Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl
- use strict;
- use autodie;
- use warnings;
- use Data::Dumper;
- use Net::LDAP;
- my $uid = 'some.user' ;
- my $upass = 'nonono';
- my $host = "ldap.host.site.com";
- my $user = "uid=appuser,ou=ldapapps,dc=host,dc=site,dc=com";
- my $pass = "hostpass";
- my $dn = "uid=" . $uid . ",ou=people,dc=host,dc=site,dc=com";
- my $opts = { port => 389 };
- my $groupdn = 'cn=appgroup,ou=Group,dc=host,dc=site,dc=com';
- # connect to ldap
- my $ldap = Net::LDAP->new( $host, %$opts )
- or die "Couldn't connect to LDAP server: $@";
- # bind to ldap as application
- my $bindResult = $ldap->bind( $user, password => $pass );
- $bindResult->code() && die "Couldn't bind to LDAP server: " . $bindResult->error();
- # bind to ldap as user to validate password
- my $bindUser = $ldap->bind( $dn, password => $upass );
- $bindUser->code() && die "Couldn't bind to LDAP server: " . $bindUser->error();
- # search for user as application
- my $userSearch = $ldap->search( base => $dn, filter => '(objectclass=*)' );
- $userSearch->code() && $userSearch->code() != 32 && die "Couldn't find user: " . $userSearch->error();
- die "user not found" if ($userSearch->count() == 0);
- # find group as application
- my $groupResult = $ldap->search( base=>$groupdn,filter=>'(objectclass=*)',attrs=>['memberUid']);
- $groupResult->code() && die "Couldn't find group: " . $groupResult->error();
- die "group not found" if ($groupResult->count() == 0);
- # get group entry
- my $entry = $groupResult->shift_entry();
- # get members of the group
- my @members = $entry->get('memberUid');
- print "user not in group\n" unless $uid ~~ @members;
Add Comment
Please, Sign In to add comment