--On Thursday, January 12, 2006 2:24 PM +0000 Peter Walsham <[EMAIL PROTECTED]> wrote:
Thanks for all your replies. Conclusions So Far ======================= So can I now conclude that the three following statements are correct? 1) ldapsearch does not properly implement LDAP 2) Active Directory does not properly implement LDAP 3) I cannot use Net::LDAP to authenticate users with empty passwords
"2" is certainly correct. Microsoft makes a number of non-RFC compliant changes.
How To Test 1) And 2) ========================== This can be tested using ldapsearch and Active Directory together: ldapsearch -h 'localhost' -x -w '' -D 'cn=Joe,ou=London,o=axomic' -s base -b 'cn=Joe,ou=London,o=axomic' Active Directory by default denies anonymous or noauth logins, but the above command works, so: 1) ldapsearch is using simple authentication with DN and empty password 2) Active Directory is accepting simple authentication with DN and empty password
I'd say (2), since I bet (1) would result in an error when applied to a different LDAP server.
As for the rest of it, welcome to the can of worms opened by using AD. :) --Quanah -- Quanah Gibson-Mount Principal Software Developer ITSS/Shared Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
