Rich Megginson wrote:
>
> [EMAIL PROTECTED] wrote:
>
> > We have been doing browser (Netscape 4.7x) lookups with
> > ldap://<hostname>/<root>??sub?(uid=rp59502) but that directory allows
> > anonymous access.
> >
> > Can I do browser lookups but with binding? We've turned
> > off ANONYMOUS access in the new directory. If so, how and where
> > is the reference? I've used the Address Book with binding by
> > making the mail attribute available anonymously. Must be doable, no?
>
> Have you tried
> ldap://user:password@hostname/.....
>
> That works with http and ftp URLs . . .
Yes, but not with LDAP URLs. RFC2255:
-----------------------------------------------------------------------
An LDAP URL begins with the protocol prefix "ldap" and is defined
by
the following grammar.
ldapurl = scheme "://" [hostport] ["/"
[dn ["?" [attributes] ["?" [scope]
["?" [filter] ["?" extensions]]]]]]
scheme = "ldap"
attributes = attrdesc *("," attrdesc)
scope = "base" / "one" / "sub"
dn = distinguishedName from Section 3 of [1]
hostport = hostport from Section 5 of RFC 1738 [5]
attrdesc = AttributeDescription from Section 4.1.5 of [2]
filter = filter from Section 4 of [4]
extensions = extension *("," extension)
extension = ["!"] extype ["=" exvalue]
extype = token / xtoken
exvalue = LDAPString from section 4.1.2 of [2]
token = oid from section 4.1 of [3]
xtoken = ("X-" / "x-") token
-----------------------------------------------------------------------
One possibility would be using the bindname extension in the LDAP
URL to specify a bind DN (see section 4 of RFC2255). But I'm not
aware of any implementation and I don't know if it really would make
sense. (I considered implementing it in my LDAP client and pop-up a
password dialogue in case the bindname extension is set).
Ciao, Michael.
