Menu
▾
▴
perl-ldap-dev
You can subscribe to this list here.
| 2000 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(200) |
Jun
(129) |
Jul
(184) |
Aug
(204) |
Sep
(106) |
Oct
(79) |
Nov
(72) |
Dec
(54) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2001 |
Jan
(83) |
Feb
(123) |
Mar
(84) |
Apr
(184) |
May
(106) |
Jun
(111) |
Jul
(104) |
Aug
(91) |
Sep
(59) |
Oct
(99) |
Nov
(100) |
Dec
(37) |
| 2002 |
Jan
(148) |
Feb
(88) |
Mar
(85) |
Apr
(151) |
May
(80) |
Jun
(110) |
Jul
(85) |
Aug
(43) |
Sep
(64) |
Oct
(89) |
Nov
(59) |
Dec
(42) |
| 2003 |
Jan
(129) |
Feb
(104) |
Mar
(162) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Chris R. <chr...@me...> - 2000-12-15 09:45:30
|
Graham Barr <gb...@po...> wrote: > ----- Forwarded message from Bill Mills-Curran <bc...@cl...> > ----- > > Date: Thu, 14 Dec 2000 16:32:20 -0500 (EST) > From: Bill Mills-Curran <bc...@cl...> > To: Graham Barr <gb...@po...> > Subject: LDAP > > Graham, > > Thanks for your work on LDAP. It certainly will help me maintain my > distance from MicroSoft products. I have a question on the use of > your software, particularly with pabber and plook... > > I would like to be able to get lists longer than 75 entries. I work > for a large company, and there are more than 75 "Smith" entries in the > Exchange address book. Or, to be a bit more devious, I am tempted to > extract the contents of the Exchange database. The maximum number of results returned in a single LDAP search operation is governed by the sizelimit parameter that you pass to the search method. Try setting it to a larger value. The LDAP server itself will also impose an upper bound on the maximum number of results to return, so maybe Exchange really won't let you get more than 75... In this case, you will have to refine your search filter to get smaller chunks of the directory back... I don't know of a way to access the raw Exchange database. Presumably it's a proprietary Microsoft thing, so you could try some MS tools like Access :-) > Is there a way to handle this? > > TIA, > Bill > > -- > Bill Mills-Curran Mil...@em... > EMC Corporation Tel: 508 480-7642 > Coslin Drive, MS C33 Fax: 508 480-7913 > Southboro, MA 01772 Cheers, Chris |
|
From: Tom J. <tj...@do...> - 2000-12-15 01:36:08
|
You're trading off flexibility for one, ability to respond to change for another... Suppose said student is also an employee. Do you create a duplicate entry under ou=staff? Do you trust your vendor's implementation of aliases (or your clients' ability to interpret aliases)? What if you issued the user a certificate with a subject under the ou=students OU? If the person changes roles, do you need to invalidate the cert and issue a new one just because they changed roles? Basing a tree structure on roles seems like a mistake to me, as it seems that people will always occupy multiple roles and LDAP/X.500 have always been bad at dealing with multiple inheritances. --Tom On Thu, 14 Dec 2000, Daryl Campbell wrote: > > Mark, > > >I use all 3. > >1 -- for mass groupings (ie , only students can see this site, or only faculty). > > So your students are entries of ou=People and have attribute ou=student. > > What are you trading off in comparison to a student dn of > > dn: uid=joestudent,ou=Student,ou=People,dc=unt,dc=edu > > ? > > -- > Daryl Campbell The magician tried to blame it on the rabbit, > Athabasca University pulled her out of the hat couldn't make her disappear > (780) 675 6379 ...never more blind than when looking at ourselves > daryl@N.O.spam.athabascau.ca Bob Kemmis, Kemmisutra > |
|
From: Daryl C. <da...@at...> - 2000-12-14 23:17:15
|
Mark, >I use all 3. >1 -- for mass groupings (ie , only students can see this site, or only faculty). So your students are entries of ou=People and have attribute ou=student. What are you trading off in comparison to a student dn of dn: uid=joestudent,ou=Student,ou=People,dc=unt,dc=edu ? -- Daryl Campbell The magician tried to blame it on the rabbit, Athabasca University pulled her out of the hat couldn't make her disappear (780) 675 6379 ...never more blind than when looking at ourselves daryl@N.O.spam.athabascau.ca Bob Kemmis, Kemmisutra |
|
From: Graham B. <gb...@po...> - 2000-12-14 22:17:51
|
----- Forwarded message from Bill Mills-Curran <bc...@cl...> ----- Date: Thu, 14 Dec 2000 16:32:20 -0500 (EST) From: Bill Mills-Curran <bc...@cl...> To: Graham Barr <gb...@po...> Subject: LDAP Graham, Thanks for your work on LDAP. It certainly will help me maintain my distance from MicroSoft products. I have a question on the use of your software, particularly with pabber and plook... I would like to be able to get lists longer than 75 entries. I work for a large company, and there are more than 75 "Smith" entries in the Exchange address book. Or, to be a bit more devious, I am tempted to extract the contents of the Exchange database. Is there a way to handle this? TIA, Bill -- Bill Mills-Curran Mil...@em... EMC Corporation Tel: 508 480-7642 Coslin Drive, MS C33 Fax: 508 480-7913 Southboro, MA 01772 ----- End forwarded message ----- |
|
From: Mark W. <mew...@un...> - 2000-12-14 20:06:55
|
I think the problem is that you're trying to treat LDAP as an RDBMS.
An OrganizationalUnit can be an entry (ie an entry of objectclass type
OrganizationalUnit) and an attribute (the ou attribute, available in the person
objectclass).
The organizationUnit objectclass is generally used to provide branches in your
tree. You should attempt to keep this as flat as possible to make it easier to
manage:
ie
dc=unt,dc=edu
ou=people ou=groups
Then if you want to use the organizationalUnit attribute to represent
departments people belong to, you simply put the correct values in each person's
ou attribute.
Now, the only other hierarchy you might do that uses OrganizationalUnit, the
objectclass, is to build an organizational white pages directory.
For example if you want to keep the name of each unit, their manager,
administrative assistant and contact information, you might decide to create a
new branch (ou=departments) that contains this information (though you'll need
to extend the schema so that you can add the necessary attributes to store this
information).
Groups.
If you are trying to use people's departments (ie the value of the ou attribute)
for access control you have 3 options.
1) you can simply define an application level policy that says to check the
user's ou attribute to determine their role
2) you can create a group for each department or committee or team or whatever
and populate it. Then see if a user's DN is found in the membership attribute of
the group
3)If you're using Netscape's directory server you can create a dynamic group(s),
who's membership is determined by the value of a particular attribute. Then see
if the user's would satisfy the search query.
I use all 3.
1 -- for mass groupings (ie , only students can see this site, or only faculty).
2 -- only Vice Presidents can send out a bulk-email message to all students
3 -- I use dynamic groups to maintain course rosters (because they change a lot
and some of them are quite large -- several hundred, it makes maintainence
easier because the membership changes when we update the student's entry)
BTW I have an article on groups and Net::LDAP at www.webtechniques.com. Search
for wilcox or LDAP and it will turn up.
Mark
"Lambright, Linda (N-Averstar)" wrote:
> Do you know where I can get a really good explaination of organizational
> units and how they work.
> I'm trying to write a set of scripts that will allow certain users
> administrator rights over their own groups
> but not over anyone else's groups. In order to do this I have created a set
> of organizational units each with groups and
> subgroups inside of them. All users are then created in the People
> organizational unit and added as members to one or more groups inside other
> organizational units. I need to be able to list the users in each
> organizational unit and whether they are in
> an admin group in that unit. Then we give those admins rights to move users
> from group to group or to remove the user
> from their group or from their organizational unit without actually removing
> the person from the directory server
> or from other groups or other organizational units. These administrators
> also need to be able to make and remove groups in
> their organizational unit and add users to the directory server if the user
> does not already exist. The problems that we
> have run into are all with perl-ldap giving us information on organizational
> units and groups. Probably because we don't
> know how to ask correctly.
>
> Thank you for your help
>
> Linda
>
> > ----------
> > From: Mark Wilcox[SMTP:mew...@un...]
> > Sent: Wednesday, December 13, 2000 6:15 PM
> > To: Lambright, Linda (N-Averstar)
> > Cc: per...@li...
> > Subject: Re: uid's associated with a particular orgranizational unit
> >
> > sounds like you've set your scope incorrectly.
> > $mesg =
> > $ldap->search(
> > base=> "ou=people,dc=acme,dc=com",
> > scope => "sub",
> > filter => "objectclass=person"
> > );
> > should do it.
> >
> > Note that unless you've got a very small number of people, you'll need to
> > either
> > be binded as the directory super-user account or use a virtual list view
> > to see
> > all of them.
> >
> > Mark
> >
> > "Lambright, Linda (N-Averstar)" wrote:
> >
> > > I have created several users in the People organizational unit. I am
> > trying
> > > to find out how to get a list of all of those uid's. However if I ask
> > for
> > > ou=People all I get is the entry for the ou People. Can anyone help me
> > with
> > > this? Even when I use the server console to do the search it comes up
> > with
> > > no entries. However the ldif file clearly shows all of the users with
> > > ou=People. I guess I don't clealy understand the concept of the
> > > organizational unit object.
> > >
> > > Linda Lambright
> >
|
|
From: Íø³æ<Íø³æ@lists.sourceforge.net> - 2000-12-14 19:26:41
|
中国最大的交流、服务门户网站!!! http://www.hichong.com 网虫从此e起来! ______________________________________________________________________________________ 搜索:我们的网站有家了。 社区:哇~~!纯纯的mud社区耶! 论坛:中国不是没有好的论坛,而是您发现了hichong.com的bbs了吗? 网虫:中国的网虫去报个名吧。 交友:由史以来最好的交友中心 网虫链:把中国的网站搞起来! 下载中心:最辛辣的网络、系统、娱乐...软件下载,还有asp、cgi、php...的源码!(栏目开发中) 聊天中心:聊天功能、速度是网易、新浪的几倍! 服务中心:◆域名申请 ◆论坛申请 ◆聊天室申请 ◆计数器申请 ◆统计系统申请 ◆留言簿申请 ◆调查引擎申请 ◆邮件列表申请 ◆友情链接申请 ______________________________________________________________________________________ 中国的网虫们行动吧 http://www.hichong.com ------------------------------------------------- CDmail by ClanSoft http://clansoft.yeah.net |
|
From: Chris R. <chr...@me...> - 2000-12-14 13:37:08
|
"Lambright, Linda (N-Averstar)" <lin...@lm...> wrote:
> Do you know where I can get a really good explaination of organizational
> units and how they work.
Organizational units are simply entries in the directory with an object
class of "organizationalUnit" and usually named with the "ou" attribute
(aka "organizationalUnitName".)
These entries are normally used to represent departments in an
organization, and the reason they don't have an object class of
"department" is because the standards authors had to consider that
"department" has different connotations in some countries (like France),
and so opted for the somewhat hideous term "organizationalUnit". Sorry,
getting sidetracked there!
There are no real special kinds of entry in the directory. So
organizationalUnits work exactly the same way that, say domain entries
work, or locality entries work.
Some vendors cause problems (IMO) by calling organizationalUnits
"containers". This is misleading because the "has a" (ie "contains")
relationship in LDAP can mean either using an attribute of an entry (an
employee "has a" surname and telephone number and a manager), or that the
relationship is hierarchical, ie part of the structure of the directory
tree (a department has employees)
> I'm trying to write a set of scripts that will allow certain users
> administrator rights over their own groups
> but not over anyone else's groups. In order to do this I have created a
> set of organizational units each with groups and
> subgroups inside of them. All users are then created in the People
> organizational unit and added as members to one or more groups inside
> other organizational units. I need to be able to list the users in each
> organizational unit and whether they are in
> an admin group in that unit. Then we give those admins rights to move
> users from group to group or to remove the user
> from their group or from their organizational unit without actually
> removing the person from the directory server
> or from other groups or other organizational units. These administrators
> also need to be able to make and remove groups in
> their organizational unit and add users to the directory server if the
> user does not already exist. The problems that we
> have run into are all with perl-ldap giving us information on
> organizational units and groups. Probably because we don't
> know how to ask correctly.
In your case, your organizationalUnits "have" people in the hierarchical
sense, eg:
o=My Company
|
+----------+
| |
ou=People ...
|
+----+----+
| | |
cn=Jim ... cn=Ann
However group entries (groupOfNames objectclass) represent the "has a"
relationship using the member attribute.
Once you understand those two relationships, your script should be easier
to work out.
To find the people in the ou, search the ou subtree for the person entries,
like Mark suggested. You want to retrieve the "uid" attribute from each of
those entries.
To find the people in the group, read the member attribute from the group
entry. The attribute values will be distinguished names (DNs) of other
entries in the directory. Possibly the entries you read above!
> Thank you for your help
>
> Linda
>
>> ----------
>> From: Mark Wilcox[SMTP:mew...@un...]
>> Sent: Wednesday, December 13, 2000 6:15 PM
>> To: Lambright, Linda (N-Averstar)
>> Cc: per...@li...
>> Subject: Re: uid's associated with a particular orgranizational unit
>>
>> sounds like you've set your scope incorrectly.
>> $mesg =
>> $ldap->search(
>> base=> "ou=people,dc=acme,dc=com",
>> scope => "sub",
>> filter => "objectclass=person"
>> );
>> should do it.
>>
>> Note that unless you've got a very small number of people, you'll need to
>> either
>> be binded as the directory super-user account or use a virtual list view
>> to see
>> all of them.
>>
>> Mark
>>
>> "Lambright, Linda (N-Averstar)" wrote:
>>
>> > I have created several users in the People organizational unit. I am
>> trying
>> > to find out how to get a list of all of those uid's. However if I ask
>> for
>> > ou=People all I get is the entry for the ou People. Can anyone help me
>> with
>> > this? Even when I use the server console to do the search it comes up
>> with
>> > no entries. However the ldif file clearly shows all of the users with
>> > ou=People. I guess I don't clealy understand the concept of the
>> > organizational unit object.
>> >
>> > Linda Lambright
>>
Cheers,
Chris
|
|
From: Lambright, L. (N-Averstar) <lin...@lm...> - 2000-12-14 03:20:28
|
Do you know where I can get a really good explaination of organizational units and how they work. I'm trying to write a set of scripts that will allow certain users administrator rights over their own groups but not over anyone else's groups. In order to do this I have created a set of organizational units each with groups and subgroups inside of them. All users are then created in the People organizational unit and added as members to one or more groups inside other organizational units. I need to be able to list the users in each organizational unit and whether they are in an admin group in that unit. Then we give those admins rights to move users from group to group or to remove the user from their group or from their organizational unit without actually removing the person from the directory server or from other groups or other organizational units. These administrators also need to be able to make and remove groups in their organizational unit and add users to the directory server if the user does not already exist. The problems that we have run into are all with perl-ldap giving us information on organizational units and groups. Probably because we don't know how to ask correctly. Thank you for your help Linda > ---------- > From: Mark Wilcox[SMTP:mew...@un...] > Sent: Wednesday, December 13, 2000 6:15 PM > To: Lambright, Linda (N-Averstar) > Cc: per...@li... > Subject: Re: uid's associated with a particular orgranizational unit > > sounds like you've set your scope incorrectly. > $mesg = > $ldap->search( > base=> "ou=people,dc=acme,dc=com", > scope => "sub", > filter => "objectclass=person" > ); > should do it. > > Note that unless you've got a very small number of people, you'll need to > either > be binded as the directory super-user account or use a virtual list view > to see > all of them. > > Mark > > "Lambright, Linda (N-Averstar)" wrote: > > > I have created several users in the People organizational unit. I am > trying > > to find out how to get a list of all of those uid's. However if I ask > for > > ou=People all I get is the entry for the ou People. Can anyone help me > with > > this? Even when I use the server console to do the search it comes up > with > > no entries. However the ldif file clearly shows all of the users with > > ou=People. I guess I don't clealy understand the concept of the > > organizational unit object. > > > > Linda Lambright > |
|
From: Mark W. <mew...@un...> - 2000-12-14 02:18:19
|
First, make sure you put a subject line. not doing so is friggin' annoying. If I wasn't stuck at home, I probably would have ignored your message. :) I forgot to add to my earlier reply, you can also look into using Net::LDAP instead (http://perl-ldap.sourceforge.net). Mozilla's code is no longer being actively maintained that I know of and we're a hell of alot more portable. Mark |
|
From: Mark W. <mew...@un...> - 2000-12-14 02:16:30
|
Sorry, wrong list. This on Net::LDAP (called perl-ldap because it's written in Pure perl. We had the name first, netscape took it for their Perl wrapper to the C SDK). Try the newgroups at www.mozilla.org/directory/ Mark "Flamand, Julien" wrote: > Hello, > > I do not manage to search in Active Directory at the level wanted. I > want retrieve users information (like sAMAccountName). I use perl with > perlDAP module. When I use filter objectclass=* i retrieve > informations, but if I try to use objectclass=user or > objectcategory=person there is not entry found. I don't know why. > Users are in OU=Lumos_Users, DC=lumos, DC=com.... Here is my perl > script. > > use Mozilla::LDAP::Conn; > > $base = "DC=lumos, DC=com"; > $conn = new Mozilla::LDAP::Conn("glisten", "389", "",""); die "No > LDAP connection" unless $conn; > > $who = "*"; > > $entry = $conn->search($base, "sub", "objectclass=$who"); > if (! $entry) > { print " handle this event, no entries found, dude!\n" > } > else > { > while ($entry) > { > $entry->printLDIF(); > $entry = $conn->nextEntry(); > } > } > > please help me !!! > > Best regards > > > Julien Flamand > MIS > Lumos Technologies Inc. > 2500 Broadway Avenue, Suite 170 > Santa Monica, CA 90404 > Tel: 310-453-5852 > Fax: 310-829-0665 > |
|
From: Mark W. <mew...@un...> - 2000-12-14 02:14:17
|
sounds like you've set your scope incorrectly.
$mesg =
$ldap->search(
base=> "ou=people,dc=acme,dc=com",
scope => "sub",
filter => "objectclass=person"
);
should do it.
Note that unless you've got a very small number of people, you'll need to either
be binded as the directory super-user account or use a virtual list view to see
all of them.
Mark
"Lambright, Linda (N-Averstar)" wrote:
> I have created several users in the People organizational unit. I am trying
> to find out how to get a list of all of those uid's. However if I ask for
> ou=People all I get is the entry for the ou People. Can anyone help me with
> this? Even when I use the server console to do the search it comes up with
> no entries. However the ldif file clearly shows all of the users with
> ou=People. I guess I don't clealy understand the concept of the
> organizational unit object.
>
> Linda Lambright
|
|
From: Lambright, L. (N-Averstar) <lin...@lm...> - 2000-12-14 00:38:47
|
I have created several users in the People organizational unit. I am trying to find out how to get a list of all of those uid's. However if I ask for ou=People all I get is the entry for the ou People. Can anyone help me with this? Even when I use the server console to do the search it comes up with no entries. However the ldif file clearly shows all of the users with ou=People. I guess I don't clealy understand the concept of the organizational unit object. Linda Lambright |
|
From: Flamand, J. <Jul...@lu...> - 2000-12-13 20:24:24
|
Hello,
I do not manage to search in Active Directory at the level wanted. I
want retrieve users information (like sAMAccountName). I use perl with
perlDAP module. When I use filter objectclass=3D* i retrieve =
informations,
but if I try to use objectclass=3Duser or objectcategory=3Dperson there =
is
not entry found. I don't know why. Users are in OU=3DLumos_Users,
DC=3Dlumos, DC=3Dcom.... Here is my perl script.
use Mozilla::LDAP::Conn;
$base =3D "DC=3Dlumos, DC=3Dcom";
$conn =3D new Mozilla::LDAP::Conn("glisten", "389", "",""); die "No
LDAP connection" unless $conn;
$who =3D "*";
$entry =3D $conn->search($base, "sub", "objectclass=3D$who");
if (! $entry)
{ print " handle this event, no entries found, dude!\n"
}
else
{
while ($entry)
{
$entry->printLDIF();
$entry =3D $conn->nextEntry();
}
}
please help me !!!
Best regards
Julien Flamand
MIS
Lumos Technologies Inc.
2500 Broadway Avenue, Suite 170
Santa Monica, CA 90404
Tel: 310-453-5852
Fax: 310-829-0665=20
|
|
From: Chris R. <chr...@me...> - 2000-12-13 12:12:24
|
Chris Ridd <chr...@me...> wrote: > Jan Gruber <Jan...@po...> wrote: >> Hi, >> >> I'm using a Netscape Directory Server and perl-ldap-0.22/Convert::ASN1 >> >> Is there any special preparation for substring filters ? >> >> If i submit a (uid=*234*) subtree search at the Netscape Console, it >> works as expected. The same filter submitted via perl-ldap does not >> return anything :( I tried it with \* and *, the result didn't change. >> Even digging with perl -d didnt help. >> >> The LDAP::Filter manpage shows special characters for *, so the encoding >> should work for that asterisk. >> >> Any hint would be appreciated, >> TIA > > Create the Net::LDAP object with debug set to 12 and repeat your test. > This will dump out the protocol that Net::LDAP is sending to the server > (and back), and it may reveal that something's going wrong at this point. Also are you setting your search base and scope correctly in Net::LDAP, and are you authenticated appropriately? Cheers, Chris |
|
From: Chris R. <chr...@me...> - 2000-12-13 10:21:06
|
Jan Gruber <Jan...@po...> wrote: > Hi, > > I'm using a Netscape Directory Server and perl-ldap-0.22/Convert::ASN1 > > Is there any special preparation for substring filters ? > > If i submit a (uid=*234*) subtree search at the Netscape Console, it > works as expected. The same filter submitted via perl-ldap does not > return anything :( I tried it with \* and *, the result didn't change. > Even digging with perl -d didnt help. > > The LDAP::Filter manpage shows special characters for *, so the encoding > should work for that asterisk. > > Any hint would be appreciated, > TIA Create the Net::LDAP object with debug set to 12 and repeat your test. This will dump out the protocol that Net::LDAP is sending to the server (and back), and it may reveal that something's going wrong at this point. Cheers, Chris |
|
From: Jan G. <Jan...@po...> - 2000-12-13 08:42:16
|
Hi, I'm using a Netscape Directory Server and perl-ldap-0.22/Convert::ASN1 Is there any special preparation for substring filters ? If i submit a (uid=*234*) subtree search at the Netscape Console, it works as expected. The same filter submitted via perl-ldap does not return anything :( I tried it with \* and *, the result didn't change. Even digging with perl -d didnt help. The LDAP::Filter manpage shows special characters for *, so the encoding should work for that asterisk. Any hint would be appreciated, TIA -- Jan Gruber System Administrator Primacom Office: +49 (341) 609 524 53 Fax: +49 (341) 609 525 17 cat /dev/world | perl -e "(/(^.*? \?) 42 \!/) && (print $1))" errors->(c) _ |
|
From: Clif H. <cl...@di...> - 2000-12-13 03:57:21
|
> > hello, > > We're loading LDAP entries to iPlanet 4.1 Directory Server via Net::LDAP > v 0.22 using perl v5.6.0. > > We can successfully read/modify/add/delete, a very good start. > > However, we need to add on the order of 20k+ records. If all records are > attempted at the same time, the "journal" logs fill the hard drive after > about 400 additions. We can consistently add about 300 records, after > which we must exit the script and wait a few moments before running the > next batch. We wish to ultimately have a hands off one-shot process. > > I've looked at the server configuration, perhaps to turn off > "journaling" temporarily, but have not seen anything promising yet. > > Is there a way to "commit" the changes in progress from the perl script? > Having the script pause and/or unbind does not seem to do it. > > thanks, > Gordon Smith > > I have loaded 60K+ plus records on my Netscape 4.x directory server using a script that does almost exactly what you describe. The script binds, loads 250 records, unbinds, sleeps 2 minutes, and then repeats this process until all records have completed. To the user this looks like one "long" continuos process. There is a bulk loading script for Netscape servers that bypasses ldap, you might want to look into using it. I have never used it but I have been told it is very fast and works quite well. It comes with the Netscape server software. This is a problem that is not unique to Netscape, I have had this problem on 2 other directory servers also. How sever the problem is depends on computer speed, computer load, and amount of available ram and disk space. Clif Harden INTERNET: c-h...@ti... |
|
From: Mark W. <mew...@un...> - 2000-12-13 02:46:39
|
The answer is to get more hard-drive space or set the journals so that they are written to a different partition that has more disk space (the latter is also a good idea for disaster recover). You cannot turn them off and you don't want to. Those files insure that your directory will always be in a consistent state in case of a server failure. For example if you lose power during an update. During the restart, the server will rebuild itself, restoring the databases back to the last 'good' commits. That's a specific behavior to the Netscape DS, and is not something that is part of LDAP. In LDAP there is no notion of commit and rollbacks. Mark Gordon Smith wrote: > hello, > > We're loading LDAP entries to iPlanet 4.1 Directory Server via Net::LDAP > v 0.22 using perl v5.6.0. > > We can successfully read/modify/add/delete, a very good start. > > However, we need to add on the order of 20k+ records. If all records are > attempted at the same time, the "journal" logs fill the hard drive after > about 400 additions. We can consistently add about 300 records, after > which we must exit the script and wait a few moments before running the > next batch. We wish to ultimately have a hands off one-shot process. > > I've looked at the server configuration, perhaps to turn off > "journaling" temporarily, but have not seen anything promising yet. > > Is there a way to "commit" the changes in progress from the perl script? > Having the script pause and/or unbind does not seem to do it. > > thanks, > Gordon Smith |
|
From: Gordon S. <gor...@ce...> - 2000-12-13 00:38:47
|
hello, We're loading LDAP entries to iPlanet 4.1 Directory Server via Net::LDAP v 0.22 using perl v5.6.0. We can successfully read/modify/add/delete, a very good start. However, we need to add on the order of 20k+ records. If all records are attempted at the same time, the "journal" logs fill the hard drive after about 400 additions. We can consistently add about 300 records, after which we must exit the script and wait a few moments before running the next batch. We wish to ultimately have a hands off one-shot process. I've looked at the server configuration, perhaps to turn off "journaling" temporarily, but have not seen anything promising yet. Is there a way to "commit" the changes in progress from the perl script? Having the script pause and/or unbind does not seem to do it. thanks, Gordon Smith |
|
From: Flamand, J. <Jul...@lu...> - 2000-12-12 23:07:22
|
Hello,=20
I am trying to retrieve informations about the users of my company
stored in Active directory. I manage to bind the server, but I do not
manage to search in the OU=3DLumos_users subtree. following my perl
script:
use Mozilla::LDAP::Conn;=20
use Mozilla::LDAP::Utils;=20
use Mozilla::LDAP::Entry;=20
use Mozilla::LDAP::LDIF;=20
$base =3D "OU=3DLumos_users,DC=3Dlumos,DC=3Dcom";=20
$conn =3D new Mozilla::LDAP::Conn("glisten", "389", "", ""); die "No =
LDAP=20
connection" unless $conn;=20
$entry =3D $conn->search($base, "base", "(objectclass=3Duser)");=20
if (! $entry)=20
{ print " handle this event, no entries found, dude!\n"=20
}=20
else=20
{=20
while ($entry)=20
{=20
$entry->printLDIF();=20
$entry =3D $conn->nextEntry();=20
}=20
}
Please tell me how to access to the users informations. What is wrong
with my script ??=20
Thanks in advance.=20
Julien Flamand
MIS
Lumos Technologies Inc.
2500 Broadway Avenue, Suite 170
Santa Monica, CA 90404
Tel: 310-453-5852
Fax: 310-829-0665=20
|
|
From: Jim H. <ha...@us...> - 2000-12-12 22:53:17
|
Sam, The issue is that you need to know the directory structure for whatever directory server you are searching. If you know that the server has unique identifiers for everyone, then you cand find the dn of the object (account) to which you want to bind by code similar to: $mesg = $ldap->search ( filter => "(|(uid=$who) (cn=$who))") die "not found" if $mesg->count == 0; die "multiple entries found" if $mesg->count > 1; $dn_of_user = $mesg->entry(0)->dn; This of course assumes that either uid or cn are used to identify people in your directory. Other things are possible, these are the most common. --Jim Harle On Tue, 12 Dec 2000, Sam Tregar wrote: > On Tue, 12 Dec 2000 ce...@ca... wrote: > > > I know it's possible, as I am doing it. Here's what my code looks like: > > Thanks! That did the trick. A question - where did you get this > information? I'm curious where I went wrong. > > Perhaps something like this should go in the Net::LDAP docs? In the docs > I was led to believe I was looking for something like > "uid=foo,ou=People,o=bar.com". > > Thanks again! > -sam > > |
|
From: <ce...@ca...> - 2000-12-12 21:01:25
|
I think it was O'Reilly's "Windows 2000 Active Directory". All of the code samples are C++ and VB, but it's still a useful reference. I've also found myself referring to two other excellent O'Reilly books: "Perl for System Administration" and "Practical Internet Groupware". --Corey To: Corey Ehmke/CAT/hmco@HoughtonMifflin cc: per...@li... Subject: Re: Is Net::LDAP binding to Active Directiry possible? On Tue, 12 Dec 2000 ce...@ca... wrote: > I know it's possible, as I am doing it. Here's what my code looks like: Thanks! That did the trick. A question - where did you get this information? I'm curious where I went wrong. Perhaps something like this should go in the Net::LDAP docs? In the docs I was led to believe I was looking for something like "uid=foo,ou=People,o=bar.com". Thanks again! -sam |
|
From: Sam T. <sa...@tr...> - 2000-12-12 20:53:44
|
On Tue, 12 Dec 2000 ce...@ca... wrote: > I know it's possible, as I am doing it. Here's what my code looks like: Thanks! That did the trick. A question - where did you get this information? I'm curious where I went wrong. Perhaps something like this should go in the Net::LDAP docs? In the docs I was led to believe I was looking for something like "uid=foo,ou=People,o=bar.com". Thanks again! -sam |
|
From: <ce...@ca...> - 2000-12-12 20:31:53
|
Sam,
I know it's possible, as I am doing it. Here's what my code looks like:
my $ldapServer = "xxx.xxx.xxx.xxx";
my $authLogin = "cn=My Name;cn=Users;dc=foo;dc=test;dc=com";
my $pass = "password";
$ldap = Net::LDAP->new($ldapServer,debug=>1) || die &returnErr("Failed
to create an LDAP object");
$ldap->bind ( dn => $authLogin,
password => $pass ) || die &returnErr("Could not bind.");
I don't think that I changed the out-of-the-box security settings for
Active Directory, but I did a lot of my work so far under sleep-deprived
and caffeine-enhanced conditions, so it's possible. My only suggestion in
this regard is to verify the permissions on the User account that you're
using to bind with.
Maybe someone else has more complete information?
---Corey
Sent by: per...@li...
To: <per...@li...>
cc:
Subject: Is Net::LDAP binding to Active Directiry possible?
Hello all. I'm trying to bind() to an Active Directory server using
Net::LDAP. So far no matter what I try to use for a "dn" I get an
AccessSecurityContext error in response.
I can get access to the LDAP services with the LDP.EXE crap-ware provided
with Windows 2000. Binding from within LDP.EXE works unless I uncheck
NTLM Domain. Is it possible I need to turn off some MS-specific bind
requirements? Kerberos, perhaps?
I can post my test script if it would help. I can also run any queries
you might want to see from the LDP.EXE program. Thanks for your help and
advice.
-sam
|
|
From: Flamand, J. <Jul...@lu...> - 2000-12-12 20:29:20
|
Hello,
I am french so excuse me in advance, my english is not very good. I am
trying to retrieve informations about the users of my company stored in
Active directory. I manage to bind the server, but I do not manage to
search in the OU=3DLumos_users subtree. following my perl script:
use Mozilla::LDAP::Conn;
use Mozilla::LDAP::Utils;
use Mozilla::LDAP::Entry;
use Mozilla::LDAP::LDIF;
$base =3D "OU=3DLumos_users,DC=3Dlumos,DC=3Dcom";
$conn =3D new Mozilla::LDAP::Conn("glisten", "389", "", ""); die "No
LDAP
connection" unless $conn;
$entry =3D $conn->search($base, "base", "(objectclass=3Duser)");
if (! $entry)
{ print " handle this event, no entries found, dude!\n"
}
else
{
while ($entry)
{
$entry->printLDIF();
$entry =3D $conn->nextEntry();
}
}
Please tell me how to access to the informations of the users. What is
wrong with my script ??
Thanks in advance.
Julien Flamand
MIS
Lumos Technologies Inc.
2500 Broadway Avenue, Suite 170
Santa Monica, CA 90404
Tel: 310-453-5852
Fax: 310-829-0665=20
|
7902 messages has been excluded from this view by a project administrator.
