Menu
▾
▴
perl-ldap-dev
|
From: Cruz d. <cru...@ya...> - 2001-04-13 17:58:22
|
Thanks for your quick and very helpful response, Tom! That is unquestionably the best way to do this. One last question, though -- is there any way to get a return value from $ldap->modify (so I can tell the user whether the password change was successful)? Thanks again -- I truly appreciate your help. -Cruz deWilde > -----Original Message----- > From: Tom Jordan [mailto:tj...@do...] > Sent: Friday, April 13, 2001 7:07 AM > To: Cruz deWilde > Cc: per...@li... > Subject: Re: Question about comparing perl variables to LDAP values... > > > > Rather than comparing the attributes (which would require > your script to > have 'compare' access to the userpassword attribute, why not > attempt to > bind to the directory as the user? That way you don't have to > give your > script as much access (and don't need to worry as much about hashing > algorithms). > > --Tom > > On Thu, 12 Apr 2001, Cruz deWilde wrote: > > > Hi all, > > > > I'm more or less a neophyte when it comes to working with > LDAP, and I'm hoping > > someone out there might help me with something. I'm trying > to build a > > web-based "Change Password" form for our new iPlanet LDAP > implementation, and > > I've been having trouble figuring out how to compare the > user's old password to > > their existing LDAP password for verification. The web > form I built encrypts > > their passwords (old and new) using MD5, and then passes > them to the perl cgi > > form-processor, which is supposed to first figure out if > their old password > > matches their existing one, and then update the password > entry with the new > > encrypted one... > > > > I'm connecting to the LDAP server without any trouble, but > I really don't > > understand the usage of Net::LDAP's $ldap->compare > function. In short, the > > function doesn't seem to return anything which indicates > whether or not the > > passwords match. I'm pretty sure that it comes down to the > fact that I don't > > really know what I'm doing here, but if anyone out there > could provide some > > example of this function in action, it would ease my > suffering greatly :) I'm > > quite sure that building a web-based, perl-driven password > update form for LDAP > > has been done a thousand times before, so any sample code > would be tremendously > > appreciated. Thanks!! > > > > -Cruz deWilde > > > > __________________________________________________ > > Do You Yahoo!? > > Get email at your own domain with Yahoo! Mail. > > http://personal.mail.yahoo.com/ > > > __________________________________________________ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ |
|
From: Cruz d. <cru...@ya...> - 2001-04-13 21:00:16
|
Tom & Jim,
Many thanks for all your assistance on this! With your help, I've got the
change-password page working smoothly. Much appreciated!!
-Cruz deWilde
> -----Original Message-----
> From: Tom Jordan [mailto:tj...@do...]
> Sent: Friday, April 13, 2001 11:05 AM
> To: Cruz deWilde
> Cc: per...@li...
> Subject: RE: Question about comparing perl variables to LDAP values...
>
>
> Sure,
> Just assign the return from #ldap->modify to something:
> $mesg = $ldap->modify( dn => $dn, replace => $dataref);
> You can then get the return code with:
> $result = $msg->code();
> If $result is 0, things worked. If not, $result will hold the
> LDAP error
> code describing what happened.
>
> --Tom
>
> -----Original Message-----
> From: Jim Harle [mailto:ha...@us...]
> Sent: Friday, April 13, 2001 11:26 AM
> To: Cruz deWilde
> Cc: tj...@do...; per...@li...
> Subject: RE: Question about comparing perl variables to LDAP values...
>
> Cruz,
> The short answer to your question is to just check the code() values
> from the return. E.g.,
> $refs = $ldap->modify ($dn,
> if ($refs->code ) {
> process the return - it didn't work
>
> The log answer is that at least on Novell eDirectory, the changing of
> passwords can be tricky. In version 8.3, I could bind with
> the user's old
> password, then do a modify like:
> $refs = $ldap->modify ($dn,
> delete => {userPassword => $pass0} ,
> add => {userPassword => $pass1} );
> replace didn't work. In version 8.5, I needed to bind with
> an admin dn
> and password then do separate deletes and adds. Ugly!!
>
> --Jim Harle
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/
|
|
From: Tom J. <tj...@do...> - 2001-04-13 18:05:29
|
Sure, Just assign the return from #ldap->modify to something: $mesg = $ldap->modify( dn => $dn, replace => $dataref); You can then get the return code with: $result = $msg->code(); If $result is 0, things worked. If not, $result will hold the LDAP error code describing what happened. --Tom On Fri, 13 Apr 2001, Cruz deWilde wrote: > Thanks for your quick and very helpful response, Tom! > > That is unquestionably the best way to do this. One last question, though -- > is there any way to get a return value from $ldap->modify (so I can tell the > user whether the password change was successful)? Thanks again -- I truly > appreciate your help. > > -Cruz deWilde > > > -----Original Message----- > > From: Tom Jordan [mailto:tj...@do...] > > Sent: Friday, April 13, 2001 7:07 AM > > To: Cruz deWilde > > Cc: per...@li... > > Subject: Re: Question about comparing perl variables to LDAP values... > > > > > > > > Rather than comparing the attributes (which would require > > your script to > > have 'compare' access to the userpassword attribute, why not > > attempt to > > bind to the directory as the user? That way you don't have to > > give your > > script as much access (and don't need to worry as much about hashing > > algorithms). > > > > --Tom > > > > On Thu, 12 Apr 2001, Cruz deWilde wrote: > > > > > Hi all, > > > > > > I'm more or less a neophyte when it comes to working with > > LDAP, and I'm hoping > > > someone out there might help me with something. I'm trying > > to build a > > > web-based "Change Password" form for our new iPlanet LDAP > > implementation, and > > > I've been having trouble figuring out how to compare the > > user's old password to > > > their existing LDAP password for verification. The web > > form I built encrypts > > > their passwords (old and new) using MD5, and then passes > > them to the perl cgi > > > form-processor, which is supposed to first figure out if > > their old password > > > matches their existing one, and then update the password > > entry with the new > > > encrypted one... > > > > > > I'm connecting to the LDAP server without any trouble, but > > I really don't > > > understand the usage of Net::LDAP's $ldap->compare > > function. In short, the > > > function doesn't seem to return anything which indicates > > whether or not the > > > passwords match. I'm pretty sure that it comes down to the > > fact that I don't > > > really know what I'm doing here, but if anyone out there > > could provide some > > > example of this function in action, it would ease my > > suffering greatly :) I'm > > > quite sure that building a web-based, perl-driven password > > update form for LDAP > > > has been done a thousand times before, so any sample code > > would be tremendously > > > appreciated. Thanks!! > > > > > > -Cruz deWilde > > > > > > __________________________________________________ > > > Do You Yahoo!? > > > Get email at your own domain with Yahoo! Mail. > > > http://personal.mail.yahoo.com/ > > > > > > > __________________________________________________ > Do You Yahoo!? > Get email at your own domain with Yahoo! Mail. > http://personal.mail.yahoo.com/ > |
|
From: Jim H. <ha...@us...> - 2001-04-13 18:25:50
|
Cruz,
The short answer to your question is to just check the code() values
from the return. E.g.,
$refs = $ldap->modify ($dn,
if ($refs->code ) {
process the return - it didn't work
The log answer is that at least on Novell eDirectory, the changing of
passwords can be tricky. In version 8.3, I could bind with the user's old
password, then do a modify like:
$refs = $ldap->modify ($dn,
delete => {userPassword => $pass0} ,
add => {userPassword => $pass1} );
replace didn't work. In version 8.5, I needed to bind with an admin dn
and password then do separate deletes and adds. Ugly!!
--Jim Harle
On Fri, 13 Apr 2001, Cruz deWilde wrote:
> Thanks for your quick and very helpful response, Tom!
>
> That is unquestionably the best way to do this. One last question, though --
> is there any way to get a return value from $ldap->modify (so I can tell the
> user whether the password change was successful)? Thanks again -- I truly
> appreciate your help.
>
> -Cruz deWilde
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X