Re: Newbie Question

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Lori,

The technique is to turn (via anonymous bind) a login identifier into a
distinguished name (DN), then use the DN and password in an authenticated
bind and check the results.  Here is some sample code.  Note that this
assumes that loings are unique in the directory tree.  If they aren't in
yours then the coding becomes trickier:

my $ldap = new Net::LDAP($host) or die "$@";
$ldap->bind ( version=>3) ; #first find dn for this login
# you need to know what your identifying objects are known by.
# in this example, they are either cn or uid:
my $filter = "(|(uid=$login)(cn=$login))";
my $mesg = $ldap->search(
               base => $base,
               filter => $filter,
               attrs => ["dn"]
               );
if ($mesg->code || ($mesg->count() != 1)) {
      print "Couldn't find $login, message is \n  ",
           Net::LDAP::Util::ldap_error_name($mesg->code), "\n";
      exit;
}
my $entry = $mesg->entry(0);
my $dn = $entry->dn;
$mesg = $ldap->bind (dn => $dn, password  => $password, version => 3) ;
if ($mesg->code) {
   print "Couldn't bind to $login, message is \n  ",
           Net::LDAP::Util::ldap_error_name($mesg->code), "\n";
   exit;
}

  --Jim

On Mon, 22 Apr 2002 moo...@pg... wrote:

> Hi All--
>
> I just started working with Perl-ldap today, so bear with me if this is a silly
> question.
>
> I've got a connection to our LDAP server, and have been able using perl-ldap to
> go in and get information for users, which is great.   However, I also need to
> authenticate these users..tried just binding as a user + pass, but that didn't
> work (it seems to just treat this as an anonymous access).
>
> So far, I can't find anything about authentication in the faq...should I be
> looking at another module, or does perl-ldap do authentication and I'm just
> missing where it's documented?
>
> Thanks in advance!
> Lori Moore
>
>