Menu
▾
▴
Re: userpassword
|
From: Graham B. <gb...@po...> - 2001-07-03 19:32:41
|
On Tue, Jul 03, 2001 at 03:24:16PM -0400, Odell, Chauncey (Dyncorp) wrote:
> I found in the archives from last August (with slight modification to
> protect the fish)
> ================
> to do a compare:
> use Net::LDAP::Constant;
> $mesg = $ldap->compare($dn,"userpassword",_properly_encoded_password);
That should be
$mesg = $ldap->compare($dn, attr => "userpassword", value => _properly_encoded_password);
Graham.
>
> if ($mesg->code() == LDAP_COMPARE_TRUE)
> {
> auth success
> }
> ==================
>
> I assume that '_properly_encoded_password' is the encripted password held by
> the directory server because
> the plain text password does not provide LDAP_COMPARE_TRUE.
>
> Is it possible to obtain username / password validation using perl-ldap if I
> have the plain text password.
> I can use normal prompt for user / password for the CGI portion of my
> program, but I also need to validate the user as part of a daemon request.
> My security folks feel that passing the encripted password to the daemon
> only proves that I was able to access the directory server and ask for the
> encripted password.
>
> Thanks,
> chauncey
>
>
>
|
