我想提出一个门户网站，我的组织中，我希望用户登录到门户网站，其组织acoount的ID和密码。

为此我使用LDAP身份验证用java。

在经过好几篇文章阅读中，我发现下面的步骤来进行验证。

1）绑定到LDAP服务器使用一些有约束力的或技术的帐户

2）搜索的LDAP服务器的用户信息是谁在尝试登录

3）尝试绑定到服务器的用户的专有名称和密码了。

1的问题是上述方法完全正确的或我错过了一些信息，因为我是新手程序员？又是什么概念的结合意味着什么呢？

问题2 - 我不知道什么是绑定帐号的需要呢？如果直接我尝试到LDAP服务器用户的凭证绑定，如果它是成功的，那么我可以给他的访问？ 我有jexplorer工具中，我能够用我自己的组织的凭证连接到LDAP服务器。所以我在想什么是第一个绑定到LDAP服务器与其他一些帐户需要？

1的问题是上述方法完全正确的。

是的。

问题2 - 我不知道什么是绑定帐号的需要？

您需要搜索directiry找到用户DN，你通常不希望普通市民未认证的，能够搜索目录。

如果直接我尝试到LDAP服务器用户的凭证绑定，如果它是成功的，那么我可以给他的访问？

您没有将用户的凭据开始。你有自己的登录名或电子邮件地址，或CN，或者说他使用自己的身份，而这仅仅是一些入门的属性的东西。你需要找到该条目，并得到其DN进行认证。

我jexplorer工具中，我能够用我自己的组织的凭证连接到LDAP服务器。所以我在想什么是第一个绑定到LDAP服务器与其他一些帐户需要？

见上面。你不希望用户要记住他的整个DN你做JXplorer的方式。

I am making a portal for my organization in which i want the user to login to that portal with their organization acoount's id and password.

For this purpose i am using LDAP authentication with java.

After reading through quite a few articles, i found the following steps for authentication.

1) Bind to ldap server using some binding or technical account

2) search for the user details in ldap server who is trying to log in

3)try to bind to server again with user's Distinguished name and password.

question 1- Is the above process exactly correct or i am missing some info as i am a novice programmer?And what does binding conceptually mean?

question 2- I wonder what is the need of binding account? if directly i try to bind the ldap server with user's credential and if it is successful, then can i give him the access? I have jexplorer tool in which i am able to connect to ldap server with my own organization's credential. So i was thinking what is the need of first binding to ldap server with some other account?

question 1- Is the above process exactly correct

Yes.

question 2- I wonder what is the need of binding account?

You need to search the directiry to find the user DN, and you normally don't want the general unauthenticated public to be able to search the directory.

if directly i try to bind the ldap server with user's credential and if it is successful, then can i give him the access?

You don't have the user's credentials to start with. You have his login name, or email address, or CN, or something that he uses to identity himself, but which is only an attribute of some entry. You need to find that entry and get its DN for authentication.

I have jexplorer tool in which i am able to connect to ldap server with my own organization's credential. So i was thinking what is the need of first binding to ldap server with some other account?

See above. You don't want the user to have to remember his entire DN the way you do with JXplorer.