RE: NET:LDAP Authentication

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I'll know the userid, password and the DN.
I've never worked with PERL or LDAP before, been thrown in to help a user...
arrgh

Basically I need to validate a users password via their LDAP server.  I've
tried the code below without any success.  Is there a place I can go where
there are more examples than what is on sourceforge?
Any help is greatly apprecaited.
- Alex

#!/usr/local/bin/perl

use Net::LDAP qw(:all);    
use Net::LDAP::Util qw(ldap_error_name       
                          ldap_error_text) ;    # use for Error handling

$ldap = Net::LDAP->new("myldapserver.com") or die "$@";
$passwd="mypassword";
$userid="demarcao";
$mesg = $ldap->bind(anonymous => 1, version => 3);

$mesg = $ldap->search(base => "dc=sysadmin,dc=suny",
       scope => subtree,
       filter => "(userid=$userid)",
       attrs => [ 'userid' ]); # Don't need complete entries back
If ($mesg->count == 1) {
    $ldap->bind($mesg->entry(0),
         password => "mypassword",
         version => 3);
}

 print "Bind failed: ", $mesg->error, "\n";

$ldap->unbind;

-----Original Message-----
From: Chris Ridd [mailto:chr...@me...]
Sent: Friday, September 13, 2002 3:52 AM
To: DeMarco, Alex; 'per...@li...'
Subject: Re: NET:LDAP Authentication

On 13/9/02 2:16 am, DeMarco, Alex <DEM...@sy...> wrote:

> Hello,
> 
> I'm trying to run this on a Win2k machie running ActiveStates perl.
> 
> With the following code:
> 
> $ldap = Net::LDAP->new("mymachine.com") or die "$@";
> $userToAuthenticate="testuserid";
> $passwd="password";
> $mesg = $ldap->bind("$userToAuthenticate",
>                       password => "$passwd",
>                       version => 3 );         # use for changes/edits
> if ( $mesg->code ) {
>   # Handle error codes here
> }
> $ldap->unbind;
> 
> No matter what I do I get no error message of any kind if I print the
$mesg
> I get some sort of HASHmessage.  All I want to do is authenticate someone
> against a local ldap server..  If anyone can shed some light on this I
would
> appreciate it.

Your first problem (it's a common one!) is that your $userToAuthenticate is
required by LDAP to be a DN. The string "testuserid" is not a DN.

If all you've got is some kind of userid then the usual procedure is to do
an anonymous bind, search for that userid using some filter, and if it
matches one entry do the real bind using the DN of the matching entry.

(Pseudo-code)

Bind(anonymous => 1, version => 3);
Search(base => "dc=mycompany,dc=com",
       scope => subtree,
       filter => "(userid=$userid)",
       attrs => [ 'userid' ]); # Don't need complete entries back
If ($mesg->count == 1) {
    Bind($mesg->entry(0),
         password => "secret",
         version => 3);
}

Adjust to suit where your entries live (below <dc=mycompany,dc=com> in my
pseudo-code) and which attribute contains the userid (userid in my
pseudo-code). Add error checking :-)

Your next problem is that $mesg is an object so you can't simply print
$mesg. You have to call methods on it instead, like $mesg->error, and
because perl doesn't interpolate method calls inside strings (sigh), you
need to do this:

    print "Bind failed: ", $mesg->error, "\n";

> thanks!
> 
> - Alex
> 

Cheers,

Chris