How does icingaweb2 check the provided credential using LDAP

How does Icingaweb2 check the provided credentials (username and password) using LDAP Authentication? Does it BIND using the user’s credentials or does it BIND using the provided Bind DN in resources.ini and execute a COMPARE on the user password?


As most LDAP clients do, we bind with the configured credentials to lookup the user and groups.

The user itself is then logged in by binding with their credentials, this will work in most LDAP situations and also trigger mechanisms like “wrong password too often” properly.