This queue is for tickets about the DBD-LDAP CPAN distribution.

Report information
The Basics
Id:
127341
Status:
resolved
Worked:
2 hours (120 minutes)
Users:
TURNERJW: 2 hours (120 minutes)
Priority:
Low/Low
Queue:

People
Owner:
turnerjw784 [...] yahoo.com
Requestors:
MRDVT [...] cpan.org
Cc:
AdminCc:

BugTracker
Severity:
(no value)
Broken in:
  • 0.20
  • 0.22
Fixed in:
1.00



Subject: loginrule in example cause undue angst
Show quoted text
> ldapserver:dc=Acme, dc=com:cn=*,<ROOT>
I think MOST people (like me) are going to think the "default" example uses the DN for login and try to get Net:LDAP working with DN. However, it, honestly, took me several hours trying to figure out why I was getting this "invalid password" AD error. 49:80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580 After googling and trial & error, I started on a code review and figured out that the example on CPAN is a custom example for a particular implementation (I don't know anyone who uses the root for user objects). My recommendation is to add another example that uses DN as authentication. Or better yet, update the code so if the login looks like a DN pass it through instead of using the login rule. unless ($dbuser =~ m/\ACN=/i) { #dbuser looks like a DN if ($dbuser && $ldap_loginrule =~ /\*/o) { $ldap_loginrule =~ s/\<root\>/$ldap_root/gi; $_ = $dbuser; $dbuser = $ldap_loginrule; $dbuser =~ s/\*/$_/g; } } My Version $ rpm -q perl-DBD-LDAP perl-DBD-LDAP-0.20-1.el6.rf.noarch
Sry for the long delay. It's been a/b 10 years since I've looked at this code, and I don't even have an LDAP database to test against. Last bug reporter gave me temp. access to one. Anyway, can you provide a copy of your ".ldb" file and your "connect()" line to look at? Also, I'm thinking your regex should be: m/\bcn\=/i. Thanks, Jim On Thu Oct 11 10:24:58 2018, MRDVT wrote:
Show quoted text
> > ldapserver:dc=Acme, dc=com:cn=*,<ROOT>
> > I think MOST people (like me) are going to think the "default" example > uses the DN for login and try to get Net:LDAP working with DN. > > However, it, honestly, took me several hours trying to figure out why > I was getting this "invalid password" AD error. > > 49:80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext > error, data 52e, v2580 > > After googling and trial & error, I started on a code review and > figured out that the example on CPAN is a custom example for a > particular implementation (I don't know anyone who uses the root for > user objects). My recommendation is to add another example that uses > DN as authentication. > > Or better yet, update the code so if the login looks like a DN pass it > through instead of using the login rule. > > unless ($dbuser =~ m/\ACN=/i) { #dbuser looks like a DN > if ($dbuser && $ldap_loginrule =~ /\*/o) > { > $ldap_loginrule =~ s/\<root\>/$ldap_root/gi; > $_ = $dbuser; > $dbuser = $ldap_loginrule; > $dbuser =~ s/\*/$_/g; > } > } > > My Version > > $ rpm -q perl-DBD-LDAP > perl-DBD-LDAP-0.20-1.el6.rf.noarch
Closing due to lack of user-response to info. request, but should now be fixed now in v1.00. If still not working properly, open new ticket. (Revelent Chglog): - Fix $dbh->connect() method to not apply login-rule parameter if user-name is a full DN but still append <ROOT> if it's a relative (single-pair) DN. - Make sure blank user-name field is converted to empty in $dbh->connect(). - Tweak docs and add examples to better explain user-name and login-rule parameters and the $dbh->connect() method. On Tue Nov 20 20:54:17 2018, TURNERJW wrote:
Show quoted text
> Sry for the long delay. It's been a/b 10 years since I've looked at > this code, and I don't even have an LDAP database to test against. > Last bug reporter gave me temp. access to one. Anyway, can you > provide a copy of your ".ldb" file and your "connect()" line to look > at? Also, I'm thinking your regex should be: m/\bcn\=/i. > > Thanks, > > Jim > > > On Thu Oct 11 10:24:58 2018, MRDVT wrote:
> > > ldapserver:dc=Acme, dc=com:cn=*,<ROOT>
> > > > I think MOST people (like me) are going to think the "default" > > example > > uses the DN for login and try to get Net:LDAP working with DN. > > > > However, it, honestly, took me several hours trying to figure out why > > I was getting this "invalid password" AD error. > > > > 49:80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext > > error, data 52e, v2580 > > > > After googling and trial & error, I started on a code review and > > figured out that the example on CPAN is a custom example for a > > particular implementation (I don't know anyone who uses the root for > > user objects). My recommendation is to add another example that uses > > DN as authentication. > > > > Or better yet, update the code so if the login looks like a DN pass > > it > > through instead of using the login rule. > > > > unless ($dbuser =~ m/\ACN=/i) { #dbuser looks like a DN > > if ($dbuser && $ldap_loginrule =~ /\*/o) > > { > > $ldap_loginrule =~ s/\<root\>/$ldap_root/gi; > > $_ = $dbuser; > > $dbuser = $ldap_loginrule; > > $dbuser =~ s/\*/$_/g; > > } > > } > > > > My Version > > > > $ rpm -q perl-DBD-LDAP > > perl-DBD-LDAP-0.20-1.el6.rf.noarch


This service runs on Request Tracker, is sponsored by The Perl Foundation, and maintained by Best Practical Solutions.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.