Menu
▾
▴
ldap->bind not sending passwords
|
From: <Sim...@wi...> - 2000-05-25 17:48:29
|
Dear all,
I'm having some difficulty with ldap->bind which I hope someone can help
me with.
In the following code I am binding to an ldap server, doing a search for a
dn and then binding again with the resulting dn.
I'm writing routines to provide web-site authorisation, based on
Apache::AuthCookie and Apache::Session and some code ideas from
Apache::AuthNetLdap too :-)
I am using Net::NetLDAP v0.18 and Convert::ASN1 0.06
Perl is 5.6.0 and the LDAP server is Novell's eDirectory for NT
Basically what seems to happen is that the second bind is not transmitting
the password I've given it, so the ldap server decides it is an anonymous
bind and it does that and returns success.
Any ideas ?
I've also attached the relevant output pack from debug and also a trace
from the LDAP server which bears this out.
All help would be appreciated as I'm now completely stuck !
Simon Wilcox.
-------------------CODE--------------
#!/perl/5.6.0/bin/mswin32-x86/perl.exe -w
use strict;
use Net::LDAP;
my $lookdn = "cn=nexusadm,ou=SysUsers,o=wl";
my $lookpwd = "apple77";
my $basedn = "ou=users,o=wl";
my $ldapserver = "nexus.williamslea.com";
my $ldapport = 389;
my $matchattr = "uid";
my $username = "testuser";
my $userpwd = "fred";
my $ldap = new Net::LDAP($ldapserver, port => $ldapport, debug=>1) or die
"Damn: ($@)";
#initial bind as lookup user
my $mesg = $ldap->bind(dn=> $lookdn, password=>$lookpwd);
if (my $error = $mesg->code()) {
die"Lookup: LDAP Connection Failed :$error";
}
my $attrs = ['dn'];
$mesg = $ldap->search(
base => $basedn,
scope => 'sub',
filter => "($matchattr=$username)",
attrs => $attrs
);
if (my $error = $mesg->code()) {
die"user $username: LDAP Connection Failed: $error";
}
unless ($mesg->count()) {
die"user $username: user entry not found for filter:
$matchattr=$username";
}
#now try to authenticate as user
my $authdn = $mesg->shift_entry->dn();
#$ldap->unbind;
$mesg = $ldap->bind(dn=>$authdn, password=>$userpwd);
if (my $error = $mesg->code()) {
my $txt=$mesg->error();
die"user $username failed bind: $error, $txt";
}
my $error = $mesg->code();
die"EndResult: user $authdn:$userpwd bind: $error";
-------------------OUTPUT TRACE---------------------------
Net::LDAP=HASH(0x866071c) sending:
30 2F 02 01 01 60 2A 02 01 02 04 1C 63 6E 3D 6E 0/...`*.....cn=n
65 78 75 73 61 64 6D 2C 6F 75 3D 53 79 73 55 73 exusadm,ou=SysUs
65 72 73 2C 6F 3D 77 6C 80 07 61 70 70 6C 65 37 ers,o=wl..apple7
37 __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ 7
Net::LDAP=HASH(0x866071c) received:
Net::LDAP=HASH(0x866071c) sending:
30 3A 02 01 02 63 35 04 0D 6F 75 3D 75 73 65 72 0:...c5..ou=user
73 2C 6F 3D 77 6C 0A 01 02 0A 01 02 02 01 00 02 s,o=wl..........
01 00 01 01 00 A3 0F 04 03 75 69 64 04 08 74 65 .........uid..te
73 74 75 73 65 72 30 04 04 02 64 6E __ __ __ __ stuser0...dn
Net::LDAP=HASH(0x866071c) received:
Net::LDAP=HASH(0x866071c) received:
Net::LDAP=HASH(0x866071c) sending:
30 25 02 01 03 60 20 02 01 02 04 19 63 6E 3D 74 0%...` .....cn=t
65 73 74 75 73 65 72 2C 6F 75 3D 75 73 65 72 73 estuser,ou=users
2C 6F 3D 77 6C 80 00 __ __ __ __ __ __ __ __ __ ,o=wl..
Net::LDAP=HASH(0x866071c) received:
EndResult: user cn=testuser,ou=users,o=wl:fred bind: 0 at test.pl line 54.
-----------------------LDAP SERVER LOG--------------------------
*** NDS Trace Utility - BEGIN Logging *** Thu May 25 16:53:39 2000
LDAP: listening for activity in monitor thread 0x718 on:
LDAP: 0x83ddd0r
LDAP: before select in monitor thread 0x718, active_threads 0
LDAP: select activity
LDAP: Accepting TCP connection
LDAP: Found usable monitor thread 0x718
LDAP: new connection on 0x83d8bc
LDAP: select activity in monitor thread 0x718
LDAP: read activity on 0x83ddd0
LDAP: listening for activity in monitor thread 0x718 on:
LDAP: 0x83ddd0r
LDAP: 0x83d8bcr
LDAP: before select in monitor thread 0x718, active_threads 0
LDAP: select activity in monitor thread 0x718
LDAP: read activity on 0x83d8bc
LDAP: listening for activity in monitor thread 0x718 on:
LDAP: 0x83ddd0r
LDAP: 0x83d8bcr
LDAP: before select in monitor thread 0x718, active_threads 1
LDAP: do_bind
LDAP: bind: protocol version 2 dn (cn=nexusadm,ou=SysUsers,o=wl) method 128
LDAP: dn (cn=nexusadm,ou=SysUsers,o=wl), ndsDn (CN=nexusadm.OU=SysUsers.O=wl)
LDAP: send_ldap_result 0::
LDAP: select activity in monitor thread 0x718
LDAP: read activity on 0x83d8bc
LDAP: listening for activity in monitor thread 0x718 on:
LDAP: 0x83ddd0r
LDAP: 0x83d8bcr
LDAP: before select in monitor thread 0x718, active_threads 1
LDAP: do_search
LDAP: SRCH base "ou=users,o=wl" scope 2 deref 2
LDAP: sizelimit 0 timelimit 0 attrsonly 0
LDAP: begin get_filter
LDAP: EQUALITY
LDAP: filter: (uid=testuser)
LDAP: attrs:
LDAP: dn
LDAP: => send_search_entry (cn=testuser,ou=users,o=wl)
LDAP: send_ldap_result 0::
LDAP: select activity in monitor thread 0x718
LDAP: read activity on 0x83d8bc
LDAP: listening for activity in monitor thread 0x718 on:
LDAP: 0x83ddd0r
LDAP: 0x83d8bcr
LDAP: before select in monitor thread 0x718, active_threads 1
LDAP: do_bind
LDAP: Treating simple bind request with dn = "cn=testuser,ou=users,o=wl" and
empty password as anonymous.
LDAP: bind: protocol version 2 dn () method 128
LDAP: accepting NULL bind
LDAP: send_ldap_result 0::
LDAP: select activity in monitor thread 0x718
LDAP: read activity on 0x83d8bc
LDAP: ber_get_next on fd 0x83d8bc failed errno 10057
LDAP: *** got 0 of 0 so far
LDAP: close conn in close_connection 0x5635c78 on skt 0x83d8bc from opid -1
LDAP: called by "connection_activity"
LDAP: freeing conn 0x5635c78 at index 1 in monitor thread 0x6239d88
LDAP: listening for activity in monitor thread 0x718 on:
LDAP: 0x83ddd0r
LDAP: before select in monitor thread 0x718, active_threads 0
*** NDS Trace Utility - END Logging *** Thu May 25 16:53:52 2000
|
