NET::LDAPS error: failed Transport endpoint is not connected at /usr/lib/cgi-bin/createUser.cgi line 26

I am displaying here only the piece of the code that matters. The parameters are posted to the script from a form in a html file. The error is as stated: failed Transport endpoint is not connected at /usr/lib/cgi-bin/createUser.cgi line 26

The script is running on a Debian server. I guess I don't need to join the computer to the domain to use the script?
#! /usr/bin/perl

use warnings;
use CGI::Pretty qw(:all);
use strict;
use CGI::Carp::Fatals;
use Net::LDAP;
use Net::LDAPS;

#print "Content-type: text/html\n\n";
my $cgi=new CGI;

print header();
print start_html("User Account Creation");
if (param('pass_1') eq param('pass_2')) {
        my $firstName=param('first_name');
        my $lastName=param('last_name');
        my $loginName=param('login_name');
        my $password=param('password');
        my $mail=param('mail');

        my $adminLogin=param('adminLogin');
        my $adminPass=param('adminPass');

        my $mesg;
        my $ldap = Net::LDAPS->new('172.16.0.2', port => '389') or die("failed $!");
        print "Failed connecting" if(!$ldap);
        $mesg = $ldap->bind(dn => 'cn=$adminLogin,ou=Users,ou=FreeDev-Users,dc=freedev,dc=local', password => '$adminPass') or die("failed $!; ".$mesg->error);
        my $result = $ldap->add( 'cn=$loginName,ou=Users,ou=FreeDev-Users,dc=freedev,dc=local',attr => [ 'cn' => '$loginName', 'sn' => $firstName, 'mail' => $mail, 'objectclass' => ['top', 'person','organizationalPerson','inetOrgPerson' ]]);
        $result->code && warn "failed to add entry: ", $result->error;
        $mesg = $ldap->unbind;

Open in new window

#! /usr/bin/perl 
 
use warnings; 
use CGI::Pretty qw(:all); 
use strict; 
use CGI::Carp::Fatals; 
use Net::LDAP; 
use Net::LDAPS; 
 
#print "Content-type: text/html\n\n"; 
my $cgi=new CGI; 
 
print header(); 
print start_html("User Account Creation"); 
if (param('pass_1') eq param('pass_2')) { 
        my $firstName=param('first_name'); 
        my $lastName=param('last_name'); 
        my $loginName=param('login_name'); 
        my $password=param('pass_1'); 
        my $mail=param('mail'); 
 
        my $adminLogin=param('adminLogin'); 
        my $adminPass=param('adminPass'); 
 
        my $mesg; 
        my $ldap = Net::LDAPS->new('172.16.0.2', port => '389') or die("failed $!"); 
        print "Failed connecting" if(!$ldap); 
        $mesg = $ldap->bind(dn => 'cn=$adminLogin,ou=Users,ou=Company-Users,dc=company,dc=local', password => '$adminPass') or die("failed $!; ".$mesg->error); 
        my $result = $ldap->add( 'cn=$loginName,ou=Users,ou=Company-Users,dc=company,dc=local',attr => [ 'cn' => '$loginName', 'sn' => $firstName, 'mail' => $mail, 'objectclass' => ['top', 'person','organizationalPerson','inetOrgPerson' ]]); 
        $result->code && warn "failed to add entry: ", $result->error; 
        $mesg = $ldap->unbind;

Open in new window

LVL 2
itniflAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kim RyanIT ConsultantCommented:
If you want to use LDADS (with secure sockets) you need to specify the parameters
verify => 'require',
capath => '/usr/local/cacerts/');

Could you just use LDAP instead of LDAPS? Also, maybe try connecting manually first to see if you have permission.

0
clockwatcherCommented:
LDAPS typically runs on port 636 not 389 and unless you've already got LDAPS running for something else, you may want to take a look at http://support.microsoft.com/kb/321051 to get your cert set up correctly on your domain controller.
0
itniflAuthor Commented:
I used LDAP instead of LDAPS, and that worked.
But I can't seem to bind. The generated html completes without errors on the page, but in the error log of Apache I can see:
[Thu Apr 08 10:10:17 2010] [error] [client 192.168.10.4] [Thu Apr  8 10:10:17 2010] createUser.cgi: failed to add entry: 000004DC: LdapErr: DSID-0C090BD0, comment: In o
rder to perform this operation a successful bind must be completed on the connection., data 0, v1771

Offcourse, there is no object created in AD either.
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

itniflAuthor Commented:
The essential strings for connecting and binding that are not working are now:


 my $mesg;
        my $ldap = Net::LDAP->new('172.16.0.2', port => '389') or die("failed $!");
        print "Failed connecting" if(!$ldap);
        $mesg = $ldap->bind('cn=$adminLogin,ou=Users,ou=FreeDev-Users,o=freedev,c=local', password => '$adminPass') or die("failed $!; ".$mesg->error);
        my $result = $ldap->add('cn=$loginName,ou=Users,ou=FreeDev-Users,o=freedev,c=local', attr => [ 'cn' => '$loginName', 'sn' => $firstName, 'mail' => $mail, 'objectclass' => ['top', 'person','organizationalPerson','inetOrgPerson' ]]);
        $result->code && warn "failed to add entry: ", $result->error;
        $mesg = $ldap->unbind;

Open in new window

0
jwillekeCommented:
It appears your BIND was not successful and the server took your bind as the anonymous user.

It also appears that this is for AD.

We have sample code that does this here:
http://ldapwiki.willeke.com/wiki/Perl%20Add%20User%20Sample

You will find a better method to perform LDAP error operations in the code.
As LDAP always returns a result, trapping like:
die("failed $!; ".$mesg->error);
Does not work well.

-jim
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
itniflAuthor Commented:
Error:
[Thu Apr 08 11:06:37 2010] [error] [client 192.168.10.4] [Thu Apr  8 11:06:37 2010] createUser.cgi: failed to add entry: 00002081: NameErr: DSID-03050BF0, problem 2003 (BAD_ATT_SYNTAX), data 0, best match of:, referer: http://192.168.10.100/IntranettWeb/adm/admintools.html
[Thu Apr 08 11:06:37 2010] [error] [client 192.168.10.4] [Thu Apr  8 11:06:37 2010] createUser.cgi: \t'CN=atlhol,OU=Users,OU=Company-Users,DC=company,DC=local'

And in the browser window, this error:
Return code: 34 Message: LDAP_INVALID_DN_SYNTAX :The request contained an invalid DN MessageID: 2 DN: not known

I outputted the DN to the html file with ' and ' wrapped around:
'CN=atlhol,OU=Users,OU=FreeDev-Users,DC=freedev,DC=local'

Looks ok.
The code:
my ($bind, $mesg);
        my $base = "OU=Users,OU=Company-Users,DC=company,DC=local";
        my $ldap = Net::LDAP->new("172.16.0.2", version => 3, port => 389) or die("failed $!");
        print "Failed connecting" if(!$ldap);
        $bind = $ldap->bind("CN=$adminLogin,OU=Users,OU=Company-Users,DC=company,DC=local", password => "$adminPass") or die("failed $!; ".$bind->error);
        if ( $bind->code ) {
                LDAPerror( "Bind: ", $bind );
        }
        my $DN = "CN=$loginName,".$base;
        my $displayName = $firstName." ".$lastName;
        my $result = $ldap->add($DN, attr => [ 'cn' => '$loginName', 'sn' => $firstName, 'mail' => $mail, 'displayName' => $displayName, 'givenName' => $displayName,'objectclass' => ["top", "person","organizationalPerson","user" ]]);
if ( $result->code ) {
                LDAPerror( "Bind: ", $result );
        }
        $result->code && warn "failed to add entry: ", $result->error;
        $mesg = $ldap->unbind;

sub LDAPerror {
        my $unknown = "not known";

        my ( $from, $mesg ) = @_;
        print "Return code: ", $mesg->code;
        print "\tMessage: ",   $mesg->error_name;
        print " :",            $mesg->error_text;
        print "MessageID: ",   $mesg->mesg_id;
        my $dn = $mesg->dn;
        if ( !$dn ) { $dn = $unknown; }
        print "\tDN: ", $dn;
}

Open in new window

0
jwillekeCommented:
I am not sure where the information is coming from but the result code "BAD_ATT_SYNTAX"
implies there is an invalid value being passed for one of the attribute values.
Unfortunately, which one is not known.  (Based on the next error, I would guess the CN)

The "LDAP_INVALID_DN_SYNTAX" implies that the value you are using for the DN you are setting is invalid.

Looks like there maybe an issue as the DN is showing as:
 \t'CN=atlhol,OU=Users,OU=Company-Users,DC=company,DC=local'

Note the \t' appears to be included within the DN.

Also this line:
my $DN = "CN=$loginName,".$base;
does not look correct.
Should it not be more like:
my $DN = "CN=".$loginName.",".$base;

-jim
0
itniflAuthor Commented:
I printed out only the first two characters of $DN, it seems as if it is CN, no \t there.
I also tried to use:
my $DN = "CN=".$loginName.",".$base;

Seems like it works the same as:
my $DN = "CN=$loginName,".$base;

The looks of the string, error message and results are the same.
I guessed you were right that there was something wrong with the attributes. So I set the creation of the user object up with the sub from the example code given(http://ldapwiki.willeke.com/wiki/Perl%20Add%20User%20Sample), and also added the attribute array for use with the AddAdUser sub. Offcourse I added the proper line to use the code. The code ended up as below, very similar to the example. It works, so I guess it was the attributes or the attribute list that was wrong.
my @Attrs = (
                "accountexpires",     "badpasswordtime",
                "badpwdcount",        "cn",
                "displayname",        "distinguishedname",
                "givenname",          "instancetype",
                "lastlogoff",         "lastlogon",
                "lastlogontimestamp", "logoncount",
                "memberof",           "name",
                " objectcategory",    "objectclass"
        );

        my ($bind, $mesg);
        my $base = "OU=Users,OU=Company-Users,DC=company,DC=local";
        my $ldap = Net::LDAP->new("172.16.0.2", version => 3, port => 389) or die("failed $!");
        print "Failed connecting" if(!$ldap);
        $bind = $ldap->bind("CN=$adminLogin,OU=Users,OU=Company-Users,DC=company,DC=local", password => "$adminPass") or die("failed $!; ".$bind->error);
        if ( $bind->code ) {
                LDAPerror( "Bind: ", $bind );
        }
        my $DN = "CN=".$loginName.",".$base;
        my $displayName = $firstName." ".$lastName;
        my $currentCN = $loginName;
        #my $result = $ldap->add($DN, attr => [ 'cn' => '$loginName', 'sn' => "User", 'mail' => $mail, 'displayName' => $displayName, 'givenName' => $displayName,'objectclass' => ["top", "person","organizationalPerson","user" ]]);
        my $result = addAdUser( $ldap, $DN, $currentCN, "User", "User.$currentCN", $currentCN );
        if ( $result->code ) {
                LDAPerror( "Bind: ", $result );
        }

        $result->code && warn "failed to add entry: ", $result->error;
        $mesg = $ldap->unbind;

Open in new window

0
itniflAuthor Commented:
Thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Scripting Languages

From novice to tech pro — start learning today.