Re: ldap->ping?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Graham Barr <gb...@po...> wrote:

> IIRC, This is all avaliable from the root DSE. But I guess you are looking
> for a simpler approach than
>
>   $dse = $ldap->root_dse;
>   $dse->get('supportedVersions'); # I forget the attribute name

Yeah, close. RFC 2251 specifies supportedLDAPVersion (and supportedControl 
etc) so reading that attribute should suffice. If it ain't there the server 
almost certainly doesn't support LDAPv3 so you've pretty much got no way to 
work out what it does do.

(It might support LDAPv3 but prevent read access to that attribute. 
Unlikely perhaps, but permitted.)

>
>> Mind you, if this was written, it'd be very tempting to include something
>> to test for "type" of ldap server eg Netscape/openldap/novell and
>> introduce server specific tests too.... is this a good or a bad thing?
>
> I am not sure there is a way to determine the server type. Not reliably
> anyway.

There isn't. There was an Internet draft recently which specified a place 
to put a vendor string, but with the strict instructions that clients 
weren't to make use of it to switch behaviours. So that's out - I think the 
draft got stomped on anyway.

>> whether ssl
>> is supported on the server end (with a fall-back if its not),
>
> This is dangerous. If you want SSL it is normally for a reason, so falling
> back is REALLY the wrong thing.

Absolutely this is a bad way to fall back. You should never fall back and 
change security silently.

Cheers,

Chris