From: Chris R. <chr...@me...> - 2000-07-29 09:06:48
|
Graham Barr <gb...@po...> wrote: > IIRC, This is all avaliable from the root DSE. But I guess you are looking > for a simpler approach than > > $dse = $ldap->root_dse; > $dse->get('supportedVersions'); # I forget the attribute name Yeah, close. RFC 2251 specifies supportedLDAPVersion (and supportedControl etc) so reading that attribute should suffice. If it ain't there the server almost certainly doesn't support LDAPv3 so you've pretty much got no way to work out what it does do. (It might support LDAPv3 but prevent read access to that attribute. Unlikely perhaps, but permitted.) > >> Mind you, if this was written, it'd be very tempting to include something >> to test for "type" of ldap server eg Netscape/openldap/novell and >> introduce server specific tests too.... is this a good or a bad thing? > > I am not sure there is a way to determine the server type. Not reliably > anyway. There isn't. There was an Internet draft recently which specified a place to put a vendor string, but with the strict instructions that clients weren't to make use of it to switch behaviours. So that's out - I think the draft got stomped on anyway. >> whether ssl >> is supported on the server end (with a fall-back if its not), > > This is dangerous. If you want SSL it is normally for a reason, so falling > back is REALLY the wrong thing. Absolutely this is a bad way to fall back. You should never fall back and change security silently. Cheers, Chris |