Menu
▾
▴
[Fwd] Re: query on ldap->bind & ldap->compare
|
From: Graham B. <gb...@po...> - 2000-05-04 13:09:36
|
----- Forwarded message from Graham Barr <gb...@po...> -----
Date: Thu, 4 May 2000 13:27:26 +0100
From: Graham Barr <gb...@po...>
To: tim fulcher <ful...@dr...>
Subject: Re: query on ldap->bind & ldap->compare
X-Mailer: Mutt 1.0pre3i
In-Reply-To: <391...@dr...>
On Thu, May 04, 2000 at 01:09:34PM +0100, tim fulcher wrote:
> Graham Barr wrote:
>
> > On Thu, May 04, 2000 at 11:19:51AM +0100, tim fulcher wrote:
> > >
> > > Hi,
> > >
> > > I'm trying to write a class which registers and subsequently checks
> > > itself against a LDAP server.
> > >
> > > Firstly, I seem to be able to bind to the server OK when I supply a dn
> > > for an object that doesn't yet exist, which seems to be contradictory to
> > > trying, say a command line ldapsearch using the same dn as a bind
> > > argument. (that gives no such object).
> >
> > Can you post the code you use to bind and how you check that the bind
> > succeeded.
>
> $br = $self->{ldap}->bind( $self->{mydn}, passwd => $self->{service} );
passwd is not a valid option, you need password. This will result in
bind doing an anonymous bind.
We need to catch this, but I do not want to add option name verification
to all the methods as that will slow things down (too much IMO).
Maybe an anonymous bind should be explicitly specified. ie none, password or sasl
must be given and password => '' is illegal (it must be none)
Does anyone have any thoughts ?
> > > Can you not supply supply multiple attributes to a compare operation ?
> >
> > No, LDAP only supports the compare of a single attribute at a time.
>
> Yeah, OK, I've fixed that so the compare only does one attr at a time.
As suggested by Chris, it may be better to do a search using the given dn as a base
and a scope of 'one' This would mean only one request would be sent to the server.
Graham.
----- End forwarded message -----
|
