Perl

Reader Rating    from ratings

This section outlines how to enable authentication against a Directory Services using Perl-LDAP modules.

LDAP is the de facto Internet directory standard, supported by companies such as Netscape, Microsoft, IBM, and Novell. LDAP will be an integral part of Internet platform offerings including Netscape's ONE and Microsoft Exchange 5.0.

The perl-ldap distribution is a collection of perl modules which provide an object orientated interface to LDAP servers.

The perl-ldap distribution has several advantages

• By using the perl object interface the perl-ldap modules provide programmers with an interface which allows complex searches of LDAP directories with only a small amount of code.
  
  
• All the perl-ldap modules are written entirely in perl, which means that the library is truly cross-platform compatible. No C or XS extension are used so no C compiler is needed to install the modules.
  
  

Quick Start Guide

For the latest information see http://perl-ldap.sourceforge.net/

perl-ldap uses the following modules/distributions.

   Convert::ASN1  - required
   URI::ldap    - optional, needed for URL parsing
   Digest::MD5   - optional, needed for SASL CRAM-MD5 auth
   IO::Socket::SSL - optional, needed for Net::LDAPS
   XML::Parser   - optional, needed for Net::LDAP::DSML

First ensure the above modules/distributions are installed then build/test/install Net::LDAP by doing

      perl Makefile.PL
      make
      make test
      make install

Several modules in the distribution contain documentation. Once installed you can use the `perldoc Net::LDAP' command to obtain the documentation.

This documentation will contain pointers to the other modules.

Note:

Everything that has been depricated will be removed when V1.00 is released, but who knows when that will be.

PerLDAP

PerLDAP is a set of modules written in Perl and C that allow developers to leverage their existing Perl knowledge to easily access and manage LDAP-enabled directories. PerLDAP makes it very easy to search, add, delete, and modify directory entries. For example, Perl developers can easily build Web applications to access information stored in a directory or create directory synchronization tools between directories and other services.

PerLDAP is an open source development project, the result of a joint effort between Netscape and Clayton Donley, an open source developer. PerLDAP currently provides the basic functions to allow Perl users to access and manipulate directories easily. Based on developer feedback and involvement, PerLDAP will continue to evolve to include additional functionality in future releases.

Installing PerLDAP Binaries

You will first need version 3.0 Beta 1 of the LDAP C SDK from Netscape. This is available from the DevEdge page at: http://developer.netscape.com/tech/directory/

You will also need Perl v5.004, available at http://www.perl.com/. Version 5.005 of Perl will not work with the binaries. If you wish to use v5.005, you will need to compile PerLDAP from source.

On Unix (Solaris Only...HPUX, IRIX, AIX to follow):

• Check that the libraries from the C SDK are installed in locations referenced by the environment variable LD_LIBRARY_PATH
  
  
• Save the file in a temporary location
  
  
• Unzip the file by entering the command: gunzip .tar.gz
  
  
• Untar the resulting tar file by entering the command: tar xvof .tar
  
  
• Change to the extract directory: cd PerLDAP-1.0
  
  
• Execute the following command in as the super-user (root): perl install-bin
  
  

On Windows NT:

• Be sure that the DLL from the C SDK is installed in your system32 directory.
  
  
• Save the file in a temporary location
  
  
• Unzip the file using Winzip or other ZIP extraction tools
  
  
• Change to the extract directory: cd PerLDAP-1.0
  
  
• Execute the following command: perl install-bin
  
  

Compiling the PerLDAP Sources

The source to PerLDAP is available on the Mozilla site at: http://www.mozilla.org/directory/

You can either retrieve the .tar file with the source distribution, or use CVS to checkout the module directly. The name of the CVS module is PerLDAP, and it checks out the directory mozilla/directory/perldap

Further instructions for using CVS and Mozilla is available at http://www.mozilla.org/cvs.html.

Instructions for building the source can be found in the install file in the source distribution.

Getting Started

Documentation for this module is in standard Perl `pod' format. HTML versions of this documentation can also be found on the Netscape DevEdge site at: http://developer.netscape.com/tech/directory/

Additionally, many good examples can be found in the `examples' directory.

Modules and Examples

Mozilla::LDAP::API - Low level interface between Perl and the LDAP C API
Mozilla::LDAP::Entry - Perl methods for manipulating entry objects
Mozilla::LDAP::Conn - Perl methods for performing LDAP operations
Mozilla::LDAP::LDIF - Perl methods for utilizing LDIF
Mozilla::LDAP::Utils - Some convenient LDAP related utilities
test_api/search.pl - Tests low level API search calls
test_api/write.pl - Tests low level API write calls
test_api/api.pl - Tests ALL low level LDAPv2 calls
examples/lfinger.pl - LDAP version of the regular Unix finger
   command.
examples/qsearch.pl - Simple ldapsearch replacement.
examples/monitor.pl - Retrieve status information from an LDAP
   server.
examples/ldappasswd.pl - Change the LDAP password for a user.
examples/rmentry.pl - Remove an entire entry from the database.
examples/rename.pl - Rename (modRDN) an entry.
examples/tabdump.pl - Dump LDAP information into a tab separated
   file.
examples/psoftsync.pl - Synchronize LDAP with a PeopleSoft "dump"
   file.

All examples support the "standard" LDAP command line options, which are

-h hostname   LDAP server name
-p port #    LDAP port, default is 389 (or 636 for SSL)
-b base DN   LDAP Base-DN
-D bind DN   LDAP bind DN (connect to server as this "user")
-w bind pswd  Password to bind to the server
-P certfile   Use SSL, with the publick keys from this file

Note:

The examples currently only support Simple Authentication (passwords), the Client Authentication features (using certificates) will be used in the next release. All examples also honors the environment variable LDAP_BASEDN, set it to your systems base DN, e.g.

% setenv LDAP_BASEDN `dc=netscape,dc=com'

or for Bourne shell

# LDAP_BASEDN='dc=netscape,dc=com'; export LDAP_BASEDN

PerLDAP Instalation Instruction

Building this package is fairly straight forward, but requires some knowledge about using compilers and compiler tools on your system. If you are uncomfortable using these tools, we recommend you get one of the prebuilt binary distributions instead.

Prerequisites

In order to build the module, you'll need

• Perl, version 5.003 or later. We definitely recommend you to use v5.004 or later.
  
  
• An ANSI-C compiler, e.g. gcc-2.x, or Visual C++ 5.0.
  
  
• The LDAP client libraries and include files, e.g. the SDK from Netscape Communications. See the README file for information on retrieving binaries.
  
  

You can download (or CVS checkout) the Directory SDK source, see further information available on http://www.mozilla.org/directory/.

Building

This package uses the normal Perl5 MakeMaker installation system. To generate a Makefile appropriate for your platform, run perl on the provided Makefile.PL script.

   % perl Makefile.PL   

You might have to use the command `perl5' or `perl-5.004', depending on how you installed Perl-5. The script will now ask you a few questions to find the necessary library and include files. A typical configuration session is

   data 195% perl5 Makefile.PL

PerLDAP - Perk Module for LDAP

Directory containing `include' and `lib' directory of the Netscape

LDAP Software Developer Kit (default: /usr): /opt/ldapsdk3

Using LDAPv3 Developer Kit (default: yes)?

Include SSL Support (default: yes)?

Writing Makefile for Mozilla::LDAP::API

The important question is where your LDAP SDK is installed, in the example above the base directory is /opt/ldapsdk3. This directory should have two subdirectories, named "lib" and "include". If you installed the SDK in the standard /usr hierarchy, use the default value as provided by the install script.

Assuming you get no errors or warning, proceed with the build and install:

   % make
   % make install

That should be it!

Automated Configuration and Install

The Makefile.PL script also honors a set of environment variables to make it possible to do configuration and installs non-interactively. The variables are

LDAPSDKDIR    - Full path to the C SDK base directory
LDAPSDKVER    - Either "11" (for v1.1) or "30" (for v3.x)
LDAPSDKSSL    - Set to "Y" to enable SSL

With these variables set, you will not be asked any of the questions above. Just run the Makefile.PL script, and finish the build, e.g.

% perl5 Makefile.PL
   % make
   % make install

#!/usr/bin/perl5
######################################################################
# Version 1.0 (the "License"); you may not use this file except in
# compliance with the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS"
# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See 
# the License for the specific language governing rights and 
# limitations under the License.
#
# The Original Code is PerLDAP. The Initial Developer of the Original
# Code is Netscape Communications Corp. and Clayton Donley. Portions
# created by Netscape are Copyright (C) Netscape Communications
# Corp., portions created by Clayton Donley are Copyright (C) Clayton
# Donley. All Rights Reserved.
# Contributor(s):
#
# DESCRIPTION
#  This is an LDAP version of the normal passwd/yppasswd command 
#  found
#  on most Unix systems. Note that this will only use the {crypt}
#  encryption/hash algorithm (at this point).
#
#######################################################################
use Getopt::Std;               # To parse command line arguments.
use Mozilla::LDAP::Conn;                  # Main "OO" layer for LDAP
use Mozilla::LDAP::Utils;                  # LULU, utilities.
   
   
#######################################################################
# Constants, shouldn't have to edit these...
#
$APPNAM      = "ldappasswd";
$USAGE      = "$APPNAM [-nv] -b base -h host -D bind -w pswd -P cert search ...";
   
@ATTRIBUTES = ("uid", "userpassword");
   
   
######################################################################
# Check arguments, and configure some parameters accordingly..
#
if (!getopts('nvb:s:h:D:w:P:')) {
print "usage: $APPNAM $USAGE\n";
exit;
}
%ld = Mozilla::LDAP::Utils::ldapArgs();
Mozilla::LDAP::Utils::userCredentials(\%ld) unless $opt_n;
   
   
#######################################################################
# Ask for the new password, and confirm it's correct.
#
do
{
print "New password: ";
$new = Mozilla::LDAP::Utils::askPassword();
print "New password (again): ";
$new2 = Mozilla::LDAP::Utils::askPassword();
print "Passwords didn't match, try again!\n\n" if ($new ne $new2);
} until ($new eq $new2);
print "\n";
   
$crypted = Mozilla::LDAP::Utils::unixCrypt("$new");
   
   
#######################################################################
# Now do all the searches, one by one. If there are no search criteria,
# we will change the password for the user running the script.
#
$conn = new Mozilla::LDAP::Conn(\%ld);
die "Could't connect to LDAP server $ld{host}" unless $conn;
   
foreach $search ($#ARGV >= $[ ? @ARGV : $ld{bind})
{
$entry = $conn->search($search, "subtree", "ALL", 0, @ATTRIBUTES);
$entry = $conn->search($ld{root}, "subtree", $search, 0, @ATTRIBUTES)
unless $entry;
print "No such user: $search\n" unless $entry;
   
while ($entry)
{
$entry->{userpassword} = ["{crypt}" . $crypted];
print "Changing password for: $entry->{dn}\n" if $opt_v;
   
if (!$opt_n)
   {
    $conn->update($entry);
    $conn->printError() if $conn->getErrorCode();
   }
   
$entry = $conn->nextEntry();
}
}
   
   
#######################################################################
# Close the connection.
#
$conn->close if $conn;