Well, I know nothing about this OLE class, but this seems strange:
if (my $u = Win32::OLE->GetObject($ADsPath)) {
$u->SetPassword( $pass );
$u->Put("pwdLastSet", 0);
...
Perhaps a scoping issue with object $u ? How do you know that method call
is bad?
>From a Perl (yes Perl) perspective, this would personally make me feel warm
and fuzzier:
my $u = Win32::OLE->GetObject($ADsPath)
or die "Unable to get object from class OLE with $ADsPath, $!,
stopped";
if ( defined ($u) ) {
$u->SetPassword( $pass );
$u->Put("pwdLastSet", 0);
...
-Tom Kinzer
-----Original Message-----
From: Mike Garner [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 10, 2003 6:44 AM
To: [EMAIL PROTECTED]
Subject: OLE Permissions in CGI
My guess is that this is more of an IIS 6.0 Security issue but I thought I'd
ask some PERL gurus to look through the PERL first.
I've written a script that resets the password for a user in our Active
Directory for our help desk folks. The script works fine from several
computers and works when executed from the command line on the web server.
However, when it is executed as CGI from the web server one of the OLE
commands (GetObject) doesn't return a value...it should return a hash. It's
the line that contains: my $u = Win32::OLE->GetObject($ADsPath). If I put a
die statement here the entire script will die.
1) Does the code look good? Its possible that the connection information
isn't working but the script works anyway when I'm logged into the console
running it via the command line.
2) Does anyone know what the Win32::OLE->GetObject is doing on the server?
If the code is good, my guess is that this command is trying to use some
resource that I must allow the web server user to access..
Thanks in advance for any light you may be able to shed.
Here's a snippet of the code:
###--Create LDAP Connection to Active Directory
my $adsinamespaces = CreateObject OLE 'ADsNameSpaces' || die "couldn't
create";
my $ldapnamespace= $adsinamespaces->getobject("","LDAP:")||die "didn't
work";
my
$userdsobject=$ldapnamespace->OpenDSObject("LDAP://$server/OU=Users,dc=wsc,d
c=western,dc=edu","cn=$admin,ou=Domain
Admins,OU=Users,dc=wsc,dc=western,dc=edu",$admin_password,1)||die "didn't
connect";
###--Bind to specific user account
my $ADsPath="LDAP://CN=$user,OU=$ou,OU=Users,DC=WSC,DC=western,DC=edu";;
####---------------The next line fails-------------##############
if (my $u = Win32::OLE->GetObject($ADsPath)) {
$u->SetPassword( $pass );
$u->Put("pwdLastSet", 0);
$u->SetInfo();
print qq( <h3><strong>Password Reset</strong></h3>
<p><font face="Arial, Helvetica, sans-serif">The password for $user
has been reset to: <strong>$pass</strong>
</font></p>);
} else {print qq(
<h3><strong>Error!</strong></h3>
<p><font face="Arial, Helvetica, sans-serif">I could not locate
$user in the $ou Organizational Unit (OU).
<br>
u was |$u|
<br>
adspath was |$ADsPath|
<br>
userdsobject was |$userdsobject|
<br>
adsinamespaces was |$adsinamespaces|
<br>
ldap was |$ldapnamespace|
</font></p>
);
}
-----------------------------------------
Mike Garner
Computer Services, WSC
[EMAIL PROTECTED]
970.943.3123 (voice)
970.943.7069 (fax)
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
