Authenticating with LDAP

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hi Monks,

A script I'm working on needs to authenticate users using LDAP. Previously we had the script sitting behind an Apache .htaccess file, but now I'm having to write my own authentication routine. Since I know nothing about LDAP, can anyone tell me how I can authenticate a given username/password against the LDAP server? Specifically what modules and methods I should use? My old .htaccess file looks like this:

AuthLDAPURL
ldap://ldapserver.mydomain.com:389/ou=type,ou=members,ou=people,o=mydo
+main.com?uid?one?
AuthName Authorization
AuthType Basic
<Limit GET POST>
require user myuserid
</Limit>
[download]

Comment on Authenticating with LDAP Download Code

Replies are listed 'Best First'.
Re: Authenticating with LDAP by sschneid (Deacon) on May 06, 2003 at 20:40 UTC
Ignoring issues with maintaing state, getting the username and password from <insert data source here>, etc etc... use Net::LDAP; # Information you'll need to populate somehow (form?) my $base = 'dc=domain,dc=com'; my $user = 'testuser'; my $pass = 'p4ssw0rd'; my $ldap = Net::LDAP->new($host}); my $mesg = $ldap->search( base => $base, filter => "uid=$user" ); my ($dn); # Search for the user's DN within the base/filter my $max = $mesg->count; for (my $i = 0; $i < $max; $i++) { my $entry = $mesg->entry($i); $dn = $entry->dn; }; if ($dn) { # Bind with the DN & password if the user acct exists $mesg = $ldap->bind ($dn, password => $pass); unless ($mesg->code) { # Set the cookie here... } } [download] That should at least help you get started. It searches for the user, and if found, attempts to bind as the user (with the user's password). If it can successfully bind, you know the password supplied is correct and you can go ahead and set a cookie or whatnot. Note that the above code is also untested, and should only be used as something to get you started thinking about the process you'll want to implement. -s.	[reply] [d/l]
Re: Authenticating with LDAP by nite_man (Deacon) on May 06, 2003 at 20:06 UTC
Look through Net::LDAP, which implements a LDAP services API for Perl programs, and Net::LDAP::Examples which consists a good examples of working with Net::LDAP. -------------------------------- SV* sv_bless(SV* sv, HV* stash);	[reply]