Re: Bind() question for users in different OU's

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Thanks Micheal & Chris,

Chris, the code snippit works I just have to allow Anonymous access on the
AD. This is achieved by setting the security on all objects to allow the
ANONYMOUS LOGON user the read right.

my $ldap = Net::LDAP->new('scarden.campus.itsligo.ie');

my $res = $ldap->search(base => 'dc=campus,dc=itsligo,dc=ie',
                        scope=> 'subtree',
                        filter => '(cn=pryan)',
                        );

if ($res->code) {
    die "Search problem";
}

if ($res->count != 1) {
    die "Indeterminate user";
}

my $dn = $res->entry(0)->dn;

print "<br><br><br>=======================>login is $dn";

if ($res->code) {
    die "Login unsuccessful";
}

Thanks.

Padraig.
----------------------------------------------------------------
Padraig Ryan
IT Manager
Institute of Technology, Sligo
Ireland

P +353(0)71.55365
F +353(0)71.60475
M +353(0)87.2334062
E rya...@it...
W http://www.itsligo.ie/staff/pryan
----- Original Message -----
From: "Chris Ridd" <chr...@me...>
To: "Padraig Ryan" <rya...@it...>; "perl-ldap-dev"
<per...@li...>
Sent: Friday, January 18, 2002 10:27 AM
Subject: Re: Bind() question for users in different OU's

> Padraig Ryan <rya...@it...> wrote:
> > Hi,
> >
> > We're using MS AD to authenticate users for some of our web based apps
> > using bind() where we get the user to enter their UID and Password on a
> > web form and then perl uses this info coupled with the search base info
> > from a config file to actually do the bind and authenticate the user.
> >
> > Q. Is it possible to bind without knowing the particular ou that a user
> > belongs to ?
> >
> > For example we have one ou for staff and another for students yet we
won;t
> > know whether it's a staff member or a student logging in and so in our
> > Perl we have to do 2 binds, one for each ou to actually authenticate.
> > This slows up the whole process.
> >
> > Any help appreciated. Thanks.
>
> The usual procedure is for the app to connect to the directory, do a
single
> subtree search for the user (ie from some highish point in the directory),
> and then do the bind.
>
> Cheers,
>
> Chris