Differences between version 6 and previous revision of ActiveDirectoryAuthenticationNotes.
Other diffs: Previous Major Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 6 | Last edited on Sunday, August 10, 2003 1:04:57 pm | by AristotlePagaltzis | Revert |
| Older page: | version 3 | Last edited on Friday, May 2, 2003 1:41:19 pm | by GreigMcGill | Revert |
@@ -17,10 +17,10 @@
<Directory ''/var/www/staff''>
AuthLDAPURL ldap://''ads.example.com'':389/OU=Users,OU=Teachers,DC=example,DC=com?sAMAccountName?sub?(objectClass=user)
AuthLDAPBindDN cn=''user'',cn=Users,dc=example,dc=com
AuthLDAPBindPassword ''password-here''
- AuthType Basic
- AuthName "''Mumble School Intranet''"
+ !
AuthType Basic
+ !
AuthName "''Mumble School Intranet''"
require valid-user
</Directory>
/var/www/staff should be the path that you want to secure.
@@ -57,9 +57,9 @@
----
!!Round Two!
Going back to this, we found a problem. This appeared in apache's error log:
- [Mon Mar 17 16:36:07 2003] [error] [client 210.54.31.4] Too many failures connecting to LDAP server
+ [
[Mon Mar 17 16:36:07 2003] [
[error] [
[client 210.54.31.4] Too many failures connecting to LDAP server
This is caused by mod_ldap trying to use [LDAP] v2. This appears to cause some (unspecified) problems with Active Directory. So I found a patch by Jeff Costlow (j.costlow at f5.com) (may whatever deity he worships provide him with many years of good health and fortune) which allows you to force [LDAP] version 3.
This prevents the error above from occuring, and now only authorised people can login.
@@ -81,56 +81,56 @@
characters. Feel free to use it for whatever you like.
Example:
-% chg_passwd.pl
-jim supersecret
+
% chg_passwd.pl
+ jim supersecret
Code:
-\
#!/usr/local/bin/perl -w
+
#!/usr/local/bin/perl -w
-use strict;
-use Net::LDAPS;
+
use strict;
+ use Net::LDAPS;
-my($Ad, $mesg, $uid, $pass, $npass, $dn, $rtn);
+
my($Ad, $mesg, $uid, $pass, $npass, $dn, $rtn);
-($uid, $pass) = split(" ",<STDIN>);
+
($uid, $pass) = split(" ",<STDIN>);
-if (($uid eq '') or ($pass eq '')) {
-
print "Uid and/or password missing in input\n";
-
exit 1;
-}
+
if (($uid eq '') or ($pass eq '')) {
+
print "Uid and/or password missing in input\n";
+
exit 1;
+ }
-print "Trying to set $uid to password $pass\n";
+
print "Trying to set $uid to password $pass\n";
-# Bind to the AD server
+
# Bind to the AD server
-$Ad = Net::LDAPS->new("dc.test.uva.nl", version =3)
-
or print "Unable to connect to AD server\n", exit 2;
-$Ad->bind(dn ="CN=ad,OU=Admin,DC=test,DC=uva,DC=nl", password =>
-"gandalf")
-
or print "Unable to bind to AD server\n", exit 2;
+
$Ad = Net::LDAPS->new("dc.test.uva.nl", version =3)
+
or print "Unable to connect to AD server\n", exit 2;
+ $Ad->bind(dn ="CN=ad,OU=Admin,DC=test,DC=uva,DC=nl", password =>
+ "gandalf")
+
or print "Unable to bind to AD server\n", exit 2;
-# Do a AD lookup to get the dn for this user
-# then change their password.
+
# Do a AD lookup to get the dn for this user
+ # then change their password.
-$mesg = $Ad->search(base ="DC=s-res,DC=uva,DC=nl", filter ="cn=$uid");
-if($mesg->count != 1) {
-
print "AD lookup failed for user $uid\n";
-
exit 3;
-}
+
$mesg = $Ad->search(base ="DC=s-res,DC=uva,DC=nl", filter ="cn=$uid");
+ if($mesg->count != 1) {
+
print "AD lookup failed for user $uid\n";
+
exit 3;
+ }
-# Add quotes and uniCode
-map { $npass .= "$_\000" } split(//, "\"$pass\"");
+
# Add quotes and uniCode
+ map { $npass .= "$_\000" } split(//, "\"$pass\"");
-# Now change it
-$dn = $mesg->entry()->dn;
+
# Now change it
+ $dn = $mesg->entry()->dn;
-$rtn = $Ad->modify($dn, replace ={ "unicodePwd" =$npass });
-if($rtn->{'resultCode'} != ) {
-
print "User $uid, setting password failed\n";
-
exit 2;
-}
+
$rtn = $Ad->modify($dn, replace ={ "unicodePwd" =$npass });
+ if($rtn->{'resultCode'} != ) {
+
print "User $uid, setting password failed\n";
+
exit 2;
+ }
-print "Password for $uid changed in AD\n";
-exit ;
+
print "Password for $uid changed in AD\n";
+ exit ;
