On 26/4/06 10:32, Jim Summers <[EMAIL PROTECTED]> wrote:
> Hello list,
>
> I have stumbled onto a problem with some code I am writing. I was doing a
> bind to my ldap and using the dn and password option. Which initially I
> always entered the correct password and thought it was ok. I did one today
> and put in the wrong password, but the bind went ahead and worked and the
> searches that followed using that descriptor.
>
> Is there a way to force the bind to fail if the dn / password combo is not
> correct?
How are you testing for failure? The following only really tests for
problems in the bind operation itself and is thus not going to be useful:
$ldap->bind( 'cn=foo,o=bar', password => 'secret' ) or die;
The following is correct, as it checks what the server returns:
$mesg = $ldap->bind( 'cn=foo,o=bar', password => 'secret' );
die if $mesg->code;
> Could there be some anonymous access going on that I am not aware of?
It is likely that your server's changing the connection's authentication
level to anonymous after the failed bind. I can't remember if the RFCs
require this behaviour or not, off-hand. If you've got access to the server
logs though, they ought to give you the answer!
Cheers,
Chris
