Re: NET:LDAP Authentication

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Well the pod says

=item LDAP_INVALID_CREDENTIALS

The wrong password was supplied or the SASL credentials could not be processed

Are you sure tha password you have is right ?

Graham.

On Fri, Sep 13, 2002 at 10:17:04AM -0400, DeMarco, Alex wrote:
> OK some progress, now I get an Invalid Credentials error message....  
> 
> I'm sending a DN and a password, what else could I be missing?
> 
> - ALex
> 
> -----Original Message-----
> From: Graham Barr [mailto:gb...@po...]
> Sent: Friday, September 13, 2002 9:39 AM
> To: DeMarco, Alex
> Cc: 'Chris Ridd'; 'per...@li...'
> Subject: Re: NET:LDAP Authentication
> 
> 
> On Fri, Sep 13, 2002 at 09:20:44AM -0400, DeMarco, Alex wrote:
> > I'll know the userid, password and the DN.
> > I've never worked with PERL or LDAP before, been thrown in to help a
> user...
> > arrgh
> > 
> > Basically I need to validate a users password via their LDAP server.  I've
> > tried the code below without any success.  Is there a place I can go where
> > there are more examples than what is on sourceforge?
> > Any help is greatly apprecaited.
> > - Alex
> > 
> > 
> > #!/usr/local/bin/perl
> > 
> > 
> > use Net::LDAP qw(:all);    
> > use Net::LDAP::Util qw(ldap_error_name       
> >                           ldap_error_text) ;    # use for Error handling
> >                  
> > $ldap = Net::LDAP->new("myldapserver.com") or die "$@";
> > $passwd="mypassword";
> > $userid="demarcao";
> > $mesg = $ldap->bind(anonymous => 1, version => 3);
> > 
> > $mesg = $ldap->search(base => "dc=sysadmin,dc=suny",
> >        scope => subtree,
> >        filter => "(userid=$userid)",
> >        attrs => [ 'userid' ]); # Don't need complete entries back
> > If ($mesg->count == 1) {
> >     $ldap->bind($mesg->entry(0),
> 
> You need to assign the result to $mesg or your print below will show the
> result of the search
> 
> Graham.
> 
> >          password => "mypassword",
> >          version => 3);
> > }
> > 
> >  print "Bind failed: ", $mesg->error, "\n";
> > 
> > 
> > 
> > $ldap->unbind;
> > 
> > 
> > 
> > -----Original Message-----
> > From: Chris Ridd [mailto:chr...@me...]
> > Sent: Friday, September 13, 2002 3:52 AM
> > To: DeMarco, Alex; 'per...@li...'
> > Subject: Re: NET:LDAP Authentication
> > 
> > 
> > On 13/9/02 2:16 am, DeMarco, Alex <DEM...@sy...> wrote:
> > 
> > > Hello,
> > > 
> > > I'm trying to run this on a Win2k machie running ActiveStates perl.
> > > 
> > > With the following code:
> > > 
> > > $ldap = Net::LDAP->new("mymachine.com") or die "$@";
> > > $userToAuthenticate="testuserid";
> > > $passwd="password";
> > > $mesg = $ldap->bind("$userToAuthenticate",
> > >                       password => "$passwd",
> > >                       version => 3 );         # use for changes/edits
> > > if ( $mesg->code ) {
> > >   # Handle error codes here
> > > }
> > > $ldap->unbind;
> > > 
> > > No matter what I do I get no error message of any kind if I print the
> > $mesg
> > > I get some sort of HASHmessage.  All I want to do is authenticate
> someone
> > > against a local ldap server..  If anyone can shed some light on this I
> > would
> > > appreciate it.
> > 
> > Your first problem (it's a common one!) is that your $userToAuthenticate
> is
> > required by LDAP to be a DN. The string "testuserid" is not a DN.
> > 
> > If all you've got is some kind of userid then the usual procedure is to do
> > an anonymous bind, search for that userid using some filter, and if it
> > matches one entry do the real bind using the DN of the matching entry.
> > 
> > (Pseudo-code)
> > 
> > Bind(anonymous => 1, version => 3);
> > Search(base => "dc=mycompany,dc=com",
> >        scope => subtree,
> >        filter => "(userid=$userid)",
> >        attrs => [ 'userid' ]); # Don't need complete entries back
> > If ($mesg->count == 1) {
> >     Bind($mesg->entry(0),
> >          password => "secret",
> >          version => 3);
> > }
> > 
> > Adjust to suit where your entries live (below <dc=mycompany,dc=com> in my
> > pseudo-code) and which attribute contains the userid (userid in my
> > pseudo-code). Add error checking :-)
> > 
> > Your next problem is that $mesg is an object so you can't simply print
> > $mesg. You have to call methods on it instead, like $mesg->error, and
> > because perl doesn't interpolate method calls inside strings (sigh), you
> > need to do this:
> > 
> >     print "Bind failed: ", $mesg->error, "\n";
> > 
> > > thanks!
> > > 
> > > - Alex
> > > 
> > 
> > Cheers,
> > 
> > Chris