Menu
▾
▴
perl-ldap-dev
|
From: DeMarco, A. <DEM...@sy...> - 2002-09-13 13:20:58
|
I'll know the userid, password and the DN.
I've never worked with PERL or LDAP before, been thrown in to help a user...
arrgh
Basically I need to validate a users password via their LDAP server. I've
tried the code below without any success. Is there a place I can go where
there are more examples than what is on sourceforge?
Any help is greatly apprecaited.
- Alex
#!/usr/local/bin/perl
use Net::LDAP qw(:all);
use Net::LDAP::Util qw(ldap_error_name
ldap_error_text) ; # use for Error handling
$ldap = Net::LDAP->new("myldapserver.com") or die "$@";
$passwd="mypassword";
$userid="demarcao";
$mesg = $ldap->bind(anonymous => 1, version => 3);
$mesg = $ldap->search(base => "dc=sysadmin,dc=suny",
scope => subtree,
filter => "(userid=$userid)",
attrs => [ 'userid' ]); # Don't need complete entries back
If ($mesg->count == 1) {
$ldap->bind($mesg->entry(0),
password => "mypassword",
version => 3);
}
print "Bind failed: ", $mesg->error, "\n";
$ldap->unbind;
-----Original Message-----
From: Chris Ridd [mailto:chr...@me...]
Sent: Friday, September 13, 2002 3:52 AM
To: DeMarco, Alex; 'per...@li...'
Subject: Re: NET:LDAP Authentication
On 13/9/02 2:16 am, DeMarco, Alex <DEM...@sy...> wrote:
> Hello,
>
> I'm trying to run this on a Win2k machie running ActiveStates perl.
>
> With the following code:
>
> $ldap = Net::LDAP->new("mymachine.com") or die "$@";
> $userToAuthenticate="testuserid";
> $passwd="password";
> $mesg = $ldap->bind("$userToAuthenticate",
> password => "$passwd",
> version => 3 ); # use for changes/edits
> if ( $mesg->code ) {
> # Handle error codes here
> }
> $ldap->unbind;
>
> No matter what I do I get no error message of any kind if I print the
$mesg
> I get some sort of HASHmessage. All I want to do is authenticate someone
> against a local ldap server.. If anyone can shed some light on this I
would
> appreciate it.
Your first problem (it's a common one!) is that your $userToAuthenticate is
required by LDAP to be a DN. The string "testuserid" is not a DN.
If all you've got is some kind of userid then the usual procedure is to do
an anonymous bind, search for that userid using some filter, and if it
matches one entry do the real bind using the DN of the matching entry.
(Pseudo-code)
Bind(anonymous => 1, version => 3);
Search(base => "dc=mycompany,dc=com",
scope => subtree,
filter => "(userid=$userid)",
attrs => [ 'userid' ]); # Don't need complete entries back
If ($mesg->count == 1) {
Bind($mesg->entry(0),
password => "secret",
version => 3);
}
Adjust to suit where your entries live (below <dc=mycompany,dc=com> in my
pseudo-code) and which attribute contains the userid (userid in my
pseudo-code). Add error checking :-)
Your next problem is that $mesg is an object so you can't simply print
$mesg. You have to call methods on it instead, like $mesg->error, and
because perl doesn't interpolate method calls inside strings (sigh), you
need to do this:
print "Bind failed: ", $mesg->error, "\n";
> thanks!
>
> - Alex
>
Cheers,
Chris
|
|
From: DeMarco, A. <DEM...@sy...> - 2002-09-13 14:17:18
|
OK some progress, now I get an Invalid Credentials error message....
I'm sending a DN and a password, what else could I be missing?
- ALex
-----Original Message-----
From: Graham Barr [mailto:gb...@po...]
Sent: Friday, September 13, 2002 9:39 AM
To: DeMarco, Alex
Cc: 'Chris Ridd'; 'per...@li...'
Subject: Re: NET:LDAP Authentication
On Fri, Sep 13, 2002 at 09:20:44AM -0400, DeMarco, Alex wrote:
> I'll know the userid, password and the DN.
> I've never worked with PERL or LDAP before, been thrown in to help a
user...
> arrgh
>
> Basically I need to validate a users password via their LDAP server. I've
> tried the code below without any success. Is there a place I can go where
> there are more examples than what is on sourceforge?
> Any help is greatly apprecaited.
> - Alex
>
>
> #!/usr/local/bin/perl
>
>
> use Net::LDAP qw(:all);
> use Net::LDAP::Util qw(ldap_error_name
> ldap_error_text) ; # use for Error handling
>
> $ldap = Net::LDAP->new("myldapserver.com") or die "$@";
> $passwd="mypassword";
> $userid="demarcao";
> $mesg = $ldap->bind(anonymous => 1, version => 3);
>
> $mesg = $ldap->search(base => "dc=sysadmin,dc=suny",
> scope => subtree,
> filter => "(userid=$userid)",
> attrs => [ 'userid' ]); # Don't need complete entries back
> If ($mesg->count == 1) {
> $ldap->bind($mesg->entry(0),
You need to assign the result to $mesg or your print below will show the
result of the search
Graham.
> password => "mypassword",
> version => 3);
> }
>
> print "Bind failed: ", $mesg->error, "\n";
>
>
>
> $ldap->unbind;
>
>
>
> -----Original Message-----
> From: Chris Ridd [mailto:chr...@me...]
> Sent: Friday, September 13, 2002 3:52 AM
> To: DeMarco, Alex; 'per...@li...'
> Subject: Re: NET:LDAP Authentication
>
>
> On 13/9/02 2:16 am, DeMarco, Alex <DEM...@sy...> wrote:
>
> > Hello,
> >
> > I'm trying to run this on a Win2k machie running ActiveStates perl.
> >
> > With the following code:
> >
> > $ldap = Net::LDAP->new("mymachine.com") or die "$@";
> > $userToAuthenticate="testuserid";
> > $passwd="password";
> > $mesg = $ldap->bind("$userToAuthenticate",
> > password => "$passwd",
> > version => 3 ); # use for changes/edits
> > if ( $mesg->code ) {
> > # Handle error codes here
> > }
> > $ldap->unbind;
> >
> > No matter what I do I get no error message of any kind if I print the
> $mesg
> > I get some sort of HASHmessage. All I want to do is authenticate
someone
> > against a local ldap server.. If anyone can shed some light on this I
> would
> > appreciate it.
>
> Your first problem (it's a common one!) is that your $userToAuthenticate
is
> required by LDAP to be a DN. The string "testuserid" is not a DN.
>
> If all you've got is some kind of userid then the usual procedure is to do
> an anonymous bind, search for that userid using some filter, and if it
> matches one entry do the real bind using the DN of the matching entry.
>
> (Pseudo-code)
>
> Bind(anonymous => 1, version => 3);
> Search(base => "dc=mycompany,dc=com",
> scope => subtree,
> filter => "(userid=$userid)",
> attrs => [ 'userid' ]); # Don't need complete entries back
> If ($mesg->count == 1) {
> Bind($mesg->entry(0),
> password => "secret",
> version => 3);
> }
>
> Adjust to suit where your entries live (below <dc=mycompany,dc=com> in my
> pseudo-code) and which attribute contains the userid (userid in my
> pseudo-code). Add error checking :-)
>
> Your next problem is that $mesg is an object so you can't simply print
> $mesg. You have to call methods on it instead, like $mesg->error, and
> because perl doesn't interpolate method calls inside strings (sigh), you
> need to do this:
>
> print "Bind failed: ", $mesg->error, "\n";
>
> > thanks!
> >
> > - Alex
> >
>
> Cheers,
>
> Chris
|
|
From: Graham B. <gb...@po...> - 2002-09-13 14:32:42
|
Well the pod says
=item LDAP_INVALID_CREDENTIALS
The wrong password was supplied or the SASL credentials could not be processed
Are you sure tha password you have is right ?
Graham.
On Fri, Sep 13, 2002 at 10:17:04AM -0400, DeMarco, Alex wrote:
> OK some progress, now I get an Invalid Credentials error message....
>
> I'm sending a DN and a password, what else could I be missing?
>
> - ALex
>
> -----Original Message-----
> From: Graham Barr [mailto:gb...@po...]
> Sent: Friday, September 13, 2002 9:39 AM
> To: DeMarco, Alex
> Cc: 'Chris Ridd'; 'per...@li...'
> Subject: Re: NET:LDAP Authentication
>
>
> On Fri, Sep 13, 2002 at 09:20:44AM -0400, DeMarco, Alex wrote:
> > I'll know the userid, password and the DN.
> > I've never worked with PERL or LDAP before, been thrown in to help a
> user...
> > arrgh
> >
> > Basically I need to validate a users password via their LDAP server. I've
> > tried the code below without any success. Is there a place I can go where
> > there are more examples than what is on sourceforge?
> > Any help is greatly apprecaited.
> > - Alex
> >
> >
> > #!/usr/local/bin/perl
> >
> >
> > use Net::LDAP qw(:all);
> > use Net::LDAP::Util qw(ldap_error_name
> > ldap_error_text) ; # use for Error handling
> >
> > $ldap = Net::LDAP->new("myldapserver.com") or die "$@";
> > $passwd="mypassword";
> > $userid="demarcao";
> > $mesg = $ldap->bind(anonymous => 1, version => 3);
> >
> > $mesg = $ldap->search(base => "dc=sysadmin,dc=suny",
> > scope => subtree,
> > filter => "(userid=$userid)",
> > attrs => [ 'userid' ]); # Don't need complete entries back
> > If ($mesg->count == 1) {
> > $ldap->bind($mesg->entry(0),
>
> You need to assign the result to $mesg or your print below will show the
> result of the search
>
> Graham.
>
> > password => "mypassword",
> > version => 3);
> > }
> >
> > print "Bind failed: ", $mesg->error, "\n";
> >
> >
> >
> > $ldap->unbind;
> >
> >
> >
> > -----Original Message-----
> > From: Chris Ridd [mailto:chr...@me...]
> > Sent: Friday, September 13, 2002 3:52 AM
> > To: DeMarco, Alex; 'per...@li...'
> > Subject: Re: NET:LDAP Authentication
> >
> >
> > On 13/9/02 2:16 am, DeMarco, Alex <DEM...@sy...> wrote:
> >
> > > Hello,
> > >
> > > I'm trying to run this on a Win2k machie running ActiveStates perl.
> > >
> > > With the following code:
> > >
> > > $ldap = Net::LDAP->new("mymachine.com") or die "$@";
> > > $userToAuthenticate="testuserid";
> > > $passwd="password";
> > > $mesg = $ldap->bind("$userToAuthenticate",
> > > password => "$passwd",
> > > version => 3 ); # use for changes/edits
> > > if ( $mesg->code ) {
> > > # Handle error codes here
> > > }
> > > $ldap->unbind;
> > >
> > > No matter what I do I get no error message of any kind if I print the
> > $mesg
> > > I get some sort of HASHmessage. All I want to do is authenticate
> someone
> > > against a local ldap server.. If anyone can shed some light on this I
> > would
> > > appreciate it.
> >
> > Your first problem (it's a common one!) is that your $userToAuthenticate
> is
> > required by LDAP to be a DN. The string "testuserid" is not a DN.
> >
> > If all you've got is some kind of userid then the usual procedure is to do
> > an anonymous bind, search for that userid using some filter, and if it
> > matches one entry do the real bind using the DN of the matching entry.
> >
> > (Pseudo-code)
> >
> > Bind(anonymous => 1, version => 3);
> > Search(base => "dc=mycompany,dc=com",
> > scope => subtree,
> > filter => "(userid=$userid)",
> > attrs => [ 'userid' ]); # Don't need complete entries back
> > If ($mesg->count == 1) {
> > Bind($mesg->entry(0),
> > password => "secret",
> > version => 3);
> > }
> >
> > Adjust to suit where your entries live (below <dc=mycompany,dc=com> in my
> > pseudo-code) and which attribute contains the userid (userid in my
> > pseudo-code). Add error checking :-)
> >
> > Your next problem is that $mesg is an object so you can't simply print
> > $mesg. You have to call methods on it instead, like $mesg->error, and
> > because perl doesn't interpolate method calls inside strings (sigh), you
> > need to do this:
> >
> > print "Bind failed: ", $mesg->error, "\n";
> >
> > > thanks!
> > >
> > > - Alex
> > >
> >
> > Cheers,
> >
> > Chris
|
|
From: Chris R. <chr...@me...> - 2002-09-13 14:48:48
|
On 13/9/02 3:28 pm, Graham Barr <gb...@po...> wrote: > Well the pod says > > =item LDAP_INVALID_CREDENTIALS > > The wrong password was supplied or the SASL credentials could not be processed > > Are you sure tha password you have is right ? > > Graham. Conceivably the server might not support simple binds unless you're connecting over SSL. Cheers, Chris |
|
From: Graham B. <gb...@po...> - 2002-09-13 13:43:27
|
On Fri, Sep 13, 2002 at 09:20:44AM -0400, DeMarco, Alex wrote:
> I'll know the userid, password and the DN.
> I've never worked with PERL or LDAP before, been thrown in to help a user...
> arrgh
>
> Basically I need to validate a users password via their LDAP server. I've
> tried the code below without any success. Is there a place I can go where
> there are more examples than what is on sourceforge?
> Any help is greatly apprecaited.
> - Alex
>
>
> #!/usr/local/bin/perl
>
>
> use Net::LDAP qw(:all);
> use Net::LDAP::Util qw(ldap_error_name
> ldap_error_text) ; # use for Error handling
>
> $ldap = Net::LDAP->new("myldapserver.com") or die "$@";
> $passwd="mypassword";
> $userid="demarcao";
> $mesg = $ldap->bind(anonymous => 1, version => 3);
>
> $mesg = $ldap->search(base => "dc=sysadmin,dc=suny",
> scope => subtree,
> filter => "(userid=$userid)",
> attrs => [ 'userid' ]); # Don't need complete entries back
> If ($mesg->count == 1) {
> $ldap->bind($mesg->entry(0),
You need to assign the result to $mesg or your print below will show the
result of the search
Graham.
> password => "mypassword",
> version => 3);
> }
>
> print "Bind failed: ", $mesg->error, "\n";
>
>
>
> $ldap->unbind;
>
>
>
> -----Original Message-----
> From: Chris Ridd [mailto:chr...@me...]
> Sent: Friday, September 13, 2002 3:52 AM
> To: DeMarco, Alex; 'per...@li...'
> Subject: Re: NET:LDAP Authentication
>
>
> On 13/9/02 2:16 am, DeMarco, Alex <DEM...@sy...> wrote:
>
> > Hello,
> >
> > I'm trying to run this on a Win2k machie running ActiveStates perl.
> >
> > With the following code:
> >
> > $ldap = Net::LDAP->new("mymachine.com") or die "$@";
> > $userToAuthenticate="testuserid";
> > $passwd="password";
> > $mesg = $ldap->bind("$userToAuthenticate",
> > password => "$passwd",
> > version => 3 ); # use for changes/edits
> > if ( $mesg->code ) {
> > # Handle error codes here
> > }
> > $ldap->unbind;
> >
> > No matter what I do I get no error message of any kind if I print the
> $mesg
> > I get some sort of HASHmessage. All I want to do is authenticate someone
> > against a local ldap server.. If anyone can shed some light on this I
> would
> > appreciate it.
>
> Your first problem (it's a common one!) is that your $userToAuthenticate is
> required by LDAP to be a DN. The string "testuserid" is not a DN.
>
> If all you've got is some kind of userid then the usual procedure is to do
> an anonymous bind, search for that userid using some filter, and if it
> matches one entry do the real bind using the DN of the matching entry.
>
> (Pseudo-code)
>
> Bind(anonymous => 1, version => 3);
> Search(base => "dc=mycompany,dc=com",
> scope => subtree,
> filter => "(userid=$userid)",
> attrs => [ 'userid' ]); # Don't need complete entries back
> If ($mesg->count == 1) {
> Bind($mesg->entry(0),
> password => "secret",
> version => 3);
> }
>
> Adjust to suit where your entries live (below <dc=mycompany,dc=com> in my
> pseudo-code) and which attribute contains the userid (userid in my
> pseudo-code). Add error checking :-)
>
> Your next problem is that $mesg is an object so you can't simply print
> $mesg. You have to call methods on it instead, like $mesg->error, and
> because perl doesn't interpolate method calls inside strings (sigh), you
> need to do this:
>
> print "Bind failed: ", $mesg->error, "\n";
>
> > thanks!
> >
> > - Alex
> >
>
> Cheers,
>
> Chris
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X