Re: ldap-bind

Mon, 22 Jun 2009 02:00:25 -0700 

On Thursday 11 June 2009 20:10:17 Bryan Irvine wrote:
> I got around those problems but I'm still having problems binding to the
> DB.

Have you tested the account via different means? E.g., assuming you have 
OpenLDAP client binaries available:

ldapsearch -x -H ldaps://myldapserver.mydomain.com -D 
_ldapmonitor_test,ou=service,ou=users,ou=admin,o=noah -w 
oursupersecretpassword 

or, assuming the server also supports the "Who Am I?" extended operation:
ldapwhoami -x -H ldaps://myldapserver.mydomain.com -D 
_ldapmonitor_test,ou=service,ou=users,ou=admin,o=noah -w 
oursupersecretpassword

> The script basically logs in and does a search for itself to make sure
> all is well.

I note that a number of network monitoring systems have native LDAP support 
(e.g. Xymon).

> I cannot bind with the credentials given me by the LDAP server admin,
> but the search shows that the user is there.  However if I add more
> leading underscores _or remove it, I  still get a result.

A search that returns no entries is still a successful search, you should 
check that you got an entry before assuming that this is the DN you should 
use.

> If I add
> extra letters such as _lldap.... then it fails the search.

If you create an invalid filter, then the search will fail ... since you don't 
provide the exact filter, it is difficult to tell.

> Is the leading underscore causing me grief on the bind as well?
>
> +++++++++++++++++++
> code:
> $check_CN             = "_ldapmonitor_test";
>
> my $problem = $ldaps->bind (
>                 'cn=_ldapmonitor_test,ou=service,ou=users,ou=admin,o=noah',
>                 password=> 'oursupersecretpassword'
>                 );
>
> print "dn: " . $problem->dn . "\n" ;
> print "error: " . $problem->error . "\n" ;
> print "done: " . $problem->done . "\n" ;
> print "is_error: " . $problem->is_error . "\n" ;
>
> $mesg = $ldaps->search (  # perform a search
>                          base   => "ou=service,ou=users,ou=admin,o=noah",
>                          filter => "(&(cn=$check_CN))"
>                         );
> print "search error: " . $mesg->error . "\n" ;
>
> ++++++++++++++++++++++++++++++++++
> code output:
> dn:
> error: NDS error: failed authentication (-669)
> done: 1
> is_error: 49

This really looks like your DN or password are incorrect.

> search error: Success

Reply via email to