Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Re: LDAP authentication from domain username

by NetWallah (Canon)
on Mar 01, 2014 at 07:11 UTC ( #1076646=note: print w/replies, xml ) Need Help??


in reply to LDAP authentication from domain username -working

THis statement appears completely wrong:
$search = $ldap->search(base=>"samaccountname=>$user,cn=>U +sers,dc=>us,dc=>megatrends,dc= +com",filter=>"(objectClass=memberOf)");
Here is some code I wrote years ago - you can use this as a basis for LDAP search:
use strict; use Net::LDAP; my $dc = 'my.domain.controller.fqdn'; my $user = 'DomainName\UserName'; # or 'administrator@mycorp.com'; my $passwd = shift; #'Adminpasswd'; my $base = "dc=TopDomain,dc=com"; # my $scope = "subtree"; my $filter = "(&(objectclass=user)(objectcategory=user))"; my $ldap = Net::LDAP->new($dc) or die $@; my $rc = $ldap->bind( $user, password => $passwd); die $rc->error if $rc->code; my $search = $ldap->search ( base => $base, scope => $scope, filter => $filter, sizelimit=> 9999 # Does not seem to help... ); die $search->error if $search->code; foreach my $entry ($search->entries) { $entry->dump; } $ldap->unbind;

        What is the sound of Perl? Is it not the sound of a wall that people have stopped banging their heads against?
              -Larry Wall, 1992

Replies are listed 'Best First'.
Re^2: LDAP authentication from domain username
by glenn (Scribe) on Mar 02, 2014 at 00:21 UTC
    Thank you I will give it a try Monday when I get back to work. You are correct the search does not work; it's what I needed help on.
Re^2: LDAP authentication from domain username
by glenn (Scribe) on Mar 03, 2014 at 14:11 UTC
    Thank you, that helped. However I still need to get just the one authenticated user and it's groups. Can you tell me/show me how to take megatrends.com\\glennt or glennt@megatrends.com and access the information about the single user? glennt@megatrends.com matches the sam account name field.
      More rusty old code dug up from the code graveyard:
      #This logs in to LDAP and generates a CSV file with each members displ +ay name and then a list of their groups. use strict; use Net::LDAP; use Net::LDAP::Control::Paged; use Net::LDAP::Constant ( "LDAP_CONTROL_PAGED" ); my $ldap = Net::LDAP->new('domain.controller.com') or die "Could not c +onnect to Domain controller $@"; # params for Net::LDAP::new # bind to a directory with dn and password my $mesg = $ldap->bind( 'ldapreadonlyuserid', password => 'LDAPReadonlyPassword' ); die $mesg->error if $mesg->code; # How many LDAP query results to grab for each paged round # Set to under 1000 for Active Directory my $page = Net::LDAP::Control::Paged->new( size => 100 ); my $fields = ['displayName','memberOf','useraccountcontrol']; my $strFilter = "(&(objectclass=user)(objectcategory=person)" # A + User # . "(!useraccountcontrol:1.2.840.113556.1.4.803:=2)" # + NOT Disabled . "(useraccountcontrol:dn:1.2.840.113556.1.4.803:=2)" +#The 1.2.840.113556.1.4.803 is a logical AND. . ")"; my $result = $ldap->search ( base => "dc=MyDomainName,dc=com", filter => $strFilter, attrs => $fields, control => [ $page ], ); die $result->error if $result->code; for my $item ( $result->entries) { next unless defined $item->get_value("displayName"); my $user; $user->{groups} = [ ref ( $item->get_value('memberOf') ) ? @{$item->get_value('memberOf')} : ($item->get_value('memberOf')) ]; $user->{groups} = [ map { /CN=(.+?),/ ; $1 } @{$user->{groups}} ]; print '"',$item->get_value("displayName"),'",'; print join(",", map { '"' . $_ . '"' } sort @{$user->{groups}} +),"\n"; } # Get cookie from paged control my($resp) = $mesg->control( LDAP_CONTROL_PAGED ) or print "-- No mo +re data (1) --\n"; ## last; my $cookie = $resp->cookie or print "-- No more data (2) --\n"; # Sh +ould do LAST here.. # Set cookie in paged control $page->cookie($cookie);

              What is the sound of Perl? Is it not the sound of a wall that people have stopped banging their heads against?
                    -Larry Wall, 1992

        Thank you, I got it working here it is for reference. It is in part broken up the way it is to allow an option to bypass the authentication.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://1076646]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (2)
As of 2022-05-28 14:18 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Do you prefer to work remotely?



    Results (99 votes). Check out past polls.

    Notices?