LDAP Connection

runningz has asked for the wisdom of the Perl Monks concerning the following question:

Hi,

I have a small perl script which uses Net::LDAPS to connect to an LDAP Server for user authentication:

my $c=Net::LDAPS->new('ldaps://ww.xx.yy.zz') or die "Connect Fails";

This works perfectly for our given ldap(s) Server when running the script from Windows command line (both with ActiveState 5.24 and Strawberry 5.26).

Running the script as cgi under IIS 7 (on the same machine) using either of the two perl installations, does not work, leading to a "Connect Fails".

Any ideas, hints for that?

Thomas

Comment on LDAP Connection

Replies are listed 'Best First'.
Re: LDAP Connection by hippo (Archbishop) on Jan 23, 2018 at 13:11 UTC
Why not specify the debug option to the constructor? That should hopefully provide more detail as to why the attempted instantiation fails.	[reply]
Re^2: LDAP Connection by runningz (Novice) on Jan 23, 2018 at 13:36 UTC
I added the debug Option like this: `my $ad = Net::LDAPS->new('ldaps://ww.xx.yy.zz',verify=>'none',debug=>1 +5) or print "<h1>Could not connect!</h1>";` [download] but this only gives a lot of Information in the command line Version (where it works anyway) but None on my web page using the identical script as cgi.	[reply] [d/l]
Re^3: LDAP Connection by hippo (Archbishop) on Jan 23, 2018 at 14:03 UTC
I would expect that the output from the debug option would go to STDERR and therefore appear in the web server error log rather than on the page in the browser. Did you look in the web server error log too?	[reply]
Re: LDAP Connection by jahero (Pilgrim) on Jan 23, 2018 at 13:01 UTC
Wild guess: connectivity problem from the IIS machine? Firewall settings, etc?	[reply]
Re^2: LDAP Connection by runningz (Novice) on Jan 23, 2018 at 13:33 UTC
IIS machine is the same machine on which it works using command line perl.	[reply]
Re^3: LDAP Connection by poj (Abbot) on Jan 23, 2018 at 13:58 UTC
The difference is your cgi script is running under an 'anonymous' usergroup something like `IIS_IUSRS` poj	[reply] [d/l]
Re: LDAP Connection by Anonymous Monk on Jan 23, 2018 at 14:18 UTC
Running on your terminal session, your script is running as you. Running on IIS, it is (effectively) `nobody`. Can it from that location reach the other IP, and if so is it authorized to connect to it? The LDAP server console should also be able to tell you more.	[reply]
Re^2: LDAP Connection by runningz (Novice) on Jan 23, 2018 at 14:57 UTC
Great, changing the user for IIS solved the issue. Thank you all!	[reply]