Home > Archive > LDAP > May 2005 > how to authenticate user password
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
how to authenticate user password
|
|
| Yelekeri 2005-05-13, 4:30 pm |
| How to authenticate a user in the web page with the active directory using
perl ldap. Basically what I want is to get the password of the user on the
web page (may be encryted or atleast text) and compare that password thru
LDAP. And if the password matches, wants to display some other page. How
to acheive this thru perl LDAP.
-yelekeri
| |
| Peter Marschall 2005-05-14, 4:14 pm |
| Hi,
On Friday 13 May 2005 18:06, yelekeri wrote:
> How to authenticate a user in the web page with the active directory using
> perl ldap. Basically what I want is to get the password of the user on the
> web page (may be encryted or atleast text) and compare that password thru
> LDAP. And if the password matches, wants to display some other page. How
> to acheive this thru perl LDAP.
This will not work if the password encryption of ADS is worth its money ;-)))
but you may use the compare() method of Net::LDAP to compare passwords on the
server side or alternatively the bind() method to check if the password is
correct.
Net::LDAP::FAQ should give hints.
Hope it helps
Peter
--
Peter Marschall
eMail: peter@adpm.de
| |
| Brian K Johnson 2005-05-14, 4:14 pm |
| Hi,
On Friday 13 May 2005 18:06, yelekeri wrote:
> How to authenticate a user in the web page with the active directory
> using perl ldap. Basically what I want is to get the password of the
> user on the web page (may be encryted or atleast text) and compare
> that password thru LDAP. And if the password matches, wants to display
> some other page. How to acheive this thru perl LDAP.
I use bind to achieve this. Below is some sample code. Oh, if you want
things to be a tad more secure, you can use LDAP over SSL....that is if
LDAP over SSL is enabled in your AD forest
($domain,$user,$pass, $execnode, $port)=@ARGV;
use Net::LDAP;
# Build Search filter
$filter="(\& (userPrincipalName=*$domain*)(sAMAccount
Name=$user))";
# Set Search node if not passed
if (!$execnode){
print "You must specify an AD Global Catalog Server\n";
exit;
}
$port=3268;
print "NODE:$execnode PORT: $port\n";
# Get the users DN via anonymous bind to Active Directory. This
assumes that you have enabled anonymous access to AD
# If you have not, you will have to do an authenticated bind.
# set the DN to null
$dn="";
# For performance reasons limit the data returned to the
sAMAccountName
@attr=("sAMAccountName");
if ($ldap = new Net::LDAP("$execnode",port => $port,debug => 0,version
=>3)){
if ($result=$ldap->ldapbind()){
$result=$mesg = $ldap->search(filter => $filter,scope =>
"sub",attrs =>[@attr]);
foreach $entry ($mesg->all_entries) {
$dn=$entry->dn;
}
$ldap->unbind;
}
else
{
print "Anonymous Bind Failed to $execnode\n";
}
}
else
{
print "Initial connect to $execnode failed\n";
}
print "DN: $dn\n";
# Do an authenticated bind to a domain controller if we have a DN.
Use port 3268
# so that the controller responds as a Global Catalog Server.
if ($dn){
if ($ldap = new Net::LDAP("$execnode",port => $port,debug =>
0,version =>3)){
if ($result=$ldap->ldapbind('dn' => "$dn",'password' =>
"$pass" )){
$err=$result->code;
if ($err){
if ($err==49){
print "Incorrect username and/or
password (49)";
}
else
{
print "ERROR:$err\n";
}
}
else
{
print "Authenticated!";
}
}
else
{
print "Authenticated Bind Failed to
$execnode\n";
}
}
else
{
print "Initial connect to $execnode failed\n";
}
}
else
{
print "No user found that corresponds to $user\n";
}
|
|
|
|
|