Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:2170
Return-Path: <ngallaher@deepthought.org>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 56283 invoked from network); 4 Jun 2003 15:29:35 -0000
Received: from unknown (HELO gallium.deepthought.org) (64.253.103.121)
  by pb1.pair.com with SMTP; 4 Jun 2003 15:29:35 -0000
Received: by gallium.deepthought.org (Postfix, from userid 564)
	id 42263C02D69; Wed,  4 Jun 2003 10:59:49 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1])
	by gallium.deepthought.org (Postfix) with ESMTP
	id B2D70C02D64; Wed,  4 Jun 2003 10:59:49 -0400 (EDT)
Date: Wed, 4 Jun 2003 10:59:49 -0400 (EDT)
To: Stig Venaas <Stig.Venaas@uninett.no>
Cc: Nathaniel David Gallaher <ngallahe@umich.edu>,
	internals@lists.php.net
In-Reply-To: <20030604091015.A8798@sverresborg.uninett.no>
Message-ID: <Pine.LNX.4.53.0306041056220.23142@gallium.deepthought.org>
References: <Pine.SOL.4.44.0305191820280.23724-100000@timepilot.gpcc.itd.umich.edu>
 <20030604065940.GA16893@csh.rit.edu> <20030604091015.A8798@sverresborg.uninett.no>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: Re: [PHP-DEV] LDAP bind option
From: ngallaher@deepthought.org (Nathan Gallaher)



On Wed, 4 Jun 2003, Stig Venaas wrote:

> On Wed, Jun 04, 2003 at 02:59:41AM -0400, Jon Parise wrote:
> > On Mon, May 19, 2003 at 06:26:43PM -0400, Nathaniel David Gallaher wrote:
> >
> > > Currently the call to ldap_bind only supports the method LDAP_AUTH_SIMPLE
> > > (as it is hardcoded in the php function definition).  Can we put the
> > > method parameter (as see in the call to ldap_bind_s) back into the PHP
> > > function?  I have an application that obtains x509 certs (securely) and I
> > > want to use them to bind to the LDAP server.
> >
> > I'll try and have a look at this soon.  I just need to find the time
> > to get my local LDAP server up and running again for testing.
>
> There are also things like SASL that should be supported. That should
> perhaps be done with a separate bind function though.
>
> It's great if you look into this, I have sort of had it on my todo list
> for a couple of years...
>
> Stig
>
I worked on this for a couple of weeks and got a function written (just
extracted the ldap_sasl_bind_s() and supporting bits from the ldapsearch
program supplied with openldap) but I had one heck of a time getting all
the neccessary libraries to work together. (I was using the GSI_GSSAPI
mechanism which requires its own set of libs that are a little "special"
and conflict with the normal libs)

If anyone finds an easy soln, let me know.
~Nathan