From: Mark W. <mew...@un...> - 2000-09-20 18:04:36
|
to do this you have to implement the Proxy Authorization control in Net::LDAP. Mark On Wed, 20 Sep 2000, Alexander.Jung1 wrote: > Hello, > > first a great thank you for the perl-ldap library, we're building a > quite nice Organigramm-Application on top of it. > > In this application we hit a problem: > In order to change his own entry a user has to be authenticated to the > directory. We use Challenge/Response to get the users NT-Login, > which has exactly the same uid as stored in our directory. > That far things work nicely, but we only get the username, not the > password from the IIS-webserver, so we have a problem to authenticate > in our script on behalf of the user asking. > I found in Netscape's documentation a "proxy authentication" which would > just do what we need: The perlscript would authenticate as script-user, but > proxy for the real user and thus expierencing the ACLs that real user has. > But I could not find any reference to proxied authentication in the perl-ldap > documentation. The only meaningful reference I found is here: > http://home.netscape.com/eng/server/directory/4.1/technotes/proxyauth.html > > Could this option to bind be implemented somehow? It would fix an ugly > kludge we are using right now. > > Thanks in advance, > > Alexander > |