Hi all,
I have a CGI Perl-driven web project that is running on a Windows server (*Nix is my preference but not possible in this situation). Everything works great. User goes to http://site/index.pl, IIS calls 'perl.exe index.pl' and webpage is delivered
- Integrated Windows Authentication is on and works as expected
- The username is passed to ENV as expected
For the script, I need to pull some info from active directory. An anonymous bind is not possible.
At the moment I have a single valid username and password hard-coded in the file which I use to bind to LDAP. Queries return successful. I am using Net::LDAP to perform the queries.
My question for whomever may have ideas:
I have heard that there is an NTLM token or something of that nature when IIS performs Windows Integrated Authentication. Is there any way in which I can retrieve the token and pass it to my Net::LDAP bind? In other words, using Net::LDAP (or another library?) I want to bind to LDAP as the authenticated web user. Does Net::LDAP support this or does it only support username/password? I've taken a look at Authen::SASL but I'm not sure if that's correct for what I'm trying to accomplish.
I realize this might be more of an IIS question rather than perl since I'm trying to bridge IIS to a Perl Net::LDAP bind. So if that's the case please let me know and I'll try and ask elsewhere =)
Thanks in advance for any info you may have!
Here's the code I'm using to connect to LDAP. I'd like to pull some kind of environment variable rather than a specified user/pass
sub connectLDAP($$$)
{
my ( $ldap_server, $ldap_username, $ldap_password ) = @_;
my $ldap = Net::LDAP->new($ldap_server) or return 0;
$_ = $ldap->bind( $ldap_username, password => $ldap_password ) or
+return 0;
return $ldap;
}