Code Comments
Programming Forum and web based access to our favorite programming groups.
Need help on Authenticating users.Hi,
I have been working with LDAP server configurations from some time and =20
now I want to integrate the LDAP in my project.
I want to use LDAP to authenticate the users when they login to my portal.
I found Net::LDAP as a good perl module that can be used to serve my purpos
=
e.
I was successful in executing search statements and here is the code
#! /usr/bin/perl
use Net::LDAP;
$ldap =3D Net::LDAP->new ( "<ip address>" ) or die "Connection Failed $@";
$mesg =3D $ldap->bind ( "<user name>",
password =3D> "<password>",
version =3D> 3 );
$base =3D "dc=3Dexample,dc=3Dcom";
$mesg =3D $ldap->search ( # perform a search
base =3D> $base,
filter =3D> "(objectclass=3D*)"
);
$mesg->code && die $mesg->error;
foreach $entry ($mesg->all_entries) { $entry->dump; }
for the above code I got the following correct output:
------------------------------------------------------------------------
dn:dc=3Dexample,dc=3Dcom
dc: example
description: Root LDAP entry for example.com
objectClass: dcObject
organizationalUnit
ou: rootobject
------------------------------------------------------------------------
dn:ou=3DPeople,dc=3Dexample,dc=3Dcom
ou: People
description: All people in organisation
objectClass: organizationalUnit
------------------------------------------------------------------------
dn:uid=3Dsrinivas,ou=3DPeople,dc=3Dexamp
le,dc=3Dcom
uid: srinivas
cn: srinivas
objectClass: account
posixAccount
top
shadowAccount
userPassword: {crypt}$1$zYwJ/asE$DsYRb6CXjzJihNyTV2lC9.
shadowLastChange: 13986
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 503
gidNumber: 100
homeDirectory: /home/srinivas
now when I am trying to execute compare function whose code is
$mesg =3D $ldap->compare( $base,
attr =3D> "uid",
value =3D> "srinivas"
);
$mesg->code && die $mesg->error;
foreach $entry ($mesg->all_entries) { $entry->dump; }
I am getting following error when I execute the above script
No such attribute at ldap_compare.pl line 34, <DATA> line 259.
Can any one suggest whether there are any additional attributed that =20
are to be added or any other why that I can compare my username and =20
password for authentication.
Can you tell me how to authenticate users with this module with =20
username and password from a CGI page.
Any suggestion will be helpful.
Thanks in Advance.
Srinivas.
Post Follow-up to this message
Re: Need help on Authenticating users.Hi,
On Saturday, 3. May 2008, Srinivas N wrote:
> I have been working with LDAP server configurations from some time and
> now I want to integrate the LDAP in my project.
>
> I want to use LDAP to authenticate the users when they login to my portal.
>
> I found Net::LDAP as a good perl module that can be used to serve my
> purpose.
>
> I was successful in executing search statements and here is the code
>
>
> #! /usr/bin/perl
>
> use Net::LDAP;
>
> $ldap = Net::LDAP->new ( "<ip address>" ) or die "Connection Failed $@";
>
> $mesg = $ldap->bind ( "<user name>",
> password => "<password>",
> version => 3 );
>
>
> $base = "dc=example,dc=com";
>
> $mesg = $ldap->search ( # perform a search
> base => $base,
> filter => "(objectclass=*)"
> );
>
> $mesg->code && die $mesg->error;
>
>
> foreach $entry ($mesg->all_entries) { $entry->dump; }
>
>
> for the above code I got the following correct output:
>
>
> ------------------------------------------------------------------------
> dn:dc=example,dc=com
>
> dc: example
> description: Root LDAP entry for example.com
> objectClass: dcObject
> organizationalUnit
> ou: rootobject
> ------------------------------------------------------------------------
>
> dn:ou=People,dc=example,dc=com
>
> ou: People
> description: All people in organisation
> objectClass: organizationalUnit
> ------------------------------------------------------------------------
> dn:uid=srinivas,ou=People,dc=example,dc=
com
>
> uid: srinivas
> cn: srinivas
> objectClass: account
> posixAccount
> top
> shadowAccount
> userPassword: {crypt}$1$zYwJ/asE$DsYRb6CXjzJihNyTV2lC9.
> shadowLastChange: 13986
> shadowMax: 99999
> shadowWarning: 7
> loginShell: /bin/bash
> uidNumber: 503
> gidNumber: 100
> homeDirectory: /home/srinivas
>
>
> now when I am trying to execute compare function whose code is
>
>
>
> $mesg = $ldap->compare( $base,
> attr => "uid",
> value => "srinivas"
> );
>
> $mesg->code && die $mesg->error;
>
> foreach $entry ($mesg->all_entries) { $entry->dump; }
>
> I am getting following error when I execute the above script
>
>
> No such attribute at ldap_compare.pl line 34, <DATA> line 259.
The compare function in LDAP does not return entries, but compares
the value a given attribute (in your case $uid) on one entry (in your case
$base) with the given value (in your case "srinivas").
It then returns whether the attribute contains a value tat matches the given
value according to the attribute's matching rules.
> Can any one suggest whether there are any additional attributed that
> are to be added or any other why that I can compare my username and
> password for authentication.
>
> Can you tell me how to authenticate users with this module with
> username and password from a CGI page.
The usual way to authenticate users using username/password with LDAP in
a script consists of the following steps:
1) find a DN that matches the given user name
e.g. $ldap- search($base_of_your_ldap_tree_to_search
,
filter => "(uid=srinivas)");
Result should be exactly 1 $entry.
2) either open a secondary connection that that binds to the
server with the DN found in step 1 given or re-use the existing
LDAP session to bind with that user
e.g. $ldap2 = Net::LDAP->new(...)
$code2 = $ldap2->bind($entry->dn,
password=> $password_from_webform);
When opening a 2nd connection, you continue to work with the
"function" account from step on in the $ldap session, that
may have special permissions.
When re-binding in the same session, you work with the
LDAP permissions of the user logging in to the web page.
This may or may not be whatyou want.
3) Check if binding succeeded and continue as needed.
Don't try to compare passwords using ldap-compare.
This will most probably not work as passwords are either
encrypted on the server or cannot be compared using LDAP's
compare method.
This is highly dpenedant on the implementation of the server
and precludes other authentication metods than plain simple
username/password authentication.
Hope it helps
Peter
--
Peter Marschall
peter@adpm.de
Post Follow-up to this message Re: Need help on Authenticating users.Hi Peter, Thanks a tons. Your suggestion for authenticating the users with LDAP helped me a lot. Thanks again. Srinivas.
Post Follow-up to this message
Sponsored Links
Powered by vBulletin
Copyright 2000-2006 Jelsoft Enterprises Limited.
