hello perl-ldap mailing list,
i'm wondering if i'm trying to do the impossible, even though it seems like
this might be a common situation.
i'm trying to verify a user/password by having the user bind to an ldap server.
the problem is that just given a username, i can't guess the DN because the
DN's components have values that could be many things:
example:
CN=mark,OU=paris,OU=short,...,DC=partA,DC=foo,DC=com
CN=mike,OU=new york,OU=tall,...,DC=partB,DC=foo,DC=com
it seems that all of this is necessary for me to bind (i can't just use
CN=mark,DC=foo,DC=com and try a password against all matches sigh)
so if i get another user, i don't know what sort of OU values his/her DN will
have. also, the DC's might be different too.
here's the wrinkles that make it harder:
1) anon bind is turned off, so i can't search around for promising matches and
use their DN
2) they don't want a generic 'read' account to log in because they don't want
the password in a file.
but i might be ok if:
a) though if script is not called by user i might be able to convince them
to use o-r.
b) if the final server is sasl aware, i might be able to use an encrypted
string in the script
but here's why i think it MIGHT be possible... using the windows program:
ldap.exe
i noticed that i'm able to bind filling in only the fields:
USER: mark
PASSWORD: mypassword
DOMAIN: parta.foo.com
so unless the application knows some secret settings...how does it authenticate
me without my telling it my full DN?
if i new that i think i could write my perl script that checks every user
against
DOMAIN: parta.foo.com and partb.foo.com
thanks for any help :)
-mark (not in paris...alas..)
Please consider the environment before printing this email.
Visit our website at http://www.nyse.com
****************************************************
Note: The information contained in this message and any attachment to it is
privileged, confidential and protected from disclosure. If the reader of this
message is not the intended recipient, or an employee or agent responsible for
delivering this message to the intended recipient, you are hereby notified that
any dissemination, distribution or copying of this communication is strictly
prohibited. If you have received this communication in error, please notify
the sender immediately by replying to the message, and please delete it from
your system. Thank you. NYSE Euronext.
