Menu
▾
▴
perl-ldap-dev
|
From: <ma...@mj...> - 2001-04-02 23:23:39
|
How the password is stored on the LDAP server is inconsiquential when using simple bind. you pass the DN and plain text password regardless: $ldap->bind($dn,password => "mypassword"); Mark On 2 Apr 01, at 21:29, Graham Barr wrote: > ----- Forwarded message from Ron Hall <th...@cc...> ----- > > Date: Fri, 30 Mar 2001 12:59:34 -0500 (EST) > To: gb...@po... > From: Ron Hall <th...@cc...> > Subject: Net::LDAP api talking to Netscape Directory server > > > Howdy! > > How would one bind to a Netscape Directory server using > Net::LDAP, when the passwd is SHA encrypted on the Netscape > side of things? > > r > > > > ----- End forwarded message ----- > > > Mark Wilcox ma...@mj... Got LDAP? |
|
From: <ne...@na...> - 2001-04-03 15:23:22
|
The error shows "Drectory Manager" perhaps you need to be using "Directory
Manager"?
No rootdn is defined as cn=Drectory Manager.
SteveN
|
|
From: Ron H. <th...@cc...> - 2001-04-03 15:48:14
|
> > The error shows "Drectory Manager" perhaps you need to be using "Directory > Manager"? > > > > No rootdn is defined as cn=Drectory Manager. <Sigh> I obviously cannot tpye. r |
|
From: Ron H. <th...@cc...> - 2001-04-03 11:59:38
|
On Mon, 2 Apr 2001 ma...@mj... wrote: > How the password is stored on the LDAP server is inconsiquential > when using simple bind. > > you pass the DN and plain text password regardless: > > $ldap->bind($dn,password => "mypassword"); OK, then why would it fail to bind? BTW do I need to escape ! character if it appears in the plaintext password? I do not have this problem with either my PMDF directory server or OpenLDAP. I don't own the LDAP server it is physically in another building running on NT and the person who administers it in technically not quite there yet, so he doesn't know where everything is and the person who set it up is long gone. So would there be something else blocking a bind as the "Directory Manager" which IS defined as the rootdn in the LDAP DB? |
|
From: <ma...@mj...> - 2001-04-03 14:45:31
|
On 3 Apr 01, at 7:58, Ron Hall wrote: > On Mon, 2 Apr 2001 ma...@mj... wrote: > > > How the password is stored on the LDAP server is inconsiquential > > when using simple bind. > > > > you pass the DN and plain text password regardless: > > > > $ldap->bind($dn,password => "mypassword"); > > > OK, then why would it fail to bind? Incorrect password. > > BTW do I need to escape ! character if it appears in the > plaintext password? No, you shouldn't. I haven't tried a ! in the password before but it should be allowed. > > I do not have this problem with either my PMDF directory server > or OpenLDAP. Are you sure they're all the same passwords? > > I don't own the LDAP server it is physically in another > building running on NT and the person who administers it > in technically not quite there yet, so he doesn't know where > everything is and the person who set it up is long gone. that could be your problem :) > > So would there be something else blocking a bind as the > "Directory Manager" which IS defined as the rootdn in the > LDAP DB? What's the error message being returned? If it's 49 then it's incorrect password, it could be that you've got the wrong DN for the Directory Manager (normally it's cn=Directory Manager). Mark > > > Mark Wilcox ma...@mj... Got LDAP? |
|
From: Ron H. <th...@cc...> - 2001-04-03 15:09:37
|
> > > > OK, then why would it fail to bind? > Incorrect password. OK I'll but that but I changed the password for the cn="Directory Manager" myself and it was correct. > > > > BTW do I need to escape ! character if it appears in the > > plaintext password? > No, you shouldn't. I haven't tried a ! in the password before but it > should be allowed. OK I've tried both, but I'll go back to unescaped. > > > > I do not have this problem with either my PMDF directory server > > or OpenLDAP. > Are you sure they're all the same passwords? No they are different servers, my point was that I have sucessfully written code that talks,walks and squawks at OpenLDAP and PMDF. Just Netscape giving me a headache. > > > > > I don't own the LDAP server it is physically in another > > building running on NT and the person who administers it > > in technically not quite there yet, so he doesn't know where > > everything is and the person who set it up is long gone. > that could be your problem :) Yah think?!? Phew I thought it was only me :) > > > > So would there be something else blocking a bind as the > > "Directory Manager" which IS defined as the rootdn in the > > LDAP DB? > What's the error message being returned? If it's 49 then it's > incorrect password, it could be that you've got the wrong DN for the > Directory Manager (normally it's cn=Directory Manager). No rootdn is defined as cn=Drectory Manager. The error code is 48. r |
|
From: <ma...@mj...> - 2001-04-03 18:57:12
|
On 3 Apr 01, at 11:08, Ron Hall wrote: > > > > > > OK, then why would it fail to bind? > > Incorrect password. > > OK I'll but that but I changed the password for the > cn="Directory Manager" myself and it was correct. > Did you actually encode it with SHA-1 before putting it into the slapd.conf file? > > > > > > BTW do I need to escape ! character if it appears in the > > > plaintext password? > > No, you shouldn't. I haven't tried a ! in the password before but it > > should be allowed. > > OK I've tried both, but I'll go back to unescaped. > > > > > > > I do not have this problem with either my PMDF directory server > > > or OpenLDAP. > > > Are you sure they're all the same passwords? > > No they are different servers, my point was that I > have sucessfully written code that talks,walks and squawks > at OpenLDAP and PMDF. Just Netscape giving me a headache. Normally it's the other way around for me :). I've used Netscape since alpha-1 DS 1.0 and never had this type of problem. I think the password is encoded incorrectly. > > > > > > > > I don't own the LDAP server it is physically in another > > > building running on NT and the person who administers it > > > in technically not quite there yet, so he doesn't know where > > > everything is and the person who set it up is long gone. > > > that could be your problem :) > > Yah think?!? Phew I thought it was only me :) > > > > > > > So would there be something else blocking a bind as the > > > "Directory Manager" which IS defined as the rootdn in the > > > LDAP DB? > > > What's the error message being returned? If it's 49 then it's > > incorrect password, it could be that you've got the wrong DN for the > > Directory Manager (normally it's cn=Directory Manager). > > No rootdn is defined as cn=Drectory Manager. > > The error code is 48. Had to go look this up in the Netscape Java SDK. 48 is 48=Inappropriate authentication Can you send me or the list a copy of the code you're using. Also which version of the Netscape Directory server? Mark > > > r > > > > Mark Wilcox ma...@mj... Got LDAP? |
|
From: Ron H. <th...@cc...> - 2001-04-03 19:05:24
|
> >
> Did you actually encode it with SHA-1 before putting it into the
> slapd.conf file?
The configuration tool provided by Netscape was happy to do it for
me.....
> Normally it's the other way around for me :). I've used Netscape
> since alpha-1 DS 1.0 and never had this type of problem.
>
> I think the password is encoded incorrectly.
How would I know :)
>
> 48 is 48=Inappropriate authentication
>
> Can you send me or the list a copy of the code you're
> using.
>
The code is awfully generic
#!/opt/bin/perl
use Net::LDAP;
$ldap = Net::LDAP->new('directory.mcgill.ca') or die "$@";
$result = $ldap->bind (
dn => 'cn=Directory Manager, o=McGill, c=CA',
password => '--------'
);
$result->code && warn "failed to bind due to ", $result->code;
> Also which version of the Netscape Directory server?
3.1
|
|
From: Feisal M. <fe...@uw...> - 2001-04-03 19:39:13
|
On Tue, 3 Apr 2001 15:03:52 -0400 (EDT) Ron Hall <th...@cc...> wrote: > > > > > Did you actually encode it with SHA-1 before putting it into the > > slapd.conf file? > > The configuration tool provided by Netscape was happy to do it for > me..... Question. For a bind, isn't the password sent in plaintext? That's how IBM and OpenLDAP servers work. The server does the encoding and compares it with the stored password. If so then the password should not be encoded. -Feisal |
|
From: Ron H. <th...@cc...> - 2001-04-04 11:58:43
|
> > > > The configuration tool provided by Netscape was happy to do it for > > me..... > Question. For a bind, isn't the password sent in plaintext? That's how > IBM and OpenLDAP servers work. The server does the encoding and compares it > with the stored password. If so then the password should not be encoded. That was my thought also but the slapd.conf file has a SHA encrypted password in rootpw attribute. Who knew. r |
|
From: <ma...@mj...> - 2001-04-03 22:39:57
|
On 3 Apr 01, at 15:03, Ron Hall wrote:
> > >
> > Did you actually encode it with SHA-1 before putting it into the
> > slapd.conf file?
>
> The configuration tool provided by Netscape was happy to do it for
> me.....
Doh! stupid question, sorry.
>
>
> > Normally it's the other way around for me :). I've used Netscape
> > since alpha-1 DS 1.0 and never had this type of problem.
> >
> > I think the password is encoded incorrectly.
>
> How would I know :)
sounds ok.
>
> >
> > 48 is 48=Inappropriate authentication
> >
> > Can you send me or the list a copy of the code you're
> > using.
> >
>
> The code is awfully generic
>
> #!/opt/bin/perl
>
> use Net::LDAP;
>
> $ldap = Net::LDAP->new('directory.mcgill.ca') or die "$@";
> $result = $ldap->bind (
> dn => 'cn=Directory Manager, o=McGill, c=CA',
> password => '--------'
> );
Try this instead
$result = $ldap->bind('cn=Directory Manager, o=McGill, c=CA',
password => '......');
or even this
$result = $ldap->bind('cn=Directory Manager', password => '....');
normally the Netscape directory manager is just cn=Directory
Manager unless you specifically modified it.
Mark
>
> $result->code && warn "failed to bind due to ", $result->code;
>
> > Also which version of the Netscape Directory server?
>
> 3.1
>
>
>
>
Mark Wilcox
ma...@mj...
Got LDAP?
|
|
From: Ron H. <th...@cc...> - 2001-04-04 12:24:00
|
> Try this instead
> $result = $ldap->bind('cn=Directory Manager, o=McGill, c=CA',
> password => '......');
>
> or even this
> $result = $ldap->bind('cn=Directory Manager', password => '....');
>
> normally the Netscape directory manager is just cn=Directory
> Manager unless you specifically modified it.
slapd.conf file on NT box says the rootdn is Directory Manager
so I am confused.
r
|
|
From: Behruz R. <beh...@cp...> - 2001-04-04 15:24:46
|
Hi, I would like to know if there is way to avoid Binding to LDAP at each time I Call a Perl CGI script? Right now, I have to bind every time I call a script. I would like to keep my ldap instance created at the first begining time and keep using it. Sorry if the question seems stupid to some of you, but i am a novice in Perl and CGI programming. Thanks all of you for your help. Behruz. |
|
From: Ron H. <th...@cc...> - 2001-04-05 16:26:59
|
Source of the problem has been found (I think)...
ldif file has the following definition
dn: cn=Directory Manager, o=McGill, c=CA
cn: Directory Manager
objectclass: top
objectclass: groupofuniquenames
uniquemember: cn=<<<<SOME STUFF>>>
Where some stuff points to a record no longer in the
LDAP database <OH>
This is further confounded by the aci
aci: (target="ldap:///o=McGill, c = CA") (targetattr = "*")
(version 3.0; acl "allow all Admin group"; allow(all)
groupdn="ldap:cn=Directory Manager,o=McGill,c=CA";)
Which if I understand it correctly means that only people in the
admin group and do root dn things and that the admin group (as
defined by Directory Manager) needs to have a valid user in it
Either that of make Directory Manager a simple account.
Am I close?
r
|
|
From: <ma...@mj...> - 2001-04-08 16:46:55
|
The only way to do this is to use mod_perl instead of traditional CGI. mod_perl allows you to write to the Apache api instead of executing a seperate process. And once a mod_perl module is loaded it stays loaded. See www.modperl.com for more info. Mark On 4 Apr 01, at 8:24, Behruz Rushenas wrote: > Hi, > > I would like to know if there is way to avoid Binding to LDAP at each > time I Call a Perl CGI script? Right now, I have to bind every time I > call a script. > > I would like to keep my ldap instance created at the first begining > time and keep using it. Sorry if the question seems stupid to some of > you, but i am a novice in Perl and CGI programming. > > Thanks all of you for your help. > > Behruz. > > > > Mark Wilcox ma...@mj... Got LDAP? |
|
From: Behruz R. <beh...@cp...> - 2001-04-09 15:55:13
|
Hi Mark, Thanks for your response, i will have a look to www.modperl.com . By the way, I found your book very interesting about different solutions to implement an LDAP directory. Thanks. Behruz. -----Original Message----- From: ma...@mj... [mailto:ma...@mj...] Sent: Sunday, April 08, 2001 9:50 AM To: Behruz Rushenas Cc: per...@li... Subject: Re: How to avoid connecting to LDAP at each Perl CGI-CALL The only way to do this is to use mod_perl instead of traditional CGI. mod_perl allows you to write to the Apache api instead of executing a seperate process. And once a mod_perl module is loaded it stays loaded. See www.modperl.com for more info. Mark On 4 Apr 01, at 8:24, Behruz Rushenas wrote: > Hi, > > I would like to know if there is way to avoid Binding to LDAP at each > time I Call a Perl CGI script? Right now, I have to bind every time I > call a script. > > I would like to keep my ldap instance created at the first begining > time and keep using it. Sorry if the question seems stupid to some of > you, but i am a novice in Perl and CGI programming. > > Thanks all of you for your help. > > Behruz. > > > > Mark Wilcox ma...@mj... Got LDAP? |
|
From: <ma...@mj...> - 2001-04-15 18:26:58
|
Glad I was able to help and glad you enjoyed the book. Mark On 9 Apr 01, at 8:54, Behruz Rushenas wrote: > Hi Mark, > Thanks for your response, i will have a look to www.modperl.com . By > the way, I found your book very interesting about different solutions > to implement an LDAP directory. > > Thanks. > Behruz. > > > > -----Original Message----- > From: ma...@mj... [mailto:ma...@mj...] > Sent: Sunday, April 08, 2001 9:50 AM > To: Behruz Rushenas > Cc: per...@li... > Subject: Re: How to avoid connecting to LDAP at each Perl CGI-CALL > > > The only way to do this is to use mod_perl instead of traditional CGI. > mod_perl allows you to write to the Apache api instead of executing a > seperate process. And once a mod_perl module is loaded it stays > loaded. > > See www.modperl.com for more info. > > Mark > > On 4 Apr 01, at 8:24, Behruz Rushenas wrote: > > > Hi, > > > > I would like to know if there is way to avoid Binding to LDAP at > > each time I Call a Perl CGI script? Right now, I have to bind every > > time I call a script. > > > > I would like to keep my ldap instance created at the first begining > > time and keep using it. Sorry if the question seems stupid to some > > of you, but i am a novice in Perl and CGI programming. > > > > Thanks all of you for your help. > > > > Behruz. > > > > > > > > > > > Mark Wilcox > ma...@mj... > Got LDAP? > > > > Mark Wilcox ma...@mj... Got LDAP? |
|
From: <ma...@mj...> - 2001-04-08 19:00:07
|
The directory manager isn't even supposed to be an account in the directory. I suppose it could be in theory, but Netscape doesn't support it that way AFAIK. mark On 5 Apr 01, at 12:25, Ron Hall wrote: > > > Source of the problem has been found (I think)... > > ldif file has the following definition > > dn: cn=Directory Manager, o=McGill, c=CA > cn: Directory Manager > objectclass: top > objectclass: groupofuniquenames > uniquemember: cn=<<<<SOME STUFF>>> > > Where some stuff points to a record no longer in the > LDAP database <OH> > > This is further confounded by the aci > > aci: (target="ldap:///o=McGill, c = CA") (targetattr = "*") > (version 3.0; acl "allow all Admin group"; allow(all) > groupdn="ldap:cn=Directory Manager,o=McGill,c=CA";) > > > Which if I understand it correctly means that only people in the > admin group and do root dn things and that the admin group (as > defined by Directory Manager) needs to have a valid user in it > > Either that of make Directory Manager a simple account. > > > Am I close? > > r > > > > Mark Wilcox ma...@mj... Got LDAP? |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X