Re: Question about comparing perl variables to LDAP values...

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Rather than comparing the attributes (which would require your script to
have 'compare' access to the userpassword attribute, why not attempt to
bind to the directory as the user? That way you don't have to give your
script as much access (and don't need to worry as much about hashing
algorithms).

	--Tom

On Thu, 12 Apr 2001, Cruz deWilde wrote:

> Hi all,
>
> I'm more or less a neophyte when it comes to working with LDAP, and I'm hoping
> someone out there might help me with something.  I'm trying to build a
> web-based "Change Password" form for our new iPlanet LDAP implementation, and
> I've been having trouble figuring out how to compare the user's old password to
> their existing LDAP password for verification.  The web form I built encrypts
> their passwords (old and new) using MD5, and then passes them to the perl cgi
> form-processor, which is supposed to first figure out if their old password
> matches their existing one, and then update the password entry with the new
> encrypted one...
>
> I'm connecting to the LDAP server without any trouble, but I really don't
> understand the usage of Net::LDAP's $ldap->compare function.  In short, the
> function doesn't seem to return anything which indicates whether or not the
> passwords match.  I'm pretty sure that it comes down to the fact that I don't
> really know what I'm doing here, but if anyone out there could provide some
> example of this function in action, it would ease my suffering greatly  :)  I'm
> quite sure that building a web-based, perl-driven password update form for LDAP
> has been done a thousand times before, so any sample code would be tremendously
> appreciated.  Thanks!!
>
> -Cruz deWilde
>
> __________________________________________________
> Do You Yahoo!?
> Get email at your own domain with Yahoo! Mail.
> http://personal.mail.yahoo.com/
>