sysadmin:ldap

LDAP

Perl Script to Authenticate

#!/usr/bin/perl
use warnings;
use strict;
use Net::LDAPS;
 
if ($#ARGV < 1) {
        print "Usage: auth_ldaps.pl USERNAME PASSWORD\n";
        exit 3;
}
 
my $SERVER = 'ldap.ucc.usyd.edu.au';
my $CERT = '/etc/httpd/scripts/ldap.ucc.crt';
 
my $USER = $ARGV[0];
my $PASS = $ARGV[1];
my $BIND = "uid=$USER,ou=people,o=usyd";
 
my $ldaps = Net::LDAPS->new($SERVER,
                          scheme => 'ldaps',
                          port => '636',
                          verify => 'require',
                          cafile => $CERT,
                        );
 
unless ($ldaps) {
        print "connection error: $SERVER\n";
        exit 2;
}
 
my $mesg = $ldaps->bind( $BIND,
                         password => $PASS,
                         version => 3 );
 
unless ($mesg->is_error) {
        print "access granted\n";
        exit 0;
}
 
print "access denied (" . $mesg->error . ")\n";
exit 1;

Active Directory Searching

# Easy way to check users password against AD, SASL
# $? = 0 for success, 49 for bad passwd etc
ldapsearch -h adserver.com.au -s base -Y DIGEST-MD5 -U pfowler
 
# Same but using simple bind
ldapsearch -h adserver.com.au -D "cn=pfowler,ou=Users,dc=newioit,dc=com,dc=au" -W
 
# Search using the global catalog
ldapsearch -h adserver.com.au:3268 -D "cn=pfowler,ou=Users,dc=newioit,dc=com,dc=au" -W "(cn=pfowler)"
 
 
ldapsearch -h 10.113.145.151 -p 3268 -b DC=salmat,DC=com,DC=au -D "CN=Peter Fowler,OU=Users,OU=Corporate,OU=Organisation,DC=salmat,DC=com,DC=au" -W "(cn=Peter Fowler)"