[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: rewrite a login into a dn in simple bind

Am Mit, 2003-10-08 um 15.52 schrieb Francois Beretti:

> I haven't other choice than using simple bind (over ssl if I want to be 
> more secured)

What about changing (or at least adding) something in the server?

You could add an dynamic group which contains all objects with an
uid-attribute. Then you have to configure your application with the dn
of this group, add this dn to the uid and then do the bind.
If you assume all peoples data is being held in one container you can
use this for the bind - but I bet you can't assume this, do you?

You could avoid the configuration issue, if you save the dn of this
group somewhere in a "special" place in the server - don't know, if the
rootDSE is applicable for that. (But you have to configure your
application anyway - at least the base-dn and the server name - so one
more configuration option will be no problem.)

Ingo Schaefer
Dipl. Wi-Inform. (FH) Ingo Schaefer

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil