authentication, CheckAuthConfigRequest and ldap

[ljm]

Hi, I'm experimenting with authenticating a user against the zimbra store. The soap AuthRequest method works fine, but it creates a session and seems a bit heavyweight for a simple yes/no authentication.

I was wondering whether CheckAuthConfigRequest would do the trick, but I can't figure out what the dn's need to be in order to make it work.

Is there an example or doco somewhere? com/zimbra/cs/account/ldap/Check.java doesn't shed any light on what the dn's need to look like.

Taking it one step further, would it be considered bad practice to authenticate via standard ldap bind and avoid the soap api altogether?

[ljm]

Urgh, 10 mins after posting I found what I was looking for.

In case anyone else is interested:
- see LdapUtil.java
- this ldapAuthBindDn worked for me:
uid=%u,ou=people,dc=domain,dc=com

[schemers]

If you don't want to create a session, just use <nosession/> in the <soap:Header> of the request:

Code:

<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
  <soap:Header>
    <context xmlns="urn:zimbra">
       <nosession/>
    </context>
  </soap:Header>
  <soap:Body>
     <AuthRequest xmlns="urn:zimbraAccount">
       ...
     </AuthRequest>
  </soap:Body>
</soap:Envelope>

I think that should work. See ZimbraServer/docs/soap.txt for more info.

You could do an LDAP bind directly, as long as you don't care about checking zimbraAccountStatus.

[ljm]

<nosession/> works as described - thanks.