A mixture of the first and second option. This is typically what you'll see:
user provides username/password use service/generic account to find username in dir if username not found, FAIL if username found, return DN test bind with returned-DN and password if bind succeeds, SUCCESS else, FAIL --- Puryear IT, LLC - Baton Rouge, LA - http://www.puryear-it.com/ Active Directory Integration : Web & Enterprise Single Sign-On Identity and Access Management : Linux/UNIX technologies Download our free ebook "Best Practices for Linux and UNIX Servers" http://www.puryear-it.com/pubs/linux-unix-best-practices/ -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Mihamina Rakotomandimby Sent: Monday, January 11, 2010 10:16 PM To: [email protected] Subject: [ldap] checking credentials Manao ahoana, Hello, Bonjour, I have to check credentials of some user: username and password. I use Ocaml and OpenLDAP. What is the common way to check if a user has the good password: - Bind with that user DN and if binding is OK: credentials are OK - Bind with a generic DN and search for username and password and: - no results: credentials are KO - result: credentials OK PS: If you have any example using http://ocamldap.sourceforge.net/ocamldoc/Ldap_funclient.html it would be kind to share it :-) Misaotra, Thanks, Merci. -- Architecte Informatique chez Blueline/Gulfsat: Administration Systeme, Recherche & Developpement +261 34 29 155 34 / +261 33 11 207 36
