From: Chris R. <chr...@me...> - 2002-03-20 16:00:35
|
Michael Wille <mw...@do...> wrote: > It returned the full dn: > > cn=mwille, ou=MIS, ou=SOUTHFIELD, o=WBDONER, c=US > > Once I added the full dn to the named bind request, the bind was > successful! I guess you have to have every element, which is > unfortunate. If we are using the bind for authentication in web apps, we Well, that's the way LDAP simple binds work.. :-) > really only know by default the cn, o=WBDONER, and c=US. Does anyone > know if there is any other way to find this info or not use it in the > bind? For performance reasons, doing a search before the authentication > is not desireable, nor is asking the user which office and department > they are from. You *have* to do a search if you're going to be using simple binds. The search base would presumably be "o=WBDONER,c=US", and you will need equality indexes on cn of course. If you're not doing simple binds, you might be able to do something with SASL. I'm not too sure about this, but IIRC you bind with an authentication ID and not a DN. Cheers, Chris |