On 7/12/11 10:00 AM, Alex Karasulu wrote:
On Tue, Jul 12, 2011 at 10:30 AM, Emmanuel Lecharny<[email protected]> wrote:
LDAP specify that you can do operation without being bound, and in this
case, the session will be anonymous. Defaulting to anonymous is then pretty
natural. Now, you may have something different in mind, can you elaborate ?
(Of course, the server might reject such operations done on a anonymous
session, and I can see that as a major issue if we default to anonymous)
You're right we should either go anonymous or take the approach below
which IMO is better. See below...
We should require a bind to set the exact session.
That's an option : if the server reject anonymous operations, then
obviously, the user *must* bind. I would say that it *should* be the default
mode...
So you're saying allow anonymous then if there is a failure then allow
user to bind? Or by default force the user to bind?
I would say it's up to the user : the server may or may not allow
anonymous operation (it's a configuration thing), but usually, it's
probably a good idea for users to bind (using their credentials). So,
yes, force them to bind should not harm...
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
