Question

1
Replies
670
Views
DilipKumarN Member since 2013 12 posts
TCS
Posted: 2 years ago
Last activity: 2 years 11 months ago
Closed

LDAP authentication with incorrect password

Hi Friends,

In our project we are implementing LDAP authentication (No Single Sign On)

We are using the OOTB authentication service /WebLDAP2 and the authentication activity is AuthenticationLDAPWebVerifyCredentials

We are able to successfully do the test connectivity using the client provided BindUserName & password.

#1. When we try to login with incorrect user id ,system is throwing user doesnot exist in directory (i.e, expected behavior)

#2. When we try to login with correct user id & incorrect password,system is still allowing the user to login and the ldap attributes such as email, phone number are getting mapped to the operator record which is an unexpected behavior. Im not able to find any logic in OOTB activity AuthenticationLDAPWebVerifyCredentials user password is validated. Not sure how to validate the incorrect password

Any help / suggestions for #2 is appreciated

Thanks,

Dilip

Security
Moderation Team has archived post
Share this page LinkedIn