Skip Menu |

This queue is for tickets about the DBD-LDAP CPAN distribution.

Report information
The Basics
Id: 127341
Status: resolved
Worked: 2 hours (120 min)
Priority: 0/
Queue: DBD-LDAP
People
Owner: turnerjw784 [...] yahoo.com
Requestors: MRDVT [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in:
  • 0.20
  • 0.22
Fixed in: 1.00

History Show all quoted text
  Thu Oct 11 10:24:58 2018 MRDVT [...] cpan.org - Ticket created
Subject: loginrule in example cause undue angst
Show quoted text
> ldapserver:dc=Acme, dc=com:cn=*,<ROOT>
I think MOST people (like me) are going to think the "default" example uses the DN for login and try to get Net:LDAP working with DN. However, it, honestly, took me several hours trying to figure out why I was getting this "invalid password" AD error. 49:80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580 After googling and trial & error, I started on a code review and figured out that the example on CPAN is a custom example for a particular implementation (I don't know anyone who uses the root for user objects). My recommendation is to add another example that uses DN as authentication. Or better yet, update the code so if the login looks like a DN pass it through instead of using the login rule. unless ($dbuser =~ m/\ACN=/i) { #dbuser looks like a DN if ($dbuser && $ldap_loginrule =~ /\*/o) { $ldap_loginrule =~ s/\<root\>/$ldap_root/gi; $_ = $dbuser; $dbuser = $ldap_loginrule; $dbuser =~ s/\*/$_/g; } } My Version $ rpm -q perl-DBD-LDAP perl-DBD-LDAP-0.20-1.el6.rf.noarch
  Tue Nov 20 20:54:17 2018 turnerjw784 [...] yahoo.com - Correspondence added
Sry for the long delay. It's been a/b 10 years since I've looked at this code, and I don't even have an LDAP database to test against. Last bug reporter gave me temp. access to one. Anyway, can you provide a copy of your ".ldb" file and your "connect()" line to look at? Also, I'm thinking your regex should be: m/\bcn\=/i. Thanks, Jim On Thu Oct 11 10:24:58 2018, MRDVT wrote: Show quoted text
> > ldapserver:dc=Acme, dc=com:cn=*,<ROOT>
> > I think MOST people (like me) are going to think the "default" example > uses the DN for login and try to get Net:LDAP working with DN. > > However, it, honestly, took me several hours trying to figure out why > I was getting this "invalid password" AD error. > > 49:80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext > error, data 52e, v2580 > > After googling and trial & error, I started on a code review and > figured out that the example on CPAN is a custom example for a > particular implementation (I don't know anyone who uses the root for > user objects). My recommendation is to add another example that uses > DN as authentication. > > Or better yet, update the code so if the login looks like a DN pass it > through instead of using the login rule. > > unless ($dbuser =~ m/\ACN=/i) { #dbuser looks like a DN > if ($dbuser && $ldap_loginrule =~ /\*/o) > { > $ldap_loginrule =~ s/\<root\>/$ldap_root/gi; > $_ = $dbuser; > $dbuser = $ldap_loginrule; > $dbuser =~ s/\*/$_/g; > } > } > > My Version > > $ rpm -q perl-DBD-LDAP > perl-DBD-LDAP-0.20-1.el6.rf.noarch
  Tue Nov 20 20:54:18 2018 The RT System itself - Status changed from 'new' to 'open'
  Tue Feb 05 15:46:56 2019 turnerjw784 [...] yahoo.com - Correspondence added 120 min
Closing due to lack of user-response to info. request, but should now be fixed now in v1.00. If still not working properly, open new ticket. (Revelent Chglog): - Fix $dbh->connect() method to not apply login-rule parameter if user-name is a full DN but still append <ROOT> if it's a relative (single-pair) DN. - Make sure blank user-name field is converted to empty in $dbh->connect(). - Tweak docs and add examples to better explain user-name and login-rule parameters and the $dbh->connect() method. On Tue Nov 20 20:54:17 2018, TURNERJW wrote: Show quoted text
> Sry for the long delay. It's been a/b 10 years since I've looked at > this code, and I don't even have an LDAP database to test against. > Last bug reporter gave me temp. access to one. Anyway, can you > provide a copy of your ".ldb" file and your "connect()" line to look > at? Also, I'm thinking your regex should be: m/\bcn\=/i. > > Thanks, > > Jim > > > On Thu Oct 11 10:24:58 2018, MRDVT wrote:
> > > ldapserver:dc=Acme, dc=com:cn=*,<ROOT>
> > > > I think MOST people (like me) are going to think the "default" > > example > > uses the DN for login and try to get Net:LDAP working with DN. > > > > However, it, honestly, took me several hours trying to figure out why > > I was getting this "invalid password" AD error. > > > > 49:80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext > > error, data 52e, v2580 > > > > After googling and trial & error, I started on a code review and > > figured out that the example on CPAN is a custom example for a > > particular implementation (I don't know anyone who uses the root for > > user objects). My recommendation is to add another example that uses > > DN as authentication. > > > > Or better yet, update the code so if the login looks like a DN pass > > it > > through instead of using the login rule. > > > > unless ($dbuser =~ m/\ACN=/i) { #dbuser looks like a DN > > if ($dbuser && $ldap_loginrule =~ /\*/o) > > { > > $ldap_loginrule =~ s/\<root\>/$ldap_root/gi; > > $_ = $dbuser; > > $dbuser = $ldap_loginrule; > > $dbuser =~ s/\*/$_/g; > > } > > } > > > > My Version > > > > $ rpm -q perl-DBD-LDAP > > perl-DBD-LDAP-0.20-1.el6.rf.noarch
  Tue Feb 05 15:46:57 2019 turnerjw784 [...] yahoo.com - Status changed from 'open' to 'resolved'
  Tue Feb 05 15:46:57 2019 turnerjw784 [...] yahoo.com - Fixed in 1.00 added