Howard Lowndes wrote: > Would I be better off trying to do an LDAP compare, in which case, what > should the compare statement look like?
If you just want to check the password then attempt to bind with the name and password provided and then check that the objectClass is what you expect (you want a person, not a host or the multitude of other objects a directory can hold). Don't forget to check authorisation after you've done the authentication. Just because someone is in your LDAP doesn't mean that are authorised (eg, some person objects might be members of a mailing list system which keeps its subscription list in LDAP). The code for Apache2 mod_auth_ldap is a good model. -- Glen Turner Tel: (08) 8303 3936 or +61 8 8303 3936 Australia's Academic & Research Network www.aarnet.edu.au -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
