ActiveDirectory authentication - some improvements

Idea created by Benoit_B on Oct 12, 2018
    • Benoit_B
    • Theo-Buri
    • abrsh01



    We tryied to configure DevTest in order to use ActiveDirectory authentication.

    But after some tests we saw 2 things.


    The first thing, there are 2 LDAP searchRequest sent when the user authenticates. The first request "searchRequest baseOjbect" with no result because the user entry is located in a subplace. And the second request "searchRequest wholeSubtree", with one result.

    -> Only one request "searchRequest wholeSubtree" can make the same thing (and avoid unuseful sollicitations).


    The second thing, there are about 39 items returned, but only 2 seems useful (CN and memberOf).In our LDAP, we can have pictures, certificates. So recovering all items can be heavy and decrease performances for DevTest authentication and maybe for other applications. 

    -> Add a way to configure DevTest to not read all LDAP attributes.


    Best regards