Re: (no subject)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Sure this could be added, it's just a case of someone writing a Net::LDAP::Control::ProxyAuth
module to support it.

But in the meantime you can do it the hard way. Not this will only
work for DN's that are less than 125 characters in length

  $ldap->search( ... 
    control => [
      {
        type => "2.16.840.1.113730.3.4.12,",
        value => pack("CCCCA*",0x30,2+length($dn),4,length($dn),$dn),
        critical => $critical
      }
   );

Graham.

On Wed, Sep 20, 2000 at 07:30:27PM +0200, Alexander.Jung1 wrote:
> Hello,
> 
> first a great thank you for the perl-ldap library, we're building a 
> quite nice Organigramm-Application on top of it.
> 
> In this application we hit a problem:
> In order to change his own entry a user has to be authenticated to the
> directory. We use Challenge/Response to get the users NT-Login,
> which has exactly the same uid as stored in our directory. 
> That far things work nicely, but we only get the username, not the
> password from the IIS-webserver, so we have a problem to authenticate
> in our script on behalf of the user asking.
> I found in Netscape's documentation a "proxy authentication" which would
> just do what we need: The perlscript would authenticate as script-user, but
> proxy for the real user and thus expierencing the ACLs that real user has.
> But I could not find any reference to proxied authentication in the perl-ldap
> documentation. The only meaningful reference I found is here:
> http://home.netscape.com/eng/server/directory/4.1/technotes/proxyauth.html
> 
> Could this option to bind be implemented somehow? It would fix an ugly
> kludge we are using right now.
> 
> Thanks in advance,
> 
> Alexander