Wow. I remember having the EXACT same thoughts some years ago.
As it turns out, the process that happens when a user logs in is somewhat "shielded" from the average user. Once you find out what is really happening, you'll gain some great insights into LDAP processes.
It is quite typical to not allow anonymous searches. This usually a good idea.
Behind the scenes, "authenticating" requires three things:
An LDAP server that houses you "account"
What can be quite puzzling is the DN.
Nearly every LDAP authentication script I write follows a process like this:
Collect the user's login name and passwd:
Does this help?
From: Mark Inaba [mailto:min...@nyx.com]
Sent: Thursday, April 14, 2011 1:23 PM
Subject: basic question about binding without knowing the DN
hello perl-ldap mailing list,
i'm wondering if i'm trying to do the impossible, even though it seems like this might be a common situation.
it seems that all of this is necessary for me to bind (i can't just use CN=mark,DC=foo,DC=com and try a password against all matches sigh)
here's the wrinkles that make it harder:
but here's why i think it MIGHT be possible... using the windows program: ldap.exe
so unless the application knows some secret settings...how does it authenticate me without my telling it my full DN?
thanks for any help :)
Visit our website at http://www.nyse.com
Note: The information contained in this message and any attachment to it is privileged, confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by replying to the message, and please delete it from your system. Thank you. NYSE Euronext.
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.