Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Perl with Active Directory

by sowais (Sexton)
on Sep 03, 2013 at 21:53 UTC ( #1052181=perlquestion: print w/ replies, xml ) Need Help??
sowais has asked for the wisdom of the Perl Monks concerning the following question:

Hello Monks! I am an amatuer in Perl and have created a simple DB insert script that is giving login issues. The script is invoked by an application upon an event. The DB connection part of the script does not use credentials(user & pass). When I place the script in the C:\ of the application's server and run it from command line, it runs fine, but when I place the script in a mapped drive of the same server (accessible from other servers but meant only for this application) and invoke it via the application I get an error 'Login failed for user 'HASH(0x34882c)'(SQL-28000)'. I know the former is using the serviceacct credentials and hence succeeding but the latter is what has got me puzzled.

The not putting in the user and pass is a requirement by our infosec. I was asked to use Active Directory to use the credentials of the server the application is residing on. Since I am new to this aspect of Perl, I did some searching online and found that LDAP might be the way to go but I haven't played around with AD nor LDAP at all, so a little lost and would greatly appreciate any kind of help or direction. I have included below the DB piece of my code for reference. Also, I am on Windows Server Ent.

Thanks!
my $server_name = 'production\reporting'; my $database_name = 'test'; my $DSN = "driver={SQL Server};server=$server_name;database=$database_ +name;"; my $dbh = DBI->connect("dbi:ODBC:$DSN", {PrintError =>0, RaiseError => +1}); eval { if (!$dbh) { print "Could not connect to da +tabase: $DBI::errstr"; } if($dbh) { print "Connected to DB!!"; } my $sql = "INSERT INTO Count VALUES ()"; my $sth = $dbh->prepare($sql); $sth->execute(); }; if($@) { $dbh->disconnect(); QuitProgram("DB Failure: $@"); }

Comment on Perl with Active Directory
Download Code
Re: Perl with Active Directory
by NetWallah (Abbot) on Sep 03, 2013 at 22:58 UTC
    The "Login Failed" is a SQL authentication error.

    Since your infosec will not allow SQL based authentication, the USER that is invoking your script will need to have priviledges to the database you are attempting to access.

    Please discover what user id is being used to call your script, then check that the SQL server is set for "NT authentication", and that user has been allowed access. See http://msdn.microsoft.com/en-us/library/ms188670.aspx

    You can also examine the SQL ERRORLOG file at %programfiles%\Microsoft SQL Server\INSTANCE\mssql\log\ERRORLOG for more details. (See this msdn blog post)

                 My goal ... to kill off the slow brain cells that are holding me back from synergizing my knowledge of vertically integrated mobile platforms in local cloud-based content management system datafication.

Re: Perl with Active Directory
by sundialsvc4 (Monsignor) on Sep 04, 2013 at 14:49 UTC

    The most-immediate problem is that the parameter-list being passed to DBI->connect() is obviously wrong.   The username and password positional-parameters are missing entirely.   So, the hash (most-likely stringified as “HASH(0x34882c)”) is being taken to be the username.

    For example, if you know that (thanks to LDAP or whatever ...) the Perl app does not require user/pass to connect, then you should nevertheless supply undef, undef in those two positions, so that the attributes-hash is still in its proper place in the list.

Re: Perl with Active Directory
by natxo (Sexton) on Sep 04, 2013 at 17:30 UTC
    When you run it from c: or other dir under your security context, it works (ie, logged in as your user).

    When you run it under the security context of the application, it does not work.

    My guess is that the the user under which the application run has no rights on the database.
Re: Perl with Active Directory
by 5mi11er (Deacon) on Sep 05, 2013 at 16:13 UTC
    For what it's worth, AD is simply an LDAP schema created by Microsoft. So, yes, in order to use AD credentials, you'll probably need to use LDAP and LDAPS (LDAP over an SSL tunnel for security) to accomplish that. You may find this link helpful: LDAP & AD - allow user to reset password.

    -Scott

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://1052181]
Approved by ww
Front-paged by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (15)
As of 2014-08-29 14:31 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The best computer themed movie is:











    Results (280 votes), past polls