Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

First LDAP-Perl Script

44 views
Skip to first unread message

Parag Kalra

unread,
Sep 20, 2009, 1:08:28 PM9/20/09
to perl...@perl.org
Hello All

Just installed LDAP server (OpenLDAP) on Ubuntu with following base root dn
settings:
cn=admin,dc=nodomian

Added few organisation units to it using command line utility 'ldapadd' and
few using ldap browser - 'phpldapadmin'

Then I felt like playing with Perl to connect to LDAP server and wrote
following script:

$ldap_host = "localhost";
$admin = "admin";
$domain = "nodomain";
$dn = "cn=$admin,o=$domain";
$password = "mypassword";
$ldap = Net::LDAP->new($ldap_host) or die "Could not establish connection to
LDAP server - $ldap_host \n";
$ldap->bind($dn,password=>$password) or die "Could not bind to LDAP serrver
- $ldap_host \n";

If I set wrong '$ldap_host', it shouts saying - 'could not bind to LDAP
server' and rightly so.

*However even if I set wrong '$password' or wrong '$dn' scripts still
executes successfully and doesn't shout...*

Where am I going wrong...?

Cheers,
Parag

Parag Kalra

unread,
Sep 20, 2009, 1:44:11 PM9/20/09
to perl...@perl.org
I think I got what was going wrong...If I am not wrong 'bind' method uses
authentication hence credentials only while making any changes
(add/modify/delete) to ldap server.

So if I will use wrong credentials to modify ldap database then it will
surely shout...

Cheers,
Parag

Chris Ridd

unread,
Sep 21, 2009, 6:41:11 AM9/21/09
to Parag Kalra, perl...@perl.org

On 20 Sep 2009, at 18:44, Parag Kalra wrote:

> I think I got what was going wrong...If I am not wrong 'bind' method
> uses
> authentication hence credentials only while making any changes
> (add/modify/delete) to ldap server.
>
> So if I will use wrong credentials to modify ldap database then it
> will
> surely shout...

Not quite.

All the 'operation' methods like bind(), add(), modify(), search(),
etc return undef if there was a problem sending the operation to the
server. They do *not* return undef if the server fails the operation.

To check if the server fails the operation, you need to get the result
of the operation, and test the result code inside that. This is
commonly done like this:

---
$res = $ldap->some-operation-here(with-lots-of-arguments) or die
"Cannot send some-operation-here";

die "Some operation failed (", $res->error_name, ")" if $res->code;
---

This works because an LDAP OK result is numeric 0. Note operations can
return other codes which your application might also consider to be
"OK" in some sense, so you will need to modify the above logic a
little in those cases.

Read the Net::LDAP::Message documentation to find out more things you
can do with $res.

Cheers,

Chris

Chris Ridd

unread,
Sep 21, 2009, 10:11:20 AM9/21/09
to Graham Barr, Parag Kalra, perl...@perl.org

On 21 Sep 2009, at 13:53, Graham Barr wrote:

>
> On Sep 21, 2009, at 5:41 AM, Chris Ridd wrote:
>
>>
>> On 20 Sep 2009, at 18:44, Parag Kalra wrote:
>>
>>> I think I got what was going wrong...If I am not wrong 'bind'
>>> method uses
>>> authentication hence credentials only while making any changes
>>> (add/modify/delete) to ldap server.
>>>
>>> So if I will use wrong credentials to modify ldap database then it
>>> will
>>> surely shout...
>>
>> Not quite.
>>
>> All the 'operation' methods like bind(), add(), modify(), search(),
>> etc return undef if there was a problem sending the operation to
>> the server.
>

> No, they will always return a Net::LDAP::Message object. If there is
> a local error then $res->code will be LDAP_LOCAL_ERROR

You're right.

Cheers,

Chris

0 new messages