Can I use any other attribute other than userPassword attribute to authenticate to the Directory?

book

Article ID: 53885

calendar_today

Updated On:

Products

CA Directory CA Security Command Center CA Data Protection (DataMinder) CA User Activity Reporting

Issue/Introduction

Description:

No. You cannot use any other attribute other than userPassword attribute to authenticate to the Directory.

Solution:

No. You cannot use any other attribute other than userPassword attribute value to authenticate to the Directory.
This is not supported by the current LDAP standards.

Example:
User John binds to the Directory using the following credentials
BindDN: cn=John Smith,o=Democorp,c=AU
Password: secret123

Whenever a bind containing the password is sent to the Directory, it will always compare this password with the value stored in the "userPassword" attribute of the entry.
In the above case the password "secret123" will be compared with the "userPassword" attribute value associated with the entry "cn=John Smith,o=Democorp,c=AU".
If there is a match, then the server will respond with resultCode success otherwise the server will respond with resultCode invalidCredentials.

Environment

Release: ESPDIR99000-8.1-Extended Support Plus-for CA Directory
Component: