[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: newbie: search request without bind operation



Le lun 17/03/2003 à 14:59, Sheahan, John (PCLN-NW) a écrit :
> I have been working diligently with the basic bind and search functions
> every day for the past 2 weeks. Although I am hardly an expert, I know of no
> way to do a search without doing a bind first. The difference between an
> anonymous bind and a non-anonymous bind, is that you don't have to include
> the rootdn and password on an anonmous bind and you would have to include it
> for a non-anonymous bind.

You can also bind as a simple user, not only as rootdn with rootpw
You can/should even delete the rootdn directive, after populating the
database with basic entries (like a manager dn).
a non-anonymous bind is just an authenticated bind

> 
> -----Original Message-----
> From: Josephine Suganthi [mailto:j_jsuganthi@hotmail.com]
> Sent: Monday, March 17, 2003 3:36 AM
> To: openldap-software@OpenLDAP.org
> Subject: newbie: search request without bind operation
> 
> 
> Hi,
> 
>   Can I do a search request on a ldap server without giving a bind request?
> 
> Is this possible when the ldap server is supporting anonymous bind?
> 

Seen in the LDAPv3 RFC (RFC #2251):
   Unlike LDAP v2, the client need not send a Bind Request in the first
   PDU of the connection.  The client may request any operations and the
   server MUST treat these as unauthenticated. If the server requires
   that the client bind before browsing or modifying the directory, the
   server MAY reject a request other than binding, unbinding or an
   extended request with the "operationsError" result.
   If the client did not bind before sending a request and receives an
   operationsError, it may then send a Bind Request.  If this also fails
   or the client chooses not to bind on the existing connection, it will
   close the connection, reopen it and begin again by first sending a
   PDU with a Bind Request.  This will aid in interoperating with
   servers implementing other versions of LDAP.

I don't know if slapd make a difference between anonymous and
unauthenticated


> Thanks for the  help
> Josephine

Francois Beretti