Home > Archive > LDAP > May 2006 > Net::LDAP
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Scott Hegel 2006-05-07, 7:33 pm |
| Hi,
I am wondering if someone can help me out. I am trying to use the
Net::LDAP module on perl 5.8 on a HP-UX 11.i server. I have installed
the module and its dependent.
I have the following in my script:
#!/opt/perl/bin
use Net::LDAP;
use warnings;
$ad = Net::LDAP->new("ldap://my.company.com")
or die("Could not connect to LDAP server.");
$mesg = $ad->bind("jimbob");
$mesg->code && die $mesg->error;
$ad->unbind
When I run this I get:
This server requires a TLS connection at perlad.pl line 11, <DATA> line
225.
I am not sure why it is needs TLS for the connection. Anyone have any
thoughts.
Thanks,
Scott
| |
| Chris Ridd 2006-05-07, 7:33 pm |
| On 4/5/06 10:41, Scott Hegel <shegel@dakotagrowers.com> wrote:
> Hi,
>
> I am wondering if someone can help me out. I am trying to use the
> Net::LDAP module on perl 5.8 on a HP-UX 11.i server. I have installed
> the module and its dependent.
>
> I have the following in my script:
>
> #!/opt/perl/bin
>
> use Net::LDAP;
> use warnings;
>
> $ad = Net::LDAP->new("ldap://my.company.com")
> or die("Could not connect to LDAP server.");
>
> $mesg = $ad->bind("jimbob");
>
> $mesg->code && die $mesg->error;
>
> $ad->unbind
>
> When I run this I get:
> This server requires a TLS connection at perlad.pl line 11, <DATA> line
> 225.
>
> I am not sure why it is needs TLS for the connection. Anyone have any
> thoughts.
It is likely that the administrator of the server doesn't permit plaintext
authentication over an insecure connection.
You should probably fix your bind call a bit. It isn't clear what a single
argument of "jimbob" actually means; the bind method expects a DN as the
first argument and it isn't a DN, so Net::LDAP might be trying to do a
simple (ie plaintext) bind with a bad DN and no password...
Try doing a SASL bind instead, something like this (untested):
my $sasl = Authen::SASL->new(mechanism => 'DIGEST-MD5 CRAM-MD5',
callback => {
user => 'jimbob',
pass => 'secret'
});
$mesg = $ad->bind('', sasl => $sasl, version => 3);
See the Authen::SASL docs for more details. You can also create a TLS
connection too, either using start_tls() or by using LDAPS.
Cheers,
Chris
| |
| Don C. Miller 2006-05-07, 7:33 pm |
| Chris, just an FYI. Active Directory allows you to bind with standard
windows authentication credentials including the "domain\username" and upn.
Don
Chris Ridd wrote:
> On 4/5/06 10:41, Scott Hegel <shegel@dakotagrowers.com> wrote:
>
>
>
> It is likely that the administrator of the server doesn't permit plaintext
> authentication over an insecure connection.
>
> You should probably fix your bind call a bit. It isn't clear what a single
> argument of "jimbob" actually means; the bind method expects a DN as the
> first argument and it isn't a DN, so Net::LDAP might be trying to do a
> simple (ie plaintext) bind with a bad DN and no password...
>
> Try doing a SASL bind instead, something like this (untested):
>
> my $sasl = Authen::SASL->new(mechanism => 'DIGEST-MD5 CRAM-MD5',
> callback => {
> user => 'jimbob',
> pass => 'secret'
> });
>
> $mesg = $ad->bind('', sasl => $sasl, version => 3);
>
> See the Authen::SASL docs for more details. You can also create a TLS
> connection too, either using start_tls() or by using LDAPS.
>
> Cheers,
>
> Chris
>
>
>
| |
| Chris Ridd 2006-05-07, 7:33 pm |
| On 5/5/06 3:39, Don C. Miller <donm@uidaho.edu> wrote:
> Chris, just an FYI. Active Directory allows you to bind with standard
> windows authentication credentials including the "domain\username" and upn.
Ah, I was wondering if this was some sort of Active Directory, or a "proper"
LDAP server...
Cheers,
Chris
| |
| Chris Ridd 2006-05-07, 7:33 pm |
| On 5/5/06 3:07, Scott Hegel <shegel@dakotagrowers.com> wrote:
> Chris,
>
> The "jimbob" bind is to show that this will connect as anything, or at
> least not show an error no matter what I put into the Bind. I don't
> think I should have to use an SASL bind. From the command line I can do
> an ldapsearch with a user/password combo and everthing works the way I
> expect it to.
>
> Any other thoughts
Compare what protocol's being sent in each case?
Cheers,
Chris
| |
| Scott Hegel 2006-05-07, 7:33 pm |
| Chris,
The "jimbob" bind is to show that this will connect as anything, or at
least not show an error no matter what I put into the Bind. I don't
think I should have to use an SASL bind. From the command line I can do
an ldapsearch with a user/password combo and everthing works the way I
expect it to.
Any other thoughts
Scott
On 4/5/06 10:41, Scott Hegel <shegel@dakotagrowers.com> wrote:
[color=darkred]
> Hi,
>
> I am wondering if someone can help me out. I am trying to use the
> Net::LDAP module on perl 5.8 on a HP-UX 11.i server. I have
installed
> the module and its dependent.
>
> I have the following in my script:
>
> #!/opt/perl/bin
>
> use Net::LDAP;
> use warnings;
>
> $ad = Net::LDAP->new("ldap://my.company.com")
> or die("Could not connect to LDAP server.");
>
> $mesg = $ad->bind("jimbob");
>
> $mesg->code && die $mesg->error;
>
> $ad->unbind
>
> When I run this I get:
> This server requires a TLS connection at perlad.pl line 11, <DATA>
line
> 225.
>
> I am not sure why it is needs TLS for the connection. Anyone have
any
> thoughts.
It is likely that the administrator of the server doesn't permit
plaintext
authentication over an insecure connection.
You should probably fix your bind call a bit. It isn't clear what a
single
argument of "jimbob" actually means; the bind method expects a DN as
the
first argument and it isn't a DN, so Net::LDAP might be trying to do a
simple (ie plaintext) bind with a bad DN and no password...
Try doing a SASL bind instead, something like this (untested):
my $sasl = Authen::SASL->new(mechanism => 'DIGEST-MD5 CRAM-MD5',
callback => {
user => 'jimbob',
pass => 'secret'
});
$mesg = $ad->bind('', sasl => $sasl, version => 3);
See the Authen::SASL docs for more details. You can also create a TLS
connection too, either using start_tls() or by using LDAPS.
Cheers,
Chris
| |
| Graham Barr 2006-05-07, 7:33 pm |
|
On May 5, 2006, at 9:07 AM, Scott Hegel wrote:
> Chris,
>
> The "jimbob" bind is to show that this will connect as anything, or at
> least not show an error no matter what I put into the Bind. I don't
> think I should have to use an SASL bind. From the command line I
> can do
> an ldapsearch with a user/password combo and everthing works the
> way I
> expect it to.
>
> Any other thoughts
Turn on debug trace just before the bind with $ldap->debug(15); so
you can see what is being sent to the server. I suspect it is doing
an anonymous bind with a dn of "jimbob" and Net::LDAP is just giving
you the response it got back from the server.
Graham.
|
|
|
|
|