Ruud, If you only need to read from the directory, you could set up an account on AD that only had rights to read/search things and bind with tha instead of administrator. This would minimize damage from people seeing the password on the screen. Another approach is to put the password (and possibly the DN of the account) in a file that can only be read by a privleged user on the client side and read that each time. The third approach is to require someone to type it each time. None of the solutions is perfect, but will improve things over your current approach.
--Jim Harle > > > > >From: "Paul Connolly" <[EMAIL PROTECTED]> > >To: "'Ruud Dozijn'" <[EMAIL PROTECTED]>,<[EMAIL PROTECTED]> > >Subject: RE: ldap database cannot be queried > >Date: Thu, 12 Feb 2004 09:21:39 -0000 > > > > > my $mesg = $ldap->bind (version => 3 ); # use for searches > > > >You are binding anonymously to an Active Directory server. The default > >security config of AD does not allow much in the way of anonymous > >access. Try binding as a valid user, e.g. > > > >my $mesg = $ldap->bind ( 'cn=Administrator,cn=Users,DC=abc,DC=nl ', > > password => 'your-admin-password', version => 3 > > ); > > > >Paul. > > > > Thanks Paul, > you were right: it was a configuration matter. Now that I have made a few > scripts that query the directory using the above method I have a new > question. > My password is in the script and people are able to read it from the screen > when I am editing it (in fact, this has happened more than once). I have > tried to replace the password string with an SHA-encrypted password, but > that gives an AcceptSecurityContext error. > > Is there a way not to have the password in cleartext in the script? > > thanks, Ruud > > > > >-----Original Message----- > >From: Ruud Dozijn [mailto:[EMAIL PROTECTED] > >Sent: 12 February 2004 08:32 > >To: [EMAIL PROTECTED] > >Subject: ldap database cannot be queried > > > >hi, > > > >I have a problem querying the intranet LDAP database of my company with > >information about all the computer users. Using the example page from > >the > >perl-ldap home page, I created a small script, that attaches to the > >database, and does a query using different bases. > > > >It appears that only one branch of the directory is shown to script (see > > > >output) and that the script is not able to retreive the schema. > > _________________________________________________________________ > Talk with your online friends with MSN Messenger http://messenger.msn.nl/ >
