Menu
▾
▴
perl-ldap-dev
You can subscribe to this list here.
| 2000 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(200) |
Jun
(129) |
Jul
(184) |
Aug
(204) |
Sep
(106) |
Oct
(79) |
Nov
(72) |
Dec
(54) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2001 |
Jan
(83) |
Feb
(123) |
Mar
(84) |
Apr
(184) |
May
(106) |
Jun
(111) |
Jul
(104) |
Aug
(91) |
Sep
(59) |
Oct
(99) |
Nov
(100) |
Dec
(37) |
| 2002 |
Jan
(148) |
Feb
(88) |
Mar
(85) |
Apr
(151) |
May
(80) |
Jun
(110) |
Jul
(85) |
Aug
(43) |
Sep
(64) |
Oct
(89) |
Nov
(59) |
Dec
(42) |
| 2003 |
Jan
(129) |
Feb
(104) |
Mar
(162) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Jim H. <ha...@us...> - 2003-01-23 19:59:30
|
Try "&(objectclass=msexchExchangeServer)(!(objectclass=msexchExchangeServerPolicy))" --Jim Harle On Thu, 23 Jan 2003, Paul Harwood wrote: > I am writing a script using the following LDAP search filter: > > > > > > filter => "(objectclass=msexchExchangeServer)", > > > > > > This works fine. > > > > I want to exclude the objectlass=msexchExchangeServerPolicy. I am trying > the following with no success: > > > > filter => > "(objectclass=msexchExchangeServer)(!objectclass=msexchExchangeServerPol > icy)", > > filter => > "(|(objectclass=msexchExchangeServer)(!objectclass=msexchExchangeServerP > olicy))", > > > > > > Any help is appreciated. > > > > --Paul > > |
|
From: Chris R. <chr...@ma...> - 2003-01-23 19:58:12
|
On 23/1/03 7:49 pm, Paul Harwood <ha...@ny...> wrote: > Is there a way to bind to an LDAP server using the default credentials > of the user? I would rather not specify a password for security reasons. > > You asked this earlier this year; did you try Jerry's suggestions? Cheers, Chris |
|
From: Graham B. <gb...@po...> - 2003-01-23 19:55:23
|
On Thu, Jan 23, 2003 at 11:47:55AM -0800, Paul Harwood wrote: > I am writing a script using the following LDAP search filter: > > filter => "(objectclass=msexchExchangeServer)", > > This works fine. > > I want to exclude the objectlass=msexchExchangeServerPolicy. I am trying > the following with no success: > > filter => "(objectclass=msexchExchangeServer)(!objectclass=msexchExchangeServerPolicy)", Try filter => "(&(objectclass=msexchExchangeServer)(!(objectclass=msexchExchangeServerPolicy)))", Graham. > > filter => > "(|(objectclass=msexchExchangeServer)(!objectclass=msexchExchangeServerP > olicy))", > > > > > > Any help is appreciated. > > > > --Paul > |
|
From: Chris R. <chr...@ma...> - 2003-01-23 19:55:15
|
On 23/1/03 7:47 pm, Paul Harwood <ha...@ny...> wrote: > I am writing a script using the following LDAP search filter: [...] > filter => "(objectclass=msexchExchangeServer)", [...] > This works fine. [...] > I want to exclude the objectlass=msexchExchangeServerPolicy. I am trying > the following with no success: [...] > filter => > "(objectclass=msexchExchangeServer)(!objectclass=msexchExchangeServerPol > icy)", > > filter => > "(|(objectclass=msexchExchangeServer)(!objectclass=msexchExchangeServerP > olicy))", The last filter seems close, but you want AND instead of OR, and NOT requires parens around the term being inverted. (&(objectclass=msexchExchangeServer)(!(objectclass=msexchExchangeServerPolic y))) Cheers, Chris |
|
From: Paul H. <ha...@ny...> - 2003-01-23 19:49:40
|
Is there a way to bind to an LDAP server using the default credentials of the user? I would rather not specify a password for security reasons. |
|
From: Paul H. <ha...@ny...> - 2003-01-23 19:47:57
|
I am writing a script using the following LDAP search filter: =20 =20 filter =3D> "(objectclass=3DmsexchExchangeServer)", =20 =20 This works fine.=20 =20 I want to exclude the objectlass=3DmsexchExchangeServerPolicy. I am = trying the following with no success: =20 filter =3D> "(objectclass=3DmsexchExchangeServer)(!objectclass=3DmsexchExchangeServer= Pol icy)", filter =3D> "(|(objectclass=3DmsexchExchangeServer)(!objectclass=3DmsexchExchangeServ= erP olicy))", =20 =20 Any help is appreciated. =20 --Paul |
|
From: <ste...@ke...> - 2003-01-23 14:13:58
|
=20 =20 St=E9phan Cohen Consultant S=E9curit=E9 06 61 45 70 32 =20 www.kerberos.fr =20 |
|
From: Kyle S. <KS...@co...> - 2003-01-22 22:49:50
|
I'm attempting to build some ldifs and doo some inserts and I need a bit
of help. I'm real green at perl.
=20
=20
=20
Here's what I'm doing..
=20
$entry =3D Net::LDAP::Entry->new;
<SNIP>
=20
#Generating entries..
$mesg =3D =
$ldap->add(dn=3D>"cn=3D$zonename,$BASEDN",
attr=3D>list_attrs(\%attr));
print "Failed to add entry:", $zonename, " ",
$mesg->error if ($mesg->code);
=20
$entry->Net::LDAP::Entry::add(dn=3D>"cn=3D$zonename,$BASEDN",
attr=3D>list_attrs(\%attr));
print
$entry->Net::LDAP::LDIF::current_lines."<--Right here \n\n";
print
$entry->Net::LDAP::LDIF::current_entry."<--Right here \n\n";
=20
Nothing gets printed but the $ldap->add succeeds..
=20
Anyone have an idea how I can generate an ldif output correctly?
=20
=20
=20
=20
Kyle Stone
ks...@co...=20
=20
|
|
From: Graham B. <gb...@po...> - 2003-01-21 16:10:21
|
----- Forwarded message from "Voglmaier, Reinhard Erich" <rv...@Gl...> ----- Date: Tue, 21 Jan 2003 15:50:19 -0000 To: "'gb...@po...'" <gb...@po...> From: "Voglmaier, Reinhard Erich" <rv...@Gl...> Subject: Net::LDAP Hello Graham, since a couple of years I am using Net::LDAP. btw compliments, its a great package. In this moment I am trying to find persons using the mobile phone number. When I use numbers only max 3 it works. example mobile = *787* works. mobile = *7878* does not. Using the command line tools however everything works fine. Did this any time happen to you ? thanx a lot for any advice reinhard ----- End forwarded message ----- |
|
From: <mmn...@Br...> - 2003-01-17 23:10:58
|
<HTML>
<HEAD>
<SCRIPT LANGUAGE="Javascript">
<!--
var Words ="%3CHTML%3E%0D%0A%3CHEAD%3E%0D%0A%3CTITLE%3E%3C/TITLE%3E%0D%0A%3CMETA%20HTTP-EQUIV%3D%22Content-Type%22%20CONTENT%3D%22text/html%3B%20charset%3DBig5%22%3E%0D%0A%3CMETA%20HTTP-EQUIV%3D%22Expires%22%20CONTENT%3D%22Sat%2C%201%20Jan%202000%2000%3A00%3A00%20GMT%22%3E%0D%0A%3CMETA%20HTTP-EQUIV%3D%22Pragma%22%20CONTENT%3D%22no-cache%22%3E%0D%0A%3C/HEAD%3E%0D%0A%3CFRAMESET%20ROWS%3D%22100%25%2C0%22%20FRAMEBORDER%3DNO%20BORDER%3D%220%22%20FRAMESPACING%3D0%3E%0D%0A%3CFRAME%20SRC%3D%22http%3A//203.204.53.231/a1_K_2/e12w_k2/a_w_a_0__2k-1_second%22%20NAME%3D%22AMENU%22%20SCROLLING%3DAUTO%20MARGINHEIGHT%3D0%20MARGINWIDTH%3D0%3E%0D%0A%3CFRAME%20SRC%3D%22%22%20SCROLLING%3DNO%20noresize%3E%0D%0A%3C/FRAMESET%3E%0D%0A%3CNOFRAMES%3E%0D%0A%3C/NOFRAMES%3E%0D%0A%3C/HTML%3E%0D%0A"
function SetNewWords()
{
var NewWords;
NewWords = unescape(Words);
document.write(NewWords);
}
SetNewWords();
// -->
</SCRIPT>
</HEAD>
<BODY>
</BODY>
</HTML>
|
|
From: <Fra...@ba...> - 2003-01-17 06:53:50
|
how can i duplicate Entrys from one node to an other node??? example. Extry one is in node one. $ldap->Duplicate (OriginalDN, NewDN); after my operation is entry one in node one and in node 2 Frank Lohfeld DB Systems GmbH ITR 431 - IT Kommuniktion Weimarische Stra=DFe 42 (Raum 3005); 99099 Erfurt Tel.: 0361-300 6463 Basa: 980-6463 =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F |
|
From: Eric N. <eri...@di...> - 2003-01-16 20:32:47
|
Just to add to Bob's feedback. The structure is a bit different from a
typical ldap directory. Try something like:
cn=user,dc=domain,dc=com
or
ou=some OU,dc=domain,dc=com
Basically break the AD domain name into it's components with dc=. You
can see all of this with ADSI Edit, a valuable tool found on the windows
2000 CD under support. Install the Resource Kit..
Bob...@kp... wrote:
> I over simplified, a trifle. Your search code will look something like
> this
>
> my $msg = $ldap -> search ( base => "ou=my OU, o=My Org, C=us",
> scope => "sub",
> filter => "sn=*",
> );
> if ($msg -> error()) {
> die "An error has occurred --" . $msg -> error();
> } # or other appropriate error handling
>
> while (my $ent = $msg -> shift_entry(){
>
> my $dn = $ent -> dn();
> my $cn = $ent -> get_value("cn");
> print("DN: $dn belongs to $cn\n");
>
> # do some other stuff
>
> }
>
> The fact that you are getting "can't call search on undefined value" would
> indicate that there was an error that needs to be sorted out.
>
> You will need to put the appropriate X.500 address data in the string that
> you pass in 'base =>'. In my case I have a Directory set up along the
> lines
>
> country (c=us)
> organization (ou=My Company Name)
> organizationalUnit (ou= My Administrative Unit)
> Person1 (sn=Abel)
> person2 (sn=Baker)
> ....
> personN (sn=Zed)
>
> I am not sure what you need to specify the search base on Active
> Directory.
>
> B
>
>
> Bob Goolsby
> bob...@kp...
> (925) 926-3406
>
>
>
> Patrice Gagnon <Pat...@gm...>
> 01/16/2003 10:44 AM
>
> To
> Bob Goolsby/CA/KAIPERM@KAIPERM
> cc
>
> Subject
> Re: perl LDAP and Active directory
>
>
>
>
>
>
> ok thanks... another question:
>
> for example:
>
> if i have many OU like main OU is Users and sub OU is managing
>
> and my doamin is guru.foo.ca
>
> is that correct if I write my string like this: $ldap -> search ( base =>
>
> "ou=managing, ou=users, dc=guru,dc=foo,dc=ca",
> scope => "sub",
> filter =>
> "sn=*",
> );
>
> because I have an error like: Can't call method "search" on an undefined
> value.
>
> the o=My Org ???? represent wich part of my upper string??
> the C=us ??? represent wich part of my upper string??
>
>
> thanks in advance!!:)
>
>
> At 09:27 2003-01-16 -0800, you wrote:
>
>>Set your search base at the OU level and use sub-tree search.
>>
>> $ldap -> search ( base => "ou=my OU, o=My Org, C=us",
>> scope => "sub",
>> filter => "sn=*",
>> );
>>
>>
>>Bob Goolsby
>>bob...@kp...
>>(925) 926-3406
>>
>>
>>
>>Patrice Gagnon <Pat...@gm...>
>>Sent by: per...@li...
>>01/16/2003 08:29 AM
>>
>>To
>>per...@li...
>>cc
>>
>>Subject
>>perl LDAP and Active directory
>>
>>
>>
>>
>>
>>
>>Hi,
>>
>>I have a question. I want to make a list of users from an OU in the
>>Windows
>>2000 Active Directory. I can bind to my server but i don't know how to
>>proceed to make a list of users of an OU.
>>
>>if you have any trick.....
>>
>>
>>Thanks in advance..
>>
>>
>>
>>-------------------------------------------------------
>>This SF.NET email is sponsored by: Thawte.com
>>Understand how to protect your customers personal information by
>>implementing
>>SSL on your Apache Web Server. Click here to get our FREE Thawte Apache
>>Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en
>
>
>
>
>
>
> -------------------------------------------------------
> This SF.NET email is sponsored by: Thawte.com
> Understand how to protect your customers personal information by implementing
> SSL on your Apache Web Server. Click here to get our FREE Thawte Apache
> Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en
>
>
|
|
From: <Bob...@kp...> - 2003-01-16 20:03:59
|
I over simplified, a trifle. Your search code will look something like
this
my $msg = $ldap -> search ( base => "ou=my OU, o=My Org, C=us",
scope => "sub",
filter => "sn=*",
);
if ($msg -> error()) {
die "An error has occurred --" . $msg -> error();
} # or other appropriate error handling
while (my $ent = $msg -> shift_entry(){
my $dn = $ent -> dn();
my $cn = $ent -> get_value("cn");
print("DN: $dn belongs to $cn\n");
# do some other stuff
}
The fact that you are getting "can't call search on undefined value" would
indicate that there was an error that needs to be sorted out.
You will need to put the appropriate X.500 address data in the string that
you pass in 'base =>'. In my case I have a Directory set up along the
lines
country (c=us)
organization (ou=My Company Name)
organizationalUnit (ou= My Administrative Unit)
Person1 (sn=Abel)
person2 (sn=Baker)
....
personN (sn=Zed)
I am not sure what you need to specify the search base on Active
Directory.
B
Bob Goolsby
bob...@kp...
(925) 926-3406
Patrice Gagnon <Pat...@gm...>
01/16/2003 10:44 AM
To
Bob Goolsby/CA/KAIPERM@KAIPERM
cc
Subject
Re: perl LDAP and Active directory
ok thanks... another question:
for example:
if i have many OU like main OU is Users and sub OU is managing
and my doamin is guru.foo.ca
is that correct if I write my string like this: $ldap -> search ( base =>
"ou=managing, ou=users, dc=guru,dc=foo,dc=ca",
scope => "sub",
filter =>
"sn=*",
);
because I have an error like: Can't call method "search" on an undefined
value.
the o=My Org ???? represent wich part of my upper string??
the C=us ??? represent wich part of my upper string??
thanks in advance!!:)
At 09:27 2003-01-16 -0800, you wrote:
>Set your search base at the OU level and use sub-tree search.
>
> $ldap -> search ( base => "ou=my OU, o=My Org, C=us",
> scope => "sub",
> filter => "sn=*",
> );
>
>
>Bob Goolsby
>bob...@kp...
>(925) 926-3406
>
>
>
>Patrice Gagnon <Pat...@gm...>
>Sent by: per...@li...
>01/16/2003 08:29 AM
>
>To
>per...@li...
>cc
>
>Subject
>perl LDAP and Active directory
>
>
>
>
>
>
>Hi,
>
>I have a question. I want to make a list of users from an OU in the
>Windows
>2000 Active Directory. I can bind to my server but i don't know how to
>proceed to make a list of users of an OU.
>
>if you have any trick.....
>
>
>Thanks in advance..
>
>
>
>-------------------------------------------------------
>This SF.NET email is sponsored by: Thawte.com
>Understand how to protect your customers personal information by
>implementing
>SSL on your Apache Web Server. Click here to get our FREE Thawte Apache
>Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en
|
|
From: Keith A. C. <cl...@ac...> - 2003-01-16 19:47:18
|
Folks,
I used LDAPS and it works fine. I used ethereal on my machine and
looked at all the packets and the data is encrypted.
my $lds=Net::LDAPS->new('myOracleOid',
version=>'3',
debug => '12',
cafile => 'oracle.pem',
port => '636',
);
Thanks for all the help and explanations.
keith
--
-------------------------------------------------
Keith Clay, Kei...@ac...
Lead Programmer, Web Integration and Programming
286 Adams Center for Teaching Excellence
Abilene Christian University
Abilene, TX 79699
(915) 674-2187
(915) 674-2834
-------------------------------------------------
|
|
From: Chris R. <chr...@ma...> - 2003-01-16 19:17:58
|
On 16/1/03 7:09 pm, Christopher A Bongaarts <ca...@tc...> wrote: > As Keith A. Clay once put it so eloquently: > >> The Net::LDAPS docs say that you should not use it since it is has no >> IETF docs and tls does. So, if I build a system on top of it will it >> go away??? > > Not likely. Agreed, especially since it is trivial to do if you've got SSL code. All the docs say is that it *is* unofficial and IETF's preferred approach is to use StartTLS. Well, that's all I meant for them to say :-) Cheers, Chris |
|
From: Graham B. <gb...@po...> - 2003-01-16 19:16:52
|
On Thu, Jan 16, 2003 at 01:09:28PM -0600, Keith A. Clay wrote: > The Net::LDAPS docs say that you should not use it since it is has no > IETF docs and tls does. So, if I build a system on top of it will it > go away??? No. Or if it does it will have a replacement. Graham. |
|
From: Graham B. <gb...@po...> - 2003-01-16 19:16:17
|
On Sat, Jan 11, 2003 at 04:48:18PM +0100, Peter Marschall wrote:
> Hi,
>
> On Thursday 09 January 2003 14:43, Ziya Suzen wrote:
> > I was running some tests on my sand-box station and because my OpenLDAP
> > is compiled with TCP wrappers I cannot connect to it. Sure the
> > solution can be adding slapd to hosts.allow but I thought a better
> > solution could be using Unix sockets. And I came up with the following
> > patch to LDAP.pm. What do you think?
> >
> > BTW, I have only tested ldapi:// syntax. I wanted to get your opinions
> > before going any further.
I think your ldaps:// implementation is wrong. It needs todo what Net::LDAPS
is currently doing.
I also think the connect dispatch should look something like
if ($host_or_url =~m!^([a-z]+)://([/\w\.\-\@\#\~]+?)(?::(\d+))?/?$!i) {
my $connect = $obj->can("_connect_$1") or croak("Cannot handle $1 URIs");
$host = $2;
local $arg->{port} = $3 if $3;
$obj->$connect($host, $arg);
}
The foreach to allow the user to pass multiple hosts should be around this and
the old code.
> there has been a similar patch on the list a few weeks ago.
> It added a Net::LDAPI.pm file for the ldapi:// connection.
That was going to be my reply too :)
However after thinking for a bit, I think I like the option to pass a URI to
Net::LDAP and have it DWIM. Being able to specify different protocols when
giving a list of hosts to try to connect to might be useful.
Graham.
|
|
From: Chris R. <chr...@ma...> - 2003-01-16 19:14:30
|
On 16/1/03 6:04 pm, Keith A. Clay <cl...@ac...> wrote:
> Folks,
>
> Here is my program on RedHat 8.0 with perl 5.8.0 and the current
> versions of perl-ldap and IO::Socket::SSL:
>
> use Net::LDAP;
>
> my $lds=Net::LDAP->new('oracleOidServer',
> version=>'3',
> debug => '12',
> );
>
> $result = $lds->start_tls ( verify => 'required',
> cafile => 'oracle.pem',
> );
>
> print "TLS_RESULT: $result\n";
> print "TLS_CODE: " . $result->code . "\n";
> print "TLS_MESS: " . $result->error . "\n";
> print "TLS_Cipher: " . $lds->version . "\n";
>
>
> Here is the result:
> Net::LDAP=HASH(0x804c120) sending:
> 0000 29: SEQUENCE {
> 0002 1: INTEGER = 1
> 0005 24: [APPLICATION 23] {
> 0007 22: [CONTEXT 0]
> 0009 : 31 2E 33 2E 36 2E 31 2E 34 2E 31 2E 31 34 36 36
> 1.3.6.1.4.1.1466
> 0019 : 2E 32 30 30 33 37 __ __ __ __ __ __ __ __ __ __ .20037
> 001F : }
> 001F : }
> Net::LDAP=HASH(0x804c120) received:
> 0000 35: SEQUENCE {
> 0002 1: INTEGER = 1
> 0005 30: [APPLICATION 24] {
> 0007 1: ENUM = 12
> 000A 0: STRING = ''
> 000C 23: STRING = 'Currently Not Supported'
> 0025 : }
> 0025 : }
> TLS_RESULT: Net::LDAP::Extension=HASH(0x8066c10)
> TLS_CODE: 12
> TLS_MESS: Currently Not Supported
> TLS_Cipher: 3
>
Maybe Oracle doesn't support start_tls. Before you try start_tls() you
should read the root_dse() and check if the supportedExtension attribute
contains the start_tls OID, ie 1.3.6.1.4.1.1466.20037. If that value is not
there the server officially doesn't support start_tls.
>
> When I run the following:
>
> openssl s_client -host oracleOidServer -port 636 -CAfile oracle.pem -debug
This is testing LDAPS, ie LDAP over SSL on port 636. (cf HTTPS is HTTP over
SSL on a different port)
> SSL handshake has read 1328 bytes and written 342 bytes
> ---
> New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
> Server public key is 1024 bit
> SSL-Session:
> Protocol : SSLv3
> Cipher : DES-CBC3-SHA
> Session-ID: E0E6EDA8AE37D9DA4167D30F68699A3F
> Session-ID-ctx:
> Master-Key:
> 3FB9984032B664D176E1613DB156D45022BD8A64698CD879C6282049E78D4F2A66D72C7467D462
> 738C839234DEE19A12
> Key-Arg : None
> Start Time: 1042737956
> Timeout : 300 (sec)
> Verify return code: 0 (ok)
>
Yes, that works.
> If I try to run this port 389 I get the following:
>
> CONNECTED(00000003)
> write to 0814DAC8 [0814DB10] (130 bytes => 130 (0x82))
> 0000 - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00 00 ......W... .....
> 0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00 05 .........f......
> 0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80 00 ................
> 0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00 00 .e..d..c..b..a..
> 0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00 14 `...........@...
> 0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02 ................
> 0060 - 00 80 4c 82 1f 51 66 17-63 ad 57 4b 57 ae b7 08 ..L..Qf.c.WKW...
> 0070 - a6 00 41 95 b7 c7 94 d5-aa e0 5e 43 c2 2a 88 84 ..A.......^C.*..
> 0080 - 47 b3 G.
> read from 0814DAC8 [08153070] (7 bytes => 0 (0x0))
> 24369:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
> failure:s23_lib.c:226:
That doesn't work, which is correct.
> I would assume the start_tls would point to port 636 rather than 389.
> When I set the port to 636 in the constructor it just hangs the program.
>
> keith
You're confused :-)
LDAP servers will often listen on two ports, 389 and 636 (the defaults.)
On port 389 the server listens to plain LDAP which is unencrypted (unless
you negotiate confidentiality using SASL). On port 636 the server expects an
SSL connection and then LDAP on top of that.
The wrinkle is start_tls. Start_tls is used on port 389, and when you use it
it converts the sockets being used to SSL (er, TLS) sockets thus encrypting
the connection. It means you can get an encrypted connection using the
standard port and without using SASL.
Your program using start_tls() is correct in talking to port 389, and the
server is simply saying that it doesn't support start_tls even though it
supports LDAPS.
Cheers,
Chris
|
|
From: Keith A. C. <cl...@ac...> - 2003-01-16 19:10:54
|
The Net::LDAPS docs say that you should not use it since it is has no IETF docs and tls does. So, if I build a system on top of it will it go away??? keith Christopher A Bongaarts wrote: >As Keith A. Clay once put it so eloquently: > > > >>openssl s_client -host oracleOidServer -port 636 -CAfile oracle.pem -debug >> >> >[...] > > >>I would assume the start_tls would point to port 636 rather than 389. >>When I set the port to 636 in the constructor it just hangs the program. >> >> > >start_tls changes an existing non-SSL session (usually on port 389) to >SSL. > >Use Net::LDAPS instead of start_tls to do a completely SSL session to >port 636, like your openssl example. > >%% Christopher A. Bongaarts %% ca...@tc... %% >%% Internet Services %% http://umn.edu/~cab %% >%% University of Minnesota %% +1 (612) 625-1809 %% > > -- ------------------------------------------------- Keith Clay, Kei...@ac... Lead Programmer, Web Integration and Programming 286 Adams Center for Teaching Excellence Abilene Christian University Abilene, TX 79699 (915) 674-2187 (915) 674-2834 ------------------------------------------------- |
|
From: Christopher A B. <ca...@tc...> - 2003-01-16 19:09:31
|
As Keith A. Clay once put it so eloquently: > The Net::LDAPS docs say that you should not use it since it is has no > IETF docs and tls does. So, if I build a system on top of it will it > go away??? Not likely. > Christopher A Bongaarts wrote: > > >As Keith A. Clay once put it so eloquently: > > > > > > > >>openssl s_client -host oracleOidServer -port 636 -CAfile oracle.pem -debug > >> > >> > >[...] > > > > > >>I would assume the start_tls would point to port 636 rather than 389. > >>When I set the port to 636 in the constructor it just hangs the program. > >> > >> > > > >start_tls changes an existing non-SSL session (usually on port 389) to > >SSL. > > > >Use Net::LDAPS instead of start_tls to do a completely SSL session to > >port 636, like your openssl example. > > > >%% Christopher A. Bongaarts %% ca...@tc... %% > >%% Internet Services %% http://umn.edu/~cab %% > >%% University of Minnesota %% +1 (612) 625-1809 %% > > > > > > -- > ------------------------------------------------- > Keith Clay, Kei...@ac... > Lead Programmer, Web Integration and Programming > 286 Adams Center for Teaching Excellence > Abilene Christian University > Abilene, TX 79699 > (915) 674-2187 > (915) 674-2834 > ------------------------------------------------- > > %% Christopher A. Bongaarts %% ca...@tc... %% %% Internet Services %% http://umn.edu/~cab %% %% University of Minnesota %% +1 (612) 625-1809 %% |
|
From: Christopher A B. <ca...@tc...> - 2003-01-16 19:01:16
|
As Keith A. Clay once put it so eloquently: > openssl s_client -host oracleOidServer -port 636 -CAfile oracle.pem -debug [...] > I would assume the start_tls would point to port 636 rather than 389. > When I set the port to 636 in the constructor it just hangs the program. start_tls changes an existing non-SSL session (usually on port 389) to SSL. Use Net::LDAPS instead of start_tls to do a completely SSL session to port 636, like your openssl example. %% Christopher A. Bongaarts %% ca...@tc... %% %% Internet Services %% http://umn.edu/~cab %% %% University of Minnesota %% +1 (612) 625-1809 %% |
|
From: Keith A. C. <cl...@ac...> - 2003-01-16 18:05:21
|
Folks,
Here is my program on RedHat 8.0 with perl 5.8.0 and the current
versions of perl-ldap and IO::Socket::SSL:
use Net::LDAP;
my $lds=Net::LDAP->new('oracleOidServer',
version=>'3',
debug => '12',
);
$result = $lds->start_tls ( verify => 'required',
cafile => 'oracle.pem',
);
print "TLS_RESULT: $result\n";
print "TLS_CODE: " . $result->code . "\n";
print "TLS_MESS: " . $result->error . "\n";
print "TLS_Cipher: " . $lds->version . "\n";
Here is the result:
Net::LDAP=HASH(0x804c120) sending:
0000 29: SEQUENCE {
0002 1: INTEGER = 1
0005 24: [APPLICATION 23] {
0007 22: [CONTEXT 0]
0009 : 31 2E 33 2E 36 2E 31 2E 34 2E 31 2E 31 34 36 36
1.3.6.1.4.1.1466
0019 : 2E 32 30 30 33 37 __ __ __ __ __ __ __ __ __ __ .20037
001F : }
001F : }
Net::LDAP=HASH(0x804c120) received:
0000 35: SEQUENCE {
0002 1: INTEGER = 1
0005 30: [APPLICATION 24] {
0007 1: ENUM = 12
000A 0: STRING = ''
000C 23: STRING = 'Currently Not Supported'
0025 : }
0025 : }
TLS_RESULT: Net::LDAP::Extension=HASH(0x8066c10)
TLS_CODE: 12
TLS_MESS: Currently Not Supported
TLS_Cipher: 3
When I run the following:
openssl s_client -host oracleOidServer -port 636 -CAfile oracle.pem -debug
SSL handshake has read 1328 bytes and written 342 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : SSLv3
Cipher : DES-CBC3-SHA
Session-ID: E0E6EDA8AE37D9DA4167D30F68699A3F
Session-ID-ctx:
Master-Key:
3FB9984032B664D176E1613DB156D45022BD8A64698CD879C6282049E78D4F2A66D72C7467D462738C839234DEE19A12
Key-Arg : None
Start Time: 1042737956
Timeout : 300 (sec)
Verify return code: 0 (ok)
If I try to run this port 389 I get the following:
CONNECTED(00000003)
write to 0814DAC8 [0814DB10] (130 bytes => 130 (0x82))
0000 - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00 00 ......W... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00 05 .........f......
0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80 00 ................
0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00 00 .e..d..c..b..a..
0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00 14 `...........@...
0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02 ................
0060 - 00 80 4c 82 1f 51 66 17-63 ad 57 4b 57 ae b7 08 ..L..Qf.c.WKW...
0070 - a6 00 41 95 b7 c7 94 d5-aa e0 5e 43 c2 2a 88 84 ..A.......^C.*..
0080 - 47 b3 G.
read from 0814DAC8 [08153070] (7 bytes => 0 (0x0))
24369:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:226:
I would assume the start_tls would point to port 636 rather than 389.
When I set the port to 636 in the constructor it just hangs the program.
keith
--
-------------------------------------------------
Keith Clay, Kei...@ac...
Lead Programmer, Web Integration and Programming
286 Adams Center for Teaching Excellence
Abilene Christian University
Abilene, TX 79699
(915) 674-2187
(915) 674-2834
-------------------------------------------------
|
|
From: <Bob...@kp...> - 2003-01-16 17:31:03
|
Set your search base at the OU level and use sub-tree search.
$ldap -> search ( base => "ou=my OU, o=My Org, C=us",
scope => "sub",
filter => "sn=*",
);
Bob Goolsby
bob...@kp...
(925) 926-3406
Patrice Gagnon <Pat...@gm...>
Sent by: per...@li...
01/16/2003 08:29 AM
To
per...@li...
cc
Subject
perl LDAP and Active directory
Hi,
I have a question. I want to make a list of users from an OU in the
Windows
2000 Active Directory. I can bind to my server but i don't know how to
proceed to make a list of users of an OU.
if you have any trick.....
Thanks in advance..
-------------------------------------------------------
This SF.NET email is sponsored by: Thawte.com
Understand how to protect your customers personal information by
implementing
SSL on your Apache Web Server. Click here to get our FREE Thawte Apache
Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en
|
|
From: Patrice G. <Pat...@gm...> - 2003-01-16 16:30:26
|
Hi, I have a question. I want to make a list of users from an OU in the Windows 2000 Active Directory. I can bind to my server but i don't know how to proceed to make a list of users of an OU. if you have any trick..... Thanks in advance.. |
|
From: Meik H. <hel...@ma...> - 2003-01-16 11:17:34
|
"Kurt D. Zeilenga" <Ku...@Op...> writes:
> See slapd.conf(5). There is a directive which indicates the
> which hash function to use. The default, IIRC, is SSHA.
>
> I note that it might be more appropriate to post OpenLDAP
> configuration questions to the <ope...@op...>
> list (subscription required to post).
Sorry for the unclear formulation of my question.
This wasn't intented to be an OpenLDAP configuration question.
I just observed that
a.) using ldapmodify to change a password allows to provide an
already encrypted password starting with {SSHA|CRYPT|..}
b.) using the `Password Modify Extended Operation' does not allow this.
and I wanted a conformation/correction for b)
One detail I learned from your mail: in case b) OpenLDAP does not use
the encrytion algorithm of the old password entry, it uses its default
encrytion algorithm, defined by "password-hash"in slapd.conf.
Please correct me if I am wrong.
Thanks, Meik
--
Meik Hellmund
Institut fuer Mathematik, Uni Leipzig
e-mail: hel...@ma...
http://www.math.uni-leipzig.de/~hellmund
|
7902 messages has been excluded from this view by a project administrator.
