Basically I had the script written like Tom suggested with a or die for this
command but it was terminating the program. I used the if/else so I could
print out all my variables to debug.
I changed it again so the snippet in questions is as follows:
.....
my $u = Win32::OLE->GetObject($ADsPath)
or die print qq(Unable to get object from class OLE with
$ADsPath, $!, stopped);
if ( defined ($u) ) {
$u->SetPassword($pass);
$u->Put("pwdLastSet", 0);
$u->SetInfo();
}
.....
The result printed to the browser is:
Unable to get object from class OLE with
LDAP://CN=stu000002,OU=Students,OU=Users,DC=WSC,DC=western,DC=edu, , stopped
I believe it is this line that fails because I have || die statements on all
the previous lines and they seem to run ok. Also when I print their results
I'm getting back a value but here I'm not.
Any Ideas?
-----------------------------------------
Mike Garner
Computer Services, WSC
[EMAIL PROTECTED]
970.943.3123 (voice)
970.943.7069 (fax)
-----Original Message-----
From: Tom Kinzer [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 10, 2003 9:34 AM
To: [EMAIL PROTECTED]
Subject: RE: OLE Permissions in CGI
Well, I know nothing about this OLE class, but this seems strange:
if (my $u = Win32::OLE->GetObject($ADsPath)) {
$u->SetPassword( $pass );
$u->Put("pwdLastSet", 0);
...
Perhaps a scoping issue with object $u ? How do you know that method call
is bad?
>From a Perl (yes Perl) perspective, this would personally make me feel warm
and fuzzier:
my $u = Win32::OLE->GetObject($ADsPath)
or die "Unable to get object from class OLE with $ADsPath, $!,
stopped";
if ( defined ($u) ) {
$u->SetPassword( $pass );
$u->Put("pwdLastSet", 0);
...
-Tom Kinzer
-----Original Message-----
From: Mike Garner [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 10, 2003 6:44 AM
To: [EMAIL PROTECTED]
Subject: OLE Permissions in CGI
My guess is that this is more of an IIS 6.0 Security issue but I thought I'd
ask some PERL gurus to look through the PERL first.
I've written a script that resets the password for a user in our Active
Directory for our help desk folks. The script works fine from several
computers and works when executed from the command line on the web server.
However, when it is executed as CGI from the web server one of the OLE
commands (GetObject) doesn't return a value...it should return a hash. It's
the line that contains: my $u = Win32::OLE->GetObject($ADsPath). If I put a
die statement here the entire script will die.
1) Does the code look good? Its possible that the connection information
isn't working but the script works anyway when I'm logged into the console
running it via the command line.
2) Does anyone know what the Win32::OLE->GetObject is doing on the server?
If the code is good, my guess is that this command is trying to use some
resource that I must allow the web server user to access..
Thanks in advance for any light you may be able to shed.
Here's a snippet of the code:
###--Create LDAP Connection to Active Directory
my $adsinamespaces = CreateObject OLE 'ADsNameSpaces' || die "couldn't
create";
my $ldapnamespace= $adsinamespaces->getobject("","LDAP:")||die "didn't
work";
my
$userdsobject=$ldapnamespace->OpenDSObject("LDAP://$server/OU=Users,dc=wsc,d
c=western,dc=edu","cn=$admin,ou=Domain
Admins,OU=Users,dc=wsc,dc=western,dc=edu",$admin_password,1)||die "didn't
connect";
###--Bind to specific user account
my $ADsPath="LDAP://CN=$user,OU=$ou,OU=Users,DC=WSC,DC=western,DC=edu";;
####---------------The next line fails-------------##############
if (my $u = Win32::OLE->GetObject($ADsPath)) {
$u->SetPassword( $pass );
$u->Put("pwdLastSet", 0);
$u->SetInfo();
print qq( <h3><strong>Password Reset</strong></h3>
<p><font face="Arial, Helvetica, sans-serif">The password for $user
has been reset to: <strong>$pass</strong>
</font></p>);
} else {print qq(
<h3><strong>Error!</strong></h3>
<p><font face="Arial, Helvetica, sans-serif">I could not locate
$user in the $ou Organizational Unit (OU).
<br>
u was |$u|
<br>
adspath was |$ADsPath|
<br>
userdsobject was |$userdsobject|
<br>
adsinamespaces was |$adsinamespaces|
<br>
ldap was |$ldapnamespace|
</font></p>
);
}
-----------------------------------------
Mike Garner
Computer Services, WSC
[EMAIL PROTECTED]
970.943.3123 (voice)
970.943.7069 (fax)
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
