perl-ldap-dev

Retrieve Image

[Cary Z <ca...@ho...>]

Hi, All,

I am trying to work out image processing in LDAP using Perl-Ldap. I used the
following code to save the image into the database.
##################################
open (in, "<clinton.jpg") or die "$@";
$imagedata = <in>;
close(in);
$result = $ldap->modify($entry,  add => {'jpegphoto' => $imagedata});
##################################

After that, when I dump the content of the attributes, I found the jpegphoto
attribute(which was not there before). So I assume it's ok.

Then I used this to retrieve it:
##################################
$image = $entry->get('jpegphoto');
print "Content-type: image/jpeg\n\n";
print $image;
##################################

However I got this when the browser should only give me an image:

ARRAY(0X2BE0B8)

Could some one point me a way out. Thanks in advance.

- CZ -

how to search and modify/delete copiedFrom

[Swee-Chuan K. <sc...@tm...>]

hi,

i can't able to find a right ldapsearch parameter to
display the value of copiedFrom as well as trying to change it.

doing it on command line using ldapseach/ldapmodify works.

please help.

-- 
Swee-Chuan Khoo sc...@tm...

A layman knows he has to kick it.; An amateur knows where to kick it.; A
professional knows how hard.

Re: New to LDAP with Perl

[Mark W. <mew...@un...>]

Ugh, active directory.

Assuming the password is stored in the userpassword attribute, you should
be able to do something like this:
$ldap->modify("cn=NAME,ou=DEPT,ou=DIV,ou=SCHOOL,dc=SERV1,dc=cc,dc=umr,dc=edu",
              replace => { 'userpassword' => 'somepassword'});

should work. Might want to double check the name of the password attribute
in the active directory schema.

mark

On Tue, 7 Nov 2000, Edgington, Jeffrey Alan wrote:

> As I did not find anything in the archives that seemed to answer my
> question, I thought I would ask the list for some help.
> 
> I know how to change a password via VBS and LDAP... but I need to run this
> script from Unix and would prefer to write it in perl.
> 
> 
> This is the portion of the VBS script that changes the password...
> 
> Set adsUser =
> GetObject("LDAP://cn=NAME,ou=DEPT,ou=DIV,ou=SCHOOL,dc=SERV1,dc=cc,dc=umr,dc=
> edu")
> adsUser.SetPassword "NEWPASSWORD"
> 
> I have figured out how to connect to the ADS LDAP directory from perl
> (running on unix)... but once there, I am not sure how to translate the
> above lines into perl. 
> 
> I am using Net::LDAP to do my connection.
> 
> Thanks in advance.
> 
> 
> 
> -----------------------------------------------------------------------
> Jeffrey Edgington
> Systems Administrator
> University of Missouri - Rolla
> Are you a Spectator or a Participant?
> -----------------------------------------------------------------------
> 
> 

New to LDAP with Perl

[Edgington, J. A. <je...@um...>]

As I did not find anything in the archives that seemed to answer my
question, I thought I would ask the list for some help.

I know how to change a password via VBS and LDAP... but I need to run this
script from Unix and would prefer to write it in perl.


This is the portion of the VBS script that changes the password...

Set adsUser =
GetObject("LDAP://cn=NAME,ou=DEPT,ou=DIV,ou=SCHOOL,dc=SERV1,dc=cc,dc=umr,dc=
edu")
adsUser.SetPassword "NEWPASSWORD"

I have figured out how to connect to the ADS LDAP directory from perl
(running on unix)... but once there, I am not sure how to translate the
above lines into perl. 

I am using Net::LDAP to do my connection.

Thanks in advance.



-----------------------------------------------------------------------
Jeffrey Edgington
Systems Administrator
University of Missouri - Rolla
Are you a Spectator or a Participant?
-----------------------------------------------------------------------

Re: Timeout value

[Clif H. <cl...@di...>]

> 
> 
> Yup, the timeout argument to new is only for connection establishment.
> 
> You can ask the server to timeout searches that take more than a number of
> seconds by using the 'timelimit' argument in the search call.
> 
> Cheers,
> 
> Chris
> 

Duh, should have read the man pages better!

Thanks,

Clif Harden           INTERNET:  c-h...@ti...

Re: Timeout value

[Chris R. <chr...@me...>]

Clif Harden <cl...@di...> wrote:
>> 
>> Clif Harden <cl...@di...> wrote:
>> > 
>> > Has anyone tried the timeout option with perl-ldap.
>> > 
>> > I believe I am having problems with it not working.
>> > No matter what I set for a value it never times out.
>> > 
>> > What is the time frame of the timeout option; seconds,
>> > minutes, hours, etc.
>> > 
>> > I have been programming for timeout being seconds.
>> > 
>> > Regards,
>> > 
>> > Clif Harden           INTERNET:  c-h...@ti...
>> > 
>> 
>> The timeout you pass to Net::LDAP::new() is passed directly to the socket
>> constructor (perldoc IO::Socket).
>> 
>> As far as I can tell, it is used in connect() and accept() and it is
>> measured in seconds (it is passed to alarm()). As these two calls can
>> take up to 5 minutes to fail because of TCP timers, having a timeout
>> shorter than this can be desirable. Connect() is used by clients when
>> creating the connection to the server, accept() is used by servers.
>> 
>> To provoke the 5 minute failure, you have to try to connect to an IP
>> address of a machine outside of your subnet which doesn't exist. I've
>> seen Linux do some funny things in this area, whereas Solaris for example
>> behaves as expected.
>> 
>> Cheers,
>> 
>> Chris
>> 
> 
> Thanks Chris,
> 
> So I take it the timeout only works on the initial connection to
> the directory server, it has nothing else to do with timeouts on
> searchs, etc.
> 
> Timing out on searchs is the problem I need to solve, if there is no
> built-in timeout function in the Net::LDAP search methods I can easily 
> write code to solve the problem.
> 
> Regards,
> 
> Clif Harden           INTERNET:  c-h...@ti...
> 

Yup, the timeout argument to new is only for connection establishment.

You can ask the server to timeout searches that take more than a number of
seconds by using the 'timelimit' argument in the search call.

Cheers,

Chris

Re: Timeout value

[Clif H. <cl...@di...>]

> 
> Clif Harden <cl...@di...> wrote:
> > 
> > Has anyone tried the timeout option with perl-ldap.
> > 
> > I believe I am having problems with it not working.
> > No matter what I set for a value it never times out.
> > 
> > What is the time frame of the timeout option; seconds,
> > minutes, hours, etc.
> > 
> > I have been programming for timeout being seconds.
> > 
> > Regards,
> > 
> > Clif Harden           INTERNET:  c-h...@ti...
> > 
> 
> The timeout you pass to Net::LDAP::new() is passed directly to the socket
> constructor (perldoc IO::Socket).
> 
> As far as I can tell, it is used in connect() and accept() and it is
> measured in seconds (it is passed to alarm()). As these two calls can take
> up to 5 minutes to fail because of TCP timers, having a timeout shorter
> than this can be desirable. Connect() is used by clients when creating the
> connection to the server, accept() is used by servers.
> 
> To provoke the 5 minute failure, you have to try to connect to an IP
> address of a machine outside of your subnet which doesn't exist. I've seen
> Linux do some funny things in this area, whereas Solaris for example
> behaves as expected.
> 
> Cheers,
> 
> Chris
> 

Thanks Chris,

So I take it the timeout only works on the initial connection to
the directory server, it has nothing else to do with timeouts on
searchs, etc.

Timing out on searchs is the problem I need to solve, if there is no
built-in timeout function in the Net::LDAP search methods I can easily 
write code to solve the problem.

Regards,

Clif Harden           INTERNET:  c-h...@ti...

[Fwd] About Net::LDAP versions 1.19-1.22

[Graham B. <gb...@po...>]

----- Forwarded message from Marco Marongiu <br...@cr...> -----

Date: Mon, 06 Nov 2000 09:40:01 +0100
From: Marco Marongiu <br...@cr...>
X-Mailer: Mozilla 4.61 [en] (X11; I; SunOS 5.7 sun4u)
To: gb...@po...
Subject: About Net::LDAP versions 1.19-1.22

Dear Mr. Barr

My name is Marco Marongiu, I am a perl ``programmer'' from Italy :-)
I've been working on a web interface for some services on a directory
server based on OpenLDAP 1.2.11 on Debian GNU/Linux 2.11 and SUN Solaris
7 platforms.

I had really big problems in deleting attributes from entries. Since in
documentation I read

     modify ( DN, OPTIONS )
         Modify the contents of DN on the server. DN May be a
         string or a Net::LDAP::Entry object.

[...]
     add     The add option should be a reference to a HASH. The
             values of the HASH are the attributes to add, and
             the values may be a string or a reference to a list
             of values.

[...]
     replace The <replace> option takes a argument in the same
             form as add, but will cause any existing attributes
             with the same name to be replaced. If the value for
             any attribute in the HASH is a reference to an empty
             ARRAY the all instances of the attribute will be
             deleted.


But when I issued a request like

$msg = $ldap->modify($dn, replace => { attribute => [] }) ;

I got an error, and $msg->code returned 2. It turned out that the change
didn't take place unless the request was restated as

$msg = $ldap->modify($dn, replace => { attribute => undef }) ;

Did I go wrong? Or maybe is it a "bug" in documentation/module?

Thank you for all the work you've been doing for the perl community!

Sincerely
Marco Marongiu
CRS4 - Center for Research, Development & Advanced Studies in Sardinia

-- 
  ____  ____  ____  _  _ 
 / ___)| __ \/ ___)/ /| | Marco Marongiu (br...@cr...)
| (___ |    /\___ \\__  | Computers & Network Group
 \____)|_|\_\(____/   |_| Phone: +39 070 2796 336


----- End forwarded message -----

[Fwd] perl-ldap question

[Graham B. <gb...@po...>]

----- Forwarded message from Stephen King <Ste...@ut...> -----

From: "Stephen King" <Ste...@ut...>
To: gb...@po...
Date: Fri, 3 Nov 2000 11:18:43 +1100
Subject: perl-ldap question
X-Mailer: DMailWeb Web to Mail Gateway 2.6k, http://netwinsite.com/top_mail.htm

Dear Graham,

I have a question about the perl-ldap module.  I have written a script that
searches the ldap database.  There seems to be a strange set of results being
returned.  If the results returned are a small subset of the database (eg: 150)
it works fine.  A larger set of results (eg: 256) seems to 'hang' until another
connection/query to the database is made and then results from the script are
returned.

Is this something that you have come across before?  It's got me a little perplexed!
 Here is a segment of the code

$ldap = Net::LDAP->new($server, port => $port, async => 1)
                || die("Couldn't connect to LDAP server");

my @Attrs = ('uid');
    my $result = LDAPsearch($ldap,"(gid=xxx)",\@Attrs,$base);
    my @entries = $result->entries;
    $ldap->unbind
                if ($ldap);
......
sub LDAPsearch {

    my ($ldap,$searchString,$attrs,$base) = @_ ;

    my $result = $ldap->search (
                                base    => "$base",
                                scope   => "sub",
                                filter  => "$searchString",
                                attrs   => $attrs
                                );
}



Any help or hints would be great.


Cheers,

Steve King
http://netwinsite.com


----- End forwarded message -----

Re: Timeout value

[Chris R. <chr...@me...>]

Clif Harden <cl...@di...> wrote:
> 
> Has anyone tried the timeout option with perl-ldap.
> 
> I believe I am having problems with it not working.
> No matter what I set for a value it never times out.
> 
> What is the time frame of the timeout option; seconds,
> minutes, hours, etc.
> 
> I have been programming for timeout being seconds.
> 
> Regards,
> 
> Clif Harden           INTERNET:  c-h...@ti...
> 

The timeout you pass to Net::LDAP::new() is passed directly to the socket
constructor (perldoc IO::Socket).

As far as I can tell, it is used in connect() and accept() and it is
measured in seconds (it is passed to alarm()). As these two calls can take
up to 5 minutes to fail because of TCP timers, having a timeout shorter
than this can be desirable. Connect() is used by clients when creating the
connection to the server, accept() is used by servers.

To provoke the 5 minute failure, you have to try to connect to an IP
address of a machine outside of your subnet which doesn't exist. I've seen
Linux do some funny things in this area, whereas Solaris for example
behaves as expected.

Cheers,

Chris

Íø·ÑÿСʱ0.5Ôª£¿

[<cy8...@21...>]

ÄãºÃ£¡
    ±¾Õ¾ÓдóÁ¿ÉÏÍøÕʺţ¨163£¬°üÉÏINTERNET£©£¬Ã¿1Сʱ/0.5Ôª£¡(±ÈÂò¿¨ÉÏ»¹Òª±ãÒË£©
    ´óÁ¿Åú·¢£¡ÓÐÒâÕßÇëÓëÎÒÃÇÁªÏµ£¡
    ÏêÇéÇëµ½http://www.cy88.comä¯ÀÀ£¡


    꿅᣼http://www.cy88.com
    ÁªÏµÈË£ºcy8...@21...

Íø·ÑÿСʱ0.Ôª£¿

[<cy8...@21...>]

ÄãºÃ£¡
    ±¾Õ¾ÓдóÁ¿ÉÏÍøÕʺţ¨163£¬°üÉÏINTERNET£©£¬Ã¿1Сʱ/0.5Ôª£¡(±ÈÂò¿¨ÉÏ»¹Òª±ãÒË£©
    ´óÁ¿Åú·¢£¡ÓÐÒâÕßÇëÓëÎÒÃÇÁªÏµ£¡
    ÏêÇéÇëµ½http://www.cy88.comä¯ÀÀ£¡


    꿅᣼http://www.cy88.com
    ÁªÏµÈË£ºcy8...@21...

Web page is down for some reason

[Clif H. <ch...@te...>]

The perl-ldap web page is down, NO DATA.

I have submitted a ticket to sourceforge.

Regards,

Clif Harden                                          ch...@po...

Timeout value

[Clif H. <cl...@di...>]

Has anyone tried the timeout option with perl-ldap.

I believe I am having problems with it not working.
No matter what I set for a value it never times out.

What is the time frame of the timeout option; seconds,
minutes, hours, etc.

I have been programming for timeout being seconds.

Regards,

Clif Harden           INTERNET:  c-h...@ti...

Updated FAQ.

[Clif H. <cl...@di...>]

There is a new version of the perl-ldap FAQ available.

Changes are minor, spelling corrections and a correction 
to a code snippet.

FAQ has been committed to CVS.

You can view it on the web at;
http://www.utdallas.edu/~charden/FAQ.html


Regards,

Clif Harden           INTERNET:  c-h...@ti...

Re: Authentication

[Kurt D. Z. <Ku...@Op...>]

At 02:13 PM 10/26/00 -0700, Booker C. Bense wrote:
>[1] - This is by no means a slight on the Net::LDAPapi author.  The
>original fault goes back to the Umich Ldap authors who did not use
>kerberos correctly. Net::LDAPapi just provides an interface to this, (
>and does it quite well ).  

I concur.  In OpenLDAP, Kerberos IV bind (kbind) is deprecated
in favor of SASL/GSSAPI.  I believe most other LDAP implementations
have long since stopped support for kbind.

>[3] - Isn't this deprecated? 

Yes.  CRAM-MD5 is deprecated in favor of DIGEST-MD5 (RFC 2831).
Developers should note that DIGEST-MD5 is the LDAPv3
mandatory-to-implement strong authentication mechanism
(RFC 2829).

Kurt

Re: Authentication

[Mark W. <mew...@un...>]

The way LDAP handles that is through SASL and there is (not really tested)
SASL support in Net::LDAP.

Net::LDAPapi had it directly because the underlying UMich C API had it
directly because UMich had Kerberos at UMich.

Mark

Steve Benson wrote:

> Hi:
>
> Are there plans for Net::LDAP to directly support authentication such as
> Kerberos as Net::LDAPapi does?
>
> Thanks,
>
> .......... Steve

Re: Authentication

[Booker C. B. <bb...@ne...>]

On Thu, 26 Oct 2000, Steve Benson wrote:

> Hi:
> 
> Are there plans for Net::LDAP to directly support authentication such as 
> Kerberos as Net::LDAPapi does?
> 

- The kerberos IV auth method in Net::LDAPapi is not the greatest[1].
I would strongly discourage anybody from implementing it again.
 
- It should be phased out in favor of using SASL and 
GSSAPI ( kerberosV ). Unfortunately, stanford's ldap servers
don't support this quite yet[2]. Net::LDAP is capable
of doing SASL and simplest SASL method CRAM-MD5[3]. Doing
an all perl implementation of GSSAPI would be a large
piece of work. 

- Booker C. Bense 

[1] - This is by no means a slight on the Net::LDAPapi author.  The
original fault goes back to the Umich Ldap authors who did not use
kerberos correctly. Net::LDAPapi just provides an interface to this, (
and does it quite well ).  

[2] - Given the current rate of progress, and the impending 
doom of W2k's Active Directory, it won't be soon. 

[3] - Isn't this deprecated? 

Authentication

[Steve B. <ste...@st...>]

Hi:

Are there plans for Net::LDAP to directly support authentication such as 
Kerberos as Net::LDAPapi does?

Thanks,

.......... Steve

Re: CLDAP

[Graham B. <gb...@po...>]

On Thu, Oct 26, 2000 at 09:49:23AM +0100, Chris Ridd wrote:
> CLDAP (RFC 1798) is a kind of minimal subset of LDAPv2 that runs over UDP.
> It only has a search operation and search result, so there's no
> authentication or modification etc. It can be an extremely useful protocol
> though in situations where you want *lots* of really simple lookups. Think
> of it like using DNS. Mail routing via the directory is the reason why
> CLDAP was invented.
> 
> Net::LDAP does not currently support CLDAP. Do you fancy adding support for
> it? The encoding/decoding part is trivial. The more interesting part is the
> different I/O.

I have always intended for Net::LDAP to support CLDAP, I just never got to it.

It could either be by a sub-class, Net::CLDAP, or maybe an option to ->new

If anyone wants to have a go, then go right ahead.

Graham.

> 
> I know that all releases of the MessagingDirect software support CLDAP ;-)
> but do any other servers?
> 
> Cheers,
> 
> Chris

Re: CLDAP

[Chris R. <chr...@me...>]

Bing Du <Bi...@ci...> wrote:
> I have ever posted a question concerning searching speed to
> perl-ldap-dev.  The suggestions I received were to use async mode rather
> than sync mode.  Just saw an article lately concerning how CLDAP is good
> at improving performance. Does Net::LDAP have anything to do with CLDAP?
> Or there is an separate module for taking care of CLDAP operations?  We
> are using MessagingDirect directory server R5.0 on IRIX.  Sorry if this
> question is off topic.
> 
> Thanks,
> 
> Bing
> 
> Bing Du <bi...@ta..., 979-845-9577>
> Texas A&M University, CIS, Operating Systems, Unix

CLDAP (RFC 1798) is a kind of minimal subset of LDAPv2 that runs over UDP.
It only has a search operation and search result, so there's no
authentication or modification etc. It can be an extremely useful protocol
though in situations where you want *lots* of really simple lookups. Think
of it like using DNS. Mail routing via the directory is the reason why
CLDAP was invented.

Net::LDAP does not currently support CLDAP. Do you fancy adding support for
it? The encoding/decoding part is trivial. The more interesting part is the
different I/O.

I know that all releases of the MessagingDirect software support CLDAP ;-)
but do any other servers?

Cheers,

Chris

CLDAP

[Bing D. <Bi...@ci...>]

I have ever posted a question concerning searching speed to
perl-ldap-dev.  The suggestions I received were to use async mode rather
than sync mode.  Just saw an article lately concerning how CLDAP is good
at improving performance. Does Net::LDAP have anything to do with CLDAP?
Or there is an separate module for taking care of CLDAP operations?  We
are using MessagingDirect directory server R5.0 on IRIX.  Sorry if this
question is off topic.

Thanks,

Bing

Bing Du <bi...@ta..., 979-845-9577>
Texas A&M University, CIS, Operating Systems, Unix

Re: New faq file

[Pete <pl...@oz...>]

Clif,

> There is a new perl-ldap FAQ file available.
> The new FAQ has been committed to CVS.

I'm currently reading the FAQ and found this spelling mistake:

Directories also typically are hierarchical in nature (RBBMS is typically flat, 
but you can implement a hierarchy using tables and queries), network-able, 
distributed and replicated. 

Note the RBBMS, unless I'm mistaken, I think it should be RDBMS.



Pete.

protocoll implementation for 'small' ldap server

[<ba...@ta...>]

hi

did someone still made some thougths on implementing the server part of the ldap
protokoll?
it shouln't be a big problem using Convert::ASN1, isn't it?

regards
roman

Net::LDAP FAQ

[Mumford, M. <mar...@co...>]

Graham & Clif,

First let me say a big thanks for the FAQ it is very useful!

A wee suggestion: remove the absolute "href" references, which today all
start with "http://www.utdallas.edu/~charden/FAQ.html" and just make them
relative, then when I save the FAQ on my local disk, I can access the FAQ
locally without going off to the web each time I click to follow an href.

Thanks again.

Mark 

     Mark Mumford
     Technical Office
    COMPAQ - Sophia Antipolis, France
    * Mar...@co...
 * Tel:	+33 (0) 4 92 95 54 94 
 * Fax:	+33 (0) 4 92 95 58 48