0

Objective is to get the "dn" attribute of all the computers in my Active Directory server.

When the code executes I get: "000004DC: LdapErr: DSID-0C090752, comment: In order to perform this operation a successful bind must be completed on the connection."

Here is my code:

#!/usr/bin/perl

use strict;
use Net::LDAP;
use Data::Dumper;

my $ldap = Net::LDAP->new( 'my.domain.com' ) or die $@;
my $user = 'CN=username,OU=orgname,DC=my,DC=domain,DC=com';
my $pass = 'my_password';
$ldap->bind($user, password => $pass);
#$ldap->bind;

my $mesg = $ldap->search(
        base => "DC=my,DC=domain,DC=com",
        filter => "ObjectClass=Computers",
    attrs => "dn"
);

I've tested the user / password to log into the domain directly with success. Additional information if I add this to the end of the script: print Dumper($mesg); 

$VAR1 = bless( {
                 'parent' => bless( {
                                      'net_ldap_version' => 3,
                                      'net_ldap_scheme' => 'ldap',
                                      'net_ldap_debug' => 0,
                                      'net_ldap_socket' => bless( \*Symbol::GEN0, 'IO::Socket::INET' ),
                                      'net_ldap_host' => 'my.domain.com',
                                      'net_ldap_uri' => 'my.domain.com',
                                      'net_ldap_resp' => {},
                                      'net_ldap_mesg' => {},
                                      'net_ldap_async' => 0,
                                      'net_ldap_port' => 389,
                                      'net_ldap_refcnt' => 1
                                    }, 'Net::LDAP' ),
                 'errorMessage' => '000004DC: LdapErr: DSID-0C090752, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580',
                 'ctrl_hash' => undef,
                 'resultCode' => 1,
                 'callback' => undef,
                 'mesgid' => 2,
                 'matchedDN' => '',
                 'controls' => undef,
                 'raw' => undef
               }, 'Net::LDAP::Search' );

Any suggestions on how to get this script working is what I'm looking for. Thanks!

scryptKiddy
  • 427
  • 2
  • 9
  • 18
  • Your bind is failing. Try to bind using LDAP from a know to work tool. (I like Apache Studio) – jwilleke May 11 '17 at 10:35
  • @jwilleke I'm not able to add software to this Unix server, so I'm using Perl Net::LDAP software since its already on the machine. I did verify the account's username / password though by logging into the domain on another Windows workstation with it. I see that the bind failed, but I'm not getting a reason from the DC so not sure what to try next. – scryptKiddy May 11 '17 at 18:03
  • Try: http://ldapwiki.com/wiki/Determining%20the%20FDN and I suggest you use a known good LDAP Client (I use Apache Studio) which will show the LDAP Return Code. http://ldapwiki.com/wiki/Common%20Active%20Directory%20Bind%20Errors – jwilleke May 12 '17 at 09:05
  • @jwilleke Appreciate the feedback, unfortunately I don't have rights to install Apache Studio is there another tool I can use / try that's equivalent and inherent to Windows / Linux? Also, I looked at that list, unfortunately it doesn't list information for my hex error (data 0). – scryptKiddy May 12 '17 at 18:47

1 Answers1

-1

With regard to the error message you posted I would say the bind attempt failed. It might help you to improve bind result:

$mesg = $_ldap->bind("***", password => "***");
$mesg->is_error && die join ';' $mesg->code, $mesg->error

See Net::LDAP:

The return value from these methods is an object derived from the Net::LDAP::Message class. The methods of this class allow you to examine the status of the request.

palik
  • 2,425
  • 23
  • 31
  • The output of the $mesg is dumped in the bottom part of my post which includes the result of the bind. The bind piece is in the 'parent' up to the Net::LDAP, while the search result is in the second half of the message concluding at the Net::LDAP::Search. That was how I got the information to post the error I received on search. – scryptKiddy May 11 '17 at 17:58
  • I think your code should check the result of the bind: In the dump there is clearly an error message. – U. Windl Jan 16 '23 at 10:56