This article explains LDAP authentication against an OSX 10.4 LDAP server - expanding on the docs.
The docs are fairly light in terms of LDAP authentication examples, one issue is that the format of the username generally is not a simple username (ie. BSmith) it appears OSX requires a full LDAP path to authenticate a user.
local('LDAP') = LDAP('ldap.mydomain.com'); #LDAP->authenticate( 'uid=theUsername,cn=users,dc=ldap,dc=mydomain,dc=com', 'thePassword' );
In order to handle failed authentications you will need to handle errors via the protect tags or within a custom function like so:
define_tag:'LDAP_authenticate', -req = 'domain', -req = 'username', -req = 'password'; local( 'LDAP' = LDAP(#domain), 'path' = 'uid='#username',cn=users,dc=' + #domain->split('.')->join(',dc=') ); protect; handle_error; return:false; /handle_error; #LDAP->authenticate(#path,#password); return:#LDAP->error == 0 && error_code == 0; /protect; /define_tag;
It's possible that this also applies to other LDAP servers but I have not had the opportunity to test against any others.
Author: Ke Carlton
Created: 14 May 2009
Last Modified: 16 Mar 2011
Please note that periodically LassoSoft will go through the notes and may incorporate information from them into the documentation. Any submission here gives LassoSoft a non-exclusive license and will be made available in various formats to the Lasso community.