[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_bind in php



On Wed, 20 Nov 2002 marc.bigler@day.com wrote:

> 
> So the question now is: How can I disable anonymous binds ? I thought that
> with my access statement:
> 
> access to *
>       by users write
> 
> that it would dissallow anonymous binds, no ?

disallow bind_anon_cred

in slapd.conf? 

Regards
James Bourne

> 
> Regards
> Marc
> 
> 
> On Wed, 20 Nov 2002 marc.bigler@day.com wrote:
> 
> > Hello,
> >
> > I know this also involves PHP but I post it here because I think maybe
> it's
> > a problem with my access statement in slapd.conf. What I would like to do
> > is to authenticate users via LDAP, the problem that I currently encounter
> > is if the user doesn't input a password ldap_bind returns true which
> means
> > that it somehow succeeded... This is my PHP code:
> >
> > $ldap_bind_result = ldap_bind($ds, "cn=marc,ou=users,dc=test,dc=tld",
> "");
> >
> > if ($ldap_bind_result) {
> >         echo "ldap_bind succeeded";
> > } else {
> >      echo "ldap_bind failed";
> > }
> 
> Hi,
> IIRC, this will be an anonymous bind, and will succeed until you try
> to fetch enything from ldap...
> 
> Regards
> James Bourne
> >
> > In this case i get succeeded, which I shouldn't, the same happens if I
> take
> > a fake name which doesn't even exist as "cn". My access statement looks
> > like this:
> >
> > access to *
> >      by users write
> >
> > Where I only want to let authenticated users do something.
> >
> > Am I missing something ?
> >
> > Thanks for the help
> >
> > Regards
> > Marc
> >
> >
> 
> --
> James Bourne, Supervisor Data Centre Operations
> Mount Royal College, Calgary, AB, CA
> www.mtroyal.ab.ca
> 
> ******************************************************************************
> This communication is intended for the use of the recipient to which it is
> addressed, and may contain confidential, personal, and or privileged
> information. Please contact the sender immediately if you are not the
> intended recipient of this communication, and do not copy, distribute, or
> take action relying on it. Any communication received in error, or
> subsequent reply, should be deleted or destroyed.
> ******************************************************************************
> 
> 
> "There are only 10 types of people in this world: those who
> understand binary and those who don't."
> 
> 
> 
> 
> 
> 
> 
> 

-- 
James Bourne, Supervisor Data Centre Operations
Mount Royal College, Calgary, AB, CA
www.mtroyal.ab.ca

******************************************************************************
This communication is intended for the use of the recipient to which it is
addressed, and may contain confidential, personal, and or privileged
information. Please contact the sender immediately if you are not the
intended recipient of this communication, and do not copy, distribute, or
take action relying on it. Any communication received in error, or
subsequent reply, should be deleted or destroyed.
******************************************************************************


"There are only 10 types of people in this world: those who
understand binary and those who don't."