Re: Authentication problem

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Rob,
  These 2 consecutive lines are at issue:

          if ($ldap = Net::LDAP->new('directory.mot.com')) {
                $ldap->bind( $dn, password => $password );

The first is unnecessary, but doen't hurt, other than performance.  The second needs to be
preceded by
   $mesg =
Your line does the bind, but doesn't store the result anywhere.

  --Jim Harle

Rob Hawkes wrote:

> It seems to be impossible to use the non-anonymous bind to do user
> authentication. No matter what kind of bogus password I send along
> with the DN, I get a successful bind. I have tried using lots of
> $ldap->unbind calls, getting a brand new connection, everything I can
> think of. What am I missing? Thank you.
>
> Rob Hawkes
> Motorola, Inc.
>
> ------------------------------------------------------------------------
>
> #! /usr/local/bin/perl
>
> # Test driver.
>
> ldapAuth('rvpl50', 'xxx');
>
> ########################################################################
> #
> #    l d a p A u t h
> #
> ########################################################################
>
> sub ldapAuth {
>   my($userid,$password) = @_;
>
>   use strict;
>   use Net::LDAP;
>
>   my($ldap,$mesg);
>   my $server = "directory.mot.com";
>
>   # First do an anonymous bind with $userid and retrieve the DN.
>   $ldap = Net::LDAP->new($server);
>   if (! $ldap) {
>         print "DEBUG: failed to connect to $server\n";
>         return 0;
>   }
>
>   $ldap->bind;
>   my $mesg = $ldap->search (
>                                                         base   => "o=Motorola,c=US",
>                                                         filter => "uid=$userid"
>                                                         );
>   if ($mesg->code) {
>         print $mesg->error;
>         return 0;
>   }
>   else {
>         # Try with all entries to bind with the supplied password.
>         foreach my $entry ($mesg->all_entries) {
>           my $dn = $entry->dn;
>           print "DEBUG: try to bind with DN= $dn, password= $password\n";
>           $ldap->unbind;
>
>           if ($ldap = Net::LDAP->new('directory.mot.com')) {
>                 $ldap->bind( $dn, password => $password );
>
>                 print "\n", $mesg->code, " ", $mesg->error, "\n";
>
>                 if ($mesg->code) {
>                   # Bind failed.
>                   return 0;
>                 }
>                 else {
>                   # Bind succeeded.
>                   $mesg = $ldap->search (
>                                                                  base   => "o=Motorola,c=US",
>                                                                  filter => "uid=$userid"
>                                                                  );
>
>                   foreach my $entry ($mesg->all_entries) {
>                         $entry->dump;
>                   }
>
>                   $ldap->unbind;
>                   return 1;
>                 }
>           }
>           else {
>                 # Could not get a new connection.
>                 return 0;
>           }
>         }
>   }
> }