I'm using OpenLDAP v2.3.18, patched per suggestions cited here yesterday so
that the perl backend actually works, and I'm having an issue with my bind()
method.
package MSGStore;
use POSIX;
$debug = 3;
sub bind
{
print "\n>>>>>>>>>>>>>>>>>>>>>>>>BIND<<<<<<<<<<<<<<<<<<<\n\n" if(
$debug > 2);
my $this = shift;
my $dn = shift;
my $pass = shift;
my $retval = 0;
# First attribute in dn assumed to be principle name
my $rest = (split('=',$dn,2))[1];
my ($uid, $ou) = (split(',',$rest,2));
$uid = lc $uid;
$tmp_filename = "/pmdf/tmp/krb5_$uid";
$prince = "[EMAIL PROTECTED]";
$tmp_filename = "/dev/null";
# Reach out to kinit and the remote KDC to authenticate...
$cmd = "/usr/local/bin/kinit $prince >$tmp_filename 2>&1";
print "\n>>>>> $cmd <<<<<<\n\n" if( $debug > 2);
$cmd = "echo $pass | ".$cmd;
system($cmd);
$hold = $?;
$exit_value = $?>>8;
$signal_num = $? & 127;
$dumped_core = $? & 128;
chmod 740, $tmp_filename;
print "\n>>>>> status=$hold <<<<<<\n\n" if( $debug > 2);
$exit_str = "";
$exit_str .= ($exit_value>0)?"Exit=$exit_value":"";
$exit_str .= ($signal_num>0)?(($exit_str ne ""?",
":"")."Sig=$signal_num"):"";
$exit_str .= ($dumped_core>0)?(($exit_str ne ""?",
":"")."DumpedCore!"):"";
print "\n>>>>> $exit_str <<<<<<\n\n" if( $debug > 2);
system("cat $tmp_filename") if( $debug > 2);
# Return 0 for success, 1 for failure.
$retval = 1 if $exit_value;
print "\n>>>>>>>>>>>>>>>>>>>>>>>>BIND<<<<<<<<<<<<<<<<<<<done\n\n" if(
$debug > 2);
print "\n>>>>> retval = $retval <<<<<<\n\n" if( $debug > 2);
return $retval;
}
When I invoke this method from a simple perl script, it works just fine, either
succeeding (0) or failing (1) on the system() call based on whether the
uid/pass pair was vaild in my KDC.
When I use exactly the same file in my slapd-perl server, it almost every time
(90%+) returns a value of -1 for the system() call. Once every so often, the
return from system() will be zero when the uid/pass pair was valid, or 256
(>>8=1) if the pair was not vaild.
Am I running up against some kind of restriction in what the perl backend is
allowed to do?
+----"Never Underestimate the bandwidth of a station wagon full of mag tapes"--+
| J.Lance Wilkinson ("Lance") InterNet: [EMAIL PROTECTED]
| Systems Design Specialist - Lead AT&T: (814) 865-1818
| Digital Library Technologies FAX: (814) 863-3560
| 3 Paterno Library "I'd rather be dancing..."
| Penn State University A host is a host from coast to coast,
| University Park, PA 16802 And no one will talk to a host that's close
| <[EMAIL PROTECTED]> Unless the host that isn't close
| EMail Professional since 1978 Is busy, hung or dead.
+---------"He's dead, Jim. I'll get his tricorder. You take his wallet."-------+
[apologies to DeForest Kelley, 1920-1999]
<A Href="http://perdita.lcs.psu.edu";>home page</a>
<a Href="http://perdita.lcs.psu.edu/junkdec.htm";>junk mail declaration</a>
-- /"\
\ / ASCII RIBBON CAMPAIGN
X AGAINST HTML MAIL
/ \
