#!/usr/bin/perl use warnings; use strict; use Net::LDAPS; if ($#ARGV < 1) { print "Usage: auth_ldaps.pl USERNAME PASSWORD\n"; exit 3; } my $SERVER = 'ldap.ucc.usyd.edu.au'; my $CERT = '/etc/httpd/scripts/ldap.ucc.crt'; my $USER = $ARGV[0]; my $PASS = $ARGV[1]; my $BIND = "uid=$USER,ou=people,o=usyd"; my $ldaps = Net::LDAPS->new($SERVER, scheme => 'ldaps', port => '636', verify => 'require', cafile => $CERT, ); unless ($ldaps) { print "connection error: $SERVER\n"; exit 2; } my $mesg = $ldaps->bind( $BIND, password => $PASS, version => 3 ); unless ($mesg->is_error) { print "access granted\n"; exit 0; } print "access denied (" . $mesg->error . ")\n"; exit 1;
# Easy way to check users password against AD, SASL # $? = 0 for success, 49 for bad passwd etc ldapsearch -h adserver.com.au -s base -Y DIGEST-MD5 -U pfowler # Same but using simple bind ldapsearch -h adserver.com.au -D "cn=pfowler,ou=Users,dc=newioit,dc=com,dc=au" -W # Search using the global catalog ldapsearch -h adserver.com.au:3268 -D "cn=pfowler,ou=Users,dc=newioit,dc=com,dc=au" -W "(cn=pfowler)" ldapsearch -h 10.113.145.151 -p 3268 -b DC=salmat,DC=com,DC=au -D "CN=Peter Fowler,OU=Users,OU=Corporate,OU=Organisation,DC=salmat,DC=com,DC=au" -W "(cn=Peter Fowler)"