Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hi,

I'm fairly new to Perl, and the task has fallen upon me to write a reusable sub to authenticate not only a users username and password, but also a given group against NDS.

I have the sub written, and it works great except that it will only compare the given group against the first cn in the groupMemberships returned by the server. Following are code snippets:

$mesg = $ldap->search(base => "o=UMMC", filter => $filter,
                          attrs => ["dn"]);
...

$entry = $mesg->shift_entry;
$mesg = $ldap->bind($entry->dn, password => "$passWord");

...
#The following is meant to convert the group name passed
#in to cn form, because only "group01" would be passed
$groupCmp = $entry->dn;
$groupCmp =~ s/(cn=)(.*?)(,.*)/$1$group$3/;
$mesg = $ldap->compare($entry->dn, attr =>        "groupMembership",va
+lue => "$groupCmp");

[download]
Like I said, if I try to match anything other than the first entry in the groupMembership attribute this code returns an LDAP_CONSTRAINT_VIOLATION rather than the expected LDAP_COMPARE_TRUE or LDAP_COMPARE_FALSE.

Can anyone give me any insight into either what I'm doing wrong or a better way to handle this?

Thanks

Back to Seekers of Perl Wisdom