Question

1
Replies
732
Views
Dilip Kumar Nagaraj (DilipKumarN)
Areteans
Dilip Kumar Nagaraj
Areteans
GB
DilipKumarN Member since 2013 12 posts
Areteans
Posted: November 27, 2017
Last activity: November 27, 2017
Posted: 27 Nov 2017 2:29 EST
Last activity: 27 Nov 2017 11:19 EST
Closed

LDAP authentication with incorrect password

Hi Friends,

In our project we are implementing LDAP authentication (No Single Sign On)

We are using the OOTB authentication service /WebLDAP2 and the authentication activity is AuthenticationLDAPWebVerifyCredentials

We are able to successfully do the test connectivity using the client provided BindUserName & password.

#1. When we try to login with incorrect user id ,system is throwing user doesnot exist in directory (i.e, expected behavior)

#2. When we try to login with correct user id & incorrect password,system is still allowing the user to login and the ldap attributes such as email, phone number are getting mapped to the operator record which is an unexpected behavior. Im not able to find any logic in OOTB activity AuthenticationLDAPWebVerifyCredentials user password is validated. Not sure how to validate the incorrect password

Any help / suggestions for #2 is appreciated

Thanks,

Dilip

Security
Moderation Team has archived post, This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.