Can I use any other attribute other than userPassword attribute to authenticate to the Directory?

Document ID : KB000053885
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

No. You cannot use any other attribute other than userPassword attribute to authenticate to the Directory.

Solution:

No. You cannot use any other attribute other than userPassword attribute value to authenticate to the Directory.
This is not supported by the current LDAP standards.

Example:
User John binds to the Directory using the following credentials
BindDN: cn=John Smith,o=Democorp,c=AU
Password: secret123

Whenever a bind containing the password is sent to the Directory, it will always compare this password with the value stored in the "userPassword" attribute of the entry.
In the above case the password "secret123" will be compared with the "userPassword" attribute value associated with the entry "cn=John Smith,o=Democorp,c=AU".
If there is a match, then the server will respond with resultCode success otherwise the server will respond with resultCode invalidCredentials.