test the user trying to log into IDM?
We use passthrough autentication with the Sun LDAP server.
In the LDAP access log you should be able to see what happens.The IDM bind account is used to search for the DN of the user, and then a new connection is set up to bind to the directory with the DN and password of the user. If the enduser bind succeeds (err=0) the user can log in.
What do you mean by 'anonymous bind is turned off'? Did you edit the ACL to that remove the aci that allows anonymous access?