hi,
On Thu, Jun 11, 2015 at 11:45 PM, David Lee Lambert <dav...@lmert.com>
wrote:
> I know this question has been asked before, but maybe the
> answers were in response to differnt details...
>
> I'm trying to write a script that compares data in an Oracle
> database with Active Directory. So, it seems like I should be
> able to use DBD::Oracle and Net::LDAP, but I can't seem to get
> bind() to work.
>
> I've reduced my non-working code to the following...
>
> #! perl -w
>
> use Net::LDAP;
> my $ad = Net::LDAP->new('ad.**org**.com', debug => 2)
> or die "Couldn't connect to AD: $@, $!";
> $ad->bind('**tried lots of stuff**', password => '**password**')
> or die "Couldn't bind: $@, $!";
>
> my $results = $ad->search(
> filter => '(&(objectClass=user)(sAMAccountName=**userid**))');
> die $results->error if $results->code;
> my $count = $results->count;
> print $count;
>
> Whatever I do, I get an error like this...
>
> 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this
> operation a
> successful bind must be completed on the connection., data 0, v1db1 at
> searchde
> mo_1.pl line 13, <DATA> line 755.
>
> So, my first question is, why does the bind() not return an error
> if it didn't succeed for the purposes of a successful operation?
>
> Second, how do I figure out what to use as the first argument
> to bind()? I built a small C# program that looks up my LDAP
> record and prints it out, and I can see that my CN has a comma
> in it (it's in the form "Last, First M"), and I'm below two
> OUs and three DCs (DC=ad,DC=**org**,DC=com)... do I have to write
> that whole path as the bind DN?
>
>
not necessarily. You can bind using your dn, your upn or your
netbios\samaccountname.
this is how we bind to our AD (we use tls, you can skip the start_tls step
first to test it's working without). In this case I use a upn and bind to
the global catalog port which should be faster than the normal ldap port.
my $ldapprod = Net::LDAP->new('dc01.domain.tldl') || die "$@";
my $msg_prod = $ldapprod->start_tls(
verify => 'require',
sslversion => 'tlsv1',
port => '3268',
);
$msg_prod = $ldapprod->bind(
"testuser\@domain.tld",
password => 'pwd',
version => 3,
);
Basically the same stuff in the synopsis for Net::LDAP in
http://search.cpan.org/~marschap/perl-ldap/lib/Net/LDAP.pod or using
perldoc Net::LDAP.
--
Groeten,
natxo
