Re: Active Directory authenticaion via UNIX

[Jason J. <jas...@ho...>]

MessageThanks Ken.  I wasn't aware of that.......

You don't, by chance, happen to know how to determine what dc / cn =
information should be used for the connection:

    =
$ldap->bind(dn=3D>"dc=3DMY_DOMAIN,dc=3DMY_DOMAIN_SUFFIX,cn=3DMY_USER_ID",=
 password=3D>"MY_PASSWORD")=20

on the Active Directory side (AD browser, etc)?

I've talked to my NT administrator and he states this is correct, but =
this syntax always fails and I get this sinking feeling that I'm doing =
something wrong that is *VERY* easy....

thnx,

~j



  AD does not allow anonymous binds to do sub-level searches. You will =
have to bind with an explicit user id/password, or configure your AD to =
allow anonymous searches.
    -----Original Message-----
    From: Jason Jolly
    Sent: Thursday, March 13, 2003 4:32 PM
    To: per...@li...
    Subject: Active Directory authenticaion via UNIX


    I'm currently having a problem while trying to authenticate an NT =
userid (Active Directory) from UNIX over LDAP.

    I'm using the following code snippit to perform the =
search/authentication:

    =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
    =3D=3D BEGIN

    #!/bin/perl -w

    use Net::LDAP qw(:all);
    use Net::LDAP::Util qw(ldap_error_name ldap_error_text =
ldap_error_desc);

    $ldap =3D Net::LDAP->new("XX.XX.X.XXX") || die "$@\n";
    my $msg =3D $ldap->bind(anonymous =3D> 1, version =3D> 3);

    if ( $msg->code ) {
            print ("Message Error Code =3D> " . $msg->code . "\n");
            print ("Message Error Name =3D> " . =
ldap_error_name($msg->code) . "\n");
            print ("Message Error Text =3D> " . =
ldap_error_text($msg->code) . "\n");
            print ("Message Error Desc =3D> " . =
ldap_error_desc($msg->code) . "\n");   =20
    }

    $RS =3D $ldap->search (
                         base =3D> "MY_DOMAIN.net",
                         scope =3D> "sub",          # still doesn't work =
with or w/out this.....
                         filter =3D> "(uid=3D*)"      # also tried =
"mail=3D*", etc.
                        );

    print ( "RS Count =3D> " . $RS->count . "\n");

    $ldap->unbind();

    =3D=3D END
    =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D

    Now,=20

    This always returns the output:

       RS Count =3D> 0

    I can only assume that the bind is working...when I try to bind =
using the following command:

      my $msg =3D =
$ldap->bind(dn=3D>"dc=3DMY_DOMAIN,dc=3Dnet,cn=3DMY_USER_ID", =
password=3D>"MY_PASSWORD") || die "No Auth: " . "$@\n";

    I receive the output:

      Message Error Code =3D> 49
      Message Error Name =3D> LDAP_INVALID_CREDENTIALS
      Message Error Text =3D> The wrong password was supplied or the =
SASL credentials could not be processed
      Message Error Desc =3D> Invalid credentials

    which is strange since I know that the credentials being sent are =
correct, nevertheless.....

    In talking with my NT admin, he sees no log of either binding =
attempt?

    Any suggestions -- I'm hoping that I just can't see the forest for =
the trees on this one.

    thnx,

    ~j