Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP anonymous connection

alexandra
Padawan

‎21-12-2020 12:47 PM

Hi everyone,

I have read the documentation about authenticating database users with LDAP: 

https://docs.exasol.com/sql/create_user.htm

I couldn't see any technical user for exasol configured here, so I assume that exasol is making an anonymous LDAP connection to ask for user authentication.

Is that true?

If yes, is there a way to configure the LDAP connection with a technical user instead of having it anonymous?

Thanks in advance!

4 REPLIES 4

exa-Chris
Community Manager
Community Manager

‎22-12-2020 11:15 AM

Hi Alexandra,

thanks for the question. We are also checking internally about the best solution for your issue. Since we are nearing the Christmas break, some are already off.

We are checking who can answer the best way.

Regards

exa-Chris

Connecting Customers, Partners, Prospects and Exasolians is my passion. Apart from that I cycle, listen to music, and try to understand what all those technical discussions really mean...
0 Kudos

exa-Ruslan
Team Exasol
Team Exasol

‎22-12-2020 12:17 PM

Exasol uses internally the ldap_sasl_bind_s call with the provided user credentials to authenticate the login user.  Without valid password the user can’t be authenticated.  In this case we don’t have “anonymous LDAP connection” or may be I don’t understand the question correctly?

alexandra
Padawan

‎28-12-2020 11:53 AM

Hi,

Thanks for the explanation.

My question is: when Exasol uses internally the ldap_sasl_bind_s call to ask LDAP about the provided user credentials, is the communication between the application Exasol and the application LDAP anonymous or is Exasol communicating with its technical user and its credentials, e.g. as admin? 

0 Kudos

exa-Ruslan
Team Exasol
Team Exasol

‎29-07-2021 09:35 AM

Hi,
Exasol is communicating with credentials given by the user which tries to login. For example if you have user_1:

CREATE USER user_1 IDENTIFIED AT LDAP AS 'cn=user_1,dc=authorization,dc=exasol,dc=com';


In order to login into Exasol DB the user_1 have to use its ldap password, ie.

exaplus -u user_1 -P <ldap_password_for_user_1>

 
Exasol then knows that user_1 should be authenticated using the configured ldap server and makes the call:

ldap_sasl_bind_s(LDAP, "cn=user_1,dc=authorization,dc=exasol,dc=com", LDAP_SASL_SIMPLE, ldap_password_for_user_1, ...);

 

New to the Exasol Community?

Then it's time to become part of a unique family! Discover helpful tips and support other Community members with your knowledge.