Re: Active Directory authenticaion via UNIX

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Thanks Jim,

My bind now works.......I'm off to figure out why my search won't return any
items.....*sigh*

thnx,

~j

----- Original Message -----
From: "Jim Harle" <ha...@us...>
To: "Jason Jolly" <jas...@ho...>
Cc: <per...@li...>
Sent: Thursday, March 13, 2003 4:13 PM
Subject: Re: Active Directory authenticaion via UNIX

> Jason,
>
> One of the rules of Active Directory is no Anonymous bind.  One way to get
> around that is to build an account that is only used for 'anonymous' LDAP
> searches and use that account's DN and password in the initial bind.
>
> AD meets the letter of the law on this, but not the spirit.  Sigh.
>
>   --Jim harle
>
> On Thu, 13 Mar 2003, Jason Jolly wrote:
>
> > I'm currently having a problem while trying to authenticate an NT userid
> > (Active Directory) from UNIX over LDAP.
> >
> > I'm using the following code snippit to perform the
search/authentication:
> >
> > ===========================
> > == BEGIN
> >
> > #!/bin/perl -w
> >
> > use Net::LDAP qw(:all);
> > use Net::LDAP::Util qw(ldap_error_name ldap_error_text ldap_error_desc);
> >
> > $ldap = Net::LDAP->new("XX.XX.X.XXX") || die "$@\n";
> > my $msg = $ldap->bind(anonymous => 1, version => 3);
> >
> > if ( $msg->code ) {
> >         print ("Message Error Code => " . $msg->code . "\n");
> >         print ("Message Error Name => " . ldap_error_name($msg->code) .
"\n");
> >         print ("Message Error Text => " . ldap_error_text($msg->code) .
"\n");
> >         print ("Message Error Desc => " . ldap_error_desc($msg->code) .
"\n");
> > }
> >
> > $RS = $ldap->search (
> >                      base => "MY_DOMAIN.net",
> >                      scope => "sub",          # still doesn't work with
or w/out this.....
> >                      filter => "(uid=*)"      # also tried "mail=*",
etc.
> >                     );
> >
> > print ( "RS Count => " . $RS->count . "\n");
> >
> > $ldap->unbind();
> >
> > == END
> > ===========================
> >
> > Now,
> >
> > This always returns the output:
> >
> >    RS Count => 0
> >
> > I can only assume that the bind is working...when I try to bind using
the following command:
> >
> >   my $msg = $ldap->bind(dn=>"dc=MY_DOMAIN,dc=net,cn=MY_USER_ID",
password=>"MY_PASSWORD") || die "No Auth: " . "$@\n";
> >
> > I receive the output:
> >
> >   Message Error Code => 49
> >   Message Error Name => LDAP_INVALID_CREDENTIALS
> >   Message Error Text => The wrong password was supplied or the SASL
credentials could not be processed
> >   Message Error Desc => Invalid credentials
> >
> > which is strange since I know that the credentials being sent are
correct, nevertheless.....
> >
> > In talking with my NT admin, he sees no log of either binding attempt?
> >
> > Any suggestions -- I'm hoping that I just can't see the forest for the
trees on this one.
> >
> > thnx,
> >
> > ~j
>