Re: NET:LDAP Authentication

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Fri, Sep 13, 2002 at 09:20:44AM -0400, DeMarco, Alex wrote:
> I'll know the userid, password and the DN.
> I've never worked with PERL or LDAP before, been thrown in to help a user...
> arrgh
> 
> Basically I need to validate a users password via their LDAP server.  I've
> tried the code below without any success.  Is there a place I can go where
> there are more examples than what is on sourceforge?
> Any help is greatly apprecaited.
> - Alex
> 
> 
> #!/usr/local/bin/perl
> 
> 
> use Net::LDAP qw(:all);    
> use Net::LDAP::Util qw(ldap_error_name       
>                           ldap_error_text) ;    # use for Error handling
>                  
> $ldap = Net::LDAP->new("myldapserver.com") or die "$@";
> $passwd="mypassword";
> $userid="demarcao";
> $mesg = $ldap->bind(anonymous => 1, version => 3);
> 
> $mesg = $ldap->search(base => "dc=sysadmin,dc=suny",
>        scope => subtree,
>        filter => "(userid=$userid)",
>        attrs => [ 'userid' ]); # Don't need complete entries back
> If ($mesg->count == 1) {
>     $ldap->bind($mesg->entry(0),

You need to assign the result to $mesg or your print below will show the
result of the search

Graham.

>          password => "mypassword",
>          version => 3);
> }
> 
>  print "Bind failed: ", $mesg->error, "\n";
> 
> 
> 
> $ldap->unbind;
> 
> 
> 
> -----Original Message-----
> From: Chris Ridd [mailto:chr...@me...]
> Sent: Friday, September 13, 2002 3:52 AM
> To: DeMarco, Alex; 'per...@li...'
> Subject: Re: NET:LDAP Authentication
> 
> 
> On 13/9/02 2:16 am, DeMarco, Alex <DEM...@sy...> wrote:
> 
> > Hello,
> > 
> > I'm trying to run this on a Win2k machie running ActiveStates perl.
> > 
> > With the following code:
> > 
> > $ldap = Net::LDAP->new("mymachine.com") or die "$@";
> > $userToAuthenticate="testuserid";
> > $passwd="password";
> > $mesg = $ldap->bind("$userToAuthenticate",
> >                       password => "$passwd",
> >                       version => 3 );         # use for changes/edits
> > if ( $mesg->code ) {
> >   # Handle error codes here
> > }
> > $ldap->unbind;
> > 
> > No matter what I do I get no error message of any kind if I print the
> $mesg
> > I get some sort of HASHmessage.  All I want to do is authenticate someone
> > against a local ldap server..  If anyone can shed some light on this I
> would
> > appreciate it.
> 
> Your first problem (it's a common one!) is that your $userToAuthenticate is
> required by LDAP to be a DN. The string "testuserid" is not a DN.
> 
> If all you've got is some kind of userid then the usual procedure is to do
> an anonymous bind, search for that userid using some filter, and if it
> matches one entry do the real bind using the DN of the matching entry.
> 
> (Pseudo-code)
> 
> Bind(anonymous => 1, version => 3);
> Search(base => "dc=mycompany,dc=com",
>        scope => subtree,
>        filter => "(userid=$userid)",
>        attrs => [ 'userid' ]); # Don't need complete entries back
> If ($mesg->count == 1) {
>     Bind($mesg->entry(0),
>          password => "secret",
>          version => 3);
> }
> 
> Adjust to suit where your entries live (below <dc=mycompany,dc=com> in my
> pseudo-code) and which attribute contains the userid (userid in my
> pseudo-code). Add error checking :-)
> 
> Your next problem is that $mesg is an object so you can't simply print
> $mesg. You have to call methods on it instead, like $mesg->error, and
> because perl doesn't interpolate method calls inside strings (sigh), you
> need to do this:
> 
>     print "Bind failed: ", $mesg->error, "\n";
> 
> > thanks!
> > 
> > - Alex
> > 
> 
> Cheers,
> 
> Chris