Menu
▾
▴
perl-ldap-dev
You can subscribe to this list here.
| 2000 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(200) |
Jun
(129) |
Jul
(184) |
Aug
(204) |
Sep
(106) |
Oct
(79) |
Nov
(72) |
Dec
(54) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2001 |
Jan
(83) |
Feb
(123) |
Mar
(84) |
Apr
(184) |
May
(106) |
Jun
(111) |
Jul
(104) |
Aug
(91) |
Sep
(59) |
Oct
(99) |
Nov
(100) |
Dec
(37) |
| 2002 |
Jan
(148) |
Feb
(88) |
Mar
(85) |
Apr
(151) |
May
(80) |
Jun
(110) |
Jul
(85) |
Aug
(43) |
Sep
(64) |
Oct
(89) |
Nov
(59) |
Dec
(42) |
| 2003 |
Jan
(129) |
Feb
(104) |
Mar
(162) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: David B. <d.b...@ma...> - 2000-07-18 22:33:03
|
As a slight aside, is there any way to search an ou without searching sub-ou's ? ...ie a non-recursive or non-decending search? eg return all objects of type X in "ou=div,o=org" but not include objects from in "ou=dept, ou=div, o=org" ? David. At 05:01 PM 7/18/00 -0400, Jim Harle wrote: >If you know a branch in which to look, use that for the base instead of >pointing the base to the top of your tree. E.g., > base => "ou=dept, ou=div, o=org" >instead of > base => "o.org" > > --Jim Harle > US Naval Academy > > >On Tue, 18 Jul 2000, Graham Barr wrote: > >> ----- Forwarded message from Kaouass Rachid <rka...@br...> ----- >> >> Date: Mon, 17 Jul 2000 10:50:15 +0200 >> From: Kaouass Rachid <rka...@br...> >> X-Mailer: Mozilla 4.51 [en] (X11; I; FreeBSD 3.2-RELEASE i386) >> To: gb...@po... >> Subject: Net::LDAP >> >> Hi, >> >> I am an new developper in LDAP, but I don't understand one thing : >> Why does the search method look in all the tree, instead of I give her a >> branche where to look ? sorry my english is not perfect :) >> But I don't understand the fact Ldap look in all the tree for something >> ? >> >> Tanks :) >> -- >> Rachid Kaouass >> >> Yep! >> >> ----- End forwarded message ----- >> >> > > > > -------------------------------------------------------------------- David Bussenschutt Email: D.B...@ma... Senior Computing Support Officer & Systems Administrator/Programmer Location: Griffith University. Information Technology Services Brisbane Qld. Aust. (TEN bldg. rm 1.33) Ph:(07)38757079 -------------------------------------------------------------------- |
|
From: Jim H. <ha...@us...> - 2000-07-18 21:03:13
|
If you know a branch in which to look, use that for the base instead of pointing the base to the top of your tree. E.g., base => "ou=dept, ou=div, o=org" instead of base => "o.org" --Jim Harle US Naval Academy On Tue, 18 Jul 2000, Graham Barr wrote: > ----- Forwarded message from Kaouass Rachid <rka...@br...> ----- > > Date: Mon, 17 Jul 2000 10:50:15 +0200 > From: Kaouass Rachid <rka...@br...> > X-Mailer: Mozilla 4.51 [en] (X11; I; FreeBSD 3.2-RELEASE i386) > To: gb...@po... > Subject: Net::LDAP > > Hi, > > I am an new developper in LDAP, but I don't understand one thing : > Why does the search method look in all the tree, instead of I give her a > branche where to look ? sorry my english is not perfect :) > But I don't understand the fact Ldap look in all the tree for something > ? > > Tanks :) > -- > Rachid Kaouass > > Yep! > > ----- End forwarded message ----- > > |
|
From: Graham B. <gb...@po...> - 2000-07-18 18:02:19
|
----- Forwarded message from "GLASSON,Michael" <mic...@de...> ----- Date: Mon, 17 Jul 2000 17:58:43 +1000 (EST) From: "GLASSON,Michael" <mic...@de...> To: "'gb...@po...'" <gb...@po...> Subject: Happy perl-ldap user Yes - very nice API. Thanks. I have been using it to do directory synchronisations between the View500 directory and Exchange. It's so quick and easy, especially compared to the Netscape version. I do have a question which hours of research on the Internet have not helped me to resolve. Can you help me? Is there any trick to writing a filter to search for entries whose 'member' attribute has a particular value? That is, what does a filter to search for a dn in an attribute look like? This has got me stumped (sorry, I'm Australian) because I can retrieve records with '(member=*)', but not '(member=c*)'. Further, this last case returns an error, rather than no records. I have been trying to write a recursive walk in perl-ldap to give a tree structured view of distribution lists in Exchange. To do this, I wanted to find entries whose 'memberof' attribute contained the dn of the known root of lists. So my problems have started. Regards Michael Glasson Manager of Messaging at an Australian Government office. ----- End forwarded message ----- |
|
From: Graham B. <gb...@po...> - 2000-07-18 18:02:16
|
----- Forwarded message from Kaouass Rachid <rka...@br...> ----- Date: Mon, 17 Jul 2000 10:50:15 +0200 From: Kaouass Rachid <rka...@br...> X-Mailer: Mozilla 4.51 [en] (X11; I; FreeBSD 3.2-RELEASE i386) To: gb...@po... Subject: Net::LDAP Hi, I am an new developper in LDAP, but I don't understand one thing : Why does the search method look in all the tree, instead of I give her a branche where to look ? sorry my english is not perfect :) But I don't understand the fact Ldap look in all the tree for something ? Tanks :) -- Rachid Kaouass Yep! ----- End forwarded message ----- |
|
From: <al...@ne...> - 2000-07-18 07:08:06
|
-- ------------------------------------------------------------ Antonio Lam Messaging Server Group Netscape Communications Corporation Email: al...@ne... Tel: 650-937-3803 ------------------------------------------------------------ |
|
From: Cliff C. <CC...@hi...> - 2000-07-17 18:28:11
|
Jim, thanks fo rthe input butI still can't seem to return any results. Are there any mechanisms in place for error checking that I may be missing? It seems like it should work, but I don't have any idea what's actually taking place when the script runs. Thanks again for your help.
Cliff Cloyd
Systems Administrator
Hillcrest Healthcare Systems
918.579.7781
cc...@hi...
>>> Jim Harle <ha...@us...> 07/13/00 01:39PM >>>
Cliff, here are at least some problems:
if (!$base ) { $base = "his.hhs"; {
this should be something like $base = "ou=his,o=hhs"
my $result = $ldap->search (
base => "$base",
scope => "sub",
filter => "$last",
s.b. filter => "(sn=$last)"
attrs => "$attrs",
s.b. attrs => $attrs,
);
--Jim Harle
US Naval Academy
|
|
From: Chris R. <Chr...@me...> - 2000-07-17 13:33:19
|
On Mon, 17 Jul 2000 07:55:12 CDT, Mark Wilcox wrote: > If you look in the contrib directory of the perl-ldap distribution you'll find > my group example code. > > The filter looks like: > member=uid=mewilcox,ou=people,dc=unt,dc=edu > > or if you want wildcard > member=uid=mewilcox,* > > or > member=*,ou=people,dc=unt,dc=edu > > The tricky part to remember is that a member of the group could itself be > another group! > > Mark > > "GLASSON,Michael" wrote: > > > Is there any trick to writing a filter to search for entries whose 'member' > > attribute has a particular value? That is, what does a filter to search for > > a dn in an attribute look like? This has got me stumped (sorry, I'm > > Australian) because I can retrieve records with '(member=*)', but not > > '(member=c*)'. Further, this last case returns an error, rather than no > > records. > > > > I have been trying to write a recursive walk in perl-ldap to give a tree > > structured view of distribution lists in Exchange. To do this, I wanted to > > find entries whose 'memberof' attribute contained the dn of the known root > > of lists. So my problems have started. > > The problem here is that you are trying to use an inappropriate matching rule in the directory. Asking for (member=*) is OK - the directory uses the equality matching rule whichis defined for the member attribute. Asking for (member=c*) is not OK - there is no defined substring matching rule for the member attribute. That's because the member values are *not* strings, but distinguished names. There is no substring matching rule for DNs, see RFC 2256 section 5.50. What you have to do is get the results of (member=*) and then select the required results from the returned values. You need to do this using knowledge of the string representation of DNs defined in RFC 2253, which is important because the same DN can have different string representations. So you need to perform some canonicalisation if you want to be correct. Cheers, Chris |
|
From: Chris R. <Chr...@me...> - 2000-07-17 13:22:18
|
On Mon, 17 Jul 2000 07:53:11 CDT, Mark Wilcox wrote: > To store certificate in an entry is simple. You simply slurp its into a > scalar (e.g. $certificate) as a binary and store in the > usercertificate;binary (there is an optional text representation under > LDAP v2, but I don't know it and everybody is now building their > products for binary). The LDAPv2 string representation was not optional, but it was so broken that nobody ever used it. You can basically assume that for an LDAPv2 server the value of the userCertificate attribute was the BER encoding of the certificate. (In LDAPv3 the value of the "userCertificate;binary" attribute is the BER encoding of the certificate.) > The certificate can either be encoded as DER (Distinguished Encoding > Rules) or PEM (Privacy Enhanced Mail), which essentially is BASE64 > encoded DER (though don't just Base64 DER and expect everything to work > ;), read up on it first through the openSSL mail archives). The directory *requires* the certificate to be the BER value - anything else is incorrect and will only work on broken LDAP servers. (Note I keep writing BER instead of DER :-) Cheers, Chris |
|
From: Mark W. <mew...@un...> - 2000-07-17 12:54:35
|
If you look in the contrib directory of the perl-ldap distribution you'll find my group example code. The filter looks like: member=uid=mewilcox,ou=people,dc=unt,dc=edu or if you want wildcard member=uid=mewilcox,* or member=*,ou=people,dc=unt,dc=edu The tricky part to remember is that a member of the group could itself be another group! Mark "GLASSON,Michael" wrote: > Is there any trick to writing a filter to search for entries whose 'member' > attribute has a particular value? That is, what does a filter to search for > a dn in an attribute look like? This has got me stumped (sorry, I'm > Australian) because I can retrieve records with '(member=*)', but not > '(member=c*)'. Further, this last case returns an error, rather than no > records. > > I have been trying to write a recursive walk in perl-ldap to give a tree > structured view of distribution lists in Exchange. To do this, I wanted to > find entries whose 'memberof' attribute contained the dn of the known root > of lists. So my problems have started. |
|
From: Mark W. <mew...@un...> - 2000-07-17 12:52:35
|
To store certificate in an entry is simple. You simply slurp its into a scalar (e.g. $certificate) as a binary and store in the usercertificate;binary (there is an optional text representation under LDAP v2, but I don't know it and everybody is now building their products for binary). The certificate can either be encoded as DER (Distinguished Encoding Rules) or PEM (Privacy Enhanced Mail), which essentially is BASE64 encoded DER (though don't just Base64 DER and expect everything to work ;), read up on it first through the openSSL mail archives). To work with certificates it's best to use openssl. There is a set of modules called openCA that make it easier to work with openssl. These modules aren't tied to the C API, but rather the openssl command line tool. I just stumbled upon them last week, I hope to play with them more when I get back. As for Apache, Apache can't automatically store certificates, that's the work of an LDAP application. You could write your application in mod_perl instead of traditional CGI. If you want to use certificates for authentication, check out mod_ssl. If you need to parse information from certificates after authentication in mod_perl, check out chapter 6 in the mod_perl book at www.modperl.com. Mark Rui Monteiro wrote: > Hello. > Sorry for introducing some noise in this but, anyone knows if there is > a perl/ldap module that allows Apache to store Digital Certificates in > LDAP ( Netscape Directory Services ) > > Thanks in advance > > Chris Ridd wrote: > >> On Thu, 13 Jul 2000 13:44:35 CDT, Mark Wilcox wrote: >> > What you'll need to do is look into the openSSL stuff to parse >> this out >> > for you. >> > >> > When you say you use Netscape, what do you >> > mean? Communicator? PerLDAP? the command line tools? >> > >> > Mark >> >> Well, you could also try using Convert::ASN1 to pick apart the >> certificate. If you can get the certificate (the binary value >> itself, >> not a Base-64 encoding of it or anything) into $val, then the >> following >> should print out something. >> >> use Convert::ASN1; >> use Convert::ASN1::Debug; >> >> Convert::ASN1::asn_dump(&STDOUT, $val); >> >> To get more selective info from the cert you need to get >> Convert::ASN1 >> to decode the value instead of just dumping it. To get that to >> happen >> you need the ASN.1 definition of certificates - the canonical >> definition is in a standard called X.509, but there are copies of >> the >> definition in some RFCs - RFC 2459 being the first one I could find. >> >> Cheers, >> >> Chris > > -- > Rui Monteiro WhatEverNet Computing, SA > rmo...@wh... Praca de Alvalade, 6 - Piso 6 > Phone: +351 21 7994200 1700 036 Lisboa - Portugal > Fax: +351 21 7994242 http://www.whatevernet.pt > > |
|
From: Rui M. <rmo...@wh...> - 2000-07-17 09:15:26
|
Hello. Sorry for introducing some noise in this but, anyone knows if there is a perl/ldap module that allows Apache to store Digital Certificates in LDAP ( Netscape Directory Services ) Thanks in advance Chris Ridd wrote: > On Thu, 13 Jul 2000 13:44:35 CDT, Mark Wilcox wrote: > > What you'll need to do is look into the openSSL stuff to parse this out > > for you. > > > > When you say you use Netscape, what do you > > mean? Communicator? PerLDAP? the command line tools? > > > > Mark > > Well, you could also try using Convert::ASN1 to pick apart the > certificate. If you can get the certificate (the binary value itself, > not a Base-64 encoding of it or anything) into $val, then the following > should print out something. > > use Convert::ASN1; > use Convert::ASN1::Debug; > > Convert::ASN1::asn_dump(&STDOUT, $val); > > To get more selective info from the cert you need to get Convert::ASN1 > to decode the value instead of just dumping it. To get that to happen > you need the ASN.1 definition of certificates - the canonical > definition is in a standard called X.509, but there are copies of the > definition in some RFCs - RFC 2459 being the first one I could find. > > Cheers, > > Chris -- Rui Monteiro WhatEverNet Computing, SA rmo...@wh... Praca de Alvalade, 6 - Piso 6 Phone: +351 21 7994200 1700 036 Lisboa - Portugal Fax: +351 21 7994242 http://www.whatevernet.pt |
|
From: Chris R. <Chr...@me...> - 2000-07-17 08:53:18
|
On Thu, 13 Jul 2000 13:44:35 CDT, Mark Wilcox wrote: > What you'll need to do is look into the openSSL stuff to parse this out > for you. > > When you say you use Netscape, what do you > mean? Communicator? PerLDAP? the command line tools? > > Mark Well, you could also try using Convert::ASN1 to pick apart the certificate. If you can get the certificate (the binary value itself, not a Base-64 encoding of it or anything) into $val, then the following should print out something. use Convert::ASN1; use Convert::ASN1::Debug; Convert::ASN1::asn_dump(&STDOUT, $val); To get more selective info from the cert you need to get Convert::ASN1 to decode the value instead of just dumping it. To get that to happen you need the ASN.1 definition of certificates - the canonical definition is in a standard called X.509, but there are copies of the definition in some RFCs - RFC 2459 being the first one I could find. Cheers, Chris |
|
From: Nguyen T. P. <Pho...@sd...> - 2000-07-17 08:21:29
|
Hi Mark, Thank you for your instruction. I now have the following RPM packages installed on my machine. perl-Convert-ASN1-0.07-1 perl-MIME-Base64-2.11-2 perl-MD5-1.7-2 perl-URI-1.02-2 perl-Net-LDAP-0.19-1 perl-5.00503-6 The perl-MD5 might be not correct because I don't see any Digest module, but I guest I still be able to perform a simple LDAP search. However when I did a simple LDAP search, I got error 89 (Bad filter?). I'm newbie to Perl so maybe I'm missing something. Please provide me with some help. Thanks. #!/usr/bin/perl #LDAP Headers use Getopt::Std; # To parse command line arguments. use Net::LDAP; # LULU, utilities. use Net::LDAP::Util; # LULU, utilities. use strict; no strict "vars"; $serverLDAP = "LDAP.sgn.vn"; $portLDAP = "389"; $base = 'o=sgn,c=vn'; $conn = Net::LDAP->new ($serverLDAP, port => $portLDAP) or die "$@"; $conn->debug(3); #$conn->bind (dn => 'cn=administrator, o=sgn, c=vn', passwd => 'secret') or die "$@"; $conn->bind () || die "$@"; $search = $conn->search($base, filter => '(uid=*)'); $code = $search->code; printf "Search code: %s, %s\n", $code, $search->error; warn "Search object: $search\n" if $code && die "$@"; $count = $search->count; print "Number of entries: $count\n"; $entry = $search->pop_entry; print "Entry object: $entry\n"; @entries = $search->entries(); print "@entries\n"; $conn->unbind(); ----- Original Message ----- From: Mark Wilcox <mew...@un...> To: Nguyen Thanh Phong <Pho...@sd...> Cc: <per...@ma...> Sent: Friday, July 14, 2000 9:04 PM Subject: Re: PerlLDAP with openLDAP > Yes you can connect with any LDAP compliant server. As per the > instructions at perl-ldap.sourceforge.net, you'll need Convert::ASN1 and > Net::LDAP. You'll need to install Mime::Base64 first if you don't already > have it. > > OPtionally you'll need Digest::MD5 and URI if you want to do CRAM-MD5 SASL > and parse LDAP urls. > > If you have the CPAN module installed on your machine you should be able > to do this: > perl -MCPAN -e 'install Net::LDAP' > > and that should install all of the necessary modules for you. > > > Mark > > > On Fri, 14 Jul 2000, Nguyen Thanh Phong wrote: > > > Hi, > > > > Can I use PerlLDAP to connect to openLDAP database? What packages I have to > > download to have this functionality? > > > > Nguyen Thanh Phong > > Saigon Software Development Company > > Email: pho...@sd... > > WWW: http://www.sdcgrp.com > > > > > > > > > > > > |
|
From: GLASSON,Michael <mic...@de...> - 2000-07-17 07:55:39
|
Is there any trick to writing a filter to search for entries whose 'member' attribute has a particular value? That is, what does a filter to search for a dn in an attribute look like? This has got me stumped (sorry, I'm Australian) because I can retrieve records with '(member=*)', but not '(member=c*)'. Further, this last case returns an error, rather than no records. I have been trying to write a recursive walk in perl-ldap to give a tree structured view of distribution lists in Exchange. To do this, I wanted to find entries whose 'memberof' attribute contained the dn of the known root of lists. So my problems have started. |
|
From: Pythagoras W. <py...@ec...> - 2000-07-15 22:28:03
|
On Sat, Jul 15, 2000 at 10:29:32AM -0500, Mark Wilcox wrote: :BTW the archives are at :http://www.geocrawler.com/lists/3/SourceForge/3482/0/ Note that I prefer the archive at: http://www.xray.mpe.mpg.de/mailing-lists/perl-ldap/ The SourceForge one subtly munges messages, particularly ones with code. In particular, apostrophes (') are turned into backticks (`) and newlines escapes (\n) are removed (and probably other escapes as well). The xray archive does not have that problem. I emailed the SourceForge maintainers about the apostrophes and got this response: Well, it's not done just for the fun of it. You can't easily insert ' into a database, so they are converted. To see what I mean, compare these two: http://www.geocrawler.com/lists/3/SourceForge/3482/0/4037255/ http://www.xray.mpe.mpg.de/mailing-lists/perl-ldap/2000-07/msg00069.html -- Py (Amateur Radio: KF6WFP) -- 3.141592653589793238462643383... Pythagoras Watson -- "Live long and may all your kernels pop." === py...@cs... ==== http://www.ecst.csuchico.edu/~py/ === |
|
From: Mark W. <mew...@un...> - 2000-07-15 15:29:05
|
You're attempting to add a new entry called "ou=People, dc=t3link, dc=com". Which is
not what I think what you want to do. It's most likely not working because the entry
already exists.
If you want to add a new entry, you need to give it a DN that does not exist yet such
as uid=mewilcox,ou=People,dc=t3link,dc=com.
Thus your example should look something like this:
my $result = $ldap->add (
dn => 'uid=lapuser2,ou=People, dc=t3link, dc=com',
attr => [ 'uid' => "ldapuser2",
'cn' => 'ldapuser2',
'userpassword' => 'blahaslbasdf',
'uidnumber' => 400,
'gidnumber' => 400,
'objectclass' => ['top', 'account',
'shadowAccount',
'posixAccount' ],
]
);
And error should be:
$result->code();
not
$result->error();
BTW the archives are at
http://www.geocrawler.com/lists/3/SourceForge/3482/0/
Mark
Jonathan Leto wrote:
> Hello all, I didn't see a place to look through archives, so if there is, I would
> greatly appreciate it.
>
> I have a simple script that looks like this:
>
> #!/usr/bin/perl -w
>
> use Net::LDAP qw(:all);
>
> $ldap = Net::LDAP->new("localhost") or die $@;
>
> my $msg = $ldap->bind(
> 'cn=Manager, dc=t3link, dc=com',
> password => "pass",
> );
>
> print "bind msg: " . $msg->code . "\n";
>
> my $result = $ldap->add (
> dn => 'ou=People, dc=t3link, dc=com',
> attr => [ 'uid' => "ldapuser2",
> 'cn' => 'ldapuser2',
> 'userpassword' => 'blahaslbasdf',
> 'uidnumber' => 400,
> 'gidnumber' => 400,
> 'objectclass' => ['top', 'account',
> 'shadowAccount',
> 'posixAccount' ],
> ]
> );
> print "ERROR:" . $result->error . "\n";
>
> For some reason, this has NO effect. None of the .dbb files change and doing a
> search with ldapsearch comes up empty. When using ldapadd with a comparable ldif
> file and the same user/pass, everything is fine. No error is printed out,
> and bind returns 0.
>
> I am using openldap 1.2.11 and Net::LDAP 0.19 on linux 2.2 .
>
> --
> jon...@le...
> "With pain comes clarity."
|
|
From: Jonathan L. <jon...@le...> - 2000-07-15 08:05:33
|
Hello all, I didn't see a place to look through archives, so if there is, I would
greatly appreciate it.
I have a simple script that looks like this:
#!/usr/bin/perl -w
use Net::LDAP qw(:all);
$ldap = Net::LDAP->new("localhost") or die $@;
my $msg = $ldap->bind(
'cn=Manager, dc=t3link, dc=com',
password => "pass",
);
print "bind msg: " . $msg->code . "\n";
my $result = $ldap->add (
dn => 'ou=People, dc=t3link, dc=com',
attr => [ 'uid' => "ldapuser2",
'cn' => 'ldapuser2',
'userpassword' => 'blahaslbasdf',
'uidnumber' => 400,
'gidnumber' => 400,
'objectclass' => ['top', 'account',
'shadowAccount',
'posixAccount' ],
]
);
print "ERROR:" . $result->error . "\n";
For some reason, this has NO effect. None of the .dbb files change and doing a
search with ldapsearch comes up empty. When using ldapadd with a comparable ldif
file and the same user/pass, everything is fine. No error is printed out,
and bind returns 0.
I am using openldap 1.2.11 and Net::LDAP 0.19 on linux 2.2 .
--
jon...@le...
"With pain comes clarity."
|
|
From: Mark W. <mew...@un...> - 2000-07-14 14:10:07
|
There's a set of patches Graham has that you need. I thought they were on
CVS on sourceforge, but someone has told me that they couldn't find them &
I haven't had a chance too look.
Mark
On Fri, 14 Jul 2000, Per [iso-8859-1] Møgelhøj wrote:
> I have tried to use the Net::LDAP::Paged module to do paged searches
> towards an LDAP v3 with this ext. control enabled.
>
> I have tried the following code:
>
> use Net::LDAP;
> use Net::LDAP::Control;
> use Net::LDAP::Control::Paged;
>
> $ldap = Net::LDAP->new('myhost') or die "$@";
>
> $ldap->bind( version => 3);
>
> $ctrl = Net::LDAP::Control::Paged->new(
> size => 2,
> cookie => "",
> critical =>1
> );
>
>
> $mesg = $ldap->search (
> base => "c=DK",
> filter => "(o=*)",
> control => $ctrl
> );
>
> $mesg->code && die $mesg->error;
> print $mesg->count,"\n";
>
> The debug output shows, that I receive the first page, but is not able
> to decode the pagedResultsControl.
> Perhaps it is a problem in Convert::ASN ?
>
> Net::LDAP=HASH(0x80cd61c) sending:
> Net::LDAP=HASH(0x80cd61c) received:
> 0000 30 12: SEQUENCE {
> 0002 02 1: INTEGER = 1
> 0005 61 7: [APPLICATION 1] {
> 0007 0A 1: ENUM = 0
> 000A 04 0: STRING = ''
> 000C 04 0: STRING = ''
> 000E : }
> 000E : }
> Net::LDAP=HASH(0x80cd61c) sending:
> Net::LDAP=HASH(0x80cd61c) received:
> 0000 30 362: SEQUENCE {
> 0004 02 1: INTEGER = 2
> 0007 64 355: [APPLICATION 4] {
> 000B 04 32: STRING = 'o=Deutsche Schule Feldstedt,c=dk'
> 002D 30 317: SEQUENCE {
> 0031 30 52: SEQUENCE {
> 0033 04 11: STRING = 'objectClass'
> 0040 31 37: SET {
> 0042 04 3: STRING = 'top'
> 0047 04 12: STRING = 'organization'
> 0055 04 16: STRING = 'snetOrganization'
> 0067 : }
> 0067 : }
> 0067 30 40: SEQUENCE {
> 0069 04 6: STRING = 'street'
> 0071 31 30: SET {
> 0073 04 28: STRING
> 0075 : 53 C3 B8 6E 64 65 72 62 6F 72 67 76 65 6A 20
> 31 S..nderborgvej 1
> 0085 : 32 31 20 2D 20 46 65 6C 73 74 65 64 __ __ __
> __ 21 - Felsted
> 0091 : }
> 0091 : }
> 0091 30 32: SEQUENCE {
> 0093 04 1: STRING = 'o'
> 0096 31 27: SET {
> 0098 04 25: STRING = 'Deutsche Schule Feldstedt'
> 00B3 : }
> 00B3 : }
> 00B3 30 27: SEQUENCE {
> 00B5 04 13: STRING = 'postalAddress'
> 00C4 31 10: SET {
> 00C6 04 8: STRING
> 00C8 : C3 85 62 65 6E 72 C3 A5 __ __ __ __ __ __ __
> __ ..benr..
> 00D0 : }
> 00D0 : }
> 00D0 30 20: SEQUENCE {
> 00D2 04 10: STRING = 'postalCode'
> 00DE 31 6: SET {
> 00E0 04 4: STRING = '6200'
> 00E6 : }
> 00E6 : }
> 00E6 30 29: SEQUENCE {
> 00E8 04 15: STRING = 'telephoneNumber'
> 00F9 31 10: SET {
> 00FB 04 8: STRING = '74685407'
> 0105 : }
> 0105 : }
> 0105 30 38: SEQUENCE {
> 0107 04 24: STRING = 'facsimileTelephoneNumber'
> 0121 31 10: SET {
> 0123 04 8: STRING = '74685407'
> 012D : }
> 012D : }
> 012D 30 33: SEQUENCE {
> 012F 04 21: STRING = 'snetInstitutionNumber'
> 0146 31 8: SET {
> 0148 04 6: STRING = '519006'
> 0150 : }
> 0150 : }
> 0150 30 28: SEQUENCE {
> 0152 04 19: STRING = 'snetInstitutionType'
> 0167 31 5: SET {
> 0169 04 3: STRING = '121'
> 016E : }
> 016E : }
> 016E : }
> 016E : }
> 016E : }
> Net::LDAP=HASH(0x80cd61c) received:
> 0000 30 410: SEQUENCE {
> 0004 02 1: INTEGER = 2
> 0007 64 403: [APPLICATION 4] {
> 000B 04 20: STRING
> 000D : 6F 3D 56 65 64 62 C3 A6 6B 20 53 6B 6F 6C 65 2C
> o=Vedb..k Skole,
> 001D : 63 3D 64 6B __ __ __ __ __ __ __ __ __ __ __ __ c=dk
>
> 0021 30 377: SEQUENCE {
> 0025 30 33: SEQUENCE {
> 0027 04 4: STRING = 'mail'
> 002D 31 25: SET {
> 002F 04 23: STRING = 'ved...@po...'
> 0048 : }
> 0048 : }
> 0048 30 52: SEQUENCE {
> 004A 04 11: STRING = 'objectClass'
> 0057 31 37: SET {
> 0059 04 3: STRING = 'top'
> 005E 04 12: STRING = 'organization'
> 006C 04 16: STRING = 'snetOrganization'
> 007E : }
> 007E : }
> 007E 30 31: SEQUENCE {
> 0080 04 6: STRING = 'street'
> 0088 31 21: SET {
> 008A 04 19: STRING = 'Henriksholms Alle 2'
> 009F : }
> 009F : }
> 009F 30 20: SEQUENCE {
> 00A1 04 1: STRING = 'o'
> 00A4 31 15: SET {
> 00A6 04 13: STRING
> 00A8 : 56 65 64 62 C3 A6 6B 20 53 6B 6F 6C 65 __ __
> __ Vedb..k Skole
> 00B5 : }
> 00B5 : }
> 00B5 30 26: SEQUENCE {
> 00B7 04 13: STRING = 'postalAddress'
> 00C6 31 9: SET {
> 00C8 04 7: STRING
> 00CA : 56 65 64 62 C3 A6 6B __ __ __ __ __ __ __ __
> __ Vedb..k
> 00D1 : }
> 00D1 : }
> 00D1 30 20: SEQUENCE {
> 00D3 04 10: STRING = 'postalCode'
> 00DF 31 6: SET {
> 00E1 04 4: STRING = '2950'
> 00E7 : }
> 00E7 : }
> 00E7 30 29: SEQUENCE {
> 00E9 04 15: STRING = 'telephoneNumber'
> 00FA 31 10: SET {
> 00FC 04 8: STRING = '45893355'
> 0106 : }
> 0106 : }
> 0106 30 38: SEQUENCE {
> 0108 04 24: STRING = 'facsimileTelephoneNumber'
> 0122 31 10: SET {
> 0124 04 8: STRING = '45893350'
> 012E : }
> 012E : }
> 012E 30 33: SEQUENCE {
> 0130 04 21: STRING = 'snetInstitutionNumber'
> 0147 31 8: SET {
> 0149 04 6: STRING = '181007'
> 0151 : }
> 0151 : }
> 0151 30 28: SEQUENCE {
> 0153 04 19: STRING = 'snetInstitutionType'
> 0168 31 5: SET {
> 016A 04 3: STRING = '121'
> 016F : }
> 016F : }
> 016F 30 45: SEQUENCE {
> 0171 04 12: STRING = 'snetHomePage'
> 017F 31 29: SET {
> 0181 04 27: STRING = 'http://www.vedbaekskole.dk/'
> 019E : }
> 019E : }
> 019E : }
> 019E : }
> 019E : }
> Net::LDAP=HASH(0x80cd61c) received:
> 0000 30 51: SEQUENCE {
> 0002 02 1: INTEGER = 2
> 0005 65 7: [APPLICATION 5] {
> 0007 0A 1: ENUM = 11
> 000A 04 0: STRING = ''
> 000C 04 0: STRING = ''
> 000E : }
> 000E A0 37: [CONTEXT 0] {
> 0010 30 35: SEQUENCE {
> 0012 04 22: STRING = '1.2.840.113556.1.4.319'
> 002A 04 9: STRING
> 002C : 30 07 02 01 00 04 02 33 30 __ __ __ __ __ __ __
> 0......30
> 0035 : }
> 0035 : }
> 0035 : }
> decode error at /usr/lib/perl5/site_perl/5.005/Convert/ASN1/_decode.pm
> line 63
> --
>
> Per Møgelhøj
>
> UNI-C
> Vermundsgade 5
> DK 2100 Kbn Ø
>
> Phone: +45 35 87 88 63
> Fax: +45 35 87 88 90
> Email: Per...@un...
>
>
>
>
|
|
From: Mark W. <mew...@un...> - 2000-07-14 14:08:23
|
Yes you can connect with any LDAP compliant server. As per the instructions at perl-ldap.sourceforge.net, you'll need Convert::ASN1 and Net::LDAP. You'll need to install Mime::Base64 first if you don't already have it. OPtionally you'll need Digest::MD5 and URI if you want to do CRAM-MD5 SASL and parse LDAP urls. If you have the CPAN module installed on your machine you should be able to do this: perl -MCPAN -e 'install Net::LDAP' and that should install all of the necessary modules for you. Mark On Fri, 14 Jul 2000, Nguyen Thanh Phong wrote: > Hi, > > Can I use PerlLDAP to connect to openLDAP database? What packages I have to > download to have this functionality? > > Nguyen Thanh Phong > Saigon Software Development Company > Email: pho...@sd... > WWW: http://www.sdcgrp.com > > > > > |
|
From: Per <per...@un...> - 2000-07-14 12:32:42
|
I have tried to use the Net::LDAP::Paged module to do paged searches
towards an LDAP v3 with this ext. control enabled.
I have tried the following code:
use Net::LDAP;
use Net::LDAP::Control;
use Net::LDAP::Control::Paged;
$ldap = Net::LDAP->new('myhost') or die "$@";
$ldap->bind( version => 3);
$ctrl = Net::LDAP::Control::Paged->new(
size => 2,
cookie => "",
critical =>1
);
$mesg = $ldap->search (
base => "c=DK",
filter => "(o=*)",
control => $ctrl
);
$mesg->code && die $mesg->error;
print $mesg->count,"\n";
The debug output shows, that I receive the first page, but is not able
to decode the pagedResultsControl.
Perhaps it is a problem in Convert::ASN ?
Net::LDAP=HASH(0x80cd61c) sending:
Net::LDAP=HASH(0x80cd61c) received:
0000 30 12: SEQUENCE {
0002 02 1: INTEGER = 1
0005 61 7: [APPLICATION 1] {
0007 0A 1: ENUM = 0
000A 04 0: STRING = ''
000C 04 0: STRING = ''
000E : }
000E : }
Net::LDAP=HASH(0x80cd61c) sending:
Net::LDAP=HASH(0x80cd61c) received:
0000 30 362: SEQUENCE {
0004 02 1: INTEGER = 2
0007 64 355: [APPLICATION 4] {
000B 04 32: STRING = 'o=Deutsche Schule Feldstedt,c=dk'
002D 30 317: SEQUENCE {
0031 30 52: SEQUENCE {
0033 04 11: STRING = 'objectClass'
0040 31 37: SET {
0042 04 3: STRING = 'top'
0047 04 12: STRING = 'organization'
0055 04 16: STRING = 'snetOrganization'
0067 : }
0067 : }
0067 30 40: SEQUENCE {
0069 04 6: STRING = 'street'
0071 31 30: SET {
0073 04 28: STRING
0075 : 53 C3 B8 6E 64 65 72 62 6F 72 67 76 65 6A 20
31 S..nderborgvej 1
0085 : 32 31 20 2D 20 46 65 6C 73 74 65 64 __ __ __
__ 21 - Felsted
0091 : }
0091 : }
0091 30 32: SEQUENCE {
0093 04 1: STRING = 'o'
0096 31 27: SET {
0098 04 25: STRING = 'Deutsche Schule Feldstedt'
00B3 : }
00B3 : }
00B3 30 27: SEQUENCE {
00B5 04 13: STRING = 'postalAddress'
00C4 31 10: SET {
00C6 04 8: STRING
00C8 : C3 85 62 65 6E 72 C3 A5 __ __ __ __ __ __ __
__ ..benr..
00D0 : }
00D0 : }
00D0 30 20: SEQUENCE {
00D2 04 10: STRING = 'postalCode'
00DE 31 6: SET {
00E0 04 4: STRING = '6200'
00E6 : }
00E6 : }
00E6 30 29: SEQUENCE {
00E8 04 15: STRING = 'telephoneNumber'
00F9 31 10: SET {
00FB 04 8: STRING = '74685407'
0105 : }
0105 : }
0105 30 38: SEQUENCE {
0107 04 24: STRING = 'facsimileTelephoneNumber'
0121 31 10: SET {
0123 04 8: STRING = '74685407'
012D : }
012D : }
012D 30 33: SEQUENCE {
012F 04 21: STRING = 'snetInstitutionNumber'
0146 31 8: SET {
0148 04 6: STRING = '519006'
0150 : }
0150 : }
0150 30 28: SEQUENCE {
0152 04 19: STRING = 'snetInstitutionType'
0167 31 5: SET {
0169 04 3: STRING = '121'
016E : }
016E : }
016E : }
016E : }
016E : }
Net::LDAP=HASH(0x80cd61c) received:
0000 30 410: SEQUENCE {
0004 02 1: INTEGER = 2
0007 64 403: [APPLICATION 4] {
000B 04 20: STRING
000D : 6F 3D 56 65 64 62 C3 A6 6B 20 53 6B 6F 6C 65 2C
o=Vedb..k Skole,
001D : 63 3D 64 6B __ __ __ __ __ __ __ __ __ __ __ __ c=dk
0021 30 377: SEQUENCE {
0025 30 33: SEQUENCE {
0027 04 4: STRING = 'mail'
002D 31 25: SET {
002F 04 23: STRING = 'ved...@po...'
0048 : }
0048 : }
0048 30 52: SEQUENCE {
004A 04 11: STRING = 'objectClass'
0057 31 37: SET {
0059 04 3: STRING = 'top'
005E 04 12: STRING = 'organization'
006C 04 16: STRING = 'snetOrganization'
007E : }
007E : }
007E 30 31: SEQUENCE {
0080 04 6: STRING = 'street'
0088 31 21: SET {
008A 04 19: STRING = 'Henriksholms Alle 2'
009F : }
009F : }
009F 30 20: SEQUENCE {
00A1 04 1: STRING = 'o'
00A4 31 15: SET {
00A6 04 13: STRING
00A8 : 56 65 64 62 C3 A6 6B 20 53 6B 6F 6C 65 __ __
__ Vedb..k Skole
00B5 : }
00B5 : }
00B5 30 26: SEQUENCE {
00B7 04 13: STRING = 'postalAddress'
00C6 31 9: SET {
00C8 04 7: STRING
00CA : 56 65 64 62 C3 A6 6B __ __ __ __ __ __ __ __
__ Vedb..k
00D1 : }
00D1 : }
00D1 30 20: SEQUENCE {
00D3 04 10: STRING = 'postalCode'
00DF 31 6: SET {
00E1 04 4: STRING = '2950'
00E7 : }
00E7 : }
00E7 30 29: SEQUENCE {
00E9 04 15: STRING = 'telephoneNumber'
00FA 31 10: SET {
00FC 04 8: STRING = '45893355'
0106 : }
0106 : }
0106 30 38: SEQUENCE {
0108 04 24: STRING = 'facsimileTelephoneNumber'
0122 31 10: SET {
0124 04 8: STRING = '45893350'
012E : }
012E : }
012E 30 33: SEQUENCE {
0130 04 21: STRING = 'snetInstitutionNumber'
0147 31 8: SET {
0149 04 6: STRING = '181007'
0151 : }
0151 : }
0151 30 28: SEQUENCE {
0153 04 19: STRING = 'snetInstitutionType'
0168 31 5: SET {
016A 04 3: STRING = '121'
016F : }
016F : }
016F 30 45: SEQUENCE {
0171 04 12: STRING = 'snetHomePage'
017F 31 29: SET {
0181 04 27: STRING = 'http://www.vedbaekskole.dk/'
019E : }
019E : }
019E : }
019E : }
019E : }
Net::LDAP=HASH(0x80cd61c) received:
0000 30 51: SEQUENCE {
0002 02 1: INTEGER = 2
0005 65 7: [APPLICATION 5] {
0007 0A 1: ENUM = 11
000A 04 0: STRING = ''
000C 04 0: STRING = ''
000E : }
000E A0 37: [CONTEXT 0] {
0010 30 35: SEQUENCE {
0012 04 22: STRING = '1.2.840.113556.1.4.319'
002A 04 9: STRING
002C : 30 07 02 01 00 04 02 33 30 __ __ __ __ __ __ __
0......30
0035 : }
0035 : }
0035 : }
decode error at /usr/lib/perl5/site_perl/5.005/Convert/ASN1/_decode.pm
line 63
--
Per Møgelhøj
UNI-C
Vermundsgade 5
DK 2100 Kbn Ø
Phone: +45 35 87 88 63
Fax: +45 35 87 88 90
Email: Per...@un...
|
|
From: Nguyen T. P. <Pho...@sd...> - 2000-07-14 04:34:14
|
Hi, Can I use PerlLDAP to connect to openLDAP database? What packages I have to download to have this functionality? Nguyen Thanh Phong Saigon Software Development Company Email: pho...@sd... WWW: http://www.sdcgrp.com |
|
From: Mark W. <mew...@un...> - 2000-07-13 18:48:36
|
What you'll need to do is look into the openSSL stuff to parse this out for you. When you say you use Netscape, what do you mean? Communicator? PerLDAP? the command line tools? Mark On Thu, 13 Jul 2000, Johnson, Phil wrote: > Is there a utility or module that would assist in displaying User > Certificate information from LDAP? > > I notice that when I use Netscape to make an LDAP query, it returns this > nicely formatted text that lists the owner, issuer, serial number etc. > > When I get the certificate info back from Net::LDAP, it remains in its > binary form. > I've tried using Base64 and also BER, but since I don't know too much about > them, I'm hitting a wall. I've also searched and have found no published > examples of breaking this info out. > > Thanks > > Phil > > > > |
|
From: Johnson, P. <Phi...@fm...> - 2000-07-13 18:41:43
|
Is there a utility or module that would assist in displaying User Certificate information from LDAP? I notice that when I use Netscape to make an LDAP query, it returns this nicely formatted text that lists the owner, issuer, serial number etc. When I get the certificate info back from Net::LDAP, it remains in its binary form. I've tried using Base64 and also BER, but since I don't know too much about them, I'm hitting a wall. I've also searched and have found no published examples of breaking this info out. Thanks Phil |
|
From: Jim H. <ha...@us...> - 2000-07-13 18:39:41
|
Cliff, here are at least some problems:
if (!$base ) { $base = "his.hhs"; {
this should be something like $base = "ou=his,o=hhs"
my $result = $ldap->search (
base => "$base",
scope => "sub",
filter => "$last",
s.b. filter => "(sn=$last)"
attrs => "$attrs",
s.b. attrs => $attrs,
);
--Jim Harle
US Naval Academy
|
|
From: Cliff C. <CC...@hi...> - 2000-07-13 18:13:03
|
Hello all. I am pretty new to perl and even newer to perl-ldap and I am having a problem trying to access Novell NDS/LDAP with a simple query. The script doesn't error out, but it does not display any results. I am unsure how to tell what is going on, and would appreciate any suggestions on script advice that anyone would be willing to share. My goal is to utilize our NDS tree for a simple employee search on our intranet. I have included the script that I am trying to use. Thanks for the help.
#!/usr/bin/perl -w
require "/home/httpd/cgi-bin/formlib.pl";
use Net::LDAP qw(:all);
use Net::LDAP::Util qw(ldap_error_name
ldap_error_text);
$| = 1;
&GetFormArgs();
$ENV{PATH_INFO} ne '' && &GetPathArgs($ENV{PATH_INFO});
$ldap = Net::LDAP->new("mail.hillcrest.com") or die "$@";
$mesg = $ldap->bind( version => 3 );
print "Content-Type: text/html\n\n";
print <<"EOM";
<HTML>
<HEAD>
<TITLE>Employee Database Search</TITLE>
</HEAD>
<P><HR<P>
</BODY>
</HTML>
EOM
unless ( $in{first} && ($in{last} )) {
print <<"EOM";
<H1>OOPS!</H1><P> You need to enter a first and last name</H1><P>
<A HREF="http://is.hillcrest.com/test.html">
Click Here</A> to return to the search form.
EOM
} else {
$first = ($in{first});
$last = ($in{last});{
if ( $result->code ) {
#
# if we've got an error... record it
#
LDAPerror("Searching",$result);
}
my @Attrs = (); # request all available attributes
# to be returned.
my $result = LDAPsearch($ldap,"sn=*",\@Attrs);
#------------
#
# handle each of the results independently
# ... i.e. using the walk through method
#
my @entries = $result->entries;
print @entries;
my $entr ;
foreach $entr ( @entries )
{
print "DN: ",$entr->dn,"\n";
#my @attrs = sort $entr->attributes;
my $attr;
foreach $attr ( sort $entr->attributes ){
#skip binary we can't handle
next if ( $attr =~ /;binary$/ );
print " $attr : ",$entr->get($attr),"\n";
}
#print "@attrs\n";
print "#-------------------------------\n";
}
#
# end of walk through method
#------------
sub LDAPsearch
{
my ($ldap,$last,$attrs,$base) = @_ ;
# if they don't pass a base... set it for them
if (!$base ) { $base = "his.hhs"; {
# if they don't pass an array of attributes...
# set up something for them
if (!$attrs ) { $attrs = ['cn','mail' ]; {
my $result = $ldap->search (
base => "$base",
scope => "sub",
filter => "$last",
attrs => "$attrs",
);
}
}
sub LDAPerror
{
my ($from,$mesg) = @_;
print "Return code: ",$mesg->code ;
print "\tMessage: ", ldap_error_name($mesg->code);
print " :", ldap_error_text($mesg->code);
print "MessageID: ",$mesg->mesg_id;
print "\tDN: ",$mesg->dn;
#---
# Programmer note:
#
# "$mesg->error" DOESN'T work!!!
#
#print "\tMessage: ", $mesg->error;
#-----
}
}
}
}
}
}
Cliff Cloyd
Systems Administrator
Hillcrest Healthcare Systems
918.579.7781
cc...@hi...
|
7902 messages has been excluded from this view by a project administrator.
