I've read that the Base DN is optional.

When I leave the base dn empty, the ldap query walks the entire tree as desired. All users are listed under the FIND option.

The problem I'm expriencing is that the bind fails during authenication.

The user context appears like this


Notice the extra ","

It seems that the empty base dn is not ignored and the bind function builds the context with the NULL base DN.

This can be duplicated with an empty base dn and using dstrace +ldap +auth

Is there a way to alter the bind function to iqnore a base dn of NULL or has someone figured out what base DN to use for the tree.

Certainly I've attempted the obivous, refering the tree as an "o=tree_name".

This base dn issue has been around for as long as I've worked with edir and ldap

If I remember correctly VO addressed this with multiple search dn

It certainly is not accepted pratice to have all users in a single container.

John - JPPSS