Re: Authentication problem

[Rob H. <rob...@mo...>]

Jim,

Thank you for responding. I found the problem early this morning and
have been feeling like a bozo ever since. Guess I should have slept on
it before bothering the list. Thanks again.

Rob



Jim Harle wrote:
> 
> Rob,
>   These 2 consecutive lines are at issue:
> 
>           if ($ldap = Net::LDAP->new('directory.mot.com')) {
>                 $ldap->bind( $dn, password => $password );
> 
> The first is unnecessary, but doen't hurt, other than performance.  The second needs to be
> preceded by
>    $mesg =
> Your line does the bind, but doesn't store the result anywhere.
> 
>   --Jim Harle
> 
> Rob Hawkes wrote:
> 
> > It seems to be impossible to use the non-anonymous bind to do user
> > authentication. No matter what kind of bogus password I send along
> > with the DN, I get a successful bind. I have tried using lots of
> > $ldap->unbind calls, getting a brand new connection, everything I can
> > think of. What am I missing? Thank you.
> >
> > Rob Hawkes
> > Motorola, Inc.
> >
> > ------------------------------------------------------------------------
> >
> > #! /usr/local/bin/perl
> >
> > # Test driver.
> >
> > ldapAuth('rvpl50', 'xxx');
> >
> > ########################################################################
> > #
> > #    l d a p A u t h
> > #
> > ########################################################################
> >
> > sub ldapAuth {
> >   my($userid,$password) = @_;
> >
> >   use strict;
> >   use Net::LDAP;
> >
> >   my($ldap,$mesg);
> >   my $server = "directory.mot.com";
> >
> >   # First do an anonymous bind with $userid and retrieve the DN.
> >   $ldap = Net::LDAP->new($server);
> >   if (! $ldap) {
> >         print "DEBUG: failed to connect to $server\n";
> >         return 0;
> >   }
> >
> >   $ldap->bind;
> >   my $mesg = $ldap->search (
> >                                                         base   => "o=Motorola,c=US",
> >                                                         filter => "uid=$userid"
> >                                                         );
> >   if ($mesg->code) {
> >         print $mesg->error;
> >         return 0;
> >   }
> >   else {
> >         # Try with all entries to bind with the supplied password.
> >         foreach my $entry ($mesg->all_entries) {
> >           my $dn = $entry->dn;
> >           print "DEBUG: try to bind with DN= $dn, password= $password\n";
> >           $ldap->unbind;
> >
> >           if ($ldap = Net::LDAP->new('directory.mot.com')) {
> >                 $ldap->bind( $dn, password => $password );
> >
> >                 print "\n", $mesg->code, " ", $mesg->error, "\n";
> >
> >                 if ($mesg->code) {
> >                   # Bind failed.
> >                   return 0;
> >                 }
> >                 else {
> >                   # Bind succeeded.
> >                   $mesg = $ldap->search (
> >                                                                  base   => "o=Motorola,c=US",
> >                                                                  filter => "uid=$userid"
> >                                                                  );
> >
> >                   foreach my $entry ($mesg->all_entries) {
> >                         $entry->dump;
> >                   }
> >
> >                   $ldap->unbind;
> >                   return 1;
> >                 }
> >           }
> >           else {
> >                 # Could not get a new connection.
> >                 return 0;
> >           }
> >         }
> >   }
> > }