更新时间:2022-06-17 08:07:52
这不是在LDAP上执行密码检查的正确方法,您应该尝试使用从第一次搜索中获得的dn
进行绑定以及提供的密码.
This is not really the right way to perform a password check on LDAP, what you should do is attempt to bind using the dn
obtained from the first search and the password supplied.
即您执行第二次绑定以验证密码.如果绑定失败,则密码不正确.
i.e. you perform a second bind to verify the password. If the bind fails then the password is incorrect.
类似于:
if ( (dn = ldap_get_dn( ld, e )) != NULL ) {
printf( "dn: %s\n", dn );
/* rebind */
ldap_initialize(&ld2, LDAP_SERVER);
rc = ldap_simple_bind_s(ld2, dn, "secret");
printf("%d\n", rc);
if (rc != 0) {
printf("Failed.\n");
} else {
printf("Works.\n");
ldap_unbind(ld2);
}
ldap_memfree( dn );
}
出于安全原因,表明用户名不正确(即搜索用户帐户失败),通常被视为过度披露,应避免使用.
For security reasons indicating that the username is incorrect (i.e. the search for the user account fails) is generally considered excessive disclosure, and should be avoided.