Chris,
My "Final Solution" from the last email does work fine, but to follow up
on your last email I've included a bit more info below on responses from
AD.
3 Test Cases
=================
I've outlined three types of user below for testing against Active
Directory.
All three examples result in $message->code()==0 when you do a
bind($dn,'noauth'=>'1'). However, the only case where a subsequent search
operation will be successful is case 1).
1) A user who exists and has a blank password
DN: cn=Joe,ou=London,o=axomic
Password: ''
2) A user who doesn't exist
DN: cn=Joe,ou=London,o=axomic
3) A user who exists and has a NON-blank password
DN: cn=Joe,ou=London,o=axomic
Password: 'jo3lond'
#!/usr/bin/perl
use strict;
use warnings;
use Data::Dumper;
use Net::LDAP;
my $dn = 'cn=Joe,ou=London,o=axomic';
my $ldapServer = new Net::LDAP('ldap://localhost',
'port' =>'389',
'timeout'=>'2');
my $message = $ldapServer->bind($dn,'noauth'=>'1');
print 'Code: '.$message->code()."\n";
print Dumper($message);
Turning Debugging On
=========================
$ldapServer->debug(12);
All three cases above get the same response from AD (see below). So I
guess there is nothing Net::LDAP can do to differentiate them!
Net::LDAP=HASH(0x8e2b69c) received:
0000 16: SEQUENCE {
0006 1: INTEGER = 1
0009 7: [APPLICATION 1] {
000F 1: ENUM = 0
0012 0: STRING = ''
0014 0: STRING = ''
0016 : }
0016 : }
The 3 Test Cases With ldapsearch
=====================================
The following does both a bind and a search and so unfortunately we can't
just compare it directly to a bind() with Net::LDAP.
ldapsearch -h 'localhost' -x -w '' -D 'cn=Joe,ou=London,o=axomic'
-s base -b 'cn=Joe,ou=London,o=axomic'
As we would expect, case 1 is the only one that's successful.
My ldapsearch isn't compiled with LDAP_DEBUG on so I can't test what it
sends and receives for the bind in the 3 cases.
=========
OpenAsset - Image Management for Architects, Designers & Engineers
Axomic Ltd
http://www.axomic.com
