From: <ce...@ca...> - 2000-12-12 20:31:53
|
Sam, I know it's possible, as I am doing it. Here's what my code looks like: my $ldapServer = "xxx.xxx.xxx.xxx"; my $authLogin = "cn=My Name;cn=Users;dc=foo;dc=test;dc=com"; my $pass = "password"; $ldap = Net::LDAP->new($ldapServer,debug=>1) || die &returnErr("Failed to create an LDAP object"); $ldap->bind ( dn => $authLogin, password => $pass ) || die &returnErr("Could not bind."); I don't think that I changed the out-of-the-box security settings for Active Directory, but I did a lot of my work so far under sleep-deprived and caffeine-enhanced conditions, so it's possible. My only suggestion in this regard is to verify the permissions on the User account that you're using to bind with. Maybe someone else has more complete information? ---Corey Sent by: per...@li... To: <per...@li...> cc: Subject: Is Net::LDAP binding to Active Directiry possible? Hello all. I'm trying to bind() to an Active Directory server using Net::LDAP. So far no matter what I try to use for a "dn" I get an AccessSecurityContext error in response. I can get access to the LDAP services with the LDP.EXE crap-ware provided with Windows 2000. Binding from within LDP.EXE works unless I uncheck NTLM Domain. Is it possible I need to turn off some MS-specific bind requirements? Kerberos, perhaps? I can post my test script if it would help. I can also run any queries you might want to see from the LDP.EXE program. Thanks for your help and advice. -sam |
From: <ce...@ca...> - 2000-12-12 21:01:25
|
I think it was O'Reilly's "Windows 2000 Active Directory". All of the code samples are C++ and VB, but it's still a useful reference. I've also found myself referring to two other excellent O'Reilly books: "Perl for System Administration" and "Practical Internet Groupware". --Corey To: Corey Ehmke/CAT/hmco@HoughtonMifflin cc: per...@li... Subject: Re: Is Net::LDAP binding to Active Directiry possible? On Tue, 12 Dec 2000 ce...@ca... wrote: > I know it's possible, as I am doing it. Here's what my code looks like: Thanks! That did the trick. A question - where did you get this information? I'm curious where I went wrong. Perhaps something like this should go in the Net::LDAP docs? In the docs I was led to believe I was looking for something like "uid=foo,ou=People,o=bar.com". Thanks again! -sam |
From: Sam T. <sa...@tr...> - 2000-12-12 20:53:44
|
On Tue, 12 Dec 2000 ce...@ca... wrote: > I know it's possible, as I am doing it. Here's what my code looks like: Thanks! That did the trick. A question - where did you get this information? I'm curious where I went wrong. Perhaps something like this should go in the Net::LDAP docs? In the docs I was led to believe I was looking for something like "uid=foo,ou=People,o=bar.com". Thanks again! -sam |
From: Jim H. <ha...@us...> - 2000-12-12 22:53:17
|
Sam, The issue is that you need to know the directory structure for whatever directory server you are searching. If you know that the server has unique identifiers for everyone, then you cand find the dn of the object (account) to which you want to bind by code similar to: $mesg = $ldap->search ( filter => "(|(uid=$who) (cn=$who))") die "not found" if $mesg->count == 0; die "multiple entries found" if $mesg->count > 1; $dn_of_user = $mesg->entry(0)->dn; This of course assumes that either uid or cn are used to identify people in your directory. Other things are possible, these are the most common. --Jim Harle On Tue, 12 Dec 2000, Sam Tregar wrote: > On Tue, 12 Dec 2000 ce...@ca... wrote: > > > I know it's possible, as I am doing it. Here's what my code looks like: > > Thanks! That did the trick. A question - where did you get this > information? I'm curious where I went wrong. > > Perhaps something like this should go in the Net::LDAP docs? In the docs > I was led to believe I was looking for something like > "uid=foo,ou=People,o=bar.com". > > Thanks again! > -sam > > |