[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1534
  • Last Modified:

NET::LDAPS error: failed Transport endpoint is not connected at /usr/lib/cgi-bin/createUser.cgi line 26

I am displaying here only the piece of the code that matters. The parameters are posted to the script from a form in a html file. The error is as stated: failed Transport endpoint is not connected at /usr/lib/cgi-bin/createUser.cgi line 26

The script is running on a Debian server. I guess I don't need to join the computer to the domain to use the script?
#! /usr/bin/perl

use warnings;
use CGI::Pretty qw(:all);
use strict;
use CGI::Carp::Fatals;
use Net::LDAP;
use Net::LDAPS;

#print "Content-type: text/html\n\n";
my $cgi=new CGI;

print header();
print start_html("User Account Creation");
if (param('pass_1') eq param('pass_2')) {
        my $firstName=param('first_name');
        my $lastName=param('last_name');
        my $loginName=param('login_name');
        my $password=param('password');
        my $mail=param('mail');

        my $adminLogin=param('adminLogin');
        my $adminPass=param('adminPass');

        my $mesg;
        my $ldap = Net::LDAPS->new('172.16.0.2', port => '389') or die("failed $!");
        print "Failed connecting" if(!$ldap);
        $mesg = $ldap->bind(dn => 'cn=$adminLogin,ou=Users,ou=FreeDev-Users,dc=freedev,dc=local', password => '$adminPass') or die("failed $!; ".$mesg->error);
        my $result = $ldap->add( 'cn=$loginName,ou=Users,ou=FreeDev-Users,dc=freedev,dc=local',attr => [ 'cn' => '$loginName', 'sn' => $firstName, 'mail' => $mail, 'objectclass' => ['top', 'person','organizationalPerson','inetOrgPerson' ]]);
        $result->code && warn "failed to add entry: ", $result->error;
        $mesg = $ldap->unbind;

Open in new window

#! /usr/bin/perl 
 
use warnings; 
use CGI::Pretty qw(:all); 
use strict; 
use CGI::Carp::Fatals; 
use Net::LDAP; 
use Net::LDAPS; 
 
#print "Content-type: text/html\n\n"; 
my $cgi=new CGI; 
 
print header(); 
print start_html("User Account Creation"); 
if (param('pass_1') eq param('pass_2')) { 
        my $firstName=param('first_name'); 
        my $lastName=param('last_name'); 
        my $loginName=param('login_name'); 
        my $password=param('pass_1'); 
        my $mail=param('mail'); 
 
        my $adminLogin=param('adminLogin'); 
        my $adminPass=param('adminPass'); 
 
        my $mesg; 
        my $ldap = Net::LDAPS->new('172.16.0.2', port => '389') or die("failed $!"); 
        print "Failed connecting" if(!$ldap); 
        $mesg = $ldap->bind(dn => 'cn=$adminLogin,ou=Users,ou=Company-Users,dc=company,dc=local', password => '$adminPass') or die("failed $!; ".$mesg->error); 
        my $result = $ldap->add( 'cn=$loginName,ou=Users,ou=Company-Users,dc=company,dc=local',attr => [ 'cn' => '$loginName', 'sn' => $firstName, 'mail' => $mail, 'objectclass' => ['top', 'person','organizationalPerson','inetOrgPerson' ]]); 
        $result->code && warn "failed to add entry: ", $result->error; 
        $mesg = $ldap->unbind;

Open in new window

0
itnifl
Asked:
itnifl
3 Solutions
 
Kim RyanIT ConsultantCommented:
If you want to use LDADS (with secure sockets) you need to specify the parameters
verify => 'require',
capath => '/usr/local/cacerts/');

Could you just use LDAP instead of LDAPS? Also, maybe try connecting manually first to see if you have permission.

0
 
clockwatcherCommented:
LDAPS typically runs on port 636 not 389 and unless you've already got LDAPS running for something else, you may want to take a look at http://support.microsoft.com/kb/321051 to get your cert set up correctly on your domain controller.
0
 
itniflAuthor Commented:
I used LDAP instead of LDAPS, and that worked.
But I can't seem to bind. The generated html completes without errors on the page, but in the error log of Apache I can see:
[Thu Apr 08 10:10:17 2010] [error] [client 192.168.10.4] [Thu Apr  8 10:10:17 2010] createUser.cgi: failed to add entry: 000004DC: LdapErr: DSID-0C090BD0, comment: In o
rder to perform this operation a successful bind must be completed on the connection., data 0, v1771

Offcourse, there is no object created in AD either.
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
itniflAuthor Commented:
The essential strings for connecting and binding that are not working are now:


 my $mesg;
        my $ldap = Net::LDAP->new('172.16.0.2', port => '389') or die("failed $!");
        print "Failed connecting" if(!$ldap);
        $mesg = $ldap->bind('cn=$adminLogin,ou=Users,ou=FreeDev-Users,o=freedev,c=local', password => '$adminPass') or die("failed $!; ".$mesg->error);
        my $result = $ldap->add('cn=$loginName,ou=Users,ou=FreeDev-Users,o=freedev,c=local', attr => [ 'cn' => '$loginName', 'sn' => $firstName, 'mail' => $mail, 'objectclass' => ['top', 'person','organizationalPerson','inetOrgPerson' ]]);
        $result->code && warn "failed to add entry: ", $result->error;
        $mesg = $ldap->unbind;

Open in new window

0
 
jwillekeCommented:
It appears your BIND was not successful and the server took your bind as the anonymous user.

It also appears that this is for AD.

We have sample code that does this here:
http://ldapwiki.willeke.com/wiki/Perl%20Add%20User%20Sample

You will find a better method to perform LDAP error operations in the code.
As LDAP always returns a result, trapping like:
die("failed $!; ".$mesg->error);
Does not work well.

-jim
0
 
itniflAuthor Commented:
Error:
[Thu Apr 08 11:06:37 2010] [error] [client 192.168.10.4] [Thu Apr  8 11:06:37 2010] createUser.cgi: failed to add entry: 00002081: NameErr: DSID-03050BF0, problem 2003 (BAD_ATT_SYNTAX), data 0, best match of:, referer: http://192.168.10.100/IntranettWeb/adm/admintools.html
[Thu Apr 08 11:06:37 2010] [error] [client 192.168.10.4] [Thu Apr  8 11:06:37 2010] createUser.cgi: \t'CN=atlhol,OU=Users,OU=Company-Users,DC=company,DC=local'

And in the browser window, this error:
Return code: 34 Message: LDAP_INVALID_DN_SYNTAX :The request contained an invalid DN MessageID: 2 DN: not known

I outputted the DN to the html file with ' and ' wrapped around:
'CN=atlhol,OU=Users,OU=FreeDev-Users,DC=freedev,DC=local'

Looks ok.
The code:
my ($bind, $mesg);
        my $base = "OU=Users,OU=Company-Users,DC=company,DC=local";
        my $ldap = Net::LDAP->new("172.16.0.2", version => 3, port => 389) or die("failed $!");
        print "Failed connecting" if(!$ldap);
        $bind = $ldap->bind("CN=$adminLogin,OU=Users,OU=Company-Users,DC=company,DC=local", password => "$adminPass") or die("failed $!; ".$bind->error);
        if ( $bind->code ) {
                LDAPerror( "Bind: ", $bind );
        }
        my $DN = "CN=$loginName,".$base;
        my $displayName = $firstName." ".$lastName;
        my $result = $ldap->add($DN, attr => [ 'cn' => '$loginName', 'sn' => $firstName, 'mail' => $mail, 'displayName' => $displayName, 'givenName' => $displayName,'objectclass' => ["top", "person","organizationalPerson","user" ]]);
if ( $result->code ) {
                LDAPerror( "Bind: ", $result );
        }
        $result->code && warn "failed to add entry: ", $result->error;
        $mesg = $ldap->unbind;

sub LDAPerror {
        my $unknown = "not known";

        my ( $from, $mesg ) = @_;
        print "Return code: ", $mesg->code;
        print "\tMessage: ",   $mesg->error_name;
        print " :",            $mesg->error_text;
        print "MessageID: ",   $mesg->mesg_id;
        my $dn = $mesg->dn;
        if ( !$dn ) { $dn = $unknown; }
        print "\tDN: ", $dn;
}

Open in new window

0
 
jwillekeCommented:
I am not sure where the information is coming from but the result code "BAD_ATT_SYNTAX"
implies there is an invalid value being passed for one of the attribute values.
Unfortunately, which one is not known.  (Based on the next error, I would guess the CN)

The "LDAP_INVALID_DN_SYNTAX" implies that the value you are using for the DN you are setting is invalid.

Looks like there maybe an issue as the DN is showing as:
 \t'CN=atlhol,OU=Users,OU=Company-Users,DC=company,DC=local'

Note the \t' appears to be included within the DN.

Also this line:
my $DN = "CN=$loginName,".$base;
does not look correct.
Should it not be more like:
my $DN = "CN=".$loginName.",".$base;

-jim
0
 
itniflAuthor Commented:
I printed out only the first two characters of $DN, it seems as if it is CN, no \t there.
I also tried to use:
my $DN = "CN=".$loginName.",".$base;

Seems like it works the same as:
my $DN = "CN=$loginName,".$base;

The looks of the string, error message and results are the same.
I guessed you were right that there was something wrong with the attributes. So I set the creation of the user object up with the sub from the example code given(http://ldapwiki.willeke.com/wiki/Perl%20Add%20User%20Sample), and also added the attribute array for use with the AddAdUser sub. Offcourse I added the proper line to use the code. The code ended up as below, very similar to the example. It works, so I guess it was the attributes or the attribute list that was wrong.
my @Attrs = (
                "accountexpires",     "badpasswordtime",
                "badpwdcount",        "cn",
                "displayname",        "distinguishedname",
                "givenname",          "instancetype",
                "lastlogoff",         "lastlogon",
                "lastlogontimestamp", "logoncount",
                "memberof",           "name",
                " objectcategory",    "objectclass"
        );

        my ($bind, $mesg);
        my $base = "OU=Users,OU=Company-Users,DC=company,DC=local";
        my $ldap = Net::LDAP->new("172.16.0.2", version => 3, port => 389) or die("failed $!");
        print "Failed connecting" if(!$ldap);
        $bind = $ldap->bind("CN=$adminLogin,OU=Users,OU=Company-Users,DC=company,DC=local", password => "$adminPass") or die("failed $!; ".$bind->error);
        if ( $bind->code ) {
                LDAPerror( "Bind: ", $bind );
        }
        my $DN = "CN=".$loginName.",".$base;
        my $displayName = $firstName." ".$lastName;
        my $currentCN = $loginName;
        #my $result = $ldap->add($DN, attr => [ 'cn' => '$loginName', 'sn' => "User", 'mail' => $mail, 'displayName' => $displayName, 'givenName' => $displayName,'objectclass' => ["top", "person","organizationalPerson","user" ]]);
        my $result = addAdUser( $ldap, $DN, $currentCN, "User", "User.$currentCN", $currentCN );
        if ( $result->code ) {
                LDAPerror( "Bind: ", $result );
        }

        $result->code && warn "failed to add entry: ", $result->error;
        $mesg = $ldap->unbind;

Open in new window

0
 
itniflAuthor Commented:
Thanks!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now