[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: how can I know if I am authenticated

To: François Beretti <francois.beretti@enatel.com>
Subject: Re: how can I know if I am authenticated
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 16 Jan 2004 09:43:11 -0800
Cc: Liste OpenLDAP-Software <openldap-software@OpenLDAP.org>
In-reply-to: <4007C18F.7090707@enatel.com>
References: <4007C18F.7090707@enatel.com>

You can know whether 'success' response to a simple bind request
indicates that the access is authenticated or not just by knowing
what kind of access was requested in the first place.  (A
non-success response always indicates the session is anonymous.)

RFC 2251 says that a simple bind request with a non-empty DN
and an empty password is a request for unauthenticated access
to the directory.  This is, except for possible logging of the
provided DN, treated the same as a request for anonymous
access to the directory.

Kurt

At 02:48 AM 1/16/2004, François Beretti wrote:
>Hello all
>
>I use the openldap sdk, and in my software users can authenticate themselves on an ldapv3 directory server
>I noticed today that on iPlanet directory the ldap_bind function return LDAP_SUCCESS if you provide a dn and an empty password
>I guess that the user is actually anonymous after the bind (probably the "non-auhenticated" mode, disabled in openldap...)
>You can also create a user with no password, and so the user is really authenticated in this case (I think)
>
>So my question is : what can I do in order to know if I am anonymous or authenticated ?
>
>thank you very much
>
>François Beretti

References:
- how can I know if I am authenticated
  - From: François Beretti <francois.beretti@enatel.com>

Prev by Date: Re: LDAP TWiki
Next by Date: Re: sql-backend
Index(es):
- Chronological
- Thread