On Wed, Dec 20, 2000 at 09:05:22PM +0000, Dan Mosedale wrote:
> [EMAIL PROTECTED] writes:
> > Hi,
> > 
> > Can anyone out there tell me whether it is possible to put authetication 
> > information in a ldap uri, i.e. to bind (as a non-anonymous user) to a 
> > directory server using a ldap uri??? 
> 
> It is possibly to specify this information with the "bindname"
> extension.  And example would be
> 
>      ldap:///??sub??bindname=cn=Manager%2co=Foo
> 
> See RFC 2255 for details.
> 
> Note, however, that this is not yet widely implemented.  Netscape 4.x
> doesn't support it, nor does the mozilla.org LDAP C SDK, nor the
> mozilla browser URL handler (yet).

Also, note that bindname only allows you to add a DN and no password.
Hence the only thing you can use it for is unauthenticated bind.
So whatever bindname you attach it is only usable as information for the
server to log, not for authenticating to the server.

The URL RFC (RFC173) defines a way of specifying username and password:
  //<user>:<password>@<host>:<port>/<url-path>

But this was back in 1994, 1997 when RFC2255 was written clear text
passwords had become a no-no.

So the upshot of all this is that there exists a standard for how
to specify username and passwords in a LDAP URL. But it also
clear that it is usable under very limited circumstances, for instance
if you are guarding the connection by using TLS (RFC2829).


-- Roland
-------------------------------------------------
Jegerveien 25            Telephone: +47 23 08 29 96
0777 Oslo                Mobile(NO): +47 90 66 44 52
Norway                   Mobile(SE): +46 70 52 04 20 3

Reply via email to