SecureLogin uses anonymous binds to LDAP

  • 7002667
  • 17-Feb-2009
  • 26-Apr-2012

Environment

Novell SecureLogin
NSL 6.x
NSL7.0
NSL7.1
SecureLogin installed in LDAP mode
NSL authenticates to the directory via LDAP

Situation

SecureLogin uses an anonymous LDAP bind to the directory when performing its initial query for the User object
How to force an authenticated user or proxy user for an initial LDAP search with SecureLogin

Resolution

This is working as designed.

When the SecureLogin client launches in LDAP mode, it performs a query against the datastore to see if the specified user exists, and if multiple users with the same name exist in different contexts.  This is done as an anonymous lookup, and at the time of writing there is no way to force this through a proxy user / authenticated lookup.  For this reason anonymous bind is required for SecureLogin installed in LDAP mode.

After the initial query result is returned, the SecureLogin client uses a traditional, authenticated / encrypted connection to authenticate the user to the directory and retrieve the users' SecureLogin information.  By default this occurs over port 636. 

Installed in LDAP mode, all SecureLogin traffic except the initial user lookup occurs over a secure, encrypted connection.

An enhancement request has been entered asking for the ability to allow the initial look up to take place over an authenticated connection as a proxy user. 

Status

Reported to Engineering

Feedback service temporarily unavailable. For content questions or problems, please contact Support.