[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldap_simple_bind_s: funky return code?
Jeff Clowser wrote:
>
> Another idea: Is it possible that
> the "username" is not a proper dn? It must be a dn,
> not a uid, as far as I know.
That is of course one problem he has. Bind must be done
with a dn. Variations on the method exemplified by the
following Perl code are common:
sub authenticate {
my $ld = shift;
my $uid;
my $pass;
my $result;
my $ent;
my $my_dn;
printf "User: ";
chomp($uid = <STDIN>);
system "stty -echo";
printf "Password: ";
chomp($pass = <STDIN>);
print "\n";
system "stty echo";
$result = $ld->bind;
if ( $result->code ) {
printf "\nError: %s\n", ldap_error_name($result->code);
$ld->unbind;
exit(1);
}
$result = $ld->search(base => $LDAP_BASEDN,
filter => "(uid=$uid)",
attrs => ['uid'],
typesonly => 1);
if ($result->code) {
printf "\nError: %s\n", ldap_error_name($result->code);
$ld->unbind;
exit;
}
$ent = $result->shift_entry;
if (!$ent) {
print "\nError: Bad Authentication\n";
$ld->unbind;
exit;
}
$my_dn = $ent->dn;
$result = $ld->bind($my_dn, password=>$pass);
if ( $result->code ) {
printf "\nError: %s\n", ldap_error_name($result->code);
$ld->unbind;
exit(1);
}
return;
}
Of course, access rights must be properly setup to permit the
first search to succeed before authenticating.
Julio