in reply to Re: Re: RFC: Net::LDAP::Simple
in thread RFC: Net::LDAP::Simple
Still a good question!
The main reason (although it is not obvious from the code) is that
there are many OUs beneath the userbase DN, for reasons too lengthy to explain here.
Hence I cannot explicitly bind the given user as
Since that user may be in any of a number of sub OUs to the userbase. I admit that there was much "umm" and "err" about using an anonymous bind to find the user entry, then rebind with that DN and the supplied password. The directory in question is accessible only from 127.0.0.1 , and it is not involved in any way in storing system accounts. My concerns about userPassword hashes being stolen are largely moot, if they can only be accessed locally, if a malicious user is already local - I have more problems than them having anon read access to LDAP!.$ldap->bind( "cn=$user,".$self->{ldap}{userbase} , password=>$password )
Please post some code if you can, or in the least read/comment my meditation that more fully explains what I am stabbing in the dark at.
I can't believe it's not psellchecked
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: Re: Re: Re: RFC: Net::LDAP::Simple
by kennethwlangley (Novice) on Apr 17, 2003 at 17:31 UTC |
In Section
Seekers of Perl Wisdom