You need to bind to the directory so that you can test the password. The password is not stored. Only the hash is stored. The hash can only be viewed if your user DN has the correct priviledge.

The code example below connects to an LDAP(S) directory using an application DN, looks up the full user DN based on their uid and then binds using the user DN and their password to check if it is OK. 

#! /usr/bin/perl

use strict;

#http://search.cpan.org/~gbarr/perl-ldap-0.30/lib/Net/LDAP.pod
use Net::LDAPS;
use Net::LDAP;

my $host = "myhost:389";
my $ldaps = 0;
my $adminDn = "cn=myapp, ou=applications, o=MyOrg";
my $adminPwd = "password";
my $searchBase = "ou=people, o=MyOrg";


my $userdn = testGuid ("myGUID", "password");

if ($userdn)
{
    print "$userdn checks out!\n";
}



sub getUserDn
{
    my $ldap;
    my $guid = shift;
    my $dn;
    my $entry;

    if ($ldaps) {
        $ldap = Net::LDAPS->new($host, verify=>'none') or die "$@";
    }
    else {
        $ldap = Net::LDAP->new($host, verify=>'none') or die "$@";    
+    
    }
    
    my $mesg = $ldap->bind ($adminDn, password=>"$adminPwd");
    
    $mesg->code && return undef;
    
    $mesg = $ldap->search(base => $searchBase, filter => "uid=$guid" )
+;
     
    $mesg->code && return undef;
    $entry = $mesg->shift_entry;
     
    if ($entry)
    {
        $dn = $entry->dn;
        $entry->dump;
    }
    
    
    $ldap->unbind;
    
    return $dn;
}

sub testGuid
{
    my $ldap;

    my $guid = shift;
    my $userPwd = shift;

    my $userDn = getUserDn ($guid);

    return undef unless $userDn;
    
    if ($ldaps) {
        $ldap = Net::LDAPS->new($host, verify=>'none') or die "$@";
    }
    else {
        $ldap = Net::LDAP->new($host, verify=>'none') or die "$@";    
+    
    }

    my $mesg = $ldap->bind ($userDn, password=>"$userPwd");
    
    if ($mesg->code)
    {
        # Bad Bind
        print $mesg->error . "\n";
        return undef;
    }
    
    $ldap->unbind;
    
    return $userDn;
}

[download]

In reply to Re: LDAP authentication with Net::LDAP by inman
in thread LDAP authentication with Net::LDAP by bodmin

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.