Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

verifification of LDAP credentials

by kamesh3183 (Beadle)
on Dec 03, 2004 at 12:31 UTC ( [id://412097]=perlquestion: print w/replies, xml ) Need Help??

kamesh3183 has asked for the wisdom of the Perl Monks concerning the following question:

hi,
I have a webpage which prompts for username and password..and these things will be posted to my cgi script.There I need to verify that these are same as that of ldap credentials..How can i do this thing..Please suggest with some details..
thanks
kamesh

Replies are listed 'Best First'.
Re: verifification of LDAP credentials
by zejames (Hermit) on Dec 03, 2004 at 12:35 UTC

    Have a look at Net::LDAP, and bind

    Inspired from the manual page :

    $ldap = Net::LDAP->new( 'ldap.umich.edu' ); # bind to a directory with dn and password $mesg = $ldap->bind( 'cn=root, o=University of Michigan, c=us', password => 'secret' ); die "Invalid credential" if $mesg->is_error;

    --
    zejames
      thanks for quick response..
      As i don't have any knowledge of Ldap and NET::Ldap documentation some what confusing to me..iwant to have some clarifications on the code you provided..
      $ldap = Net::LDAP->new( 'ldap.umich.edu' ); # bind to a directory with dn and password $mesg = $ldap->bind( 'cn=root, o=University of Michigan, c=us', password => 'secret' ); die "Invalid credential" if $mesg->is_error;
      can u provide some details on bind method arguments.. suppose my username is 'kamesh'
      my password is 'secret'
      my ldap server name is 'ldap.server.com
      thanks
      kamesh
Re: verifification of LDAP credentials
by sunadmn (Curate) on Dec 03, 2004 at 14:09 UTC
    Ok well I would suggest you take a look a CPAN and search for LDAP, specficlly Net::LDAP. Then I think we need to address your needs quote "I need to verify that these are same as that of ldap credentials", this should be simple to do with the use of the LDAP PM just take the values that are given from the auth prompt and pass those to the module and attempt to bind as that user if your return a true then you are golden else we know the user doesn't exsist. This is very simple to do and there are plenty of examples on this site just SuperSearch it.
    SUNADMN
    USE PERL
Re: verifification of LDAP credentials
by strat (Canon) on Dec 04, 2004 at 12:41 UTC

    Well, since LDAP saves the data in a tree-like-structure, you'll need to know where a user is located to find his distinguishedName (= path and unique key to that user object).

    If you save all your users in one container of the tree (Well, then you seem to loose the structure, but you can also save it as an attribute or referal to a department object...), e.g.

    c=org co=MyCompany cn=Users cn=Mickey Mouse id456 cn=Donald Duck id123 cn=Tim Towdi id111

    it becomes rather easy, then your distinguishedName (=dn) looks like

    x) cn=Donald Duck id123,cn=Users,co=MyCompany,c=org x) cn=Mickey Mouse id456 ,cn=Users,co=MyCompany,c=org

    then you can build your bindDn very easily (the id is here to get everything unique; if you use another way to make sure an object is unique); if not, you first have to do a search for it, e.g. by an anonymous bind, e.g.

    use Net::LDAP; my $ldap = Net::LDAP->new($ldapServer) or die "Error: $@"; my $result = $ldap->bind(); # anonymous bind first die ("Error in bind: ", $result->error) if $result->code; $result = $ldap->search ( base => 'cn=Users,co=MyCompany,c=org', filter => "(&(sn=$surname)(givenName=$givenName))", # & is for an +AND scope => 'sub', # start from base and search to the bottom attributes => [] ); die ("Error in search: ", $result->error) if $result->code; foreach my $entry ($result->entries) { print "DN: ", $entry->dn(), "\n"; } } $ldap->unbind();

    if you only get back one user, try to bind as this user and his password:

    use Net::LDAP; my $ldap = Net::LDAP->new($ldapServer) or die "Error: $@"; my $success = $ldap->bind($dn, -password => $userPassword); if ($success->code) { print "Error\n"; } else { print "Ok\n"; $ldap->unbind(); }

    the following perldoc's give you some code examples:

    perldoc Net::LDAP::FAQ perldoc Net::LDAP::Examples

    These codes are note tested, and maybe you need a completely different structure

    Best regards,
    perl -e "s>>*F>e=>y)\*martinF)stronat)=>print,print v8.8.8.32.11.32"

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://412097]
Approved by zejames
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others avoiding work at the Monastery: (3)
As of 2024-03-29 02:24 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found