WebPasswordLDAPLoginModule is the login module that uses the LDAP directory server's authentication function.

It tries to bind to the LDAP directory server by using the entered user ID and password. When the attempt succeeds, authentication is successful. The following figure shows an overview of WebPasswordLDAPLoginModule.

Figure 5-14 Overview of WebPasswordLDAPLoginModule

To use this module, specify the definition to connect to the LDAP directory server and the attribute names used to retrieve entries in ua.conf (the integrated user management configuration file).

WebPasswordLDAPLoginModule reads this file and obtains the user ID from HttpServletRequest to find the user entry DN. It then tries to bind to the LDAP directory server by using this DN and the password obtained from HttpServletRequest. When the attempt succeeds, it returns the user attributes.

User entry search and the user ID and password used to obtain user attributes

When searching for the user entry to authenticate the user, the module uses the bind DN and password specified in ua.conf (the integrated user management configuration file). To obtain user attributes, it uses the user entry DN and password as the bind DN and password. To learn more about user entry search, see 5.3.8 (1) User entry search.

Notes on using the LDAP connection pool

The LDAP connection pool is used for the user entry search process only. It is not used to authenticate users or obtain user attributes. When not searching for user entries, disable the LDAP connection pool. To learn more about the LDAP connection pool, see 5.3.8 (2) Connection pool.