Menu
▾
▴
perl-ldap-dev
You can subscribe to this list here.
| 2000 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(200) |
Jun
(129) |
Jul
(184) |
Aug
(204) |
Sep
(106) |
Oct
(79) |
Nov
(72) |
Dec
(54) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2001 |
Jan
(83) |
Feb
(123) |
Mar
(84) |
Apr
(184) |
May
(106) |
Jun
(111) |
Jul
(104) |
Aug
(91) |
Sep
(59) |
Oct
(99) |
Nov
(100) |
Dec
(37) |
| 2002 |
Jan
(148) |
Feb
(88) |
Mar
(85) |
Apr
(151) |
May
(80) |
Jun
(110) |
Jul
(85) |
Aug
(43) |
Sep
(64) |
Oct
(89) |
Nov
(59) |
Dec
(42) |
| 2003 |
Jan
(129) |
Feb
(104) |
Mar
(162) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Graham B. <gb...@po...> - 2001-01-24 06:08:49
|
----- Forwarded message from Medi Montaseri <me...@sc...> ----- Date: Tue, 23 Jan 2001 10:21:02 -0800 To: gb...@po... From: Medi Montaseri <me...@sc...> Subject: Net::LDAP::Filter X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.16-22 i686) Hi Graham, I am having some difficulties setting up a dynamically genereated Filter in my CGI. Could you help? I want to be able to construct a filter that is a mix of AND and OR logic. eg Here is the logic If name is provided, then $Query = &(cn=$name) also, if city is provided, then Query = city-1 or city-2 and name= $name More specifically $Query = '|(city=Phoenix)(city=Santa Clara)' $ldap->search( base => 'o=Prepass, c=US', filter => "($Query)" ) works fine. but $Query = &(cn=*medi*)|(city=Phoenix)(city=Santa Clara) $ldap->search( base => 'o=Prepass, c=US', filter => "($Query)" ) yield "Bad Filter" I have tried putting () around each group with no avail. Can you show me a mix of AND and OR logic in a filter please. -- ======================================================================= Medi Montaseri, me...@sc..., 408-450-7114 Lockheed Martin IMS (Prepass), IT/Operations, Software Eng. ======================================================================= ----- End forwarded message ----- |
|
From: Clif H. <cl...@di...> - 2001-01-23 19:15:24
|
>
> Hi, all !
>
> I have to retrieve the modifytimestamp for comparison between two objects.
> The following code gives me a LDAP Protocol error.
>
> my $obj = $handle->search ( base => "$BaseDN",
> scope => "subtree",
> filter => "($filter)",
> attrs => ['*','modifytimestamp']
> );
>
> The attrs line has been taken out of the Net::LDAP documentation, but it
> appears to be not working.
>
> Any hint would be appreciated.
Code appears to be correct.
Modifytimestamp is a operation attribute, you may need to bind to
the directory as something other than anonymous to get access
to the attribute.
Regards,
Clif Harden INTERNET: c-h...@ti...
Texas Instruments
Directory Services
6500 Chase Oaks Blvd, M/S 8412
Plano, TX 75023
Voice: 972-575-0855
FAX: 972-575-2418
|
|
From: Chris R. <chr...@me...> - 2001-01-23 16:50:26
|
Jan Gruber <Jan...@po...> wrote:
> Hi, all !
>
> I have to retrieve the modifytimestamp for comparison between two objects.
> The following code gives me a LDAP Protocol error.
>
> my $obj = $handle->search ( base => "$BaseDN",
> scope => "subtree",
> filter => "($filter)",
> attrs => ['*','modifytimestamp']
> );
>
> The attrs line has been taken out of the Net::LDAP documentation, but it
> appears to be not working.
It looks about right, if you're using LDAPv3.
> Any hint would be appreciated.
When you create the LDAP object, set debug to something like 12. This will
make it dump the protocol going to and from the server, to stderr/stdout.
This might give more of a clue.
$handle = new Net::LDAP('hostname.foo.net', debug => 12);
> TIA
> --
> Jan Gruber System Administrator
> Primacom
> Office: +49 (341) 609 524 53
> Fax: +49 (341) 609 525 17
>
> cat /dev/world | perl -e "(/(^.*? \?) 42 \!/) && (print $1))"
> errors->(c)
> _
>
Cheers,
Chris
|
|
From: Tom J. <tj...@do...> - 2001-01-23 16:24:40
|
Hey Folks, I'm trying to get a handle on dynamic groups (and groups in general), and have a few questions: 1. Is the concept of a dynamic group a netscape-only feature? 2. Netscape's docs state that dynamic groups are of the type 'groupOfURLs' with the actual group membership criteria listed in the 'memberURL' attribute. Is it the client's responsibility to expand this URL into a list of dn's? If so, what happens with big groups where the number of entries will exceed the searchlimit? 3. Does anyone have suggestions for handling groups where the group population is potentially quite large ( > 10,000 members)? 4. Is anyone aware of any practical limits on the number of members in a group? Thanks much, Tom Jordan University of Wisconsin Madison |
|
From: Jan G. <Jan...@po...> - 2001-01-23 16:18:27
|
Hi, all !
I have to retrieve the modifytimestamp for comparison between two objects.
The following code gives me a LDAP Protocol error.
my $obj = $handle->search ( base => "$BaseDN",
scope => "subtree",
filter => "($filter)",
attrs => ['*','modifytimestamp']
);
The attrs line has been taken out of the Net::LDAP documentation, but it
appears to be not working.
Any hint would be appreciated.
TIA
--
Jan Gruber System Administrator
Primacom
Office: +49 (341) 609 524 53
Fax: +49 (341) 609 525 17
cat /dev/world | perl -e "(/(^.*? \?) 42 \!/) && (print $1))"
errors->(c)
_
|
|
From: Kurt D. Z. <Ku...@Op...> - 2001-01-19 22:22:24
|
At 02:03 PM 1/19/01 -0800, Lambright, Linda (N-Averstar) wrote: >We are adding an attribute to a new object class that will contain a date. >Is there an LDAP standard date format that we should follow. Yes, generalizedTimeSyntax as described in X.208. |
|
From: Lambright, L. (N-Averstar) <lin...@lm...> - 2001-01-19 22:04:35
|
We are adding an attribute to a new object class that will contain a date. Is there an LDAP standard date format that we should follow. |
|
From: Brian O'N. <on...@oi...> - 2001-01-19 15:33:29
|
Thanks...this is exactly what was needed... -Brian On 18 Jan 2001, Chris Brierley wrote: > On 2001-01-18, "Brian O'Neill" <on...@oi...> wrote: > > On Wed, 17 Jan 2001, Mark Wilcox wrote: > > > > > if you delete with a specific value then it will delete that > > > particular value. If you do a replace and only give a single > > > value, it will replace all of the values with that value. > > > > The delete() method does not appear to accept a value, only an > > attribute (or attributes). Attempting to specify one results in > > an execution error: > > You have to give it an array reference to delete a particular > value. If I remember correctly this is undocumented, I had to > look at the source to find out you could do this: > > ,----[ Delete a specific attribute ] > | $ldap_entry->delete($attr => [$value]) > `---- > > -- ====================================================================== Brian O'Neill @ home on...@oi... At work I'm: on...@co... |
|
From: Clif H. <ch...@po...> - 2001-01-19 02:16:41
|
Just to let everyone know I have updated the PERL-LDAP FAQ. I removed the Bostonlight/ldap url, it was nolonger valid. At the bottom of the URL section I added two urls for Active Directory software. Regards, Clif Harden ch...@po... |
|
From: Kurt D. Z. <Ku...@Op...> - 2001-01-19 01:48:00
|
I think it's best if you direct OpenLDAP software specific questions to the openldap-software mailing list. http://www.openldap.org/lists/ Kurt |
|
From: Flamand, J. <Jul...@lu...> - 2001-01-19 01:38:59
|
OK, thanks for your help now I am trying to add a new objectclass with a new attribute type, so now my file test.schema looks like that: ------------------------------------------------------------------ #test.schema attributetype ( 1.1.2.1.1 NAME 'height' DESC ' height ' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) objectclass ( 1.1.2.2.1 NAME 'heightObject' SUP person DESC 'my height' MUST height ) ---------------------------------------------------------- I included this file in slapd.conf like that: include /usr/local/etc/openldap/schema/test.schema slapd starts well, but when I want to add an entry with a LDIF file like that : ----------------------------------------------------------- #entry14.ldif #Ramy's entry dn: cn:Ramy Zaarour,dc=3Dlumos,dc=3Dcom cn:Ramy objectclass: heightObject height: 5 ------------------------------------------------------------ i type this command line: ldapadd -f entry14.ldif -x -D "cn=3DManager,dc=3Dlumos,dc=3Dcom" -w = secret and I get: ldap_add: Undefined attribute type additional info: attribute type undefined What did I wrong ? Thanks in advance -J -----Original Message----- From: Mark Wilcox [mailto:mew...@un...] Sent: Thursday, January 18, 2001 1:13 PM To: Flamand, Julien Cc: Perl-Ldap-Dev (E-mail); Spencer, Dave Subject: Re: adding attributetype This is a question that's better served by asking on openldap-software list (Www.openldap.org). Also it's not a really good idea to modify an existing , in particular standardized, objectclass. You can break a lot of things that way (in particular clients who expect the standard objectclasses & attributes to be the way they're laid out in the standards). Instead you should extend an objectclass and then add your attributes to that objectclass. Schema checking tells the server to make sure that any modifications (including adding new objects) to the data in the server, meets the schema (which is the rules that control the data in the server) before allowing them. If you turn schema checking off, this check never occurs. It can lead to faster write performance, but you'll run a higher risk of data inconsistency. Mark "Flamand, Julien" wrote: > hi, > > I try to add a new attribute type to an objectclass, Attribute type > 'height' to the objectclass 'person'. I created a file test.schema : > > > ------------------------------------------------------------------------ ------------------------------------------- > > #test.schema > > attributetype ( 1.1.2.1.1 NAME 'height' > DESC 'unique name with my organization' > SUP name ) > > ------------------------------------------------------------------------ -------------------------------------------- > > I included this file in slapd.conf like that: > include /usr/local/etc/openldap/schema/test.schema > > I don't know if I should write "shemacheck on" or "shemacheck off" ? > What does it mean exactly ? > > In the file slapd.conf I added height in the allowed attribute: > > MAY ( userPassword $ telephoneNumber $ seeAlso $ description $ height > ) > > But when I want to restart slapd, there is an error message > AttributeType not found > > What did I wrong? > What is the way to add a new attribute type to an existing objectclass > ? > > Thanks > Julien > > > > > > > |
|
From: Mark W. <mew...@un...> - 2001-01-18 21:36:37
|
This is a question that's better served by asking on openldap-software list (Www.openldap.org). Also it's not a really good idea to modify an existing , in particular standardized, objectclass. You can break a lot of things that way (in particular clients who expect the standard objectclasses & attributes to be the way they're laid out in the standards). Instead you should extend an objectclass and then add your attributes to that objectclass. Schema checking tells the server to make sure that any modifications (including adding new objects) to the data in the server, meets the schema (which is the rules that control the data in the server) before allowing them. If you turn schema checking off, this check never occurs. It can lead to faster write performance, but you'll run a higher risk of data inconsistency. Mark "Flamand, Julien" wrote: > hi, > > I try to add a new attribute type to an objectclass, Attribute type > 'height' to the objectclass 'person'. I created a file test.schema : > > > ------------------------------------------------------------------------------------------------------------------- > > #test.schema > > attributetype ( 1.1.2.1.1 NAME 'height' > DESC 'unique name with my organization' > SUP name ) > > -------------------------------------------------------------------------------------------------------------------- > > I included this file in slapd.conf like that: > include /usr/local/etc/openldap/schema/test.schema > > I don't know if I should write "shemacheck on" or "shemacheck off" ? > What does it mean exactly ? > > In the file slapd.conf I added height in the allowed attribute: > > MAY ( userPassword $ telephoneNumber $ seeAlso $ description $ height > ) > > But when I want to restart slapd, there is an error message > AttributeType not found > > What did I wrong? > What is the way to add a new attribute type to an existing objectclass > ? > > Thanks > Julien > > > > > > > |
|
From: Chris B. <bri...@po...> - 2001-01-18 21:34:03
|
On 2001-01-18, "Brian O'Neill" <on...@oi...> wrote: > On Wed, 17 Jan 2001, Mark Wilcox wrote: > > > if you delete with a specific value then it will delete that > > particular value. If you do a replace and only give a single > > value, it will replace all of the values with that value. > > The delete() method does not appear to accept a value, only an > attribute (or attributes). Attempting to specify one results in > an execution error: You have to give it an array reference to delete a particular value. If I remember correctly this is undocumented, I had to look at the source to find out you could do this: ,----[ Delete a specific attribute ] | $ldap_entry->delete($attr => [$value]) `---- |
|
From: Mark W. <mew...@un...> - 2001-01-18 21:32:19
|
Delete occurs as a modify:
Like this:
$ldap->modify( $dn, delete => { 'telephoneNumber' => '911' });
would delete the telephonenumber of 911 but it would leave the rest alone.
As for adds
lets say you have an attribute of cn. It has values of Mark Wilcox and Mark E.
Wilcox .
You want to add Mark Edward Wilcox.
This is how you would do it:
$ldap->modify( $dn, add => { 'cn' => 'Mark Edward Wilcox' });
Now if those are not working (I imagine we'd have heard by now).
Do the following:
1) make sure you're not using Perl 5.6. There are bugs in 5.6 that cause
Net::LDAP problems.
2) send the output of $ldap->debug(3) to the list.
Mark
Brian O'Neill wrote:
> On Wed, 17 Jan 2001, Mark Wilcox wrote:
>
> > if you delete with a specific value then it will delete that particular
> > value. If you do a replace and only give a single value, it will replace
> > all of the values with that value.
> >
>
> This does not appear to be true.
>
> The delete() method does not appear to accept a value, only an attribute
> (or attributes). Attempting to specify one results in an execution error:
>
> Can't use string ("directcustomer") as an ARRAY ref while "strict refs" in
> use at /usr/local/lib/perl5/site_perl/5.005/Net/LDAP/Entry.pm line 179.
>
> Using replace() does indeed replace all values, but I want to add/delete
> specific values.
>
> > An add simply adds the value to the existing values.
>
> This appears to have zero effect, at least as far as the output from
> write_cmd() is concerned.
>
> --
> ======================================================================
> Brian O'Neill @ home on...@oi...
> At work I'm: on...@co...
|
|
From: Brian O'N. <on...@oi...> - 2001-01-18 20:57:26
|
OK, to answer at least part of my own questions:
On the write_cmd() issue, it was actually a bit bigger. Because there were
no "advertised" methods to determine if an entry had already bee modified
"changetype" returns "modify" on an unmodified entry), I set
changetype('modify') each time - lo and behold, that wipes out all
previous changes. Seems I could get away with NOT setting changetype at
all, but that wasn't clear from the documentation. Once I stopped setting
it (or set it BEFORE changing the attributes), everything worked as
expected.
-Brian
On Wed, 17 Jan 2001, Brian O'Neill wrote:
> I'm dealing with a lot of multivalued attributes.
>
> Is there a way to delete/add values to a multi-valued attribute without
> doing all of them?
>
> Also, when modifying a number of attributes, the write_cmd() method of
> Net::LDAP::LDIF seems to only modify one attribute at a time - is this
> correct?
>
--
======================================================================
Brian O'Neill @ home on...@oi...
At work I'm: on...@co...
|
|
From: Flamand, J. <Jul...@lu...> - 2001-01-18 19:44:02
|
hi, I try to add a new attribute type to an objectclass, Attribute type 'height' to the objectclass 'person'. I created a file test.schema : ------------------------------------------------------------------------ -------------------------------------------- #test.schema attributetype ( 1.1.2.1.1 NAME 'height' DESC 'unique name with my organization' SUP name )=20 ------------------------------------------------------------------------ --------------------------------------------- I included this file in slapd.conf like that: include /usr/local/etc/openldap/schema/test.schema I don't know if I should write "shemacheck on" or "shemacheck off" ? What does it mean exactly ? In the file slapd.conf I added height in the allowed attribute: MAY ( userPassword $ telephoneNumber $ seeAlso $ description $ height ) But when I want to restart slapd, there is an error message AttributeType not found What did I wrong?=20 What is the way to add a new attribute type to an existing objectclass ? Thanks Julien =20 |
|
From: Brian O'N. <on...@oi...> - 2001-01-18 18:59:35
|
On Wed, 17 Jan 2001, Mark Wilcox wrote:
> if you delete with a specific value then it will delete that particular
> value. If you do a replace and only give a single value, it will replace
> all of the values with that value.
>
This does not appear to be true.
The delete() method does not appear to accept a value, only an attribute
(or attributes). Attempting to specify one results in an execution error:
Can't use string ("directcustomer") as an ARRAY ref while "strict refs" in
use at /usr/local/lib/perl5/site_perl/5.005/Net/LDAP/Entry.pm line 179.
Using replace() does indeed replace all values, but I want to add/delete
specific values.
> An add simply adds the value to the existing values.
This appears to have zero effect, at least as far as the output from
write_cmd() is concerned.
--
======================================================================
Brian O'Neill @ home on...@oi...
At work I'm: on...@co...
|
|
From: Dave B. <da...@da...> - 2001-01-18 07:00:58
|
Hello,
I have been having a little trouble with the 'must' and 'may' methods of
Net::LDAP::Schema. Here is the error:
Can't use an undefined value as an ARRAY reference at
/usr/lib/perl5/site_perl/5.6.0/Net/LDAP/Schema.pm line 208.
It seems to happen when I call the method for an objectclass which has no
attributes of the desired type (MUST or MAY). The error goes away when I
change line 208 from:
@res{ @$res } = (); # Add in, getting uniqueness
to:
@res{ @$res } = () if $res; # Add in, getting uniqueness
This way when I call $schema->may on an OC with no MAY attributes, for
example, the script does not crash. I do not know if what I did is
correct, but it fixes the problem for me.
-Dave Bailey
|
|
From: Booker C. B. <bb...@ne...> - 2001-01-17 23:47:14
|
On Mon, 15 Jan 2001, Edgington, Jeffrey Alan wrote: > I can change everything else about a user via Net::LDAP except the password. > I haven't had much luck finding anything on the MS web site about this. > > If someone has successfully done this via Net::LDAP, I would greatly > appreciate some guidance. > - AD is both an ldap server and a kerberos KDC. I <think> you can only change the password by using Microsoft's version of the kerberos changepasswd protocol. There is software and an draft rfc describing how to do this. I know you can change the password with this code. - ACL's are another kettle of fish entirely. We've been bugging MS about how to do this for monthes and have yet to get a straight answer. The best guess I've heard is that you can change them via LDAP, you just need to reverse engineer the undocumented contents of the attribute. - Booker C. Bense |
|
From: Mark W. <mew...@un...> - 2001-01-17 21:19:17
|
if you delete with a specific value then it will delete that particular value. If you do a replace and only give a single value, it will replace all of the values with that value. An add simply adds the value to the existing values. Mark Brian O'Neill wrote: > I'm dealing with a lot of multivalued attributes. > > Is there a way to delete/add values to a multi-valued attribute without > doing all of them? > > Also, when modifying a number of attributes, the write_cmd() method of > Net::LDAP::LDIF seems to only modify one attribute at a time - is this > correct? > > -- > ====================================================================== > Brian O'Neill @ home on...@oi... > At work I'm: on...@co... |
|
From: Brian O'N. <on...@oi...> - 2001-01-17 20:55:46
|
I'm dealing with a lot of multivalued attributes. Is there a way to delete/add values to a multi-valued attribute without doing all of them? Also, when modifying a number of attributes, the write_cmd() method of Net::LDAP::LDIF seems to only modify one attribute at a time - is this correct? -- ====================================================================== Brian O'Neill @ home on...@oi... At work I'm: on...@co... |
|
From: Edgington, J. A. <je...@um...> - 2001-01-17 18:44:26
|
I too have the same reasoning for not using ADSI... we are mixed environment and I would prefer to keep my scripts as mobile as possible. jeff e. -----Original Message----- From: ce...@ca... [mailto:ce...@ca...] Sent: Wednesday, January 17, 2001 12:39 PM To: per...@li... Subject: Re: Changing a user password via LDAP in Active Directory I ran into the same problem last week and sidestepped it by creating my own password attribute. (Same problem with the ACL attribute). If you (or anyone) find a way to do it with Net::LDAP, please share! I'm pretty sure that you could use ADSI to access the password attribute, but I'm not sure. I didn't explore the possibility too deeply because I wanted to avoid making my code AD-specific. Embrace and extend? Grr. Corey "Edgington, Jeffrey Alan" <je...@um...>@lists.sourceforge.net on 01/15/2001 07:16:56 PM Sent by: per...@li... To: per...@li... cc: Subject: Changing a user password via LDAP in Active Directory I can change everything else about a user via Net::LDAP except the password. I haven't had much luck finding anything on the MS web site about this. If someone has successfully done this via Net::LDAP, I would greatly appreciate some guidance. Thanks. jeff e. |
|
From: <ce...@ca...> - 2001-01-17 18:39:24
|
I ran into the same problem last week and sidestepped it by creating my own password attribute. (Same problem with the ACL attribute). If you (or anyone) find a way to do it with Net::LDAP, please share! I'm pretty sure that you could use ADSI to access the password attribute, but I'm not sure. I didn't explore the possibility too deeply because I wanted to avoid making my code AD-specific. Embrace and extend? Grr. Corey "Edgington, Jeffrey Alan" <je...@um...>@lists.sourceforge.net on 01/15/2001 07:16:56 PM Sent by: per...@li... To: per...@li... cc: Subject: Changing a user password via LDAP in Active Directory I can change everything else about a user via Net::LDAP except the password. I haven't had much luck finding anything on the MS web site about this. If someone has successfully done this via Net::LDAP, I would greatly appreciate some guidance. Thanks. jeff e. |
|
From: Diffenderfer, R. <ran...@ed...> - 2001-01-17 17:00:55
|
Folks, Back when I was younger and stupider (about five minutes ago), I posted the attached message. It has been pointed out to me that the entry was exactly as expected, just "base64 encoded", as would be necessary to maintain a leading blank character! Everything works as it is supposed to. So, in the immortal words of Emily Latella, "Never mind..." :-) rnd p.s. Thanks for the library. It has made my LDAP hacking very simple and easy! > -----Original Message----- > From: Diffenderfer, Randy > Sent: Wednesday, January 17, 2001 11:33 AM > To: 'per...@li...' > Subject: perl-ldap "anomaly"? > > Folks, > > I have run across an "unexpected result" while using the perl-ldap > library, v 0.22. > > The code looks something like this... > > use Net::LDAP; > $ldap = Net::LDAP->new(...); > $entry = Net::LDAP::Entry->new(); > $entry->dn( $dn ); > $entry->add( ... > 'foo' => $foo, > ... > ); > $rc = $ldap->add( $entry ); > > What the problem is, though, is if "$foo" = " foo" (a leading blank > character), then the resulting directory entry attribute 'foo' ends up > being hosed in mysterious ways, with "bizarre" contents, e.g. "IEFxyz==" > (or something like that...). If "$foo" = "foo" (without a leading blank > character), everything works as expected. > > Can you tell me what is going on here, and whether it is "expected" or > not? > > Thank you, > Randy Diffenderfer > ran...@ed... > |
|
From: Diffenderfer, R. <ran...@ed...> - 2001-01-17 16:33:33
|
Folks, I have run across an "unexpected result" while using the perl-ldap library, v 0.22. The code looks something like this... use Net::LDAP; $ldap = Net::LDAP->new(...); $entry = Net::LDAP::Entry->new(); $entry->dn( $dn ); $entry->add( ... 'foo' => $foo, ... ); $rc = $ldap->add( $entry ); What the problem is, though, is if "$foo" = " foo" (a leading blank character), then the resulting directory entry attribute 'foo' ends up being hosed in mysterious ways, with "bizarre" contents, e.g. "IEFxyz==" (or something like that...). If "$foo" = "foo" (without a leading blank character), everything works as expected. Can you tell me what is going on here, and whether it is "expected" or not? Thank you, Randy Diffenderfer ran...@ed... |
7902 messages has been excluded from this view by a project administrator.
