perl-ldap-dev

Problem with Simple auth on Windows 2000

[Todd <net...@ch...>]

I'm try to write a seb app that uses LDAP Simple Auth to authenticate 
users against our iPlanet directory. The Perl code is being executed 
on an Activestate/Win2k setup. Here is the code:

#!/usr/bin/perl

use Net::LDAP;
use Net::LDAP::Util qw(ldap_error_text
			ldap_error_name
			ldap_error_desc);

$uid = shift;
$pass = shift;

$ldap = Net::LDAP->new('directory-f5.vw.com') or die "$0";

$ldap->bind ;    # an anonymous bind
 
$mesg = $ldap->search (  # perform a search
                       base   => "dc=vw,dc=com",
                       filter => "(uid=$uid)"
                      );

$mesg->code && die $mesg->error;

$entry =  $mesg->entry(0); #should be the first and only entry

$ldap->unbind;   # take down session

$dn = $entry->dn;

print "$dn\n\n";

$mesg2 = $ldap->bind (   # bind to a directory with dn and password
              $dn,
              password => $pass,
	      version => 3,
callback => sub { $_[0]->shift_entry }
             );

LDAPError("Binding", $mesg2) if $mesg2->code();
exit 1 if $mesg2->code();

sub LDAPError {
    my ($from, $mesg) = @_;

    print STDERR "\n";
    print STDERR "Return code: ", $mesg->code . "\n";
    print STDERR "Message: ", ldap_error_name($mesg->code);
    print STDERR " : ", ldap_error_text($mesg->code);
    print STDERR "MessageID: ", $mesg->mesg_id . "\n";
    print STDERR "DN: ", $mesg->dn;
    print STDERR "\n";
}

===============

When I run it I get:

E:\Inetpub\scripts>ldap.pl myid mypass
uid=myid,ou=PROD-ABH-XYZ-COM,ou=internal,ou=xyzoa,dc=xyz,dc=com


Return code: 1
Message: LDAP_OPERATIONS_ERROR : Server encountered an internal error
MessageID: 4
DN:

Under other versions of the code I get an I/O error.

Any ideas?

Thanks!

-Todd

Re: Problem with Simple auth on Windows 2000

[Todd <net...@ch...>]

FYI,

I get the same output on a Linux system.

[root@localhost root]# ./ldap.pl myid mypass
uid=myid,ou=PROD-ABH-XYZ-COM,ou=internal,ou=xyzoa,dc=xyz,dc=com


Return code: 1
Message: LDAP_OPERATIONS_ERROR : Server encountered an internal error
MessageID: 4
DN:

Re: Problem with Simple auth on Windows 2000

[Chris R. <chr...@ma...>]

On 13/11/02 12:14 am, Todd <net...@ch...> wrote:

> 
> I'm try to write a seb app that uses LDAP Simple Auth to authenticate
> users against our iPlanet directory. The Perl code is being executed
> on an Activestate/Win2k setup. Here is the code:
> 
> #!/usr/bin/perl
> 
> use Net::LDAP;
> use Net::LDAP::Util qw(ldap_error_text
> ldap_error_name
> ldap_error_desc);
> 
> $uid = shift;
> $pass = shift;
> 
> $ldap = Net::LDAP->new('directory-f5.vw.com') or die "$0";
> 
> $ldap->bind ;    # an anonymous bind
> 
> $mesg = $ldap->search (  # perform a search
>                      base   => "dc=vw,dc=com",
>                      filter => "(uid=$uid)"
>                     );
> 
> $mesg->code && die $mesg->error;
> 
> $entry =  $mesg->entry(0); #should be the first and only entry
> 
> $ldap->unbind;   # take down session
> 
> $dn = $entry->dn;
> 
> print "$dn\n\n";
> 
> $mesg2 = $ldap->bind (   # bind to a directory with dn and password
>             $dn,
>             password => $pass,
>      version => 3,
> callback => sub { $_[0]->shift_entry }
>            );
> 
> LDAPError("Binding", $mesg2) if $mesg2->code();
> exit 1 if $mesg2->code();
> 
> sub LDAPError {
>   my ($from, $mesg) = @_;
> 
>   print STDERR "\n";
>   print STDERR "Return code: ", $mesg->code . "\n";
>   print STDERR "Message: ", ldap_error_name($mesg->code);
>   print STDERR " : ", ldap_error_text($mesg->code);
>   print STDERR "MessageID: ", $mesg->mesg_id . "\n";
>   print STDERR "DN: ", $mesg->dn;
>   print STDERR "\n";
> }
> 
> ===============
> 
> When I run it I get:
> 
> E:\Inetpub\scripts>ldap.pl myid mypass
> uid=myid,ou=PROD-ABH-XYZ-COM,ou=internal,ou=xyzoa,dc=xyz,dc=com
> 
> 
> Return code: 1
> Message: LDAP_OPERATIONS_ERROR : Server encountered an internal error
> MessageID: 4
> DN:
> 
> Under other versions of the code I get an I/O error.
> 
> Any ideas?

One possibility is that the server doesn't like you rebinding after sending
an unbind on the connection. The socket you've got open isn't actually
closed (despite your comment!) until the $ldap object is destroyed.

There's actually no real need to unbind at all as the standard supports
issuing multiple binds on the same connection, so maybe just delete the
$ldap->unbind call and see what happens.

Cheers,

Chris

Re: Problem with Simple auth on Windows 2000

[Todd <net...@ch...>]

You are the man!

Commenting out the unbind gave me:

# ldap.pl myid mypass
uid=myid,ou=PROD-XYZ-VW-COM,ou=internal,ou=xyzoa,dc=xyz,dc=com

Can't locate object method "shift_entry" via package "Net::LDAP::Bind" 
(perhaps
you forgot to load "Net::LDAP::Bind"?) at E:\Inetpub\scripts\ldap.pl line 
35.


So I commented out the callback and presto!


# ldap.pl myid mypass
uid=myid,ou=PROD-XYZ-VW-COM,ou=internal,ou=xyzoa,dc=xyz,dc=com

# ldap.pl myid wrongpass
uid=myid,ou=PROD-XYZ-VW-COM,ou=internal,ou=xyzoa,dc=xyz,dc=com

Return code: 49
Message: LDAP_INVALID_CREDENTIALS : The wrong password was supplied or the 
SASL credentials could not be processed
MessageID: 3
DN:


Thanks!

-Todd

On Tue, 12 Nov 2002, Chris Ridd wrote:

> 
> One possibility is that the server doesn't like you rebinding after sending
> an unbind on the connection. The socket you've got open isn't actually
> closed (despite your comment!) until the $ldap object is destroyed.
> 
> There's actually no real need to unbind at all as the standard supports
> issuing multiple binds on the same connection, so maybe just delete the
> $ldap->unbind call and see what happens.
> 
> Cheers,
> 
> Chris
>