September 8th, 2010, 09:36 PM
LDAP and password authentication
I am just getting started with LDAP so please bear with me if I am asking something trivial.
I understand that one can use an LDAP server in order to do password authentication on behalf of remote systems, the advantage being that the passwords and password authentication schemes can be remain the same, no matter what kind of remote platforms are accessing the LDAP server.
My question is, how does the LDAP server perform the password authentication itself? I believe that an LDAP client would transmit a username and a password to the LDAP server, and the latter would use whatever password information it has in store to do the authentication.
Is it the case that server just compares the passwords received and stored byte by byte, the authentication succeeding if they match and the passwords are of the same length?
More generally, is it possible to store information associated with a given username in an LDAP server, such that the kind of authentication to be applied to the password could be specified in that stored information? A silly example might be for the LDAP server to compute a specific hash of the data received before comparing the resulting hash, byte by byte, with the password information stored in the LDAP server.