Tim, PLA 1.2 was a major rewrite in some areas - one of which was the LDAP communication backend. The login string function was not ported into the new backend (at the time there was no interest in it), and most of its capability could be achieved other ways.
login,base was implemented, because users existed in a different part of the tree, and their admins didnt want to expose that part of the tree to the user (since server,base is different). When PLA doesnt use a DN for authentication, it relies on anonymous search - to find a DN from an attribute (and its value). I recognised that in your case you dont expose any attributes, and as such, this would not work. I do have plans (I dont think I have havent done it yet), to enable a privileged bind (you define a user who can search the LDAP server, much the same way as the unique attrs feature works, and/or you would have ldap_nss switch configured), who can return the dn for an attribute. This should be relatively easy to implement now. In the mean time, you can: * expose an (unique) attribute that you do consider public enough (eg: email), and have PLA use that attribute to find the dn. * set up ACL's in your LDAP server, so that the PLA host has the privilege to find (defined) attributes anonymously * inform your users to use their full DN. Or you can write the patch, submit it and I'll include it for another release :) ...deon Tim Gustafson wrote: > But that opens up our user list to the public, which we don't want. Is > there any configuration option I can set to tell phpLdapAdmin to bind > to OpenLDAP with a "service account" to perform the DN search (or > whatever it's doing when people log in) before re-binding with the > users own credentials to fix this? ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ phpldapadmin-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/phpldapadmin-users
