perl-ldap-dev

advantages of ldap over dbms

[ritu r. j. <lin...@re...>]

i am new to ldap. please can u let me know the advantages of ldap over usin a database .

_________________________________________________
Get Your Free Email At, http://www.rediffmail.com

For fabulous shopping deals visit: http://www.rediff.co.in/shopping/index.html

Re: problems with resolving groups (rescursive)

[Jurgen B. <ju...@bo...>]

=?iso-8859-1?Q?Bj=F6rn_Nilsson_=28QDT=29?= wrote:
> I'm trying to modify the printMembers.pl script (which is included in the
> Example subdir of the distribution of the LDAP module) to suit my needs. My
> problem is that the script doesn't resolve the sublists at all, or that it
> just resolve the first member of a sublist. What I want is to get each and
> every members (person) attributes to insert them into another database,
> grouped by the mailinglist in question.

I have written a bunch of code to resolve all the members of a group, list
all the groups a person is a member of (memberships), and test for membership
in a group.  This works for nested groups and "dynamic groups" (groups with
memberURL attributes).

I packaged this up as a set of extensions to Net::LDAP by subclassing.  The
idea is that my functions work like searches but may actually do multiple
searches to do their work so they return a specialied Net::LDAP::Search
object.  In other words, you can do this:

  $result = $ldap->get_members($groupdn, 'attrs' => [ 'cn', 'uid', 'title' ]);

And $result will contain all the entries of the members with the specifed
attributes (or all attributes if not specified, just like search).

The code does some mildly interesting things to be efficient, such as
aggregating searches for entries under the same base and going to some 
lengths to avoid having to retrieve the same entry twice... this was
also the motivation for returning the same kind of object as a search, so
I don't have a function that retruns a list of the dn's of members and
then I have to retrieve each member entry again just to get some more
attributes for it.

I'm calling this kind of thing a "metasearch".  Ideally metasearches should
work exactly like normal ones to the consumer, including doing them async,
but I haven't actually implemented async yet.

I was going to handle async and improve some things before releasing this,
but if there's sufficient interest I'll see if I can package it up now and
pass it on.

I'm also in interested in what people (especially Graham) think about this
approach to doing complex or semantic searches.  Is subclassing Net::LDAP
and Net::LDAP::Search the right way to go?  What should I call this thing?
(right now it's called Eazel::LDAP because I work at Eazel and I wrote it
for a work-related project.)

- Jürgen Botz

Re: enumerating groups

[Padraig R. <rya...@it...>]

For those of you interested here is the function to enumerate groups from an
ldap server - note the $Search_Base variable needs to be set globally before
calling. It calls the secondary search_Ldap() function provided.

Thanks to Mark Wilcox for the broader search filter.

Padraig.

##############################################
## Function to return All Groups from Ldap   ##
##############################################

sub Get_Groups {

# Arguments to be passed in the following format..
# &Get_Groups;

 $ldap=Net::LDAP->new($Ldap_Server) or die 'Problem with Ldap $@';

 $Filter='(|(objectclass=groupOfUniqueNames)(objectclass=groupOfNames))';
 $result=&Search_Ldap($Search_Base, $Filter);

 @entries = $result->all_entries; #Store all found groups in table,
 $i = 0;
 foreach (@entries) {
   $ptr = $_->get('cn');
   foreach $member (@$ptr){ #store each memberid in table
    @memberData = split(/,/, $member);
    $Groups[$i] = $memberData[0];
    }
    $i++;
     }

return $Groups;
}



#################################
### Function to Search Ldap #####
#################################
sub Search_Ldap {
# Arguments to be passed in the following format..
# &Search_Ldap($Search_Base, $Filter);

 my ($Search_Base, $Filter) = @_;

  $mesg=$ldap->search (base=>$Search_Base,filter=>$Filter);
  $mesg->code && die $mesg->error; #on errors, show error mesg and quit

return $mesg;
}

----------------------------------------------------------------
Padraig Ryan
IT Manager
Institute of Technology, Sligo
Ireland

P +353(0)71.55365
F +353(0)71.60475
M +353(0)87.2334062
E rya...@it...
W http://www.itsligo.ie/staff/pryan

----- Original Message -----
From: "Mark Wilcox" <mew...@un...>
To: "Padraig Ryan" <rya...@it...>
Cc: "LDAP Mailing List" <per...@li...>
Sent: Friday, October 06, 2000 2:31 PM
Subject: Re: enumerating groups


> You might want to look at the "printMembers.pl and ismember.pl" scripts in
> the contrib directory.
>
> Mark
>
> On Fri, 6 Oct 2000, Padraig Ryan wrote:
>
> > Hi,
> >
> > Does anyone have a code snippet that will enumerate the groups from an
ldap
> > server.
> >
> > I have the follwing but am a bit stuck...Thanks.
> >
> > Padraig
> >
> > ##############################################
> > ## Funtion to return All Groups from Ldap   ##
> > ##############################################
> >
> > sub Get_Groups {
> >
> > # Arguments to be passed in the following format..
> > # &Get_Groups;
> >
> >  $ldap=Net::LDAP->new($Ldap_Server) or die 'Problem with Ldap $@';
> >  $Filter='(&(cn=*)(objectClass=groupOfUniqueNames))';  #search for all
> > Groups
> >
> >  $result=&Search_Ldap($Search_Base, $Filter);
> >  print "<BR>====DEBUG==== result of group search=".$result if $DEBUG;
> >
> >  @entries = $result->all_entries; #Store all found groups in table,
> >  print "<BR>====DEBUG==== entries=".@entries if $DEBUG;
> >
> >  foreach (@entries) {
> >    $ptr = $_->get('Name');
> >    $i = 0;
> >    foreach $member (@$ptr){ #store each memberid in table
> >     @memberData = split(/,/, $member);
> >     $memberData[0] = substr($memberData[0], 4);
> >     print "<BR>====DEBUG==== Groups=".$Groups[$i] if $DEBUG;
> >
> >     $Groups[$i] = $memberData[0];
> >     $i++;
> >       }
> >        }
> > return $Groups;
> > }
> >
> >
> > ----------------------------------------------------------------
> > Padraig Ryan
> > IT Manager
> > Institute of Technology, Sligo
> > Ireland
> >
> > P +353(0)71.55365
> > F +353(0)71.60475
> > M +353(0)87.2334062
> > E rya...@it...
> > W http://www.itsligo.ie/staff/pryan
> >
> >
> >
>

Re: Sort Response Error

[Graham B. <gb...@po...>]

What do you get from

  $mesg->control( LDAP_CONTROL_SORTRESULT )->result;

Did you have critical set to true ? Maybe the command line does.

If you did not and the server does not want to support it, then
it will just ignore you sent it.

Graham.


On Thu, Oct 05, 2000 at 04:01:02PM -0700, Jeff Mandel wrote:
> When using a server side sort for group owners, I'm getting mixed sort
> control errors.
> 
> Issue 1 for Net::LDAP:
> The result returned by LDAP_CONTROL might not be consistent with the
> command line in this case
> I query the LDAP for some groups, server side sorted by owner.
> ($resp->result); doesn't contain anything, but the groups are not sorted
> by owner.
> 
> >From the command line, ldapsearch -b
> ou=leiden,ou=groups,ou=peopl,o=probes -h mole -x -S "owner cn"
> (&(objectclass=groupofuniquenames)(objectclass=mailgroup))" owner cn
> 
> I get the same list of groups and attributes, also not sorted by owner.
> Looks more like ldif order - groups listed in the order they were set
> up. After the list is finished, it's followed by an error:
> Server reported sorting error 53: unable to sort
> 
> LDAP log shows no sign of the error (neither does the error log), and
> what looks like a good sort:
> [05/Oct/2000:15:37:50 -0700] conn=1946 fd=60 slot=60 connection from
> 10.1.8.10 to 10.1.2.5
> [05/Oct/2000:15:37:50 -0700] conn=1946 op=0 SRCH
> base="ou=leiden,ou=groups,ou=people,o=probes" scope=2
> filter="(&(objectclass=groupofuniquenames)(objectclass=mailgroup))"
> [05/Oct/2000:15:37:50 -0700] conn=1946 op=0 SORT owner cn (4)
> [05/Oct/2000:15:37:50 -0700] conn=1946 op=0 RESULT err=0 tag=101
> nentries=4 etime=0
> [05/Oct/2000:15:37:50 -0700] conn=1946 op=1 UNBIND
> [05/Oct/2000:15:37:50 -0700] conn=1946 op=1 fd=60 closed - U1
> 
> Why might the $mesg->control( LDAP_CONTROL_SORTRESULT ); not show the
> error if the command line tool does?
> 
> Issue 2 for the LDAP server:
> Why wouldn't the server sort my request by owner. I've sorted by all
> kinds of other attributes, indexed and non indexed. This is an
> iPlanet/Netscape Directory server 4.11. Has anyone else seen this
> behavior sorting groups by owner?
> 
> Thanks,
> 
> Jeff
> 

Re: enumerating groups

[Mark W. <mew...@un...>]

You might want to look at the "printMembers.pl and ismember.pl" scripts in
the contrib directory.

Mark

On Fri, 6 Oct 2000, Padraig Ryan wrote:

> Hi,
> 
> Does anyone have a code snippet that will enumerate the groups from an ldap
> server.
> 
> I have the follwing but am a bit stuck...Thanks.
> 
> Padraig
> 
> ##############################################
> ## Funtion to return All Groups from Ldap   ##
> ##############################################
> 
> sub Get_Groups {
> 
> # Arguments to be passed in the following format..
> # &Get_Groups;
> 
>  $ldap=Net::LDAP->new($Ldap_Server) or die 'Problem with Ldap $@';
>  $Filter='(&(cn=*)(objectClass=groupOfUniqueNames))';  #search for all
> Groups
> 
>  $result=&Search_Ldap($Search_Base, $Filter);
>  print "<BR>====DEBUG==== result of group search=".$result if $DEBUG;
> 
>  @entries = $result->all_entries; #Store all found groups in table,
>  print "<BR>====DEBUG==== entries=".@entries if $DEBUG;
> 
>  foreach (@entries) {
>    $ptr = $_->get('Name');
>    $i = 0;
>    foreach $member (@$ptr){ #store each memberid in table
>     @memberData = split(/,/, $member);
>     $memberData[0] = substr($memberData[0], 4);
>     print "<BR>====DEBUG==== Groups=".$Groups[$i] if $DEBUG;
> 
>     $Groups[$i] = $memberData[0];
>     $i++;
>       }
>        }
> return $Groups;
> }
> 
> 
> ----------------------------------------------------------------
> Padraig Ryan
> IT Manager
> Institute of Technology, Sligo
> Ireland
> 
> P +353(0)71.55365
> F +353(0)71.60475
> M +353(0)87.2334062
> E rya...@it...
> W http://www.itsligo.ie/staff/pryan
> 
> 
> 

Re: enumerating groups

[Padraig R. <rya...@it...>]

Hi,

Does anyone have a code snippet that will enumerate the groups from an ldap
server.

I have the follwing but am a bit stuck...Thanks.

Padraig

##############################################
## Funtion to return All Groups from Ldap   ##
##############################################

sub Get_Groups {

# Arguments to be passed in the following format..
# &Get_Groups;

 $ldap=Net::LDAP->new($Ldap_Server) or die 'Problem with Ldap $@';
 $Filter='(&(cn=*)(objectClass=groupOfUniqueNames))';  #search for all
Groups

 $result=&Search_Ldap($Search_Base, $Filter);
 print "<BR>====DEBUG==== result of group search=".$result if $DEBUG;

 @entries = $result->all_entries; #Store all found groups in table,
 print "<BR>====DEBUG==== entries=".@entries if $DEBUG;

 foreach (@entries) {
   $ptr = $_->get('Name');
   $i = 0;
   foreach $member (@$ptr){ #store each memberid in table
    @memberData = split(/,/, $member);
    $memberData[0] = substr($memberData[0], 4);
    print "<BR>====DEBUG==== Groups=".$Groups[$i] if $DEBUG;

    $Groups[$i] = $memberData[0];
    $i++;
      }
       }
return $Groups;
}


----------------------------------------------------------------
Padraig Ryan
IT Manager
Institute of Technology, Sligo
Ireland

P +353(0)71.55365
F +353(0)71.60475
M +353(0)87.2334062
E rya...@it...
W http://www.itsligo.ie/staff/pryan

Sort Response Error

[Jeff M. <jef...@pr...>]

When using a server side sort for group owners, I'm getting mixed sort
control errors.

Issue 1 for Net::LDAP:
The result returned by LDAP_CONTROL might not be consistent with the
command line in this case
I query the LDAP for some groups, server side sorted by owner.
($resp->result); doesn't contain anything, but the groups are not sorted
by owner.

From the command line, ldapsearch -b
ou=leiden,ou=groups,ou=peopl,o=probes -h mole -x -S "owner cn"
(&(objectclass=groupofuniquenames)(objectclass=mailgroup))" owner cn

I get the same list of groups and attributes, also not sorted by owner.
Looks more like ldif order - groups listed in the order they were set
up. After the list is finished, it's followed by an error:
Server reported sorting error 53: unable to sort

LDAP log shows no sign of the error (neither does the error log), and
what looks like a good sort:
[05/Oct/2000:15:37:50 -0700] conn=1946 fd=60 slot=60 connection from
10.1.8.10 to 10.1.2.5
[05/Oct/2000:15:37:50 -0700] conn=1946 op=0 SRCH
base="ou=leiden,ou=groups,ou=people,o=probes" scope=2
filter="(&(objectclass=groupofuniquenames)(objectclass=mailgroup))"
[05/Oct/2000:15:37:50 -0700] conn=1946 op=0 SORT owner cn (4)
[05/Oct/2000:15:37:50 -0700] conn=1946 op=0 RESULT err=0 tag=101
nentries=4 etime=0
[05/Oct/2000:15:37:50 -0700] conn=1946 op=1 UNBIND
[05/Oct/2000:15:37:50 -0700] conn=1946 op=1 fd=60 closed - U1

Why might the $mesg->control( LDAP_CONTROL_SORTRESULT ); not show the
error if the command line tool does?

Issue 2 for the LDAP server:
Why wouldn't the server sort my request by owner. I've sorted by all
kinds of other attributes, indexed and non indexed. This is an
iPlanet/Netscape Directory server 4.11. Has anyone else seen this
behavior sorting groups by owner?

Thanks,

Jeff

Re: problems with resolving groups (rescursive)

[Graham B. <gb...@po...>]

Would you care to send a patch to update/improve the script ?

Graham.

On Thu, Oct 05, 2000 at 12:48:51PM -0500, Mark Wilcox wrote:
> Hi,
> Actually this is an early attempt. If you look at my code for
> Apache::AuthzNetLDAP on CPAN, you can see a better way that handles the 3
> types of groups:
> groupOfUniquenames, groupOfNames, groupOfURLs (which are Netscape Dynamic
> groups).
> 
> I just reread my printMembers.pl script again. All I checked for is
> groupOfUniquenames, which is the most common occurance, at least with
> Netscape and Novell LDAP servers. If you're using openLDAP you'll likely
> be using groupOfNames which uses the member attribute, so change any
> occurance of "uniquemember" to member & the code should work fine.
> 
> Ideally it would handle either occurance but I haven't had time to do
> that. If you can make it work this way, send me a patch & I'll add it for
> the next release.
> 
> I wrote an example scrip that handled all 3 occurances in the May issue of
> WebTechniques. I don't have the code handy, but it might be at the
> WebTechniques.com site.

Re: problems with resolving groups (rescursive)

[Mark W. <mew...@un...>]

Hi,
Actually this is an early attempt. If you look at my code for
Apache::AuthzNetLDAP on CPAN, you can see a better way that handles the 3
types of groups:
groupOfUniquenames, groupOfNames, groupOfURLs (which are Netscape Dynamic
groups).

I just reread my printMembers.pl script again. All I checked for is
groupOfUniquenames, which is the most common occurance, at least with
Netscape and Novell LDAP servers. If you're using openLDAP you'll likely
be using groupOfNames which uses the member attribute, so change any
occurance of "uniquemember" to member & the code should work fine.

Ideally it would handle either occurance but I haven't had time to do
that. If you can make it work this way, send me a patch & I'll add it for
the next release.

I wrote an example scrip that handled all 3 occurances in the May issue of
WebTechniques. I don't have the code handy, but it might be at the
WebTechniques.com site.


Mark

On Thu, 5 Oct 2000, [iso-8859-1] Björn Nilsson (QDT) wrote:

> Hi all!
> 
> I'm trying to modify the printMembers.pl script (which is included in the
> Example subdir of the distribution of the LDAP module) to suit my needs. My
> problem is that the script doesn't resolve the sublists at all, or that it
> just resolve the first member of a sublist. What I want is to get each and
> every members (person) attributes to insert them into another database,
> grouped by the mailinglist in question.
> 
> What I do is:
> 
> #!/usr/local/bin/perl
> 
> use Net::LDAP qw(:all);
> 
> $cnt = 0;
> # the connection to the ldap server is configured here
> $server = "an_exchangeserver.ericsson.se";
> $port = getservbyname("ldap", "tcp") || "389";
> $basedn = "o=ericsson";
> $scope = "base";
> $which = "AXE Swingers"; # No, there is no group in ericsson with that name
> :-)
> 
> # escape ( and ) if present
> $which =~ s/\(/\\(/g;
> $which =~ s/\)/\\)/g;
> 
> $c = new Net::LDAP($server) or die "Unable to connect to $server: $@\n";
> 
> $c->bind() or die "Unable to bind: $@\n";
> 
> my @attrs = ['dn', 'objectClass', 'member'];
> 
> eval
> {
> 	my $searchobj = $c->search(
> 					base => $basedn, 
> 					scope => $scope, 
> 					filter =>
> "(&(cn=$which)(objectClass=groupOfNames) )", 
> 					#attrs => @attrs 
> 					);
> 	die "Bad search, errorcode #" . $searchobj->code() if
> $searchobj->code();	
> 	my $entry = $searchobj->pop_entry();	
> 	my $groupDN = $entry->dn();	
> 	&printMembers($groupDN);
> };
> 
> $c->unbind();
> 
> sub printMembers
> {
> 	my $dn = @_[0];
> 	print "\t$dn\n";
> 	my @attrs = ['dn', 'member'];
> 	my $searchobj = $c->search(
> 		base => $dn,
> 		scope => 'base',
> 		filter => "objectClass=*",
> 		#attrs => @attrs
> 		);
> 	die $searchobj->error if $searchobj->code;
> #	eval
> #	{		
> #		foreach $entry2 ($searchobj->all_entries) { $entry2->dump; }
> #	};
> 
> 	
> 	eval
> 	{
> 		# should only be one entry
> 		my $entry = $searchobj->pop_entry();		
> 		print "\nMembers of group: $dn\n";		
> 		# returns an array reference
> 		my $values = $entry->get("member");
> 		
> 		foreach my $val ( @{$values} )
> 		{
> 			print "$val\n";
> 			my $isGroup = 0; #Lets us know if the entry is also
> a group, default no.
> 			# my @entryAttrs = ["objectClass", "member", "cn"];
> 			
> 			$mesg = $c->search(
> 						base => $val,
> 						scope => 'base',
> 						filter => "objectClass=*",
> 						#attrs => @entryAttrs
> 						);
> 			die $mesg->error if $mesg->code;
> 			#foreach $entry2 ($mesg->all_entries) {
> $entry2->dump; }
> 			eval
> 			{
> 				my $entry = $mesg->pop_entry();
> 				#if ($attr)
> 				#{
> 				#	my $values = $entry->get($attr);
> 				#	foreach my $vals ( @{$values} )
> 				#	{
> 				#		print $vals . "\n";
> 				#	}	
> 				#}
> 				#else
> 				#{
> 					print "$val\n";
> 				#}
> 				
> 				my $values = $entry->get("objectClass");
> 				# This value is also a group, print the
> members of it as well
> 				
> 				&printMembers($entry->dn(), $attr) if (grep
> /groupOfNames/i, @{$values} );
> 			};				
> 		}
> 	};
> 	return 0;
> }
> 

problems with resolving groups (rescursive)

[<Bjo...@bc...>]

Hi all!

I'm trying to modify the printMembers.pl script (which is included in the
Example subdir of the distribution of the LDAP module) to suit my needs. My
problem is that the script doesn't resolve the sublists at all, or that it
just resolve the first member of a sublist. What I want is to get each and
every members (person) attributes to insert them into another database,
grouped by the mailinglist in question.

What I do is:

#!/usr/local/bin/perl

use Net::LDAP qw(:all);

$cnt = 0;
# the connection to the ldap server is configured here
$server = "an_exchangeserver.ericsson.se";
$port = getservbyname("ldap", "tcp") || "389";
$basedn = "o=ericsson";
$scope = "base";
$which = "AXE Swingers"; # No, there is no group in ericsson with that name
:-)

# escape ( and ) if present
$which =~ s/\(/\\(/g;
$which =~ s/\)/\\)/g;

$c = new Net::LDAP($server) or die "Unable to connect to $server: $@\n";

$c->bind() or die "Unable to bind: $@\n";

my @attrs = ['dn', 'objectClass', 'member'];

eval
{
	my $searchobj = $c->search(
					base => $basedn, 
					scope => $scope, 
					filter =>
"(&(cn=$which)(objectClass=groupOfNames) )", 
					#attrs => @attrs 
					);
	die "Bad search, errorcode #" . $searchobj->code() if
$searchobj->code();	
	my $entry = $searchobj->pop_entry();	
	my $groupDN = $entry->dn();	
	&printMembers($groupDN);
};

$c->unbind();

sub printMembers
{
	my $dn = @_[0];
	print "\t$dn\n";
	my @attrs = ['dn', 'member'];
	my $searchobj = $c->search(
		base => $dn,
		scope => 'base',
		filter => "objectClass=*",
		#attrs => @attrs
		);
	die $searchobj->error if $searchobj->code;
#	eval
#	{		
#		foreach $entry2 ($searchobj->all_entries) { $entry2->dump; }
#	};

	
	eval
	{
		# should only be one entry
		my $entry = $searchobj->pop_entry();		
		print "\nMembers of group: $dn\n";		
		# returns an array reference
		my $values = $entry->get("member");
		
		foreach my $val ( @{$values} )
		{
			print "$val\n";
			my $isGroup = 0; #Lets us know if the entry is also
a group, default no.
			# my @entryAttrs = ["objectClass", "member", "cn"];
			
			$mesg = $c->search(
						base => $val,
						scope => 'base',
						filter => "objectClass=*",
						#attrs => @entryAttrs
						);
			die $mesg->error if $mesg->code;
			#foreach $entry2 ($mesg->all_entries) {
$entry2->dump; }
			eval
			{
				my $entry = $mesg->pop_entry();
				#if ($attr)
				#{
				#	my $values = $entry->get($attr);
				#	foreach my $vals ( @{$values} )
				#	{
				#		print $vals . "\n";
				#	}	
				#}
				#else
				#{
					print "$val\n";
				#}
				
				my $values = $entry->get("objectClass");
				# This value is also a group, print the
members of it as well
				
				&printMembers($entry->dn(), $attr) if (grep
/groupOfNames/i, @{$values} );
			};				
		}
	};
	return 0;
}

Re: Having a problem with Net::LDAP - retrieving and using attribute values

[Edward S. H. L. 2358-6. <lbs...@us...>]

Jim,

Thanks - the lightbulb lit up that time!
The script works fine now, so I will move on to fixing the other issues.  :)

-Edward

At 7:43 AM -0400 3/10/00 [their time], Jim Harle wrote: 
>First, after checking to see that you only got one result back, you need
>to grab the entry object for that result.  E.g.,
>  my $entry = $result->entry(0);
> 
>Then to get the vaules returned, instead of using things like:
>     $perstitle = $result->personaltitle;
>you should use
>   $perstitle = $entry->get_value('personaltitle')
>
>That should help you make progress.
>  --Jim harle

- - - - -
Edward F Spodick, Systems Librarian - lbs...@us...
Hong Kong University of Science & Technology Library
tel:  852-2358-6743     fax:  852-2358-1043

Re: Having a problem with Net::LDAP - retrieving and using attribute values

[Jim H. <ha...@us...>]

First, after checking to see that you only got one result back, you need
to grab the entry object for that result.  E.g.,
  my $entry = $result->entry(0);
 
Then to get the vaules returned, instead of using things like:
     $perstitle = $result->personaltitle;
you should use
   $perstitle = $entry->get_value('personaltitle')

That should help you make progress.
  --Jim harle

On Tue, 3 Oct 2000, Edward Spodick, HKUST Library, 2358-6743 wrote:

> 
> I am trying to run a search on our LDAP server and use the results to
> automatically fill out certain fields in our forms.  I am stumped
> trying to assign specific LDAP attribute values to form variables.  I
> am certainly doing something fundamentally wrong.  Any help would be
> greatly appreciated.  I am working with Solaris 2.6 on a Sun
> workstation, with Perl 5.005 and Net::LDAP 0.22
> 
> Our Library has about 15-20 online forms which our users can fill out
> to request various services, from asking Reference questions to
> requesting Interlibrary Loan of books and journals.  All of these
> forms require the user to authenticate using HTTP 'basic'
> authentication.  Our Apache web server matches their username/password
> combination against the campus LDAP server for authorization to access
> the form(s).  That places their username into the HTTP environment
> variable 'REMOTE_USER'.  The form then asks the suer to fill out
> various other personal information fields, including their name,
> department, position, etc.  All of that personal information is also
> contained in their LDAP record, so I am trying to modify the scripts
> so that a Net::LDAP search can be done against their already
> authenticated username, and to retrieve the values the form requires
> so that the user does not have to enter them manually, and to assure
> that we have accurate and consistent formatting of the ! results (as
> consistent as the data in the LDAP records anyway).
> 
> So I am writing a subroutine which will be called by the script which generates the form, which will do this search and retrieval.  The script will then use the retrieved variables to fill in the personal information fields of the form.
> 
> But I am not doing it right.
> 
> Here is the subroutine I am calling:
> 
> sub ldapcheck {
>     use Net::LDAP;
>     # Get username from authenticated environment variable
>     my $username = $ENV{'REMOTE_USER'};
>     my $host = "ldap.ust.hk";
>     my $base = "o=ust.hk";
>     my $ldap = Net::LDAP->new($host) or die "$@";
> 
> # LDAP SEARCH
>     my $result = $ldap->search(
>                                base => $base,
>                                filter => "uid=$username"
>                               );
> 
> # ERROR TRAP
>     use Net::LDAP::Util qw(ldap_error_text);
>     die ldap_error_text($result->code) if $result->code;
> 
> # TEST FOR UNIQUENESS
>     die "Your LDAP entry is not unique." if $result->count() != 1;
> 
> # ASSIGN VARIABLES TO ATTRIBUTES WANTED  --  THIS IS Definitely WRONG...
>     $perstitle = $result->personaltitle;
>     $pname = $result->sn;
>     $gname = $result->givenname;
>     $jobtitle = $result->title;
>     $dept = $result->ou;
>     $email = $result->mail;
>     $phone = $result->telephonenumber;
>     $position = $result->userclass;
> }
> 
> 
> I then try to 
> print "$perstitle"; 
> and other variables in the generated form, but this is not working.
> 
> This subroutine is called here:
> 
> #!/usr/local/bin/perl
> require "cgi-lib.pl";
> MAIN:
> {
>   my ($pname, $gname, $dept, $position, $perstitle, $email, $phone, $jobtitle);
>   &ldapcheck;
> 
> # Read in all the variables set by the form
>   if (&ReadParse(*input)) {
>     &ProcessForm;
>   } else {
>     &PrintForm;
>   }
> }
> 
> Presently, trying to run this script yields the following error:
> "Can't locate object method "personaltitle" via package "Net::LDAP::Entry" at req-book2.pl line 480."
> 
> Line 480 is the
>     $perstitle = $result->personaltitle;
> line from the above subroutine.
> 
> Once I get the LDAP retrieval working, I will be rewriting these old forms to use CGI.pm instead of cgi-lib.pl, and also to fix the tainted variables left from the earlier programming.
> 
> As to the ldap field names, I have been provided with a copy of my ldap record, so that I can be sure I have the attribute names correct:
> 
>    uid=lbspodic,ou=people,o=ust.hk 
>    cn: SPODICK Edward F 
>    cn;lang-zh-tw: ¬€v¬„ˆï¬ºw 
>    departmentcode: LIB 
>    facsimiletelephonenumber: 2358-1043 
>    givenname: Edward F 
>    labeleduri: http://home.ust.hk/~lbspodic/ 
>    mail: lbs...@us... 
>    mailhost: uxmail.ust.hk 
>    maillocaladdress: lbs...@us... 
>    mailquota: 100000000 
>    mailroutingaddress: lbs...@ux... 
>    objectclass: top person organizationalPerson inetOrgPerson ustPerson inetLocalMailRecipient 
>    ou: Library 
>    personaltitle: Mr 
>    roomnumber: 1358 
>    sn: SPODICK 
>    telephonenumber: 23586743 
>    title: Systems Librarian 
>    uid: lbspodic 
>    userclass: staff
> 
> 
> I am not skilled at Perl (probably very obviously).  I suspect there is something fundamentally wrong with some aspect of my approach.
> 
> Hoping for assistance, I remain,
> 
> -Edward Spodick, lbs...@us...
> 
> - - - - -
> Edward F Spodick, Systems Librarian - lbs...@us...
> Hong Kong University of Science & Technology Library
> tel:  852-2358-6743     fax:  852-2358-1043
> 

Re: Can't locate object method "code"

[Graham B. <gb...@po...>]

On Tue, Oct 03, 2000 at 12:39:19AM -0700, Robert Chien wrote:
> On Fri, Sep 29, 2000 at 09:37:20AM +0100, Graham Barr wrote:
> > On Fri, Sep 29, 2000 at 12:03:22AM -0700, Robert Chien wrote:
> > > Greetings,
> > > 
> > > I'm putting together some code and learning perl-ldap for
> > > the first time. I've run into a deadend and hope some of you
> > > may provide some insight here.
> > > 
> > > What I'm trying to do is quite simple, just adding an entry
> > > to a LDAP server. 
> > > 
> > >     $ldap->bind ( dn       => "cn=something",
> > >                   password => "somepasswd" );
> > >     $result = Net::LDAP::Entry->new;
> > >     $result->add (
> > >         dn   => 'uid=$username,$base',

Ah, missed this before. The dn is not an attribute per-se. You must
set it via

  $result->dn('uid=$username,$base');

Although I suspect you want " not ' there

Graham.

> > >         attr => [ 'objectclass' => [ 'top', 'person',
> > >                                      'organizationalPerson',
> > >                                      'inetOrgPerson',
> > >                                      'inetUser' ],
> > >                   'mail'                => '$mail',
> > >                   'userPassword'        => ''
> > >                 ]
> > >               );
> > >     $result->update( $ldap );
> > 
> > Here is your problem.
> > 
> >       $mesg = $result->update( $ldap );
> > 
> >       $mesg->code && warn "failed to add entry: ", $mesg->error;
> 
> Thanks. After changing the script per your suggestion, I
> get:
> 
> failed to add entry: objectName at
> /usr/perl5/site_perl/5.005/Convert/ASN1/_encode.pm line 47.
> 
> I have double-checked for typos, but couldn't find any.
> 
> Robert
> 
> > >     $result->code && warn "failed to add entry: ", $result->error;
> > >     $ldap->unbind;
> > > 
> > > This is pretty much out of the perldoc, but when I try to
> > 
> > I hope not.
> > 
> > Graham.

Re: [Fwd] Re: Catch-22 problem with accessing $entry->{attrs} with perl-ldap-0.16-0.22

[Graham B. <gb...@po...>]

On Mon, Oct 02, 2000 at 07:16:09PM -0400, Eric Nichols wrote:
> I'm not sure if this helps but I've used perldap and they have a nice way of
> accessing the info:
> 
> $name=$entry->{cn}[0]
> or
> @names=$entry->{cn}
> 
> It's real nice because you can use it in loops etc.
> hope this helps...

This breaks OO encapsulation and prevents $entry holding anything except
attributes. Net::LDAP stores other information in thre too.

Also it is not hard to do either

  foreach $attr ($entry->get_value('cn')) { ... }

or assign it to an array

Graham.




> ----- Original Message -----
> From: "Graham Barr" <gb...@po...>
> To: <per...@li...>
> Sent: Friday, September 29, 2000 9:38 AM
> Subject: Re: Catch-22 problem with accessing $entry->{attrs} with
> perl-ldap-0.16-0.22
> 
> 
> > In the latest release there is an $entry->exists( $attr ) method
> >
> > Graham.
> >
> > On Fri, Sep 29, 2000 at 07:53:30AM -0400, Eric Boehm wrote:
> > > I recently upgraded from perl-ldap-0.13 to perl-ldap-0.22 and some code
> I had
> > > written broke.
> > >
> > > I dropped back to 0.13 and downloaded every version since then. The
> problem
> > > starts in perl-ldap-0.16 where attrs is a cache.
> > >
> > > I have code that looks like this
> > >
> > >     $mail_address = ${ $entry->get( $external_addr ) }[0]
> > >       if ( $entry->{attrs}{$external_addr} );
> > >
> > >     unless ( $mail_address ) {
> > >       $mail_address = ${ $entry->get( $internal_addr ) }[0]
> > >         if ( $entry->{attrs}{$internal_addr} );
> > >     }
> > >
> > > I did this to avoid error messages about uninitialized values. However,
> I see
> > > that in 0.16 the attrs hash doesn't get built until $entry->get is
> called.
> > >
> > > So ... I have a catch-22 -- I can't check to see if an attribute exists
> > > without getting a possibly non-existent attribute.
> > >
> > > Is there a better way to code for this situation? I tried a couple of
> ways to
> > > call _build_attrs directly but I couldn't seem to get the syntax right
> > > ( $entry->_build_attrs and $entry->Net::LDAP::Entry::_build_attrs).
> > >
> > > Please cc to my email address as well as the list. I am trying to
> subscribe to
> > > the list but I don't know how long it will take.
> > >
> > > Thanks in advance,
> > > --
> > > Eric M. Boehm                               bo...@no...
> >
> 

On Tue, Oct 03, 2000 at 07:30:48AM +0100, Graham Barr wrote:
> ----- Forwarded message from Eric Nichols <eni...@cp...> -----
> 
> From: "Eric Nichols" <eni...@cp...>
> To: "Graham Barr" <gb...@po...>
> Subject: Re: Catch-22 problem with accessing $entry->{attrs} with perl-ldap-0.16-0.22
> Date: Mon, 2 Oct 2000 19:16:09 -0400
> X-Mailer: Microsoft Outlook Express 5.50.4133.2400
> 
> I'm not sure if this helps but I've used perldap and they have a nice way of
> accessing the info:
> 
> $name=$entry->{cn}[0]
> or
> @names=$entry->{cn}
> 
> It's real nice because you can use it in loops etc.
> hope this helps...
> ----- Original Message -----
> From: "Graham Barr" <gb...@po...>
> To: <per...@li...>
> Sent: Friday, September 29, 2000 9:38 AM
> Subject: Re: Catch-22 problem with accessing $entry->{attrs} with
> perl-ldap-0.16-0.22
> 
> 
> > In the latest release there is an $entry->exists( $attr ) method
> >
> > Graham.
> >
> > On Fri, Sep 29, 2000 at 07:53:30AM -0400, Eric Boehm wrote:
> > > I recently upgraded from perl-ldap-0.13 to perl-ldap-0.22 and some code
> I had
> > > written broke.
> > >
> > > I dropped back to 0.13 and downloaded every version since then. The
> problem
> > > starts in perl-ldap-0.16 where attrs is a cache.
> > >
> > > I have code that looks like this
> > >
> > >     $mail_address = ${ $entry->get( $external_addr ) }[0]
> > >       if ( $entry->{attrs}{$external_addr} );
> > >
> > >     unless ( $mail_address ) {
> > >       $mail_address = ${ $entry->get( $internal_addr ) }[0]
> > >         if ( $entry->{attrs}{$internal_addr} );
> > >     }
> > >
> > > I did this to avoid error messages about uninitialized values. However,
> I see
> > > that in 0.16 the attrs hash doesn't get built until $entry->get is
> called.
> > >
> > > So ... I have a catch-22 -- I can't check to see if an attribute exists
> > > without getting a possibly non-existent attribute.
> > >
> > > Is there a better way to code for this situation? I tried a couple of
> ways to
> > > call _build_attrs directly but I couldn't seem to get the syntax right
> > > ( $entry->_build_attrs and $entry->Net::LDAP::Entry::_build_attrs).
> > >
> > > Please cc to my email address as well as the list. I am trying to
> subscribe to
> > > the list but I don't know how long it will take.
> > >
> > > Thanks in advance,
> > > --
> > > Eric M. Boehm                               bo...@no...
> >
> 
> 
> ----- End forwarded message -----

[Fwd] Re: Catch-22 problem with accessing $entry->{attrs} with perl-ldap-0.16-0.22

[Graham B. <gb...@po...>]

----- Forwarded message from Eric Nichols <eni...@cp...> -----

From: "Eric Nichols" <eni...@cp...>
To: "Graham Barr" <gb...@po...>
Subject: Re: Catch-22 problem with accessing $entry->{attrs} with perl-ldap-0.16-0.22
Date: Mon, 2 Oct 2000 19:16:09 -0400
X-Mailer: Microsoft Outlook Express 5.50.4133.2400

I'm not sure if this helps but I've used perldap and they have a nice way of
accessing the info:

$name=$entry->{cn}[0]
or
@names=$entry->{cn}

It's real nice because you can use it in loops etc.
hope this helps...
----- Original Message -----
From: "Graham Barr" <gb...@po...>
To: <per...@li...>
Sent: Friday, September 29, 2000 9:38 AM
Subject: Re: Catch-22 problem with accessing $entry->{attrs} with
perl-ldap-0.16-0.22


> In the latest release there is an $entry->exists( $attr ) method
>
> Graham.
>
> On Fri, Sep 29, 2000 at 07:53:30AM -0400, Eric Boehm wrote:
> > I recently upgraded from perl-ldap-0.13 to perl-ldap-0.22 and some code
I had
> > written broke.
> >
> > I dropped back to 0.13 and downloaded every version since then. The
problem
> > starts in perl-ldap-0.16 where attrs is a cache.
> >
> > I have code that looks like this
> >
> >     $mail_address = ${ $entry->get( $external_addr ) }[0]
> >       if ( $entry->{attrs}{$external_addr} );
> >
> >     unless ( $mail_address ) {
> >       $mail_address = ${ $entry->get( $internal_addr ) }[0]
> >         if ( $entry->{attrs}{$internal_addr} );
> >     }
> >
> > I did this to avoid error messages about uninitialized values. However,
I see
> > that in 0.16 the attrs hash doesn't get built until $entry->get is
called.
> >
> > So ... I have a catch-22 -- I can't check to see if an attribute exists
> > without getting a possibly non-existent attribute.
> >
> > Is there a better way to code for this situation? I tried a couple of
ways to
> > call _build_attrs directly but I couldn't seem to get the syntax right
> > ( $entry->_build_attrs and $entry->Net::LDAP::Entry::_build_attrs).
> >
> > Please cc to my email address as well as the list. I am trying to
subscribe to
> > the list but I don't know how long it will take.
> >
> > Thanks in advance,
> > --
> > Eric M. Boehm                               bo...@no...
>


----- End forwarded message -----

Re: Can't locate object method "code"

[Robert C. <rob...@su...>]

On Fri, Sep 29, 2000 at 09:37:20AM +0100, Graham Barr wrote:
> On Fri, Sep 29, 2000 at 12:03:22AM -0700, Robert Chien wrote:
> > Greetings,
> > 
> > I'm putting together some code and learning perl-ldap for
> > the first time. I've run into a deadend and hope some of you
> > may provide some insight here.
> > 
> > What I'm trying to do is quite simple, just adding an entry
> > to a LDAP server. 
> > 
> >     $ldap->bind ( dn       => "cn=something",
> >                   password => "somepasswd" );
> >     $result = Net::LDAP::Entry->new;
> >     $result->add (
> >         dn   => 'uid=$username,$base',
> >         attr => [ 'objectclass' => [ 'top', 'person',
> >                                      'organizationalPerson',
> >                                      'inetOrgPerson',
> >                                      'inetUser' ],
> >                   'mail'                => '$mail',
> >                   'userPassword'        => ''
> >                 ]
> >               );
> >     $result->update( $ldap );
> 
> Here is your problem.
> 
>       $mesg = $result->update( $ldap );
> 
>       $mesg->code && warn "failed to add entry: ", $mesg->error;

Thanks. After changing the script per your suggestion, I
get:

failed to add entry: objectName at
/usr/perl5/site_perl/5.005/Convert/ASN1/_encode.pm line 47.

I have double-checked for typos, but couldn't find any.

Robert

> >     $result->code && warn "failed to add entry: ", $result->error;
> >     $ldap->unbind;
> > 
> > This is pretty much out of the perldoc, but when I try to
> 
> I hope not.
> 
> Graham.

Having a problem with Net::LDAP - retrieving and using attribute values

[Edward S. H. L. 2358-6. <lbs...@us...>]

I am trying to run a search on our LDAP server and use the results to automatically fill out certain fields in our forms.  I am stumped trying to assign specific LDAP attribute values to form variables.  I am certainly doing something fundamentally wrong.  Any help would be greatly appreciated.  I am working with Solaris 2.6 on a Sun workstation, with Perl 5.005 and Net::LDAP 0.22

Our Library has about 15-20 online forms which our users can fill out to request various services, from asking Reference questions to requesting Interlibrary Loan of books and journals.  All of these forms require the user to authenticate using HTTP 'basic' authentication.  Our Apache web server matches their username/password combination against the campus LDAP server for authorization to access the form(s).  That places their username into the HTTP environment variable 'REMOTE_USER'.  The form then asks the suer to fill out various other personal information fields, including their name, department, position, etc.  All of that personal information is also contained in their LDAP record, so I am trying to modify the scripts so that a Net::LDAP search can be done against their already authenticated username, and to retrieve the values the form requires so that the user does not have to enter them manually, and to assure that we have accurate and consistent formatting of the results (as consistent as the data in the LDAP records anyway).

So I am writing a subroutine which will be called by the script which generates the form, which will do this search and retrieval.  The script will then use the retrieved variables to fill in the personal information fields of the form.

But I am not doing it right.

Here is the subroutine I am calling:

sub ldapcheck {
    use Net::LDAP;
    # Get username from authenticated environment variable
    my $username = $ENV{'REMOTE_USER'};
    my $host = "ldap.ust.hk";
    my $base = "o=ust.hk";
    my $ldap = Net::LDAP->new($host) or die "$@";

# LDAP SEARCH
    my $result = $ldap->search(
                               base => $base,
                               filter => "uid=$username"
                              );

# ERROR TRAP
    use Net::LDAP::Util qw(ldap_error_text);
    die ldap_error_text($result->code) if $result->code;

# TEST FOR UNIQUENESS
    die "Your LDAP entry is not unique." if $result->count() != 1;

# ASSIGN VARIABLES TO ATTRIBUTES WANTED  --  THIS IS Definitely WRONG...
    $perstitle = $result->personaltitle;
    $pname = $result->sn;
    $gname = $result->givenname;
    $jobtitle = $result->title;
    $dept = $result->ou;
    $email = $result->mail;
    $phone = $result->telephonenumber;
    $position = $result->userclass;
}


I then try to 
print "$perstitle"; 
and other variables in the generated form, but this is not working.

This subroutine is called here:

#!/usr/local/bin/perl
require "cgi-lib.pl";
MAIN:
{
  my ($pname, $gname, $dept, $position, $perstitle, $email, $phone, $jobtitle);
  &ldapcheck;

# Read in all the variables set by the form
  if (&ReadParse(*input)) {
    &ProcessForm;
  } else {
    &PrintForm;
  }
}

Presently, trying to run this script yields the following error:
"Can't locate object method "personaltitle" via package "Net::LDAP::Entry" at req-book2.pl line 480."

Line 480 is the
    $perstitle = $result->personaltitle;
line from the above subroutine.

Once I get the LDAP retrieval working, I will be rewriting these old forms to use CGI.pm instead of cgi-lib.pl, and also to fix the tainted variables left from the earlier programming.

As to the ldap field names, I have been provided with a copy of my ldap record, so that I can be sure I have the attribute names correct:

   uid=lbspodic,ou=people,o=ust.hk 
   cn: SPODICK Edward F 
   cn;lang-zh-tw: ¬€v¬„ˆï¬ºw 
   departmentcode: LIB 
   facsimiletelephonenumber: 2358-1043 
   givenname: Edward F 
   labeleduri: http://home.ust.hk/~lbspodic/ 
   mail: lbs...@us... 
   mailhost: uxmail.ust.hk 
   maillocaladdress: lbs...@us... 
   mailquota: 100000000 
   mailroutingaddress: lbs...@ux... 
   objectclass: top person organizationalPerson inetOrgPerson ustPerson inetLocalMailRecipient 
   ou: Library 
   personaltitle: Mr 
   roomnumber: 1358 
   sn: SPODICK 
   telephonenumber: 23586743 
   title: Systems Librarian 
   uid: lbspodic 
   userclass: staff


I am not skilled at Perl (probably very obviously).  I suspect there is something fundamentally wrong with some aspect of my approach.

Hoping for assistance, I remain,

-Edward Spodick, lbs...@us...

- - - - -
Edward F Spodick, Systems Librarian - lbs...@us...
Hong Kong University of Science & Technology Library
tel:  852-2358-6743     fax:  852-2358-1043

Re: unable to delete an entry

[Kurt D. Z. <Ku...@Op...>]

At 11:08 AM 9/29/00 +0000, ritu rani jaiswal wrote:
>i am using your modules - - Net::LDAP modules , perl-ldap  
>ive written code for searching the entry which is working properly but i am unable to delete an  entry.
>
>what can be the problem , is it with access control then pl. guide how to delete or modify an entry.

If you're getting back LDAP_INSUFFICIENT_ACCESS or similar error,
then access control may your problem.  Access control is server
implementation specific.  I suggest that after you confirm that
the problem is access control, you post your enquiry in a discussion
forum specific to your server.  When posting to server specific
lists, it's best to communicate the problem through using of tools
provided with the server (e.g: LDIF and ldapmodify(1)).

If you find the problem is actually in your use of perl-ldap, I
suggest you provide additional details (e.g. a code fragment)
to this list.

Kurt

unable to delete an entry

[ritu r. j. <lin...@re...>]

i am using your modules - - Net::LDAP modules , perl-ldap  
ive written code for searching the entry which is working properly but i am unable to delete an  entry.

what can be the problem , is it with access control then pl. guide how to delete or modify an entry.

i ve configured slapd.oc.conf with access contol list as

default access write

 access to *
 by self write
 by * read

      please reply soon 



                     --ritu
                            
             

_________________________________________________
Get Your Free Email At, http://www.rediffmail.com

For fabulous shopping deals visit: http://www.rediff.co.in/shopping/index.html

[Fwd] unable to delete an entry

[Graham B. <gb...@po...>]

----- Forwarded message from ritu rani jaiswal <lin...@re...> -----

Date: 29 Sep 2000 11:02:59 -0000
To: "gb...@po..." <gb...@po...>
Subject: unable to delete an entry
From: "ritu rani jaiswal" <lin...@re...>

i am using your modules - - Net::LDAP modules , perl-ldap  
ive written code for searching the entry which is working properly but i am unable to delete an  entry.

what can be the problem , is it with access control then pl. guide how to delete or modify an entry.

i ve configured slapd.oc.conf with access contol list as

default access write

 access to *
 by self write
 by * read

      please reply soon 



                     --ritu
                            
             

_________________________________________________
Get Your Free Email At, http://www.rediffmail.com

For fabulous shopping deals visit: http://www.rediff.co.in/shopping/index.html




----- End forwarded message -----

Re: Catch-22 problem with accessing $entry->{attrs} with perl-ldap-0.16-0.22

[Graham B. <gb...@po...>]

In the latest release there is an $entry->exists( $attr ) method

Graham.

On Fri, Sep 29, 2000 at 07:53:30AM -0400, Eric Boehm wrote:
> I recently upgraded from perl-ldap-0.13 to perl-ldap-0.22 and some code I had
> written broke.
> 
> I dropped back to 0.13 and downloaded every version since then. The problem
> starts in perl-ldap-0.16 where attrs is a cache.
> 
> I have code that looks like this
> 
>     $mail_address = ${ $entry->get( $external_addr ) }[0]
>       if ( $entry->{attrs}{$external_addr} );
> 
>     unless ( $mail_address ) {
>       $mail_address = ${ $entry->get( $internal_addr ) }[0] 
>         if ( $entry->{attrs}{$internal_addr} );
>     }
> 
> I did this to avoid error messages about uninitialized values. However, I see
> that in 0.16 the attrs hash doesn't get built until $entry->get is called.
> 
> So ... I have a catch-22 -- I can't check to see if an attribute exists
> without getting a possibly non-existent attribute.
> 
> Is there a better way to code for this situation? I tried a couple of ways to
> call _build_attrs directly but I couldn't seem to get the syntax right
> ( $entry->_build_attrs and $entry->Net::LDAP::Entry::_build_attrs).
> 
> Please cc to my email address as well as the list. I am trying to subscribe to
> the list but I don't know how long it will take.
> 
> Thanks in advance,
> -- 
> Eric M. Boehm                               bo...@no...

Re: User password changing

[Graham B. <gb...@po...>]

It looks like you have a very old version of Net::LDAP, back when it
inherited from IO::Socket. So you will need to call ->ldapbind
bit I suggest you upgrade to thr latest release of Net::LDAP

Graham.

On Wed, Sep 27, 2000 at 05:55:19PM -0700, Lambright, Linda (N-Averstar) wrote:
> When I execute the code below I receive this error message, does anyone have
> any ideas as to what's causing this?  I took this code almost completely out
> of 
> one of Graham Barr's emails.
> 
> usage: $fh->bind(NAME) or $fh->bind(PORT, ADDR) at ./perlpwchange line 6
> 
> 
> #!/usr/local/bin/perl
> use Net::LDAP;
> 
> $ldap = new Net::LDAP('122.197.44.555');
> 
> $ldap->bind (
>                dn          => 'uid=kbosworth, ou=People, o=linda.lmco.com',
>                password => 'oldpassword'
>             ) || die $@;
> 
>  $ldap->modify ('uid=kbosworth,ou=People,o=linda.lmco.com',
>                  replace=>{'userpassword'=> "newpassword"})
>                  || "failed to edit entry. $!";
> 
> $ldap->unbind;
> 
> 
> > ----------
> > From: 	Lambright, Linda (N-Averstar)[SMTP:lin...@lm...]
> > Sent: 	Wednesday, September 27, 2000 1:51 PM
> > To: 	per...@li...
> > Subject: 	User password changing
> > 
> > I am trying to write a script to allow users to change their own passwords
> > usingv Perl-ldap and the Netscape
> > Directory Server.  Is it possible for users to change their own passwords
> > using their own
> > authentication or is it necessary to use the Directory Manager password in
> > the background to make that change.
> > 

Catch-22 problem with accessing $entry->{attrs} with perl-ldap-0.16-0.22

[Eric B. <bo...@no...>]

I recently upgraded from perl-ldap-0.13 to perl-ldap-0.22 and some code I had
written broke.

I dropped back to 0.13 and downloaded every version since then. The problem
starts in perl-ldap-0.16 where attrs is a cache.

I have code that looks like this

    $mail_address = ${ $entry->get( $external_addr ) }[0]
      if ( $entry->{attrs}{$external_addr} );

    unless ( $mail_address ) {
      $mail_address = ${ $entry->get( $internal_addr ) }[0] 
        if ( $entry->{attrs}{$internal_addr} );
    }

I did this to avoid error messages about uninitialized values. However, I see
that in 0.16 the attrs hash doesn't get built until $entry->get is called.

So ... I have a catch-22 -- I can't check to see if an attribute exists
without getting a possibly non-existent attribute.

Is there a better way to code for this situation? I tried a couple of ways to
call _build_attrs directly but I couldn't seem to get the syntax right
( $entry->_build_attrs and $entry->Net::LDAP::Entry::_build_attrs).

Please cc to my email address as well as the list. I am trying to subscribe to
the list but I don't know how long it will take.

Thanks in advance,
-- 
Eric M. Boehm                               bo...@no...

Re: Can't locate object method "code"

[Graham B. <gb...@po...>]

On Fri, Sep 29, 2000 at 12:03:22AM -0700, Robert Chien wrote:
> Greetings,
> 
> I'm putting together some code and learning perl-ldap for
> the first time. I've run into a deadend and hope some of you
> may provide some insight here.
> 
> What I'm trying to do is quite simple, just adding an entry
> to a LDAP server. 
> 
>     $ldap->bind ( dn       => "cn=something",
>                   password => "somepasswd" );
>     $result = Net::LDAP::Entry->new;
>     $result->add (
>         dn   => 'uid=$username,$base',
>         attr => [ 'objectclass' => [ 'top', 'person',
>                                      'organizationalPerson',
>                                      'inetOrgPerson',
>                                      'inetUser' ],
>                   'mail'                => '$mail',
>                   'userPassword'        => ''
>                 ]
>               );
>     $result->update( $ldap );

Here is your problem.

      $mesg = $result->update( $ldap );

      $mesg->code && warn "failed to add entry: ", $mesg->error;

>     $result->code && warn "failed to add entry: ", $result->error;
>     $ldap->unbind;
> 
> This is pretty much out of the perldoc, but when I try to

I hope not.

Graham.

Can't locate object method "code"

[Robert C. <rob...@su...>]

Greetings,

I'm putting together some code and learning perl-ldap for
the first time. I've run into a deadend and hope some of you
may provide some insight here.

What I'm trying to do is quite simple, just adding an entry
to a LDAP server. 

    $ldap->bind ( dn       => "cn=something",
                  password => "somepasswd" );
    $result = Net::LDAP::Entry->new;
    $result->add (
        dn   => 'uid=$username,$base',
        attr => [ 'objectclass' => [ 'top', 'person',
                                     'organizationalPerson',
                                     'inetOrgPerson',
                                     'inetUser' ],
                  'mail'                => '$mail',
                  'userPassword'        => ''
                ]
              );
    $result->update( $ldap );
    $result->code && warn "failed to add entry: ", $result->error;
    $ldap->unbind;

This is pretty much out of the perldoc, but when I try to
run it, I get:

Can't locate object method "code" via package
"Net::LDAP::Entry" at dduser line 70.

If I modify it a bit, I get:

failed to add entry: I/O Error Connection reset by peer
494f3a3a536f636b65743a3a494e45543d474c4f4228307831323262356329
at adduser line 69.
Broken Pipe

Can someone send me a sample for the task I'm trying to do?
Or tell me what's wrong?

Please reply directly.

-- 
Robert Chien                 | Sun Microsystems, Inc.
rob...@en...     | Menlo Park, California, USA