PHP :: Request #9025 :: ldap compare functions

Request #9025	ldap compare functions
Submitted:	2001-01-31 06:18 UTC	Modified:	2001-11-25 02:47 UTC
From:	kerhin at bigfoot dot com	Assigned:
Status:	Closed	Package:	Feature/Change Request
PHP Version:	4.0.4pl1	OS:	any
Private report:	No	CVE-ID:	None

View Developer Edit

[2001-01-31 06:18 UTC] kerhin at bigfoot dot com

It would be immensly valuable if I could use my ldap user
database to authenticate my php website users.  The current
ldap compare does not work with openldap and the following
settings:


access to attr=userPassword
    by self write
    by * none


I would love love love it if there were a fuction that would
take my plain text password (as a variable) and then
authenticate agains the above settings in ldap.

Thanks for all the time so far, PHP is the best!
Brian

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-11-25 02:47 UTC] venaas@php.net

The problem is not in PHP, PHP uses the standard LDAP
compare operation and you have not given access to that.
If you want access like specified below, the only way I
see, is that you bind to the users entry on behalf of
the user. The LDAP server will then be able to validate
the password. Your PHP application can then choose to not
give access unless it has made a successful bind on behalf
of the user.

If you replace none with compare in your rule, everyone
(including your PHP application) will be able to do compare
on passwords, but not read them. If your PHP application
authenticates itself first, you can give PHP access to
compare, and still have none for the rest.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Nov 03 01:00:01 2025 UTC