RE: how to authenticate user password

Johnson, Brian K Sat, 14 May 2005 07:50:50 -0700

 Hi,

On Friday 13 May 2005 18:06, yelekeri wrote:
> How to authenticate a user in the web page with the active directory 
> using perl ldap. Basically what I want is to get the password of the 
> user on the web page (may be encryted or atleast text) and compare 
> that password thru LDAP. And if the password matches, wants to display


> some other page. How to acheive this thru perl LDAP.


I use bind to achieve this. Below is some sample code. Oh, if you want
things to be a tad more secure, you can use LDAP over SSL....that is if
LDAP over SSL is enabled in your AD forest



($domain,$user,$pass, $execnode, $port)[EMAIL PROTECTED];
use Net::LDAP;

#       Build Search filter

$filter="(\&(userPrincipalName=*$domain*)(sAMAccountName=$user))";

#       Set Search node if not passed

if (!$execnode){
        print "You must specify an AD Global Catalog Server\n";
        exit;
}

$port=3268;

print "NODE:$execnode PORT: $port\n";

#       Get the users DN via anonymous bind to Active Directory. This
assumes that you have enabled anonymous access to AD
#       If you have not, you will have to do an authenticated bind.

#       set the DN to null

$dn="";

#       For performance reasons limit the data returned to the
sAMAccountName

@attr=("sAMAccountName");

if ($ldap = new Net::LDAP("$execnode",port => $port,debug => 0,version
=>3)){

        if ($result=$ldap->ldapbind()){
                
                $result=$mesg = $ldap->search(filter => $filter,scope =>
"sub",attrs =>[EMAIL PROTECTED]);
                

                foreach $entry ($mesg->all_entries) { 
                        $dn=$entry->dn;
                }
                $ldap->unbind;
        }
        else
        {
                print "Anonymous Bind Failed to $execnode\n";
        }
}
else
{
        print "Initial connect to $execnode failed\n";
}

print "DN: $dn\n";


#       Do an authenticated bind to a domain controller if we have a DN.
Use port 3268
#       so that the controller responds as a Global Catalog Server. 


if ($dn){
        if ($ldap = new Net::LDAP("$execnode",port => $port,debug =>
0,version =>3)){
                if ($result=$ldap->ldapbind('dn' => "$dn",'password' =>
"$pass" )){

                        $err=$result->code;

                        if ($err){
                                if ($err==49){
                                        print "Incorrect username and/or
password (49)";
                                }
                                else
                                {
                                        print "ERROR:$err\n";
                                }
                        }
                        else
                        {
                                print "Authenticated!";
                        }
                }
                else
                {
                        print "Authenticated Bind Failed to
$execnode\n";
                }
        }
        else
        {
                print "Initial connect to $execnode failed\n";
        }
}
else
{

        print "No user found that corresponds to $user\n";
}

RE: how to authenticate user password

Reply via email to