How to do password authentication for a user using LDAP?
This is not really the right way to perform a password check on LDAP, what you should do is attempt to bind using the dn
obtained from the first search and the password supplied.
i.e. you perform a second bind to verify the password. If the bind fails then the password is incorrect.
Something akin to:
if ( (dn = ldap_get_dn( ld, e )) != NULL ) { printf( "dn: %s\n", dn ); /* rebind */ ldap_initialize(&ld2, LDAP_SERVER); rc = ldap_simple_bind_s(ld2, dn, "secret"); printf("%d\n", rc); if (rc != 0) { printf("Failed.\n"); } else { printf("Works.\n"); ldap_unbind(ld2); } ldap_memfree( dn ); }
For security reasons indicating that the username is incorrect (i.e. the search for the user account fails) is generally considered excessive disclosure, and should be avoided.