There is a API which can be accessed with userName='emmma' with password='secretxxxx' (these are not real users , they are other programs accessing it) and the password has to be changed every 6 months , currently userName and password is stored in the db. But we not want to maintain this user, instead rely on ldap to authenticate user.
I have 2 approaches in mind Approach 1: create new user say 'admin' in ldap for binding , after successful binding authenticate the user 'emma'. Concern:This requires us to maintain the newly added user 'admin' 's userName password on application side , ( new entry in db and frequent password change) Approach 2: Successful bind to ldap implies that user creds are valid .Instead of using different user to bind , bind using the user 'emma'.
It would be helpful if you could let me know , if its okay to go with the Approach 2 also please suggest if you have any other alternate approach in mind.
I'm using Spring boot in the backend :
LdapContextSource contextSource = new LdapContextSource();
//code to set url , bind user dn , password
.
.
.
//
contextSource.getContext(userDn,password); -> if this thorws no exception , i'm concluding that user is valid