kbrad has asked for the wisdom of the Perl Monks concerning the following question:

I am running a script using Net::LDAP on our Windows 2000 network that is moving newly created users to different OUs (Organizational Units). The program works perfect, except we do not want a domain admin's username and password hardcoded in the program. The program is set to run as a service, so a domain admin account is already set to log in and kick off the script. Is there any possible way to use this domain admins credentials to log into the active directory? It seems silly that I have to log into the domain once to start the program, and then the program uses Net::LDAP to authenticate again. Any ideas?

Replies are listed 'Best First'.
Re: LDAP and Authentication
by metlhed_ (Beadle) on Aug 15, 2002 at 19:52 UTC

    I believe LDAP will accept an already encrypted password. You might want to check LDAP docs to verify that it will accept it and the encrytion used to generate the password.

[reply]
      I believe you're right.. from the documentation: 
      Using a potentially encrypted (SSL) network connection, how do I conne
+ct to my server?
This class is a subclass of Net::LDAP so all the normal Net::LDAP meth
+ods can be used with a Net::LDAPS object; see the documentation for N
+et::LDAP to find out how to query a directory server using the LDAP p
+rotocol. 

The connection to the server is created when you create a new Net::LDA
+PS object, e.g. 


  $ldaps = Net::LDAPS->new($server,
                           port => '10000',
                           verify => 'require',
                           capath => '/usr/local/cacerts/',
                           );
There are additional options to the LDAPS new method and several addit
+ional methods are included in the LDAPS object class. 

For further information and code examples read the LDAPS module docume
+ntation; perldoc Net::LDAPS

      [download]
[reply]
[d/l]

Back to Seekers of Perl Wisdom