Re: ldap->ping?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Well here is my 2 cents (US) worth of opinion on this matter.

> 
> On Fri, Jul 28, 2000 at 11:35:18AM +1000, David Bussenschutt wrote:
> > Anyone else see this as a potential for a new module (gee.. how about
> > ::Status or
> 
> Well I think there will be possibilities beyond status for this kind of
> thing so I would really like to see something more general.
> 
> > ::Util::Status ?)
> 
> Net::LDAP::Util::Status is too deep IMO for such an API. It
> really should be Net::LDAP::Something.
> 
> > containing functions/objects/whatever that query the ldap server to find
> > out what it's capable of?
> > ie:
> > is it "up"? - with an anonymous bind
> > is is "up"? - with a malformed packet request
> 

I have a script that does a lookup on any one of six uids from our 
directory servers.   It is simple, puts no load on anything, and 
it works.  Unfortunely it uses the old LDAPapi module but I know for
a fact that Net::LDAP could do the same thing.  In the future I intend
to convert it to Net::LDAP.  

> Do you really want to give the user control over what type of check to do ?
> 
> > is it version 2 or version 3 compliant?
> > does it support ssl/sasl/whatever?
> > does it limit search requests? (and what are they)
> > does it have timeouts? (and what are they)
> 
> IIRC, This is all avaliable from the root DSE. But I guess you are looking
> for a simpler approach than
> 
>   $dse = $ldap->root_dse;
>   $dse->get('supportedVersions'); # I forget the attribute name

Different vendors give different pieces of information and use 
slightly different attribute names in the root DSE.  

One of our vendors uses supportedLDAPVersion and another vendor uses
supportedVersion.

What about version 2, it gives you nothing.  There are a lot of 
version 2 ldap systems still in use.

> 
> > Mind you, if this was written, it'd be very tempting to include something
> > to test for "type" of ldap server eg Netscape/openldap/novell and introduce
> > server specific tests too.... is this a good or a bad thing?
> 
> I am not sure there is a way to determine the server type. Not reliably anyway.
> 
> > P.S. regarding the Ldap::Cooked (or whatever)...  I for one like the option
> > of a simple "foolproof" API that is smart enough to figure out things like
> > the ldap version to talk with(currently 3 falling back to 2),
> 
> You should bind to the version of which feature you need. If you don't use
> version 3 features bind as version 2. If you want v3 feature, falling back to binding as
> v2 is the wrong thing to do.
> 
> > whether ssl
> > is supported on the server end (with a fall-back if its not),
> 
> This is dangerous. If you want SSL it is normally for a reason, so falling
> back is REALLY the wrong thing.
> 
> > if searches
> > are limited then automatically do multiple searches invisibly, etc etc.
> 

Much of this would be better off being done with a SNMP agent and a
proper mib.  Our x.500 vender supplies a mib that will provide most of 
this information when queried.  I would think that most of the major
directory vendors provide SNMP mibs for monitoring their servers too.

> The Net::LDAPiranah module did this but I don't think it works with the
> latest version. But we will get it going again.
> 
> Graham.
> 
> 

End of my 2 cents worth of opinion.
Probably wasn't worth 2 cents.

Regards,

Clif Harden           INTERNET:  c-h...@ti...
Texas Instruments                
Directory Services
6500 Chase Oaks Blvd, M/S 8412  
Plano, TX 75023        
                         Voice:  972-575-0855
                           FAX:  972-575-2418