Support Active Directory authentication
Registered by
Morten Brekkevold
NAV supports a simple method of LDAP authentication of web users. This method will not work for Microsoft Active Directory, which by default will not allow anonymous binds, and whose user objects often will have a common name as the RDN attribute (meaning that users would need to log in with their full names).
To map a user's login name to an Active Directory user object to bind against, one apparently needs to bind to the AD using a known account/password, search for the user object's DN based on the login name and then attempt to bind to the user object, if found.
Blueprint information
- Status:
- Complete
- Approver:
- Morten Brekkevold
- Priority:
- Medium
- Drafter:
- Morten Brekkevold
- Direction:
- Approved
- Assignee:
- Fredrik S
- Definition:
- Approved
- Series goal:
- Accepted for 3.7
- Implementation:
- Implemented
- Milestone target:
- 3.7.0
- Started by
- Morten Brekkevold
- Completed by
- Morten Brekkevold
Related branches
Related bugs
Sprints
Whiteboard
Implementation here: http://
(Parent changeset refactors the ldapAuth module in prep for this changeset)
(?)