From: Chris R. <Chr...@me...> - 2000-05-04 13:51:26
|
On Thu, 04 May 2000 14:07:30 BST, Graham Barr wrote: > ----- Forwarded message from Graham Barr <gb...@po...> ----- > > Date: Thu, 4 May 2000 13:27:26 +0100 > From: Graham Barr <gb...@po...> > To: tim fulcher <ful...@dr...> > Subject: Re: query on ldap->bind & ldap->compare > X-Mailer: Mutt 1.0pre3i > In-Reply-To: <391...@dr...> > > On Thu, May 04, 2000 at 01:09:34PM +0100, tim fulcher wrote: > > Graham Barr wrote: > > > > > On Thu, May 04, 2000 at 11:19:51AM +0100, tim fulcher wrote: > > > > > > > > Hi, > > > > > > > > I'm trying to write a class which registers and subsequently checks > > > > itself against a LDAP server. > > > > > > > > Firstly, I seem to be able to bind to the server OK when I supply a dn > > > > for an object that doesn't yet exist, which seems to be contradictory to > > > > trying, say a command line ldapsearch using the same dn as a bind > > > > argument. (that gives no such object). > > > > > > Can you post the code you use to bind and how you check that the bind > > > succeeded. > > > > > $br = $self->{ldap}->bind( $self->{mydn}, passwd => $self->{service} ); > > passwd is not a valid option, you need password. This will result in > bind doing an anonymous bind. > > We need to catch this, but I do not want to add option name verification > to all the methods as that will slow things down (too much IMO). > > Maybe an anonymous bind should be explicitly specified. ie none, password or sasl > must be given and password => '' is illegal (it must be none) > > Does anyone have any thoughts ? That makes sense. Something like a 'method' parameter, with values 'anonymous'/'none' (empty name + empty password), 'nameonly' (name + empty password), 'simple' (name + password), or 'sasl' (erm, "stuff"). The current default of 'none' should be kept. Cheers, Chris |