NetReg: MS Active Directory & LDAP Netreg v2 PROBLEM.

New Message Reply Date view Thread view Subject view Author view Attachment view

From: Lukasz Karapuda (lkarap00@mercyhurst.edu)
Date: Wed Dec 10 2003 - 13:57:58 CST

Netreg users,

I am experiencing difficulties in trying to use the LDAP authentication
mechanism for Netreg v 2.0 with Microsoft Active Directory on Windows
2000 Server.

>From previous experience with LDAP & Active Directory I know that there
are significant differences in the Active Directory structure compared
to other directory services.

Therefore in order to even bind() to the AD Server via LDAP I needed to
modify the

- sub auth_ldap (Authenticate.pm:551) to:

        my $dn = $user.'@domain.local';

Compared to:

        my $dn_ldap = 'cn='.$user.','.$LDAP_BASE;

The problem is here:
- sub auth_ldap (Authenticate.pm:548):
        my $result =
$ldap->compare($dn_ldap,attr=>"memberof",value=>$LDAP_USERS);

The compare method does not return LDAP_COMPARE_TRUE, it returns:
        LDAP_NO_SUCH_OBJECT (32)
        The server cannot find an object specified in the request

This in turn I have identified to be a problem of the construction of
'distinguishedname' attribute of a Active Directory User Object. The DN
in AD would contain the following "CN=First Name Last
name,DC=domain,DC=edu" instead of
"CN={login},DC=domain,DC=edu". There is a difficulty in querying the AD
server to return the appropriate object based on the object property
'samaccountname' = {login}.

I was wondering if somebody is using Netreg v2.0 with LDAP
authentication and Active Directory and has resolved the issue I
encountered.

If not maybe the current auth_ldap() method could be adjusted to allow
for Active Directory querying. I'd be very happy to give a Netreg team
member insight on Active Directory structure. However, I have a very
limited knowledge of PERL, therefore cannot make the changes myself.

Thanks in advance,

Lukasz Karapuda
Mercyhurst College, Web Technology
Phone 814.824.2034 : Email lkarap00@mercyhurst.edu

**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************

New Message Reply Date view Thread view Subject view Author view Attachment view

This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:42 CDT