[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_simple_bind_s: funky return code?



Jeff Clowser wrote:
> 
> Another idea: Is it possible that
> the "username" is not a proper dn?  It must be a dn,
> not a uid, as far as I know.

That is of course one problem he has.  Bind must be done
with a dn.  Variations on the method exemplified by the
following Perl code are common:

sub authenticate {
    my $ld = shift;
    my $uid;
    my $pass;
    my $result;
    my $ent;
    my $my_dn;

    printf "User: ";
    chomp($uid = <STDIN>);
    system "stty -echo";
    printf "Password: ";
    chomp($pass = <STDIN>);
    print "\n";
    system "stty echo";
    $result = $ld->bind;
    if ( $result->code ) {
	printf "\nError: %s\n", ldap_error_name($result->code);
	$ld->unbind;
	exit(1);
    }
    $result = $ld->search(base => $LDAP_BASEDN,
			  filter => "(uid=$uid)",
			  attrs => ['uid'],
			  typesonly => 1);
    if ($result->code) {
	printf "\nError: %s\n", ldap_error_name($result->code);
        $ld->unbind;
        exit;
    }
    $ent = $result->shift_entry;
    if (!$ent) {
	print "\nError: Bad Authentication\n";
        $ld->unbind;
        exit;
    }
    $my_dn = $ent->dn;
    $result = $ld->bind($my_dn, password=>$pass);
    if ( $result->code ) {
	printf "\nError: %s\n", ldap_error_name($result->code);
	$ld->unbind;
	exit(1);
    }
    return;
}

Of course, access rights must be properly setup to permit the
first search to succeed before authenticating.

Julio