On Thursday 11 June 2009 20:10:17 Bryan Irvine wrote: > I got around those problems but I'm still having problems binding to the > DB.
Have you tested the account via different means? E.g., assuming you have OpenLDAP client binaries available: ldapsearch -x -H ldaps://myldapserver.mydomain.com -D _ldapmonitor_test,ou=service,ou=users,ou=admin,o=noah -w oursupersecretpassword or, assuming the server also supports the "Who Am I?" extended operation: ldapwhoami -x -H ldaps://myldapserver.mydomain.com -D _ldapmonitor_test,ou=service,ou=users,ou=admin,o=noah -w oursupersecretpassword > The script basically logs in and does a search for itself to make sure > all is well. I note that a number of network monitoring systems have native LDAP support (e.g. Xymon). > I cannot bind with the credentials given me by the LDAP server admin, > but the search shows that the user is there. However if I add more > leading underscores _or remove it, I still get a result. A search that returns no entries is still a successful search, you should check that you got an entry before assuming that this is the DN you should use. > If I add > extra letters such as _lldap.... then it fails the search. If you create an invalid filter, then the search will fail ... since you don't provide the exact filter, it is difficult to tell. > Is the leading underscore causing me grief on the bind as well? > > +++++++++++++++++++ > code: > $check_CN = "_ldapmonitor_test"; > > my $problem = $ldaps->bind ( > 'cn=_ldapmonitor_test,ou=service,ou=users,ou=admin,o=noah', > password=> 'oursupersecretpassword' > ); > > print "dn: " . $problem->dn . "\n" ; > print "error: " . $problem->error . "\n" ; > print "done: " . $problem->done . "\n" ; > print "is_error: " . $problem->is_error . "\n" ; > > $mesg = $ldaps->search ( # perform a search > base => "ou=service,ou=users,ou=admin,o=noah", > filter => "(&(cn=$check_CN))" > ); > print "search error: " . $mesg->error . "\n" ; > > ++++++++++++++++++++++++++++++++++ > code output: > dn: > error: NDS error: failed authentication (-669) > done: 1 > is_error: 49 This really looks like your DN or password are incorrect. > search error: Success