> > we'd like to send the uid and password, and simply have the LDAP
> > server authenticate this against its one-way hash'ed password for
> > that user and just return an 'accept' or 'reject'...
> That is a good idea, and one we have been contemplating for some
> time, but right now, and for the short term its not possible without
> changing the code.
We do this for authenticating IMAP/POP3 connections - first we check
the supplied password is not null [1], then bind to ldap anonymously
to search to find the DN from the supplied uid (and any other attribs
that might be used in a dn, so this may be good to have configurable
so other radius items can be included in the test) checking there is
no more or less than one result -- next try to bind as that DN using
the supplied password and return the result (failed/OK).
Stuart
[1] necessary otherwise the bind will always succeed as a reference
bind.
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
