Folks,
I know I must be doing something silly, but damn'd if I can figure
out what it is. Using Jarek Gawor's very nice LDAP Browser\Editor
client, I have no problem binding as a user and changing my own
password, or binding as the admin and changing a user entry
password.
But I can't do it with my own Perl program.
No errors on binding, but the server is 'unwilling' to make the
change. Just for the heck of it I tried deleting the userPassword
attribute and re-adding it. OID will let me delete it (!), but
not add it back in. (Fortunately I can easily add it back using
the Browser\Editor.)
I've included the test program below my sig block, along with
sample output. If anybody can give me a clue on how to debug this
I'd really appreciate it! (I'm a subscriber so a reply to the
list is fine.)
...BC
+----------------------------[ [EMAIL PROTECTED] ]---+
| Bill Costa |
| 54 College Road -- CIS Ctr PHONE: +1-603-862-3056 | No good deed...
| University of New Hampshire FAX: +1-603-862-4778 | goes unpunished.
| Durham, NH 03824-3591 USA |
| |
+-----------------[ http://pubpages.unh.edu/~wfc/ ]---+
Environment:
client:
OS: Red Hat Linux release 7.3 (Valhalla)
Perl: v5.6.1 built for i386-linux
Net::LDAP: 0.25
server:
OS: dunno
server: Oracle OID (pretty sure version >= 9.0.2)
- - - - - - - - - - - - - - - - - the code - - - - - - - - - -
#!/usr/bin/perl -wT
#
# Password change demo.
use strict;
use Net::LDAP;
use Net::LDAP::Util qw(ldap_error_text ldap_error_name);
use Net::LDAP::Constant qw(LDAP_COMPARE_TRUE);
$| = 1;
my $LSERV = 'xxxxx.xxx.xxx';
my $LDPORT = 389;
my $DN = 'cn=xxxxx,cn=xxxx,dc=xxxxx,dc=xxxx';
my $PWD = 'xxxxx';
my $NEW = 'xxxxx';
my $c = Net::LDAP->new($LSERV, port=>$LDPORT)
or die("Fatal connect error to $LSERV ($LDPORT)\n_ $@");
my $msg = $c->bind($DN, password=>$PWD, version => 3);
die("Fatal bind error\n_ $@") if (not $msg);
print("bind() return code: #", $msg->code(), "\n");
die(ldap_error_text($msg->code())) if ($msg->is_error());
# Try replacing in place
$msg = $c->modify($DN, replace => {userPassword => $NEW});
print("modify(replace) return code: #", $msg->code(), "\n");
warn(ldap_error_text($msg->code())) if ($msg->is_error());
# If that didn't work, try deleting and adding
if ($msg->is_error())
{
$msg = $c->modify($DN, delete => 'userPassword');
print("modify(delete) return code: #", $msg->code(), "\n");
warn(ldap_error_text($msg->code())) if ($msg->is_error());
if (not $msg->is_error())
{
$msg = $c->modify($DN, add => {userPassword => $NEW} );
print("modify(add) return code: #", $msg->code(), "\n");
warn(ldap_error_text($msg->code())) if ($msg->is_error());
}
}
$c->unbind() or warn("error unbinding\n_ $@");
exit(1);
- - - - - - - - - - - - - - - - - sample run - - - - - - - - - -
Run it once and it says it deleted the password.
$ ./pwd-changer-cli
bind() return code: #0
modify(replace) return code: #53
The server is unwilling to perform the requested operation
modify(delete) return code: #0
modify(add) return code: #53
The server is unwilling to perform the requested operation
$
Run it again, sure enough it did.
$ ./pwd-changer-cli
bind() return code: #49
The wrong password was supplied or the SASL credentials could not be
processed
$
