I am making a portal for my organization in which I want the user to login to that portal with their organization acoount's ID and password.
For this purpose I am using LDAP authentication with Java.
After reading through quite a few articles, I found the following steps for authentication:
bind to LDAP server using some binding or technical account
search for the user details in LDAP server who is trying to log in
try to bind to server again with user's Distinguished name and password.
Is the above process exactly correct or I am missing some info as I am a novice programmer? And what does binding mean conceptually?
I wonder what is the need of binding account? If directly I try to bind the LDAP server with user's credential and if it is successful, then can I give him the access?
I have JXplorer tool in which i am able to connect to LDAP server with my own organization's credential. So I was thinking what is the need of first binding to LDAP server with some other account?
question 1- Is the above process exactly correct
Yes.
question 2- I wonder what is the need of binding account?
Yes. You need to search the directory to find the user DN, and you don't want the general unauthenticated public to be able to search the directory.
if directly I try to bind the ldap server with user's credential and if it is successful, then can I give him the access?
You don't have the user's credentials to start with. You have his login name, or email address, or CN, or something that he uses to identity himself, but which is only an attribute of some entry. You need to find that entry and get its DN for authentication.
I have jexplorer tool in which I am able to connect to LDAP server with my own organization's credentials. So i was thinking what is the need of first binding to LDAP server with some other account?
See above. You don't want the user to have to remember his entire DN the way you do with JXplorer.