LDAP search and bind operations.
Article ID: KB0084965
Updated On:
| Products | Versions |
|---|---|
| TIBCO Enterprise Message Service | - |
| Not Applicable | - |
Description
Resolution:
When a user tries to log into tibemsadmin or an application tries to connect to EMS, EMS performs the following searches and binds (authentication) when the previous operation is successful:
1). Binds as principal.
2). Searches user.
3). Binds as user.
4). Binds as principal.
5). Searches for groups the user is a member of.
6). If groups are found, searches each group.
7). After searching one group, searches for parent group this group belongs to.
If there are n groups, there are n searches in both steps 6 and 7.
Examples:
Binds as principal:
ldap_simple_bind_s("CN=Admin,CN=Users,DC=ad,DC=for,DC=messaging,DC=support", *******)
Searches user:
ldap_search_ext_s(0000000003CE6DD0, "DC=ad,DC=for,DC=messaging,DC=support", LDAP_SCOPE_SUBTREE, "(&(cn=test_user)(objectClass=person))", [NULL], 0, [NULL], [NULL], 0)
Searches groups the user is a member of:
ldap_search_ext_s(0000000003CE6DD0, "DC=ad,DC=for,DC=messaging,DC=support", LDAP_SCOPE_SUBTREE, "(&(member=CN=test_user,CN=Users,DC=ad,DC=for,DC=messaging,DC=support)(objectClass=group))", [cn, member, NULL], 0, [NULL], [NULL], 0)
Seaches each group:
ldap_search_ext_s(0000000003ABDA40, "CN=Users,DC=ad,DC=for,DC=messaging,DC=support", LDAP_SCOPE_ONELEVEL, "(|(&(cn=szgrp)(objectClass=group))(&(cn=szgrp)(objectClass=groupOfURLs)))", [NULL], 0, [NULL], [NULL], 0)
After searching one group, searches parent group this group belongs to:
ldap_search_ext_s(0000000003ABDA40, "CN=Users,DC=ad,DC=for,DC=messaging,DC=support", LDAP_SCOPE_ONELEVEL, "(&(member=cn=szgrp,cn=users,dc=ad,dc=for,dc=messaging,dc=support)(objectClass=group))", [cn, member, NULL], 0, [NULL], [NULL], 0)
When a user tries to log into tibemsadmin or an application tries to connect to EMS, EMS performs the following searches and binds (authentication) when the previous operation is successful:
1). Binds as principal.
2). Searches user.
3). Binds as user.
4). Binds as principal.
5). Searches for groups the user is a member of.
6). If groups are found, searches each group.
7). After searching one group, searches for parent group this group belongs to.
If there are n groups, there are n searches in both steps 6 and 7.
Examples:
Binds as principal:
ldap_simple_bind_s("CN=Admin,CN=Users,DC=ad,DC=for,DC=messaging,DC=support", *******)
Searches user:
ldap_search_ext_s(0000000003CE6DD0, "DC=ad,DC=for,DC=messaging,DC=support", LDAP_SCOPE_SUBTREE, "(&(cn=test_user)(objectClass=person))", [NULL], 0, [NULL], [NULL], 0)
Searches groups the user is a member of:
ldap_search_ext_s(0000000003CE6DD0, "DC=ad,DC=for,DC=messaging,DC=support", LDAP_SCOPE_SUBTREE, "(&(member=CN=test_user,CN=Users,DC=ad,DC=for,DC=messaging,DC=support)(objectClass=group))", [cn, member, NULL], 0, [NULL], [NULL], 0)
Seaches each group:
ldap_search_ext_s(0000000003ABDA40, "CN=Users,DC=ad,DC=for,DC=messaging,DC=support", LDAP_SCOPE_ONELEVEL, "(|(&(cn=szgrp)(objectClass=group))(&(cn=szgrp)(objectClass=groupOfURLs)))", [NULL], 0, [NULL], [NULL], 0)
After searching one group, searches parent group this group belongs to:
ldap_search_ext_s(0000000003ABDA40, "CN=Users,DC=ad,DC=for,DC=messaging,DC=support", LDAP_SCOPE_ONELEVEL, "(&(member=cn=szgrp,cn=users,dc=ad,dc=for,dc=messaging,dc=support)(objectClass=group))", [cn, member, NULL], 0, [NULL], [NULL], 0)
Issue/Introduction
LDAP search and bind operations.
Additional Information
EMS User's Guide
Feedback
Yes
No
Powered by
