On Thu, Sep 12, 2002 at 09:37:22AM +1000, joshua wrote:
> i'm not sure if i follow you. i have never used ldap to write 
> authentication scripts as i've only used the .htaccess method.
> to retrieve data you need to bind using a username/password combination 
> that is valid. i guess you could test your user's username/password by 
> using it to attempt a bind.

The example below is correct, however in many cases you can avoid the
anonymous search. If say for all users you have entries with dn's like

uid=dj, o=users, dc=mycompany, dc=com

you can just do 

$dn = "uid=$inp_uid, o=users, dc=mycompany, dc=com";
$ds = ldap_connect("ldap.someserver.com");
$r = ldap_bind($ds, $dn, $inp_passwd);

and check whether $r is true. Someone reported that there is some
implementation where this is falsely true for empty password, so
prior to this I would chech that the password string is non-empty,
just to be sure.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to