Re: Unable to do named binds against NDS 8

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Michael Wille <mw...@do...> wrote:
> It returned the full dn:  
> 
> cn=mwille, ou=MIS, ou=SOUTHFIELD, o=WBDONER, c=US
> 
> Once I added the full dn to the named bind request, the bind was
> successful!  I guess you have to have every element, which is
> unfortunate.  If we are using the bind for authentication in web apps, we

Well, that's the way LDAP simple binds work.. :-)

> really only know by default the cn, o=WBDONER, and c=US.  Does anyone
> know if there is any other way to find this info or not use it in the
> bind?  For performance reasons, doing a search before the authentication
> is not desireable, nor is asking the user which office and department
> they are from.  

You *have* to do a search if you're going to be using simple binds. The
search base would presumably be "o=WBDONER,c=US", and you will need
equality indexes on cn of course.

If you're not doing simple binds, you might be able to do something with
SASL. I'm not too sure about this, but IIRC you bind with an authentication
ID and not a DN.

Cheers,

Chris