Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"
 
PerlMonks  

Re^4: LDAP authentication from domain username

by glenn (Scribe)
on Mar 20, 2014 at 16:14 UTC ( [id://1079098]=note: print w/replies, xml ) Need Help??


in reply to Re^3: LDAP authentication from domain username
in thread LDAP authentication from domain username -working

Thank you, I got it working here it is for reference. It is in part broken up the way it is to allow an option to bypass the authentication.
use Net::LDAP; use Tk; my %ADconfig; my @DCs; foreach my $line (split(/\n/, qx"net config workstation")) { if ($line =~ m/User name\s+(\w+)/) { $ADconfig{username} = $1; } elsif ($line =~ m/Workstation Domain DNS Name\s+([0-9a-zA-Z\._]+ +)/) { $ADconfig{dnsname} = $1; } elsif ($line =~ m/Logon domain\s+([0-9a-zA-Z\._]+)/) { $ADconfig{domain} = $1; last; } } my @unit; foreach my $line (split(/\n/,qx"nslookup -type=srv ldap._tcp.dc._msdcs +.$ADconfig{dnsname}")) { if ($line =~ m/priority\s+=\s+(\d+)/) { $unit[0] = $1; } if ($line =~ m/weight\s+=\s+(\d+)/) { $unit[1] = $1; } if ($line =~ m/port\s+=\s+(\d+)/) { $unit[2] = $1; } if ($line =~ m/svr hostname\s+=\s+(.+)/) { $unit[3] = $1; my $index = 0; if (@DCs > 0) { if ($unit[1] < $DCs[0][1]) { #use nearest AD first unshift(@DCs, [@unit]); } elsif ($unit[0] < $DCs[0][0] and $unit[1] <= $DCs[0][1]) + { #use preferred only if it is the same distance or clos +er unshift(@DCs, [@unit]); } else { push(@DCs, [@unit]); } } else { push(@DCs, [@unit]); } @unit = (); } } MainMenu(); MainLoop(); sub MainMenu { $mainwindow = MainWindow->new(); $mainwindow->minsize(820,720); $mainwindow->update(); #$mainwindow->configure(%{$gui_options{global}{window}}); #$mainwindow->protocol('WM_DELETE_WINDOW',sub{exitProgram()}); if (exists $ADconfig{dnsname}) { my @authObjects; my $attempts = 0; my $maxattempts = 3; #COLLECT INPUT push(@authObjects, $mainwindow->Label(-text=>"Please authentic +ate.")->grid(-row=>0, -column=>0)); push(@authObjects, $mainwindow->Label(-text=>"Username: $ADcon +fig{username}\@$ADconfig{domain}")->grid(-row=>1, -column=>0)); push(@authObjects, $mainwindow->LabEntry(-label=>"Password", - +textvariable=>\$ADconfig{password}, -show=>"*")->grid(-row=>2, -colum +n=>0)->bind('<Return>'=>sub{authenticate(\$attempts, \$maxattempts, \ +@authObjects)})); push(@authObjects, $mainwindow->Button(-text=>"Authenticate", +-command=>sub{authenticate(\$attempts, \$maxattempts, \@authObjects)} +)->grid(-row=>4, -column=>0, -pady=>5)); } else { #computer not connected to domain $mainwindow->messageBox(-message=>"Computer not connected to d +omain, cannot authenicate", -title=>"Non-domain computer", -icon=> "e +rror"); die; } } sub authenticate { my $attempts = ${$_[0]}; my $maxattempts = ${$_[1]}; my @authObjects = @{$_[2]}; my $authenticated = 0; #AUTHENTICATE $attempts++; my $user = "$ADconfig{domain}\\$ADconfig{username}"; for (my $d = 0; $d < @DCs; $d++) { my $ldap = undef; $ldap = Net::LDAP->new($DCs[$d][3], port=>$DCs[$d][2]) or prin +t "$@"; if (defined $ldap) { my $mesg = $ldap->bind($user, password=>$ADconfig{password +}); $ADconfig{password} = ""; if ($mesg->code) { #bind > 0 is error. if ($mesg->code == 1) { #logLine("Bad credinicals"); last; } else { #logLine("Bind code: ". $mesg->code ." error: ".$m +esg->error_name." ".$mesg->error_text); last; } } else { #logLine("successfully authenticated"); $authenticated = -1; my $base .= "cn=Users,dc=" . join(",dc=",split(/\./,$A +Dconfig{dnsname})); my $search = $ldap->search(base=>$base,scope=>"subtree +",filter=>"(sAMAccountName=$ADconfig{username})",attrs=>['memberOf'], +sizelimit=>1); foreach my $group ($search->entry(0)->get_value('membe +rOf')) { if ($group =~ m/GROUP/) { $authenticated = 1; last; } } last; } $mesg = $ldap->unbind; } elsif ($d eq @DCs) { #logLine("Failed to connect to $DCs[$d][3]] on port [$DCs[ +$d][2]]"); } else { $ADconfig{password} = ""; } } if ($attempts > $maxattempts and $authenticated == 0) { $mainwindow->messageBox(-message=>"Maximum login attempts exce +eded.", -title=>"Authenication failure", -icon=> "error"); die; } elsif ($authenticated == -1) { $mainwindow->messageBox(-message=>"Account not privileged to g +enerate licenses. Please contact glennt\@ami.com for licensing author +ization.", -title=>"Not a privileged account", -icon=> "error"); die; } elsif ($authenticated == 1) { foreach my $ob (@authObjects) { $ob->gridForget(); } main_window_controls(); } } sub main_window_controls { $mainwindow->Label(-text=>"Please select which operation you would + like to perform")->grid(-row=>0, -column=>0, -pady=>5); $mainmenubuttons[0] = $mainwindow->Button(-text=>'FIRST OP', -comm +and=>sub { foreach my $but (@mainmenubuttons) { $but->configure(-state=>'disabled'); } #COMMANDS })->grid(-row=>1, -column=>0, -sticky=>'nesw'); $mainwindow->Button(-text=>'EXIT', -command=>sub{die;})->grid(-row +=>2, -column=>0, -sticky=>'nesw'); $mainmenubuttons[0]->invoke(); }

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://1079098]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others lurking in the Monastery: (7)
As of 2024-03-19 02:32 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found