On Thu, Sep 12, 2002 at 09:37:22AM +1000, joshua wrote:
> i'm not sure if i follow you. i have never used ldap to write
> authentication scripts as i've only used the .htaccess method.
>
> to retrieve data you need to bind using a username/password combination
> that is valid. i guess you could test your user's username/password by
> using it to attempt a bind.
The example below is correct, however in many cases you can avoid the
anonymous search. If say for all users you have entries with dn's like
uid=dj, o=users, dc=mycompany, dc=com
you can just do
$dn = "uid=$inp_uid, o=users, dc=mycompany, dc=com";
$ds = ldap_connect("ldap.someserver.com");
$r = ldap_bind($ds, $dn, $inp_passwd);
and check whether $r is true. Someone reported that there is some
implementation where this is falsely true for empty password, so
prior to this I would chech that the password string is non-empty,
just to be sure.
Stig
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
