Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

Re: Re: Re: RFC: Net::LDAP::Simple

by submersible_toaster (Chaplain)
on Apr 16, 2003 at 00:46 UTC ( #250747=note: print w/replies, xml ) Need Help??


in reply to Re: Re: RFC: Net::LDAP::Simple
in thread RFC: Net::LDAP::Simple

Still a good question!
The main reason (although it is not obvious from the code) is that there are many OUs beneath the userbase DN, for reasons too lengthy to explain here. Hence I cannot explicitly bind the given user as

$ldap->bind( "cn=$user,".$self->{ldap}{userbase} , password=>$password )
Since that user may be in any of a number of sub OUs to the userbase. I admit that there was much "umm" and "err" about using an anonymous bind to find the user entry, then rebind with that DN and the supplied password. The directory in question is accessible only from 127.0.0.1 , and it is not involved in any way in storing system accounts. My concerns about userPassword hashes being stolen are largely moot, if they can only be accessed locally, if a malicious user is already local - I have more problems than them having anon read access to LDAP!.

Please post some code if you can, or in the least read/comment my meditation that more fully explains what I am stabbing in the dark at.


I can't believe it's not psellchecked

Replies are listed 'Best First'.
Re: Re: Re: Re: RFC: Net::LDAP::Simple
by kennethwlangley (Novice) on Apr 17, 2003 at 17:31 UTC
    I'm not really sure what you asking for in the last sentence, but I did read your meditation about WIP delivery system. My taste is to leverage what already exists (in this case using an ldap bind call to authenticate users). Do you ever anticipate implementing a password policy that requires changes (e.g. once a quarter)? In my project I have to be able to support a password policy for accounts in the directory -- so I think my authentication method has to be a bind as the user. Our directory is public so I don't think allowing anonymous access to userPassword would be a good idea.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://250747]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (3)
As of 2022-01-19 21:06 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:












    Results (56 votes). Check out past polls.

    Notices?