I know simply a LDAP bind can do user password verification. But the thing is that an application server usually uses admin user (cn=Directory Manager) to do all CRUD operations.
By a simple bind operation, we have to create a ldap connection binds with that specific user's dn , which is annoying.
As I know ldapcompare is another alternative, but looks like OpenDJ ldapcompare can not compare plain-text-password(OpenDJ userPassword is encrypted).
But from some ldap browser(Apache LDAP Studio), there's a "Vefiry Password" which works very well.
Any idea ?
Using cn=DirectoryManager from an application server is a security issue, pretty much like running applications as root in the unix world.
Have you tried using the proxyAuth control? Here are a few relevant links: