[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: newbie: search request without bind operation

To: "'Francois Beretti'" <francois.beretti@enatel.com>, "Sheahan, John (PCLN-NW)" <John.Sheahan@priceline.com>
Subject: RE: newbie: search request without bind operation
From: "Sheahan, John (PCLN-NW)" <John.Sheahan@priceline.com>
Date: Mon, 17 Mar 2003 13:55:25 -0500
Cc: "'Josephine Suganthi'" <j_jsuganthi@hotmail.com>, Liste OpenLDAP Software <openldap-software@OpenLDAP.org>

I guess I was wrong, here is a peice of code that will allow a search
without the bind:

!/usr/local/bin/perl

use Net::LDAP;

$ldap = Net::LDAP->new('172.21.81.101') or die "$@";
$mesg = $ldap->search(
                       base   => "o=People,dc=priceline,dc=com",
                       scope  => 'sub',
                       filter => "uid=jsheahan",
                      );


my $max = $mesg->count;

for( my $index = 0 ; $index < $max ; $index++)   {
    my $entry = $mesg->entry($index);
    my $dn = $entry->dn; # Obtain DN of this entry

    @attrs = $entry->attributes; # Obtain attributes for this entry.
 
    foreach my $var (@attrs) {
		#get a list of values for a given attribute
     		$attr = $entry->get_value( $var, asref => 1 );
     		
		if ( defined($attr) ) {          
         		foreach my $value ( @$attr ) {           
          			print "$var: $value\n";  # Print each value
for the attribute.
         		}              
		}

    }

}

-----Original Message-----
From: Francois Beretti [mailto:francois.beretti@enatel.com]
Sent: Monday, March 17, 2003 10:04 AM
To: Sheahan, John (PCLN-NW)
Cc: 'Josephine Suganthi'; Liste OpenLDAP Software
Subject: RE: newbie: search request without bind operation


Le lun 17/03/2003 à 14:59, Sheahan, John (PCLN-NW) a écrit :
> I have been working diligently with the basic bind and search functions
> every day for the past 2 weeks. Although I am hardly an expert, I know of
no
> way to do a search without doing a bind first. The difference between an
> anonymous bind and a non-anonymous bind, is that you don't have to include
> the rootdn and password on an anonmous bind and you would have to include
it
> for a non-anonymous bind.

You can also bind as a simple user, not only as rootdn with rootpw
You can/should even delete the rootdn directive, after populating the
database with basic entries (like a manager dn).
a non-anonymous bind is just an authenticated bind

> 
> -----Original Message-----
> From: Josephine Suganthi [mailto:j_jsuganthi@hotmail.com]
> Sent: Monday, March 17, 2003 3:36 AM
> To: openldap-software@OpenLDAP.org
> Subject: newbie: search request without bind operation
> 
> 
> Hi,
> 
>   Can I do a search request on a ldap server without giving a bind
request?
> 
> Is this possible when the ldap server is supporting anonymous bind?
> 

Seen in the LDAPv3 RFC (RFC #2251):
   Unlike LDAP v2, the client need not send a Bind Request in the first
   PDU of the connection.  The client may request any operations and the
   server MUST treat these as unauthenticated. If the server requires
   that the client bind before browsing or modifying the directory, the
   server MAY reject a request other than binding, unbinding or an
   extended request with the "operationsError" result.
   If the client did not bind before sending a request and receives an
   operationsError, it may then send a Bind Request.  If this also fails
   or the client chooses not to bind on the existing connection, it will
   close the connection, reopen it and begin again by first sending a
   PDU with a Bind Request.  This will aid in interoperating with
   servers implementing other versions of LDAP.

I don't know if slapd make a difference between anonymous and
unauthenticated


> Thanks for the  help
> Josephine

Francois Beretti

Prev by Date: Re: Possible to use host attribute with groups?
Next by Date: Re: Possible to use host attribute with groups?
Index(es):
- Chronological
- Thread