I need help with a small script which needs to talk to an ldap server.
Note - the ldap server uses LDAP V2; the ldap server does not allow anonymous
bind, nor does it allow successful user binds to retrieve any information -
that is reserved for administrative accounts. It also does not use SSL (LDAPS)
although i am trying to talk them into it.
Here is the sequence of events I am trying to execute:
1 - Take username and password from a secure form (I have that fine)
2 - Attempt to bind to an ldap server as that user
3 - If the bind was successful:
a - unbind
b - rebind to the ldap server as an admin user
c - retrieve certain attributes from the ldap record for the username
from the secure form
4 - If the bind was unsuccessful:
a - report the error, which may just mean telling the user to try
again, but i would like to get something better for testing
5 - Unbind
I have most steps working, except that i am not correctly coding to get the
error/success messages from the server, so i do not know if I should be
rebinding as the admin user or rejecting.
In Linux, from the command line, using "ldapsearch" with the entered username
and the correct password, I get:
# search result
search: 2
result: 0 Success
# numResponses: 1
If I do the same ldapsearch command using the wrong password, I get:
ldap_bind: Invalid credentials (49)
So basically, I need to determine in the Perl script if the invalid credentials
message (or its equivalent) if being returned or not.
Any help/tips will be gratefully received.
-Edward
- - -
Simplified code, with some confidential items blanked out:
#!/usr/local/bin/perl -T
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin';
use Net::LDAP;
my $uid = "<from form>";
my $password = "<from form>";
my $ldapServer = "ldap server address";
my $LDAPBIND = "uid=$uid,ou=people,o=organization.hk";
my $LDAPPWD = "$password";
my $ldap = Net::LDAP->new($directoryURL, verify => 'require' ) or die "$@";
$ldap->bind("$LDAPBIND", password => "$LDAPPWD") or die "Can't bind $@";
my $searchResultsObject = $ldap->search(base => "ou=people,o=organization.hk",
filter => (uid=$uid));
if ($searchResultsObject->code) {
$ERROR = "An error occurred during the LDAP search attempt:
$searchResultsObject->error \n\n";
}
# TEST FOR UNIQUENESS
my $countOfEntriesReturned = $searchResultsObject->count;
if ($countOfEntriesReturned == "0") { $ERROR2 = "ERROR: '$uid' may not be
present in this server \n\n"; }
elsif ($countOfEntriesReturned gt "1") { $ERROR2 = "ERROR: '$uid' is not
unique \n\n"; }
- - -
Then I extract the attributes using
my $entry = $searchResultsObject->entry($index);
as needed. The above code all works fine if I do an administrative bind, but I
do not know enough to get the right error messages to deter mine whether the
user bind succeeded, with no feedback allowed, or if it failed.
- - -
--
Edward F Spodick, Information Technology Manager
Hong Kong University of Science & Technology Library
[EMAIL PROTECTED] tel:852-2358-6743 fax:852-2358-1043
