Bruon,
I meant to send this earlier, but we have made changes to the the LDAP handling in 3.2 to accomodate (we think) your use case.
Please take a look at this comment from System class >>validatePasswordUsingLdapServers:baseDn:filterDn:userId:password:bindDn:Password: and let us know if this looks like it would work for you:
"Use the LDAP server URI(s) specified in aUriArray to validate the password pw
is valid for aUserId.
aUriArray must be an array of strings containing LDAP URI addresses
(for example: 'ldaps://
foo.bar.com') or nil. nil indicates the LDAP
directories in the .ldaprc file should be used.
In order to validate the password, the complete distinguesh name (DN) for
userId must be determined. The DN can either be constructed from the baseDn
pattern (explicit mode) or the DN may be resolved by searching the LDAP directory
(search mode). In explicit mode, baseDn must be a string that contains the string
wildcard sequence '%s'. GemStone will substitute '%s' with userId before
doing the password validation. aFilterDn must be nil in explicit mode.
In search mode, baseDn is the search pattern used to resolve the DN and must
NOT contain the string wildcard sequence '%s'. In search mode, aFilterDn must
be a string that contains the string wildcard sequence '%s'. See the examples
below.
aUserId must be a string which represents the userId to be validated.
pw must be a string which is the password for userId.
bindDn and bindPw must both be either strings or nils. If both are strings,
they are used as creditials to bind to the LDAP server to perform the search in
search mode. If bindDn and bindPw are both nil, the search is attempted using an
anonymous bind. Not all LDAP servers are configured to support anonymous
binds. bindDn and bindPw are not used in explicit mode and should be set to nil.
Returns true if pw is the correct password for userId. Otherwise returns
false if the password is incorrect or an error occurred while communicating
with the LDAP directory.
Setting the variable GS_DEBUG_LDAP in the gem's environment will cause LDAP debugging
information to be printed to stdout.
Example 1: Explicit mode
baseDn: 'uid=%s,ou=Users,dc=mycompany,dc=com' filterDn: nil
userId: 'MyUserId' password: 'swordfish' bindDn: nil bindPassword: nil
Example 2: Search mode with anonymous bind
baseDn: 'ou=Users,dc=mycompany,dc=com' filterDn: '(uid=%s)'
userId: 'MyUserId' password: 'swordfish' bindDn: nil bindPassword: nil
Example 3: Search mode with authenticated bind
baseDn: 'ou=Users,dc=mycompany,dc=com' filterDn: '(uid=%s)'
userId: 'MyUserId' password: 'swordfish' bindDn: 'LdapBindUser'
bindPassword: 'LdapBindPassword'
"
Thanks,
Dale
Locked
