Posted: 27 Nov 2017 2:29 EST Last activity: 27 Nov 2017 11:19 EST
LDAP authentication with incorrect password
In our project we are implementing LDAP authentication (No Single Sign On)
We are using the OOTB authentication service /WebLDAP2 and the authentication activity is AuthenticationLDAPWebVerifyCredentials
We are able to successfully do the test connectivity using the client provided BindUserName & password.
#1. When we try to login with incorrect user id ,system is throwing user doesnot exist in directory (i.e, expected behavior)
#2. When we try to login with correct user id & incorrect password,system is still allowing the user to login and the ldap attributes such as email, phone number are getting mapped to the operator record which is an unexpected behavior. Im not able to find any logic in OOTB activity AuthenticationLDAPWebVerifyCredentials user password is validated. Not sure how to validate the incorrect password
The OOTB Activity "AuthenticationLDAPWebVerifyCredentials" doesnot verify the password, It just checks whether the user is found in LDAP directory. Try to use the other activity "AuthenticationLDAPVerifyCredentials", This checks for user availability as well as the password match.Hope this helps.