Good catch on the null password. --- Puryear IT, LLC - Baton Rouge, LA - http://www.puryear-it.com/ Active Directory Integration : Web & Enterprise Single Sign-On Identity and Access Management : Linux/UNIX technologies
Download our free ebook "Best Practices for Linux and UNIX Servers" http://www.puryear-it.com/pubs/linux-unix-best-practices/ -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Michael Ströder Sent: Tuesday, January 12, 2010 12:17 AM To: Mihamina Rakotomandimby Cc: [email protected] Subject: [ldap] Re: checking credentials Mihamina Rakotomandimby wrote: > What is the common way to check if a user has the good password: > > - Bind with that user DN and if binding is OK: credentials are OK This is the preferred method. You MUST also check at the client-side whether the password is not a null-length string since most LDAP servers will accept this being an anonymous bind by default! > - Bind with a generic DN and search for username and password and: > - no results: credentials are KO > - result: credentials OK Unusual and might fail in some scenarios. Ciao, Michael. -- Michael Ströder E-Mail: [email protected] http://www.stroeder.com
