Re: query on ldap->bind & ldap->compare

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Thu, 4 May 2000, tim fulcher wrote:

> 
> Hi,
> 
> I'm trying to write a class which registers and subsequently checks
> itself against a LDAP server.
> 
> Firstly, I seem to be able to bind to the server OK when I supply a dn
> for an object that doesn't yet exist, which seems to be contradictory to
> trying, say a command line ldapsearch using the same dn as a bind
> argument. (that gives no such object).
> 
Are you checking for an error code during your bind?
$msg = $ldap->bind(....);
die("failed to bind ",$mesg->code(),"\n") if $mesg->code() ?

Net::LDAP will only die if you tell it to (most of the time) ;). 

> So once I've bound OK, I do a search based on the cn, and if just one
> entry comes back I do the compare on it as follows:
> 
>       $cr = $self->{ldap}->compare ( $self->{searchresult}->entry(0) ,
>        attr => 'port', value => $self->port(),
>        attr => 'ipaddress', value => $self->ipaddress(),
>        attr => 'seedfile', value =>$self->seedfile()
>      );
> 
> print "compare returned code: ", $cr->code, " & error: ", $cr->error,
> "\n";
> 

> Can you not supply supply multiple attributes to a compare operation ?
> When I run this I get compare true (code 6), even though as shown below,
> my object attributes differ. When I run compare with just one attribute
> it right gives a false result. Will I have to do the compare for each
> attribute separately?
Read the friggin' RFC. The compare is a LDAP command, not a helpful tool
in Net::LDAP. And it only takes a DN, an attribute and a single value. 

Thus if you want to do do a compare on each individual attribute, you must
make successive calls to the LDAP server. However, it might be more
efficient to return the entire entry and then do that compare in your code
if you are checking multiple attributes and values. 

Mark
 > 
> The output fragment below prints out its attributes, does a search and
> if 1 entry returned, calls the code above.
> 
> > ldaptest.pl
> 
> service foob
> port 8190
> ip 132.146.3.99
> seedfile /tmp/cdb
> mdn is cn='foob',dc='nip',dc='services'
> bind returned code: 0 & error:
> 
> query = (cn=foob)
> search returned code: 0 & error:
> 
> ------------------------------------------------------------------------
> 
> dn:cn=foob, dc=nip, dc=services
> 
> cn: foob
> port: 8192
> description: guinea pig
> seedfile: /tmp/cdb
> ipaddress: 132.146.3.78
> userpassword: {md5}0IcaK1PGLeXgRv7eQvP3qw==
> objectclass: AppServer
> 
> search returned code: 0 & error:
> I found me
> compare returned code: 6 & error:
> 
> 
> btw, I'm using openldap 1.2.9. My db  ACL is  access * by self write by
> * read
> 
> cheers
> 
> 
> Tim
> 
> 
> 