in reply to LDAP Authentication
That said, it seems likely that the special characters have special meanings to the shell - single quotes for example, and the qx($cmd) call is failing on that. For example, if the content of the $cmd variable is:
ldapsearch -h 127.0.0.1 -b 'dc=xyz, dc=com' -D 'cn=user,dc=xyz,dc=com' + -w xy'z employeenumber dn
the shell will grumble over the unmatched ' in the middle of the password.
You would probably find this much easier to write and maintain using Net::LDAP, and you could do away with the relatively inefficient "bind and search" done from the command line, in favour of a simple "bind". Also, using Net::LDAP would reduce the possibility of an injection attack passing malicious code to the command line.
Update: Slightly OT, I notice that you're doing the same ldapsearch 2ce, 1ce as anonymous to get the userdn, then again as the user to validate the password. That's pretty inefficient, especially if employeenumber isn't indexed. You would probably get a significant speed improvement by using -b $userdn -s base in the second search.
--------------------------------------------------------------
"If there is such a phenomenon as absolute evil, it consists in treating another human being as a thing."
John Brunner, "The Shockwave Rider".
|
|---|
| Replies are listed 'Best First'. | |
|---|---|
|
Re^2: LDAP Authentication
by bar10der (Beadle) on Nov 08, 2005 at 13:17 UTC | |
by g0n (Priest) on Nov 08, 2005 at 13:19 UTC | |
by bar10der (Beadle) on Nov 08, 2005 at 13:22 UTC | |
by g0n (Priest) on Nov 08, 2005 at 13:43 UTC |