Nice idea but unfortunately it won't work. In IIS 6 they don't post the
password in ENV any more. Plus I'm looking to use "Integrated Auth" which is
basically NTLM.. I was hoping there were a Win32 library I could call to get
something like NTLM creds and then hand that through Net::LDAP as a pass
through...
I most likely have all my terminology wrong in the above statement. As I see
things, IIS runs this the authenticated CGI session as the user object that
authenticates. So the credentials should be in the win32 environment (not
ENV) somewhere. Probably much like how firefox does NTLM. It picks up the
user's credentials and passes them to IIS as auth. I want to do the same
except read them during a CGI session and pass them through an LDAP bind.
It's a tough solution because it pulls from two environments that have never
been connected (as far as I know).
On Tue, January 2, 2007 10:58 am, Ken Cornetet wrote:
> If you use plain-text authentication, the user's ID and password are
> available to the CGI script via environment variables. Fortunately, AD
> LDAP binds accept the user ID in the form of DOMAIN\USERID
>
> Here's a snippet of code:
>
>
> $userID = $ENV{LOGON_USER};
> $passwd = $ENV{AUTH_PASSWORD};
>
> my $AdminUser1 = "$ntdomain\\$userID";
> my $AdminPasswd1 = $passwd;
>
> $ldap1 = Net::LDAP->new($dc1) or LogAndExit("open LDAP#1: $@");
> my $result = $ldap1->bind( dn => $AdminUser1, password =>
> $AdminPasswd1 );
> die("Failed to bind1: " . $result->error) if $result->code;
>
>
> -----Original Message-----
> From: Eric Nichols [mailto:[EMAIL PROTECTED]
> Sent: Sunday, December 31, 2006 7:40 AM
> To: perl-ldap@perl.org
> Subject: Pass IIS credentials through LDAP?
>
> I've never really been able to find a definitive answer on this.
>
> IIS has their Integrated Authentication method which can recognize the
> client's credentials. I'd like to take those credentials and bind as
> that IIS user to an Active Directory server over LDAP.
>
> Any ideas?
> Thanks and happy New Years!
>
