Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

Re: LDAP authentication from domain username

by NetWallah (Canon)
on Mar 01, 2014 at 07:11 UTC ( [id://1076646]=note: print w/replies, xml ) Need Help??


in reply to LDAP authentication from domain username -working

THis statement appears completely wrong: 
            $search = $ldap->search(base=>"samaccountname=>$user,cn=>U
+sers,dc=>us,dc=>megatrends,dc=
+com",filter=>"(objectClass=memberOf)");

[download]
Here is some code I wrote years ago - you can use this as a basis for LDAP search: 
use strict;
use Net::LDAP;

my $dc = 'my.domain.controller.fqdn';
my $user = 'DomainName\UserName'; # or 'administrator@mycorp.com';
my $passwd = shift;   #'Adminpasswd';

my $base = "dc=TopDomain,dc=com"; #
my $scope = "subtree";
my $filter = "(&(objectclass=user)(objectcategory=user))"; 

my $ldap = Net::LDAP->new($dc) or die $@;

my $rc = $ldap->bind(  $user, password => $passwd);
die $rc->error if $rc->code;

my $search = $ldap->search (
    base => $base,
    scope => $scope,
    filter => $filter,
    sizelimit=> 9999 # Does not seem to help...
    );
die $search->error if $search->code;

foreach my $entry ($search->entries) {
    $entry->dump;
}

$ldap->unbind;

[download]

        What is the sound of Perl? Is it not the sound of a wall that people have stopped banging their heads against?
              -Larry Wall, 1992

Replies are listed 'Best First'.
Re^2: LDAP authentication from domain username
by glenn (Scribe) on Mar 02, 2014 at 00:21 UTC
    Thank you I will give it a try Monday when I get back to work. You are correct the search does not work; it's what I needed help on.
[reply]
Re^2: LDAP authentication from domain username
by glenn (Scribe) on Mar 03, 2014 at 14:11 UTC
    Thank you, that helped. However I still need to get just the one authenticated user and it's groups. Can you tell me/show me how to take megatrends.com\\glennt or glennt@megatrends.com and access the information about the single user? glennt@megatrends.com matches the sam account name field.
[reply]
      More rusty old code dug up from the code graveyard: 
      #This logs in to LDAP and generates a CSV file with each members displ
+ay name and then a list of their groups.

use strict;
use Net::LDAP;
use Net::LDAP::Control::Paged;
use Net::LDAP::Constant ( "LDAP_CONTROL_PAGED" );

my $ldap = Net::LDAP->new('domain.controller.com') or die "Could not c
+onnect to Domain controller $@";
# params for Net::LDAP::new
 # bind to a directory with dn and password
my $mesg = $ldap->bind( 'ldapreadonlyuserid',
                         password => 'LDAPReadonlyPassword'
                    );
die $mesg->error if $mesg->code;

# How many LDAP query results to grab for each paged round
# Set to under 1000 for Active Directory
my $page = Net::LDAP::Control::Paged->new( size => 100 );

my $fields = ['displayName','memberOf','useraccountcontrol'];
my $strFilter = "(&(objectclass=user)(objectcategory=person)"      # A
+ User
           #   .  "(!useraccountcontrol:1.2.840.113556.1.4.803:=2)"  #
+ NOT Disabled
               . "(useraccountcontrol:dn:1.2.840.113556.1.4.803:=2)"  
+#The 1.2.840.113556.1.4.803 is a logical AND.
              .  ")";
my $result = $ldap->search (
                        base    => "dc=MyDomainName,dc=com",
            filter  => $strFilter,
            attrs   => $fields,
            control => [ $page ],
          );
die $result->error if $result->code;

for my $item ( $result->entries) {
    next unless defined $item->get_value("displayName");
    my $user;
    $user->{groups} = [ ref ( $item->get_value('memberOf') )  ?
                           @{$item->get_value('memberOf')}        :
                           ($item->get_value('memberOf'))
                          ];
    $user->{groups} = [ map { /CN=(.+?),/ ; $1 } @{$user->{groups}} ];
    print '"',$item->get_value("displayName"),'",';
        print join(",", map { '"' . $_ . '"' } sort @{$user->{groups}}
+),"\n";
}

  # Get cookie from paged control
  my($resp)  = $mesg->control( LDAP_CONTROL_PAGED ) or print "-- No mo
+re data (1) --\n"; ## last;
  my $cookie = $resp->cookie or print "-- No more data (2) --\n"; # Sh
+ould do LAST here..

  # Set cookie in paged control
  $page->cookie($cookie);

      [download]

              What is the sound of Perl? Is it not the sound of a wall that people have stopped banging their heads against?
                    -Larry Wall, 1992

[reply]
[d/l]
        Thank you, I got it working here it is for reference. It is in part broken up the way it is to allow an option to bypass the authentication.
        Read more... (8 kB)
[reply]
[d/l]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://1076646]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others taking refuge in the Monastery: (2)
As of 2024-04-19 20:27 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found