--On Wednesday, January 11, 2006 9:20 PM +0000 Peter Walsham
<[EMAIL PROTECTED]> wrote:
Chris, thanks for your reply.
To put this another way, with Net::LDAP how do you do a simple
bind with a DN and an empty password?
Amazing to see this exact same question show up here that was on the
OpenLDAP-software list just a little while ago.
------------------------------------
Kurt wrote a very simple response to this general question, which is:
In face of a simple bind request with DN and empty password,
LDAP allows the server to either:
a) return success and treat the client as anonymous
b) return an error and treat the client as anonymous
slapd(8) does b) by default but can be configured to do a).
There is no way to configure slapd(8) to do:
c) return success as treat the client as the user
named by the client provided DN.
as this behavior is simply not allowed by the protocol.
Kurt
------------------------------------
Now, the slapd he's referring to above is OpenLDAP's slapd, but regardless,
the point here is that a simple bind with a DN and empty password is going
to end up as an anonymous search either way, based on the LDAP protocol.
So I think it would be much easier in your script to simply make the
connection anonymous if the user supplies an empty password, since that is
the end result.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
