Hi,
On Saturday, 3. May 2008, Srinivas N wrote:
> I have been working with LDAP server configurations from some time and
> now I want to integrate the LDAP in my project.
>
> I want to use LDAP to authenticate the users when they login to my portal.
>
> I found Net::LDAP as a good perl module that can be used to serve my
> purpose.
>
> I was successful in executing search statements and here is the code
>
>
> #! /usr/bin/perl
>
> use Net::LDAP;
>
> $ldap = Net::LDAP->new ( "<ip address>" ) or die "Connection Failed $@";
>
> $mesg = $ldap->bind ( "<user name>",
> password => "<password>",
> version => 3 );
>
>
> $base = "dc=example,dc=com";
>
> $mesg = $ldap->search ( # perform a search
> base => $base,
> filter => "(objectclass=*)"
> );
>
> $mesg->code && die $mesg->error;
>
>
> foreach $entry ($mesg->all_entries) { $entry->dump; }
>
>
> for the above code I got the following correct output:
>
>
> ------------------------------------------------------------------------
> dn:dc=example,dc=com
>
> dc: example
> description: Root LDAP entry for example.com
> objectClass: dcObject
> organizationalUnit
> ou: rootobject
> ------------------------------------------------------------------------
>
> dn:ou=People,dc=example,dc=com
>
> ou: People
> description: All people in organisation
> objectClass: organizationalUnit
> ------------------------------------------------------------------------
> dn:uid=srinivas,ou=People,dc=example,dc=com
>
> uid: srinivas
> cn: srinivas
> objectClass: account
> posixAccount
> top
> shadowAccount
> userPassword: {crypt}$1$zYwJ/asE$DsYRb6CXjzJihNyTV2lC9.
> shadowLastChange: 13986
> shadowMax: 99999
> shadowWarning: 7
> loginShell: /bin/bash
> uidNumber: 503
> gidNumber: 100
> homeDirectory: /home/srinivas
>
>
> now when I am trying to execute compare function whose code is
>
>
>
> $mesg = $ldap->compare( $base,
> attr => "uid",
> value => "srinivas"
> );
>
> $mesg->code && die $mesg->error;
>
> foreach $entry ($mesg->all_entries) { $entry->dump; }
>
> I am getting following error when I execute the above script
>
>
> No such attribute at ldap_compare.pl line 34, <DATA> line 259.
The compare function in LDAP does not return entries, but compares
the value a given attribute (in your case $uid) on one entry (in your case
$base) with the given value (in your case "srinivas").
It then returns whether the attribute contains a value tat matches the given
value according to the attribute's matching rules.
> Can any one suggest whether there are any additional attributed that
> are to be added or any other why that I can compare my username and
> password for authentication.
>
> Can you tell me how to authenticate users with this module with
> username and password from a CGI page.
The usual way to authenticate users using username/password with LDAP in
a script consists of the following steps:
1) find a DN that matches the given user name
e.g. $ldap-search($base_of_your_ldap_tree_to_search,
filter => "(uid=srinivas)");
Result should be exactly 1 $entry.
2) either open a secondary connection that that binds to the
server with the DN found in step 1 given or re-use the existing
LDAP session to bind with that user
e.g. $ldap2 = Net::LDAP->new(...)
$code2 = $ldap2->bind($entry->dn,
password=> $password_from_webform);
When opening a 2nd connection, you continue to work with the
"function" account from step on in the $ldap session, that
may have special permissions.
When re-binding in the same session, you work with the
LDAP permissions of the user logging in to the web page.
This may or may not be whatyou want.
3) Check if binding succeeded and continue as needed.
Don't try to compare passwords using ldap-compare.
This will most probably not work as passwords are either
encrypted on the server or cannot be compared using LDAP's
compare method.
This is highly dpenedant on the implementation of the server
and precludes other authentication metods than plain simple
username/password authentication.
Hope it helps
Peter
--
Peter Marschall
[EMAIL PROTECTED]
