perl-ldap-dev

Re: Re: error in bind()

[Nitin G. <sla...@re...>]

=0D=0A=0D=0AOn Thu, 25 Oct 2001 Chris Ridd wrote :=0D=0A> Nitin Gaur <slash=
bi...@re...> wrote:=0D=0A> > =0D=0A> > Hi all,=0D=0A> > this is my f=
irst post to this list.=0D=0A> > I am using RH 7.1 with perl-ldap-0.2401=0D=
=0A> > I got my first problem as=0D=0A> > it is unable to bind =0D=0A> > ne=
ither anonymously:=0D=0A> > $ldap->bind();=0D=0A> > code returned is 32=0D=
=0A> > nor as a user:=0D=0A> > in this as code returned is 49 .=0D=0A> > =
=0D=0A> > thanks in advance=0D=0A> > -Nitin Gaur=0D=0A> > Sr. Programmer An=
alyst=0D=0A> > Adroit Computer Technique=0D=0A> > New Delhi.=0D=0A> =0D=0A>=
 You may want to look at Net::LDAP::Utils::ldap_error_nam-=0D=0A> e() to fi=
nd out=0D=0A> what error codes mean, which should help you understand =0D=
=0A> what's happening.=0D=0A> 32 is no such object, and 49 is invalid crede=
ntials. =0D=0A> I'm not certain how=0D=0A> you can get no such object from =
an anonymous bind... =0D=0A> what else do you see=0D=0A> in the result obje=
ct? (eg $res->dn(), $res->error().)=0D=0A> =0D=0A> To do an anonymous bind,=
 do it this way:=0D=0A> =0D=0A> 	$ldap->bind(anonymous =3D> 1);=0D=0A> =0D=
=0A> To do a bind using simple auth, do it this way:=0D=0A> =0D=0A> 	$ldap-=
>bind("cn=3DChris Ridd,o=3DMessagingDirect,c=3DCA",=0D=0A>                 =
    password =3D> "mypassword");=0D=0A> =0D=0A> (or whatever your DN and pa=
ssword are.)=0D=0A> =0D=0A> Works for me!=0D=0A> =0D=0A> Cheers,=0D=0A> =0D=
=0A> Chris=0D=0A=0D=0AThanks Chris,=0D=0AIt finally worked!=0D=0AAs I am ne=
w to all this, I could not interpret the error code.I should have known ins=
tantly that problem lies in search()=0D=0A=0D=0AAnyway thanks for all of yo=
u!=0D=0A-Nitin=0D=0A=0D=0A =0A

Bind() question for users in different OU's

[Padraig R. <rya...@it...>]

Hi,

We're using MS AD to authenticate users for some of our web based apps using
bind() where we get the user to enter their UID and Password on a web form
and then perl uses this info coupled with the search base info from a config
file to actually do the bind and authenticate the user.

Q. Is it possible to bind without knowing the particular ou that a user
belongs to ?

For example we have one ou for staff and another for students yet we won;t
know whether it's a staff member or a student logging in and so in our Perl
we have to do 2 binds, one for each ou to actually authenticate. This slows
up the whole process.

Any help appreciated. Thanks.

Padraig.
----------------------------------------------------------------
Padraig Ryan
IT Manager
Institute of Technology, Sligo
Ireland

P +353(0)71.55365
F +353(0)71.60475
M +353(0)87.2334062
E rya...@it...
W http://www.itsligo.ie/staff/pryan

Re: Bind() question for users in different OU's

[Chris R. <chr...@me...>]

Padraig Ryan <rya...@it...> wrote:
> Hi,
> 
> We're using MS AD to authenticate users for some of our web based apps
> using bind() where we get the user to enter their UID and Password on a
> web form and then perl uses this info coupled with the search base info
> from a config file to actually do the bind and authenticate the user.
> 
> Q. Is it possible to bind without knowing the particular ou that a user
> belongs to ?
> 
> For example we have one ou for staff and another for students yet we won;t
> know whether it's a staff member or a student logging in and so in our
> Perl we have to do 2 binds, one for each ou to actually authenticate.
> This slows up the whole process.
> 
> Any help appreciated. Thanks.

The usual procedure is for the app to connect to the directory, do a single
subtree search for the user (ie from some highish point in the directory),
and then do the bind.

Cheers,

Chris

Re: Bind() question for users in different OU's

[Padraig R. <rya...@it...>]

Thanks Micheal & Chris,

Chris, the code snippit works I just have to allow Anonymous access on the
AD. This is achieved by setting the security on all objects to allow the
ANONYMOUS LOGON user the read right.

my $ldap = Net::LDAP->new('scarden.campus.itsligo.ie');

my $res = $ldap->search(base => 'dc=campus,dc=itsligo,dc=ie',
                        scope=> 'subtree',
                        filter => '(cn=pryan)',
                        );

if ($res->code) {
    die "Search problem";
}

if ($res->count != 1) {
    die "Indeterminate user";
}

my $dn = $res->entry(0)->dn;

print "<br><br><br>=======================>login is $dn";

if ($res->code) {
    die "Login unsuccessful";
}


Thanks.

Padraig.
----------------------------------------------------------------
Padraig Ryan
IT Manager
Institute of Technology, Sligo
Ireland

P +353(0)71.55365
F +353(0)71.60475
M +353(0)87.2334062
E rya...@it...
W http://www.itsligo.ie/staff/pryan
----- Original Message -----
From: "Chris Ridd" <chr...@me...>
To: "Padraig Ryan" <rya...@it...>; "perl-ldap-dev"
<per...@li...>
Sent: Friday, January 18, 2002 10:27 AM
Subject: Re: Bind() question for users in different OU's


> Padraig Ryan <rya...@it...> wrote:
> > Hi,
> >
> > We're using MS AD to authenticate users for some of our web based apps
> > using bind() where we get the user to enter their UID and Password on a
> > web form and then perl uses this info coupled with the search base info
> > from a config file to actually do the bind and authenticate the user.
> >
> > Q. Is it possible to bind without knowing the particular ou that a user
> > belongs to ?
> >
> > For example we have one ou for staff and another for students yet we
won;t
> > know whether it's a staff member or a student logging in and so in our
> > Perl we have to do 2 binds, one for each ou to actually authenticate.
> > This slows up the whole process.
> >
> > Any help appreciated. Thanks.
>
> The usual procedure is for the app to connect to the directory, do a
single
> subtree search for the user (ie from some highish point in the directory),
> and then do the bind.
>
> Cheers,
>
> Chris