4 Replies Latest reply: May 6, 2013 8:48 AM by ChrisEl RSS

    OVD plugin to correct malformed bindDN

    CE_IDAM
      My customer is dealing with a badly behaving off-the-self LDAP client that only accepts the a search base as a parameter. You can't specify a bindDN. So when this client tries to authenticate a user it takes the supplied credential (i.e. samaccountname) and prepends it to the search base. The whole step of searching the directory for the user and retrieving the DN for authentication is skipped. So the "search base" is not really a search base and is used to hard code the right hand portion of the DN and just adding the samaccountname as the RDN. This might work if the users where all in one location...but they're not.
      So the customer is looking at using their OVD service to translate this. OVD would have to take the DN supplied, grab the RDN from it, search the backend AD then then do a bind with the returned DN from the search.
      They don't want to spend too much time developing a custom plug-in to do this is this temporary measure during an AD migration.

      1) Is there an out-of-the-box plugin that can be used? I don't think so from looking through the documents, but I'd like to make sure.
      2) Would this be a difficult plug-in to write and would anyone have something I can start with?

      Regards,
      Chris