Menu
▾
▴
perl-ldap-dev
You can subscribe to this list here.
| 2000 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(200) |
Jun
(129) |
Jul
(184) |
Aug
(204) |
Sep
(106) |
Oct
(79) |
Nov
(72) |
Dec
(54) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2001 |
Jan
(83) |
Feb
(123) |
Mar
(84) |
Apr
(184) |
May
(106) |
Jun
(111) |
Jul
(104) |
Aug
(91) |
Sep
(59) |
Oct
(99) |
Nov
(100) |
Dec
(37) |
| 2002 |
Jan
(148) |
Feb
(88) |
Mar
(85) |
Apr
(151) |
May
(80) |
Jun
(110) |
Jul
(85) |
Aug
(43) |
Sep
(64) |
Oct
(89) |
Nov
(59) |
Dec
(42) |
| 2003 |
Jan
(129) |
Feb
(104) |
Mar
(162) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Kurt D. Z. <Ku...@Op...> - 2000-07-13 17:43:11
|
At 11:22 AM 7/13/00 -0500, Mark Wilcox wrote:
>YOu can pass multiple values in a replace like this:
>
>my $new_values = ['one','two','three'];
>
>$ldap->modify($dn,replace => { my_attr => $new_values});
>
>mark
Note that you should be able to selective delete values
and add new values in the same modify operation. A replace
may often be used instead, but it does have different
semantics.
>On Thu, 13 Jul 2000, Arvid Requate wrote:
>
>> Hi fellow perl-ldapers,
>>
>> I get the errormessage
>> "Unrecognized version number or incorrect PDU structure"
>> when doing a a modify with the following code:
>> #-------------------------------------------------------------------------
>> $result = $ldap->modify($dn,
>> changes => [
>> delete => [ $attrib => $attrib_value_orig ],
>> add => [ $attrib => $attrib_value ]
>> ]
>> );
>> #-------------------------------------------------------------------------
>>
>> while a simple replace like the following works (but I can't use that
>> with multivalued attributes, can I?):
>>
>> #-------------------------------------------------------------------------
>> $result = $ldap->modify($dn, replace => { $attrib => $attrib_value } );
>> #-------------------------------------------------------------------------
>>
>> I'm using perl-ldap-0.19 and openldap 1.2.11
>>
>> Happy ldaping
>> Arvid
>>
>>
>>
|
|
From: Clif H. <cl...@di...> - 2000-07-13 17:04:24
|
> > Hi, > If Graham or I am slow to respond for the next few days, it's probably > only because we're getting ready to head off to the O'Reilly conference. I > know my email access will be limited (I don't know about Graham). > > Hope to meet some of y'all there! > > Mark > Look for us a Peter B's, its a brew pub/restaurant on the back side of the Doubletree Hotel! Later, Clif Harden INTERNET: c-h...@ti... |
|
From: Mark W. <mew...@un...> - 2000-07-13 16:33:11
|
Hi, If Graham or I am slow to respond for the next few days, it's probably only because we're getting ready to head off to the O'Reilly conference. I know my email access will be limited (I don't know about Graham). Hope to meet some of y'all there! Mark |
|
From: Mark W. <mew...@un...> - 2000-07-13 16:32:10
|
YOu can pass multiple values in a replace like this:
my $new_values = ['one','two','three'];
$ldap->modify($dn,replace => { my_attr => $new_values});
mark
On Thu, 13 Jul 2000, Arvid Requate wrote:
> Hi fellow perl-ldapers,
>
> I get the errormessage
> "Unrecognized version number or incorrect PDU structure"
> when doing a a modify with the following code:
> #-------------------------------------------------------------------------
> $result = $ldap->modify($dn,
> changes => [
> delete => [ $attrib => $attrib_value_orig ],
> add => [ $attrib => $attrib_value ]
> ]
> );
> #-------------------------------------------------------------------------
>
> while a simple replace like the following works (but I can't use that
> with multivalued attributes, can I?):
>
> #-------------------------------------------------------------------------
> $result = $ldap->modify($dn, replace => { $attrib => $attrib_value } );
> #-------------------------------------------------------------------------
>
> I'm using perl-ldap-0.19 and openldap 1.2.11
>
> Happy ldaping
> Arvid
>
>
>
|
|
From: Arvid R. <ar...@Te...> - 2000-07-13 08:53:48
|
Hi fellow perl-ldapers,
I get the errormessage
"Unrecognized version number or incorrect PDU structure"
when doing a a modify with the following code:
#-------------------------------------------------------------------------
$result = $ldap->modify($dn,
changes => [
delete => [ $attrib => $attrib_value_orig ],
add => [ $attrib => $attrib_value ]
]
);
#-------------------------------------------------------------------------
while a simple replace like the following works (but I can't use that
with multivalued attributes, can I?):
#-------------------------------------------------------------------------
$result = $ldap->modify($dn, replace => { $attrib => $attrib_value } );
#-------------------------------------------------------------------------
I'm using perl-ldap-0.19 and openldap 1.2.11
Happy ldaping
Arvid
|
|
From: Mark W. <mew...@un...> - 2000-07-12 21:36:18
|
What type of server?
What's the output of $ldap->debug(3);
mark
On Tue, 11 Jul 2000, Safford, Brian wrote:
> With the following code snippet I "borrowed" from a posting from a few days
> ago:
>
> ------ snip --------
> #!/usr/local/bin/perl
>
> use Net::LDAP;
> use MIME::Base64;
> use Net::LDAP::Control;
> use Net::LDAP::Constant qw( LDAP_CONTROL_PAGED LDAP_CONTROL_SORTREQUEST );
>
> $page = Net::LDAP::Control->new( LDAP_CONTROL_PAGED, size => 50);
> $sort = Net::LDAP::Control->new( LDAP_CONTROL_SORTREQUEST,
> order => 'mail');
>
> @args = ( base => "ou=smtp,ou=gm,ou=messaging,o=eds,c=us",
> scope => "subtree",
> filter => "(objectClass=edsMailbox)",
> control => [ $sort, $page ] );
>
> while (($mesg = $LDAP->search( @args ))) {
> print_subnet($_) foreach $mesg->entries;
> last if $mesg->count < $page->size;
> ($resp) = $mesg->control( LDAP_CONTROL_PAGED );
> $page->cookie($resp->cookie);
> }
> -------- snip --------
>
> I receive the error (after the first 50 entries are displayed):
>
> Can't call method "cookie" on an undefined value at paged.pl line 46.
>
> where line 46 is "$page->cookie($resp->cookie);"
>
> I'm using ActiveState Perl 5.005_03, with perl-ldap 0.19, and Convert-ASN1
> 0.07.
>
> Any help would be greatly appreciated.
>
> Regards,
>
> Brian Safford
> EDS - E.solutions - E.messaging
>
>
>
>
|
|
From: Mike S. <msc...@bo...> - 2000-07-12 21:08:41
|
I want to remove three objectclasses and twenty-three attributetypes. Mike -----Original Message----- From: Jim Harle [mailto:ha...@us...] Sent: Wednesday, July 12, 2000 3:51 PM To: Mike Schatzabel Cc: LDAP Mailing List Subject: RE: [Fwd] retrieve perl-ldap schema and ldap search Mike, I haven't tried that yet, but will try to move you forward a bit. The first questions is: what do you wan't to remove from the schema - an entire object class or an attribute or something else? --Jim On Wed, 12 Jul 2000, Mike Schatzabel wrote: > Jim, > > I'm new to LDAP and very new to perl-ldap, so please forgive my ignorance > ahead of time. > Do you happen to know of a way to delete items from the schema? > I'm using your script to retrieve the schema from an NDS server, and I'm > then taking part of the search result and attempting to delete a few > objectclasses and attributetypes. > > I don't think that $ldap->delete( $dn ); will do it for me. > > Any help you could give would be greatly appreciated. > > thanks, > > Mike Schatzabel > Software Quality Engineer > Bowstreet > > -----Original Message----- > From: Jim Harle [mailto:ha...@us...] > Sent: Thursday, June 29, 2000 2:47 PM > To: Eric Zhou > Cc: LDAP Mailing List > Subject: Re: [Fwd] retrieve perl-ldap schema and ldap search > > > Eric, > I have attached code that will find all attributes without using > ldap->schema(). > > For your second question, it depends on what you want to really search > for. If all you want to know is whether an object of a given dn exists, > you can use code like > $mesg = $ldap->search ( > base => $testdn, > scope => 0, > filter => "(objectclass=*)" ); > If the search succeeds, $testdn already exists. > > If you, however, want to make sure that you are adding an object where the > lowest level of the dn is unique, the search is different. This might be > when you are looking to add a user with uid=joe, but you want to make sure > that not only is there not a "joe" in dept1, but not anywhere. If this is > the case, then you need to make sure that all your users have a uid > attribute, not just uid as part of the dn. Then the search becomes > $mesg = $ldap->search ( > base => $normalbase > filter => "(uid=$testuid)" ); > > Jim Harle > US Naval Academy > > > On Thu, 29 Jun 2000, Graham Barr wrote: > > > ----- Forwarded message from Eric Zhou <eri...@ya...> ----- > > > > Date: Thu, 29 Jun 2000 10:55:36 -0700 (PDT) > > From: Eric Zhou <eri...@ya...> > > Subject: retrieve perl-ldap schema and ldap search > > To: Graham Barr <gb...@po...> > > > > hi,Graham: > > > > remember I asked you an address the other day about > > two perl module. I am still not that far yet. > > I have been able to use ldap->add() and ldap->modify() > > function to do some simple stuff. > > > > do you have some handy example of how to use > > ldap->schema to retrieve schema of ldap tree? > > the other thing is that I don't quite understand > > your ldap->search() doing. because I wish to search > > and dn in the ldap tree and see if it is there before > > I insert it. do I suppose to use ldap->search() or > > ldap->compare(). > > > > > > thank you very much. > > > > Eric > > > > > > __________________________________________________ > > Do You Yahoo!? > > Get Yahoo! Mail - Free email you can access from anywhere! > > http://mail.yahoo.com/ > > > > ----- End forwarded message ----- > > > > > |
|
From: Jim H. <ha...@us...> - 2000-07-12 19:56:52
|
Mike, I haven't tried that yet, but will try to move you forward a bit. The first questions is: what do you wan't to remove from the schema - an entire object class or an attribute or something else? --Jim On Wed, 12 Jul 2000, Mike Schatzabel wrote: > Jim, > > I'm new to LDAP and very new to perl-ldap, so please forgive my ignorance > ahead of time. > Do you happen to know of a way to delete items from the schema? > I'm using your script to retrieve the schema from an NDS server, and I'm > then taking part of the search result and attempting to delete a few > objectclasses and attributetypes. > > I don't think that $ldap->delete( $dn ); will do it for me. > > Any help you could give would be greatly appreciated. > > thanks, > > Mike Schatzabel > Software Quality Engineer > Bowstreet > > -----Original Message----- > From: Jim Harle [mailto:ha...@us...] > Sent: Thursday, June 29, 2000 2:47 PM > To: Eric Zhou > Cc: LDAP Mailing List > Subject: Re: [Fwd] retrieve perl-ldap schema and ldap search > > > Eric, > I have attached code that will find all attributes without using > ldap->schema(). > > For your second question, it depends on what you want to really search > for. If all you want to know is whether an object of a given dn exists, > you can use code like > $mesg = $ldap->search ( > base => $testdn, > scope => 0, > filter => "(objectclass=*)" ); > If the search succeeds, $testdn already exists. > > If you, however, want to make sure that you are adding an object where the > lowest level of the dn is unique, the search is different. This might be > when you are looking to add a user with uid=joe, but you want to make sure > that not only is there not a "joe" in dept1, but not anywhere. If this is > the case, then you need to make sure that all your users have a uid > attribute, not just uid as part of the dn. Then the search becomes > $mesg = $ldap->search ( > base => $normalbase > filter => "(uid=$testuid)" ); > > Jim Harle > US Naval Academy > > > On Thu, 29 Jun 2000, Graham Barr wrote: > > > ----- Forwarded message from Eric Zhou <eri...@ya...> ----- > > > > Date: Thu, 29 Jun 2000 10:55:36 -0700 (PDT) > > From: Eric Zhou <eri...@ya...> > > Subject: retrieve perl-ldap schema and ldap search > > To: Graham Barr <gb...@po...> > > > > hi,Graham: > > > > remember I asked you an address the other day about > > two perl module. I am still not that far yet. > > I have been able to use ldap->add() and ldap->modify() > > function to do some simple stuff. > > > > do you have some handy example of how to use > > ldap->schema to retrieve schema of ldap tree? > > the other thing is that I don't quite understand > > your ldap->search() doing. because I wish to search > > and dn in the ldap tree and see if it is there before > > I insert it. do I suppose to use ldap->search() or > > ldap->compare(). > > > > > > thank you very much. > > > > Eric > > > > > > __________________________________________________ > > Do You Yahoo!? > > Get Yahoo! Mail - Free email you can access from anywhere! > > http://mail.yahoo.com/ > > > > ----- End forwarded message ----- > > > > > |
|
From: Mike S. <msc...@bo...> - 2000-07-12 18:46:21
|
Jim,
I'm new to LDAP and very new to perl-ldap, so please forgive my ignorance
ahead of time.
Do you happen to know of a way to delete items from the schema?
I'm using your script to retrieve the schema from an NDS server, and I'm
then taking part of the search result and attempting to delete a few
objectclasses and attributetypes.
I don't think that $ldap->delete( $dn ); will do it for me.
Any help you could give would be greatly appreciated.
thanks,
Mike Schatzabel
Software Quality Engineer
Bowstreet
-----Original Message-----
From: Jim Harle [mailto:ha...@us...]
Sent: Thursday, June 29, 2000 2:47 PM
To: Eric Zhou
Cc: LDAP Mailing List
Subject: Re: [Fwd] retrieve perl-ldap schema and ldap search
Eric,
I have attached code that will find all attributes without using
ldap->schema().
For your second question, it depends on what you want to really search
for. If all you want to know is whether an object of a given dn exists,
you can use code like
$mesg = $ldap->search (
base => $testdn,
scope => 0,
filter => "(objectclass=*)" );
If the search succeeds, $testdn already exists.
If you, however, want to make sure that you are adding an object where the
lowest level of the dn is unique, the search is different. This might be
when you are looking to add a user with uid=joe, but you want to make sure
that not only is there not a "joe" in dept1, but not anywhere. If this is
the case, then you need to make sure that all your users have a uid
attribute, not just uid as part of the dn. Then the search becomes
$mesg = $ldap->search (
base => $normalbase
filter => "(uid=$testuid)" );
Jim Harle
US Naval Academy
On Thu, 29 Jun 2000, Graham Barr wrote:
> ----- Forwarded message from Eric Zhou <eri...@ya...> -----
>
> Date: Thu, 29 Jun 2000 10:55:36 -0700 (PDT)
> From: Eric Zhou <eri...@ya...>
> Subject: retrieve perl-ldap schema and ldap search
> To: Graham Barr <gb...@po...>
>
> hi,Graham:
>
> remember I asked you an address the other day about
> two perl module. I am still not that far yet.
> I have been able to use ldap->add() and ldap->modify()
> function to do some simple stuff.
>
> do you have some handy example of how to use
> ldap->schema to retrieve schema of ldap tree?
> the other thing is that I don't quite understand
> your ldap->search() doing. because I wish to search
> and dn in the ldap tree and see if it is there before
> I insert it. do I suppose to use ldap->search() or
> ldap->compare().
>
>
> thank you very much.
>
> Eric
>
>
> __________________________________________________
> Do You Yahoo!?
> Get Yahoo! Mail - Free email you can access from anywhere!
> http://mail.yahoo.com/
>
> ----- End forwarded message -----
>
>
|
|
From: Allen, R. <ra...@ci...> - 2000-07-12 04:08:08
|
The below code doesn't do much error checking that's why you don't get a
better error msg. Anyway, based on .19 code, I had to apply 3 patches
Graham gave me to get it to work. They should be included in the next
release (don't know when that will be).
Robbie Allen
> -----Original Message-----
> From: Safford, Brian [mailto:bri...@ed...]
> Sent: Tuesday, July 11, 2000 1:50 PM
> To: 'Perl LDAP Mailing List'
> Subject: Use of controls for paged search
>
>
> With the following code snippet I "borrowed" from a posting
> from a few days
> ago:
>
> ------ snip --------
> #!/usr/local/bin/perl
>
> use Net::LDAP;
> use MIME::Base64;
> use Net::LDAP::Control;
> use Net::LDAP::Constant qw( LDAP_CONTROL_PAGED
> LDAP_CONTROL_SORTREQUEST );
>
> $page = Net::LDAP::Control->new( LDAP_CONTROL_PAGED, size => 50);
> $sort = Net::LDAP::Control->new( LDAP_CONTROL_SORTREQUEST,
> order => 'mail');
>
> @args = ( base => "ou=smtp,ou=gm,ou=messaging,o=eds,c=us",
> scope => "subtree",
> filter => "(objectClass=edsMailbox)",
> control => [ $sort, $page ] );
>
> while (($mesg = $LDAP->search( @args ))) {
> print_subnet($_) foreach $mesg->entries;
> last if $mesg->count < $page->size;
> ($resp) = $mesg->control( LDAP_CONTROL_PAGED );
> $page->cookie($resp->cookie);
> }
> -------- snip --------
>
> I receive the error (after the first 50 entries are displayed):
>
> Can't call method "cookie" on an undefined value at paged.pl line 46.
>
> where line 46 is "$page->cookie($resp->cookie);"
>
> I'm using ActiveState Perl 5.005_03, with perl-ldap 0.19, and
> Convert-ASN1
> 0.07.
>
> Any help would be greatly appreciated.
>
> Regards,
>
> Brian Safford
> EDS - E.solutions - E.messaging
>
>
>
>
|
|
From: Safford, B. <bri...@ed...> - 2000-07-11 20:56:07
|
With the following code snippet I "borrowed" from a posting from a few days
ago:
------ snip --------
#!/usr/local/bin/perl
use Net::LDAP;
use MIME::Base64;
use Net::LDAP::Control;
use Net::LDAP::Constant qw( LDAP_CONTROL_PAGED LDAP_CONTROL_SORTREQUEST );
$page = Net::LDAP::Control->new( LDAP_CONTROL_PAGED, size => 50);
$sort = Net::LDAP::Control->new( LDAP_CONTROL_SORTREQUEST,
order => 'mail');
@args = ( base => "ou=smtp,ou=gm,ou=messaging,o=eds,c=us",
scope => "subtree",
filter => "(objectClass=edsMailbox)",
control => [ $sort, $page ] );
while (($mesg = $LDAP->search( @args ))) {
print_subnet($_) foreach $mesg->entries;
last if $mesg->count < $page->size;
($resp) = $mesg->control( LDAP_CONTROL_PAGED );
$page->cookie($resp->cookie);
}
-------- snip --------
I receive the error (after the first 50 entries are displayed):
Can't call method "cookie" on an undefined value at paged.pl line 46.
where line 46 is "$page->cookie($resp->cookie);"
I'm using ActiveState Perl 5.005_03, with perl-ldap 0.19, and Convert-ASN1
0.07.
Any help would be greatly appreciated.
Regards,
Brian Safford
EDS - E.solutions - E.messaging
|
|
From: Jim H. <ha...@us...> - 2000-07-11 20:51:02
|
Net::LDAP will deal correctly with passing "100" or 100, since strings are
sent to the server anyway.
--Jim Harle
US Naval Academy
On Tue, 11 Jul 2000, Economou, Matthew (GEAE, Cardinal Solutions) wrote:
> Hello,
>
> I have a Perl script that takes a DN, attribute, and values to replace on the
> command line and executes the Net::LDAP::modify method with the specified
> arguments, e.g. (with error checking, binding, etc., elided):
>
> $modifydn = shift;
> $attribute = shift;
> foreach $arg (@ARGV) { push @values, $arg; }
> $result = $ldap -> modify (dn => $modifydn, replace => { $attribute => [ @values
> ] });
>
> All in all, it's fairly simple (the only big hang up I had was figuring out that
> the "@values" part required square braces). My question regards type converting
> the @values list. If the attribute that is being added/replaced is an integer
> instead of a string, do I need to walk POSIX::strtol over @values, or will LDAP
> or the module Do The Right Thing?
>
> Kind regards,
> #\Matthew
>
>
>
|
|
From: Economou, M. (G. C. Solutions)
<mat...@ae...> - 2000-07-11 19:48:03
|
Hello,
I have a Perl script that takes a DN, attribute, and values to replace on the
command line and executes the Net::LDAP::modify method with the specified
arguments, e.g. (with error checking, binding, etc., elided):
$modifydn = shift;
$attribute = shift;
foreach $arg (@ARGV) { push @values, $arg; }
$result = $ldap -> modify (dn => $modifydn, replace => { $attribute => [ @values
] });
All in all, it's fairly simple (the only big hang up I had was figuring out that
the "@values" part required square braces). My question regards type converting
the @values list. If the attribute that is being added/replaced is an integer
instead of a string, do I need to walk POSIX::strtol over @values, or will LDAP
or the module Do The Right Thing?
Kind regards,
#\Matthew
|
|
From: Chris R. <Chr...@me...> - 2000-07-10 15:33:12
|
On Mon, 10 Jul 2000 16:00:20 BST, John Berthels wrote: > > > > cn= nora tahri, ou= diffusion, ou= banking, ou= DW, c= France, ou=intern, o=Enterprise > > ... > > > > And to know if I can have o= , o= ,(in this order) or if o= is only > ^^^^^^^^^^^^^^^ > > one time in the dn. > > > > You can have any number according to the standards. > > > > You may find problems with one or more server implementations - did you > > have any particular server in mind? > > I don't know of a standards reference off the top of my head, but isn't > there an X.500 facility whereby you can restrict the order in which object > classes may occur in the heirarchy? (Structure rules? Something like that) Yep, structure rules are the ones. > Typically they require things like 'country' only at top level, 'org unit' > only below 'org' etc. > > I'm pretty sure that: > > a) They are optional (i.e. servers need not implement them) > b) only X.500 servers might care, and several (all? most?) won't care. > > Anyone care to refresh my memory? > > jb > Both a) and b) are correct, at least most servers basically allow anything anywhere. I've only heard of one vendor ever implementing them, and that was probably just so they could tick the appropriate box in a questionnaire :-) Cheers, Chris |
|
From: John B. <joh...@ne...> - 2000-07-10 15:06:14
|
> > cn= nora tahri, ou= diffusion, ou= banking, ou= DW, c= France, ou=intern, o=Enterprise
...
> > And to know if I can have o= , o= ,(in this order) or if o= is only
^^^^^^^^^^^^^^^
> one time in the dn.
>
> You can have any number according to the standards.
>
> You may find problems with one or more server implementations - did you
> have any particular server in mind?
I don't know of a standards reference off the top of my head, but isn't
there an X.500 facility whereby you can restrict the order in which object
classes may occur in the heirarchy? (Structure rules? Something like that)
Typically they require things like 'country' only at top level, 'org unit'
only below 'org' etc.
I'm pretty sure that:
a) They are optional (i.e. servers need not implement them)
b) only X.500 servers might care, and several (all? most?) won't care.
Anyone care to refresh my memory?
jb
|
|
From: Chris R. <Chr...@me...> - 2000-07-10 14:53:48
|
On Mon, 10 Jul 2000 07:34:07 PDT, nora tahri wrote: > I would like to know if it is possible to have a dn like this: > > cn= nora tahri, ou= diffusion, ou= banking, ou= DW, c= France, ou=intern, o=Enterprise > > (my problem is to know if i can have ou,c,ou inthis order) That is mostly possible according to the standards. The one part which is illegal is the 'c=France' part - the countryName attribute can only have legal values which are two characters long and are from ISO 3166. 'c=FR' would be correct for you. You can obtain the other valid country codes from: ftp://ftp.ripe.net/iso3166-countrycodes > And to know if I can have o= , o= ,(in this order) or if o= is only one time in the dn. You can have any number according to the standards. You may find problems with one or more server implementations - did you have any particular server in mind? Cheers, Chris |
|
From: nora t. <no...@ma...> - 2000-07-10 14:39:53
|
I would like to know if it is possible to have a dn like this: cn= nora tahri, ou= diffusion, ou= banking, ou= DW, c= France, ou=intern, o=Enterprise (my problem is to know if i can have ou,c,ou inthis order) And to know if I can have o= , o= ,(in this order) or if o= is only one time in the dn. Thank you. Send FREE Greetings for Father's Day--or any day! Click here: http://www.whowhere.lycos.com/redirects/fathers_day.rdct |
|
From: Eamon D. <ea...@fa...> - 2000-07-07 22:38:13
|
Well, /that's/ settled. It's definitely a Novell server screwup.
It looks like this particular user had a low limit on the number
of simultaneous logins she could have going at the same time.
With "Limit concurrent connections" == 2:
Net::LDAP=HASH(0x3fa2f8) sending:
0000 30 12: SEQUENCE {
0002 02 1: INTEGER = 1
0005 60 7: [APPLICATION 0] {
0007 02 1: INTEGER = 2
000A 04 0: STRING = ''
000C 80 0: [CONTEXT 0]
000E : }
000E : }
Net::LDAP=HASH(0x3fa2f8) received:
0000 30 12: SEQUENCE {
0002 02 1: INTEGER = 1
0005 61 7: [APPLICATION 1] {
0007 0A 1: ENUM = 0
000A 04 0: STRING = ''
000C 04 0: STRING = ''
000E : }
000E : }
Net::LDAP=HASH(0x3fa2f8) sending:
0000 30 46: SEQUENCE {
0002 02 1: INTEGER = 2
0005 63 41: [APPLICATION 3] {
0007 04 0: STRING = ''
0009 0A 1: ENUM = 2
000C 0A 1: ENUM = 2
000F 02 1: INTEGER = 0
0012 02 1: INTEGER = 0
0015 01 1: BOOLEAN = FALSE
0018 A3 16: [CONTEXT 3] {
001A 04 3: STRING = 'uid'
001F 04 9: STRING = 'kpeterson'
002A : }
002A 30 4: SEQUENCE {
002C 04 2: STRING = 'dn'
0030 : }
0030 : }
0030 : }
Net::LDAP=HASH(0x3fa2f8) received:
0000 30 34: SEQUENCE {
0002 02 1: INTEGER = 2
0005 64 29: [APPLICATION 4] {
0007 04 25: STRING = 'cn=kpeterson,o=fw_context'
0022 30 0: SEQUENCE {
0024 : }
0024 : }
0024 : }
Net::LDAP=HASH(0x3fa2f8) received:
0000 30 12: SEQUENCE {
0002 02 1: INTEGER = 2
0005 65 7: [APPLICATION 5] {
0007 0A 1: ENUM = 0
000A 04 0: STRING = ''
000C 04 0: STRING = ''
000E : }
000E : }
Net::LDAP=HASH(0x3fa2f8) sending:
0000 30 43: SEQUENCE {
0002 02 1: INTEGER = 3
0005 60 38: [APPLICATION 0] {
0007 02 1: INTEGER = 2
000A 04 25: STRING = 'cn=kpeterson,o=fw_context'
0025 80 6: [CONTEXT 0]
0027 : 73 6D 61 63 6B 68 __ __ __ __ __ __ __ __ __ __ smackh
002D : }
002D : }
Net::LDAP=HASH(0x3fa2f8) received:
0000 30 12: SEQUENCE {
0002 02 1: INTEGER = 3
0005 61 7: [APPLICATION 1] {
0007 0A 1: ENUM = 1
000A 04 0: STRING = ''
000C 04 0: STRING = ''
000E : }
000E : }
[Fri Jul 7 17:21:30 2000] [error] access to / failed for 63.72.129.166,
reason: user kpeterson: failed bind: 1
With unlimited connections:
Net::LDAP=HASH(0x3fa2f8) sending:
0000 30 12: SEQUENCE {
0002 02 1: INTEGER = 1
0005 60 7: [APPLICATION 0] {
0007 02 1: INTEGER = 2
000A 04 0: STRING = ''
000C 80 0: [CONTEXT 0]
000E : }
000E : }
Net::LDAP=HASH(0x3fa2f8) received:
0000 30 12: SEQUENCE {
0002 02 1: INTEGER = 1
0005 61 7: [APPLICATION 1] {
0007 0A 1: ENUM = 0
000A 04 0: STRING = ''
000C 04 0: STRING = ''
000E : }
000E : }
Net::LDAP=HASH(0x3fa2f8) sending:
0000 30 46: SEQUENCE {
0002 02 1: INTEGER = 2
0005 63 41: [APPLICATION 3] {
0007 04 0: STRING = ''
0009 0A 1: ENUM = 2
000C 0A 1: ENUM = 2
000F 02 1: INTEGER = 0
0012 02 1: INTEGER = 0
0015 01 1: BOOLEAN = FALSE
0018 A3 16: [CONTEXT 3] {
001A 04 3: STRING = 'uid'
001F 04 9: STRING = 'kpeterson'
002A : }
002A 30 4: SEQUENCE {
002C 04 2: STRING = 'dn'
0030 : }
0030 : }
0030 : }
Net::LDAP=HASH(0x3fa2f8) received:
0000 30 34: SEQUENCE {
0002 02 1: INTEGER = 2
0005 64 29: [APPLICATION 4] {
0007 04 25: STRING = 'cn=kpeterson,o=fw_context'
0022 30 0: SEQUENCE {
0024 : }
0024 : }
0024 : }
Net::LDAP=HASH(0x3fa2f8) received:
0000 30 12: SEQUENCE {
0002 02 1: INTEGER = 2
0005 65 7: [APPLICATION 5] {
0007 0A 1: ENUM = 0
000A 04 0: STRING = ''
000C 04 0: STRING = ''
000E : }
000E : }
Net::LDAP=HASH(0x3fa2f8) sending:
0000 30 43: SEQUENCE {
0002 02 1: INTEGER = 3
0005 60 38: [APPLICATION 0] {
0007 02 1: INTEGER = 2
000A 04 25: STRING = 'cn=kpeterson,o=fw_context'
0025 80 6: [CONTEXT 0]
0027 : 73 6D 61 63 6B 68 __ __ __ __ __ __ __ __ __ __ smackh
002D : }
002D : }
Net::LDAP=HASH(0x3fa2f8) received:
0000 30 12: SEQUENCE {
0002 02 1: INTEGER = 3
0005 61 7: [APPLICATION 1] {
0007 0A 1: ENUM = 0
000A 04 0: STRING = ''
000C 04 0: STRING = ''
000E : }
000E : }
Net::LDAP=HASH(0x731444) sending:
0000 30 12: SEQUENCE {
0002 02 1: INTEGER = 4
0005 60 7: [APPLICATION 0] {
0007 02 1: INTEGER = 2
000A 04 0: STRING = ''
000C 80 0: [CONTEXT 0]
000E : }
000E : }
Net::LDAP=HASH(0x731444) received:
0000 30 12: SEQUENCE {
0002 02 1: INTEGER = 4
0005 61 7: [APPLICATION 1] {
0007 0A 1: ENUM = 0
000A 04 0: STRING = ''
000C 04 0: STRING = ''
000E : }
000E : }
Net::LDAP=HASH(0x731444) sending:
0000 30 46: SEQUENCE {
0002 02 1: INTEGER = 5
0005 63 41: [APPLICATION 3] {
0007 04 0: STRING = ''
0009 0A 1: ENUM = 2
000C 0A 1: ENUM = 2
000F 02 1: INTEGER = 0
0012 02 1: INTEGER = 0
0015 01 1: BOOLEAN = FALSE
0018 A3 16: [CONTEXT 3] {
001A 04 3: STRING = 'uid'
001F 04 9: STRING = 'kpeterson'
002A : }
002A 30 4: SEQUENCE {
002C 04 2: STRING = 'dn'
0030 : }
0030 : }
0030 : }
Net::LDAP=HASH(0x731444) received:
0000 30 34: SEQUENCE {
0002 02 1: INTEGER = 5
0005 64 29: [APPLICATION 4] {
0007 04 25: STRING = 'cn=kpeterson,o=fw_context'
0022 30 0: SEQUENCE {
0024 : }
0024 : }
0024 : }
Net::LDAP=HASH(0x731444) received:
0000 30 12: SEQUENCE {
0002 02 1: INTEGER = 5
0005 65 7: [APPLICATION 5] {
0007 0A 1: ENUM = 0
000A 04 0: STRING = ''
000C 04 0: STRING = ''
000E : }
000E : }
Net::LDAP=HASH(0x731444) sending:
0000 30 43: SEQUENCE {
0002 02 1: INTEGER = 6
0005 60 38: [APPLICATION 0] {
0007 02 1: INTEGER = 2
000A 04 25: STRING = 'cn=kpeterson,o=fw_context'
0025 80 6: [CONTEXT 0]
0027 : 73 6D 61 63 6B 68 __ __ __ __ __ __ __ __ __ __ smackh
002D : }
002D : }
Net::LDAP=HASH(0x731444) received:
0000 30 12: SEQUENCE {
0002 02 1: INTEGER = 6
0005 61 7: [APPLICATION 1] {
0007 0A 1: ENUM = 0
000A 04 0: STRING = ''
000C 04 0: STRING = ''
000E : }
000E : }
Net::LDAP=HASH(0x5bf8b8) sending:
0000 30 12: SEQUENCE {
0002 02 1: INTEGER = 7
0005 60 7: [APPLICATION 0] {
0007 02 1: INTEGER = 2
000A 04 0: STRING = ''
000C 80 0: [CONTEXT 0]
000E : }
000E : }
Net::LDAP=HASH(0x5bf8b8) received:
0000 30 12: SEQUENCE {
0002 02 1: INTEGER = 7
0005 61 7: [APPLICATION 1] {
0007 0A 1: ENUM = 0
000A 04 0: STRING = ''
000C 04 0: STRING = ''
000E : }
000E : }
Net::LDAP=HASH(0x5bf8b8) sending:
0000 30 46: SEQUENCE {
0002 02 1: INTEGER = 8
0005 63 41: [APPLICATION 3] {
0007 04 0: STRING = ''
0009 0A 1: ENUM = 2
000C 0A 1: ENUM = 2
000F 02 1: INTEGER = 0
0012 02 1: INTEGER = 0
0015 01 1: BOOLEAN = FALSE
0018 A3 16: [CONTEXT 3] {
001A 04 3: STRING = 'uid'
001F 04 9: STRING = 'kpeterson'
002A : }
002A 30 4: SEQUENCE {
002C 04 2: STRING = 'dn'
0030 : }
0030 : }
0030 : }
Net::LDAP=HASH(0x5bf8b8) received:
0000 30 34: SEQUENCE {
0002 02 1: INTEGER = 8
0005 64 29: [APPLICATION 4] {
0007 04 25: STRING = 'cn=kpeterson,o=fw_context'
0022 30 0: SEQUENCE {
0024 : }
0024 : }
0024 : }
Net::LDAP=HASH(0x5bf8b8) received:
0000 30 12: SEQUENCE {
0002 02 1: INTEGER = 8
0005 65 7: [APPLICATION 5] {
0007 0A 1: ENUM = 0
000A 04 0: STRING = ''
000C 04 0: STRING = ''
000E : }
000E : }
Net::LDAP=HASH(0x5bf8b8) sending:
0000 30 43: SEQUENCE {
0002 02 1: INTEGER = 9
0005 60 38: [APPLICATION 0] {
0007 02 1: INTEGER = 2
000A 04 25: STRING = 'cn=kpeterson,o=fw_context'
0025 80 6: [CONTEXT 0]
0027 : 73 6D 61 63 6B 68 __ __ __ __ __ __ __ __ __ __ smackh
002D : }
002D : }
Net::LDAP=HASH(0x5bf8b8) received:
0000 30 12: SEQUENCE {
0002 02 1: INTEGER = 9
0005 61 7: [APPLICATION 1] {
0007 0A 1: ENUM = 0
000A 04 0: STRING = ''
000C 04 0: STRING = ''
000E : }
000E : }
Net::LDAP=HASH(0x442c5c) sending:
0000 30 12: SEQUENCE {
0002 02 1: INTEGER = 10
0005 60 7: [APPLICATION 0] {
0007 02 1: INTEGER = 2
000A 04 0: STRING = ''
000C 80 0: [CONTEXT 0]
000E : }
000E : }
Net::LDAP=HASH(0x442c5c) received:
0000 30 12: SEQUENCE {
0002 02 1: INTEGER = 10
0005 61 7: [APPLICATION 1] {
0007 0A 1: ENUM = 0
000A 04 0: STRING = ''
000C 04 0: STRING = ''
000E : }
000E : }
Net::LDAP=HASH(0x442c5c) sending:
0000 30 46: SEQUENCE {
0002 02 1: INTEGER = 11
0005 63 41: [APPLICATION 3] {
0007 04 0: STRING = ''
0009 0A 1: ENUM = 2
000C 0A 1: ENUM = 2
000F 02 1: INTEGER = 0
0012 02 1: INTEGER = 0
0015 01 1: BOOLEAN = FALSE
0018 A3 16: [CONTEXT 3] {
001A 04 3: STRING = 'uid'
001F 04 9: STRING = 'kpeterson'
002A : }
002A 30 4: SEQUENCE {
002C 04 2: STRING = 'dn'
0030 : }
0030 : }
0030 : }
Net::LDAP=HASH(0x442c5c) received:
0000 30 34: SEQUENCE {
0002 02 1: INTEGER = 11
0005 64 29: [APPLICATION 4] {
0007 04 25: STRING = 'cn=kpeterson,o=fw_context'
0022 30 0: SEQUENCE {
0024 : }
0024 : }
0024 : }
Net::LDAP=HASH(0x442c5c) received:
0000 30 12: SEQUENCE {
0002 02 1: INTEGER = 11
0005 65 7: [APPLICATION 5] {
0007 0A 1: ENUM = 0
000A 04 0: STRING = ''
000C 04 0: STRING = ''
000E : }
000E : }
Net::LDAP=HASH(0x442c5c) sending:
0000 30 43: SEQUENCE {
0002 02 1: INTEGER = 12
0005 60 38: [APPLICATION 0] {
0007 02 1: INTEGER = 2
000A 04 25: STRING = 'cn=kpeterson,o=fw_context'
0025 80 6: [CONTEXT 0]
0027 : 73 6D 61 63 6B 68 __ __ __ __ __ __ __ __ __ __ smackh
002D : }
002D : }
Net::LDAP=HASH(0x442c5c) received:
0000 30 12: SEQUENCE {
0002 02 1: INTEGER = 12
0005 61 7: [APPLICATION 1] {
0007 0A 1: ENUM = 0
000A 04 0: STRING = ''
000C 04 0: STRING = ''
000E : }
000E : }
Net::LDAP=HASH(0x5c1c68) sending:
0000 30 12: SEQUENCE {
0002 02 1: INTEGER = 13
0005 60 7: [APPLICATION 0] {
0007 02 1: INTEGER = 2
000A 04 0: STRING = ''
000C 80 0: [CONTEXT 0]
000E : }
000E : }
Net::LDAP=HASH(0x5c1c68) received:
0000 30 12: SEQUENCE {
0002 02 1: INTEGER = 13
0005 61 7: [APPLICATION 1] {
0007 0A 1: ENUM = 0
000A 04 0: STRING = ''
000C 04 0: STRING = ''
000E : }
000E : }
Net::LDAP=HASH(0x5c1c68) sending:
0000 30 46: SEQUENCE {
0002 02 1: INTEGER = 14
0005 63 41: [APPLICATION 3] {
0007 04 0: STRING = ''
0009 0A 1: ENUM = 2
000C 0A 1: ENUM = 2
000F 02 1: INTEGER = 0
0012 02 1: INTEGER = 0
0015 01 1: BOOLEAN = FALSE
0018 A3 16: [CONTEXT 3] {
001A 04 3: STRING = 'uid'
001F 04 9: STRING = 'kpeterson'
002A : }
002A 30 4: SEQUENCE {
002C 04 2: STRING = 'dn'
0030 : }
0030 : }
0030 : }
Net::LDAP=HASH(0x5c1c68) received:
0000 30 34: SEQUENCE {
0002 02 1: INTEGER = 14
0005 64 29: [APPLICATION 4] {
0007 04 25: STRING = 'cn=kpeterson,o=fw_context'
0022 30 0: SEQUENCE {
0024 : }
0024 : }
0024 : }
Net::LDAP=HASH(0x5c1c68) received:
0000 30 12: SEQUENCE {
0002 02 1: INTEGER = 14
0005 65 7: [APPLICATION 5] {
0007 0A 1: ENUM = 0
000A 04 0: STRING = ''
000C 04 0: STRING = ''
000E : }
000E : }
Net::LDAP=HASH(0x5c1c68) sending:
0000 30 43: SEQUENCE {
0002 02 1: INTEGER = 15
0005 60 38: [APPLICATION 0] {
0007 02 1: INTEGER = 2
000A 04 25: STRING = 'cn=kpeterson,o=fw_context'
0025 80 6: [CONTEXT 0]
0027 : 73 6D 61 63 6B 68 __ __ __ __ __ __ __ __ __ __ smackh
002D : }
002D : }
Net::LDAP=HASH(0x5c1c68) received:
0000 30 12: SEQUENCE {
0002 02 1: INTEGER = 15
0005 61 7: [APPLICATION 1] {
0007 0A 1: ENUM = 0
000A 04 0: STRING = ''
000C 04 0: STRING = ''
000E : }
000E : }
So. Big big thanks to everyone who provided great feedback.
I'll be at the Open Source conference, so if you see me, ask
me for free beers.
________________________________________
Eamon Daly
FastWeb, Inc.
847 568 6410
----- Original Message -----
From: "Chris Ridd" <Chr...@me...>
To: "Mark Wilcox" <mew...@un...>
Cc: "Eamon Daly" <ea...@fa...>; <per...@li...>
Sent: Friday, July 07, 2000 2:47 AM
Subject: Re: LDAP_OPERATIONS_ERROR w/Net::LDAP and AuthNetLDAP?
: On Thu, 06 Jul 2000 21:01:51 CDT, Mark Wilcox wrote:
: > Hi,
: > This could be a bug in my AuthNetLDAP module, probably with the opening
or
: > closing of the LDAP connection. I haven't even really used the module in
: > production yet, so I don't know all of the bugs.
: >
: > Could you send a copy of the relevant Apache error log to
ma...@mj...
: >
: > I'll be out of town for the next few days, but I'll try to take a look
at
: > it when I get back.
: >
: > Mark
: >
: > Eamon Daly wrote:
: >
: > > A handful of our users are getting an LDAP_OPERATIONS_ERROR
: > > when they try to authenticate. I haven't seen anything close
: > > in the archives, and LDAP_OPERATIONS_ERROR is fairly vague,
: > > so I'm kinda stumped. A 'debug => 3' trace follows. The name
: > > and password is correct.
: > >
: > > Apache 1.3.12
: > > Solaris 7
: > > Net::LDAP 0.19
: > > Apache::AuthNetLDAP 0.16
: > >
: > > Thanks in advance!
:
: I'm inserting the ASN.1 decodes of the PDUs inline. You can generate
: this yourself if you set debug => 12 in current versions of Net::LDAP.
:
: > > [Thu Jul 6 17:03:12 2000] [error] access to / failed for
xx.xx.xx.147,
: > > reason: user kpeterson: failed bind: 1
: > > Net::LDAP=HASH(0x3fa2f8) sending:
: > >
: > > 30 0C 02 01 01 60 07 02 01 02 04 00 80 00 __ __ 0....`........
:
: 0000 30 12: SEQUENCE {
: 0002 02 1: INTEGER = 1
: 0005 60 7: [APPLICATION 0] {
: 0007 02 1: INTEGER = 2
: 000A 04 0: STRING = ''
: 000C 80 0: [CONTEXT 0]
: 000E : }
: 000E : }
:
: (Anonymous bind using LDAPv2)
:
: > > Net::LDAP=HASH(0x3fa2f8) received:
: > >
: > > 30 0C 02 01 01 61 07 0A 01 00 04 00 04 00 __ __ 0....a........
:
: 0000 30 12: SEQUENCE {
: 0002 02 1: INTEGER = 1
: 0005 61 7: [APPLICATION 1] {
: 0007 0A 1: ENUM = 0
: 000A 04 0: STRING = ''
: 000C 04 0: STRING = ''
: 000E : }
: 000E : }
:
: (Bind response: OK)
:
: > > Net::LDAP=HASH(0x3fa2f8) sending:
: > >
: > > 30 2E 02 01 02 63 29 04 00 0A 01 02 0A 01 02 02 0....c).........
: > > 01 00 02 01 00 01 01 00 A3 10 04 03 75 69 64 04 ............uid.
: > > 09 6B 70 65 74 65 72 73 6F 6E 30 04 04 02 64 6E .kpeterson0...dn
:
: 0000 30 46: SEQUENCE {
: 0002 02 1: INTEGER = 2
: 0005 63 41: [APPLICATION 3] {
: 0007 04 0: STRING = ''
: 0009 0A 1: ENUM = 2
: 000C 0A 1: ENUM = 2
: 000F 02 1: INTEGER = 0
: 0012 02 1: INTEGER = 0
: 0015 01 1: BOOLEAN = FALSE
: 0018 A3 16: [CONTEXT 3] {
: 001A 04 3: STRING = 'uid'
: 001F 04 9: STRING = 'kpeterson'
: 002A : }
: 002A 30 4: SEQUENCE {
: 002C 04 2: STRING = 'dn'
: 0030 : }
: 0030 : }
: 0030 : }
:
: (Search: base is ROOT, subtree scope, for (uid=kpeterson) and ask for
: the dn attribute back.)
:
: > > Net::LDAP=HASH(0x3fa2f8) received:
: > >
: > > 30 22 02 01 02 64 1D 04 19 63 6E 3D 6B 70 65 74 0"...d...cn=kpet
: > > 65 72 73 6F 6E 2C 6F 3D 66 77 5F 63 6F 6E 74 65 erson,o=fw_conte
: > > 78 74 30 00 __ __ __ __ __ __ __ __ __ __ __ __ xt0.
:
: 0000 30 34: SEQUENCE {
: 0002 02 1: INTEGER = 2
: 0005 64 29: [APPLICATION 4] {
: 0007 04 25: STRING = 'cn=kpeterson,o=fw_context'
: 0022 30 0: SEQUENCE {
: 0024 : }
: 0024 : }
: 0024 : }
:
: (SearchResultEntry: entry called <cn=kpeterson,o=fw_context> with no
: attributes)
:
: > > Net::LDAP=HASH(0x3fa2f8) received:
: > >
: > > 30 0C 02 01 02 65 07 0A 01 00 04 00 04 00 __ __ 0....e........
:
: 0000 30 12: SEQUENCE {
: 0002 02 1: INTEGER = 2
: 0005 65 7: [APPLICATION 5] {
: 0007 0A 1: ENUM = 0
: 000A 04 0: STRING = ''
: 000C 04 0: STRING = ''
: 000E : }
: 000E : }
:
: (SearchResultDone: OK)
:
: > > Net::LDAP=HASH(0x3fa2f8) sending:
: > >
: > > 30 2B 02 01 03 60 26 02 01 02 04 19 63 6E 3D 6B 0+...`&.....cn=k
: > > 70 65 74 65 72 73 6F 6E 2C 6F 3D 66 77 5F 63 6F peterson,o=fw_co
: > > 6E 74 65 78 74 80 06 73 6D 61 63 6B 68 __ __ __ ntext..smackh
:
: 0000 30 43: SEQUENCE {
: 0002 02 1: INTEGER = 3
: 0005 60 38: [APPLICATION 0] {
: 0007 02 1: INTEGER = 2
: 000A 04 25: STRING = 'cn=kpeterson,o=fw_context'
: 0025 80 6: [CONTEXT 0]
: 0027 : 73 6D 61 63 6B 68 __ __ __ __ __ __ __ __ __ __
: smackh
: 002D : }
: 002D : }
:
: (Simple bind as <cn=kpeterson,o=fw_context> with a password of smackh,
: using LDAPv3.)
:
: > > Net::LDAP=HASH(0x3fa2f8) received:
: > >
: > > 30 0C 02 01 03 61 07 0A 01 01 04 00 04 00 __ __ 0....a........
:
: 0000 30 12: SEQUENCE {
: 0002 02 1: INTEGER = 3
: 0005 61 7: [APPLICATION 1] {
: 0007 0A 1: ENUM = 1
: 000A 04 0: STRING = ''
: 000C 04 0: STRING = ''
: 000E : }
: 000E : }
:
: (BindResponse: operationsError.)
:
: Hm. Maybe Novell isn't happy about a second bind on a single
: connection, or maybe it isn't happy switching LDAP versions in the
: second bind? Can you try just doing the LDAPv3 bind in a little program
: instead of the additional LDAPv2 bind and search, and/or changing the
: first bind in AuthNetLDAP to LDAPv3?
:
: I find the search somewhat bizarre: why does it request a dn attribute?
: It is presumably working because the server doesn't know what a dn
: attribute is, so it effectively returns a list of no attributes back
: for each entry. If the search used LDAPv3, then specifying an attribute
: with the OID 1.1 would be more appropriate (see RFC 2251 4.5.1
: "attributes" bullet)
:
: Cheers,
:
: Chris
:
:
|
|
From: Chris R. <Chr...@me...> - 2000-07-07 14:56:43
|
On Fri, 07 Jul 2000 16:44:41 +0200, "Bouarich, Reda" wrote: > Hello everybody, > I just would like to know if it is possible to get a complete entry, that > means dn+attributes without specifying the attibutes name? > A sort of "ldap_search" in command line ? > Thank you. > > Reda Bouarich > Compaq Computer Corp > tel: 04-92-95-58-65 > email: Red...@co... > Yes, just specify you want a list of no attributes back. The RFC says that this tells the server to return all readable attributes back (there may be access controls to prevent some from being returned.) So in the search method, just set (for LDAPv2): attrs => [ ] If you are using LDAPv3, you can specify an attribute called "*" instead, which lets you ask for additional (eg operational) attributes in the same search. attrs => [ "*" ] Cheers, Chris |
|
From: Bouarich, R. <Red...@co...> - 2000-07-07 14:50:20
|
Hello everybody, I just would like to know if it is possible to get a complete entry, that means dn+attributes without specifying the attibutes name? A sort of "ldap_search" in command line ? Thank you. Reda Bouarich Compaq Computer Corp tel: 04-92-95-58-65 email: Red...@co... |
|
From: Graham B. <gb...@po...> - 2000-07-07 08:05:36
|
On Fri, Jul 07, 2000 at 08:48:13AM +0100, Chris Ridd wrote: > On Fri, 07 Jul 2000 15:17:34 +1000, David Bussenschutt wrote: > > NDS has the option of turning on/off clear password or SSL connections as > > part of the LDAP configuration. I'm using clear text at the moment, cause > > I haven't figured out how to get SSL working with NET::LDAP. ...anyone > > got a "NET::LDAP SSL For DUMMIES"? > > > > David. > > You'll be wanting the Net::LDAPS module then, which will be in the next > release of perl-ldap. :-) And it is also in the CVS repository now, at http://cvs.sourceforge.net/cgi-bin/cvsweb.cgi/~checkout~/ldap/lib/Net/LDAPS.pm?rev=1.1&cvsroot=perl-ldap Graham. |
|
From: Chris R. <Chr...@me...> - 2000-07-07 07:53:39
|
On Fri, 07 Jul 2000 15:17:34 +1000, David Bussenschutt wrote: > NDS has the option of turning on/off clear password or SSL connections as > part of the LDAP configuration. I'm using clear text at the moment, cause > I haven't figured out how to get SSL working with NET::LDAP. ...anyone > got a "NET::LDAP SSL For DUMMIES"? > > David. You'll be wanting the Net::LDAPS module then, which will be in the next release of perl-ldap. :-) Does NDS support startTLS over LDAPv3? Cheers, Chris |
|
From: Chris R. <Chr...@me...> - 2000-07-07 07:53:38
|
On Thu, 06 Jul 2000 21:01:51 CDT, Mark Wilcox wrote:
> Hi,
> This could be a bug in my AuthNetLDAP module, probably with the opening or
> closing of the LDAP connection. I haven't even really used the module in
> production yet, so I don't know all of the bugs.
>
> Could you send a copy of the relevant Apache error log to ma...@mj...
>
> I'll be out of town for the next few days, but I'll try to take a look at
> it when I get back.
>
> Mark
>
> Eamon Daly wrote:
>
> > A handful of our users are getting an LDAP_OPERATIONS_ERROR
> > when they try to authenticate. I haven't seen anything close
> > in the archives, and LDAP_OPERATIONS_ERROR is fairly vague,
> > so I'm kinda stumped. A 'debug => 3' trace follows. The name
> > and password is correct.
> >
> > Apache 1.3.12
> > Solaris 7
> > Net::LDAP 0.19
> > Apache::AuthNetLDAP 0.16
> >
> > Thanks in advance!
I'm inserting the ASN.1 decodes of the PDUs inline. You can generate
this yourself if you set debug => 12 in current versions of Net::LDAP.
> > [Thu Jul 6 17:03:12 2000] [error] access to / failed for xx.xx.xx.147,
> > reason: user kpeterson: failed bind: 1
> > Net::LDAP=HASH(0x3fa2f8) sending:
> >
> > 30 0C 02 01 01 60 07 02 01 02 04 00 80 00 __ __ 0....`........
0000 30 12: SEQUENCE {
0002 02 1: INTEGER = 1
0005 60 7: [APPLICATION 0] {
0007 02 1: INTEGER = 2
000A 04 0: STRING = ''
000C 80 0: [CONTEXT 0]
000E : }
000E : }
(Anonymous bind using LDAPv2)
> > Net::LDAP=HASH(0x3fa2f8) received:
> >
> > 30 0C 02 01 01 61 07 0A 01 00 04 00 04 00 __ __ 0....a........
0000 30 12: SEQUENCE {
0002 02 1: INTEGER = 1
0005 61 7: [APPLICATION 1] {
0007 0A 1: ENUM = 0
000A 04 0: STRING = ''
000C 04 0: STRING = ''
000E : }
000E : }
(Bind response: OK)
> > Net::LDAP=HASH(0x3fa2f8) sending:
> >
> > 30 2E 02 01 02 63 29 04 00 0A 01 02 0A 01 02 02 0....c).........
> > 01 00 02 01 00 01 01 00 A3 10 04 03 75 69 64 04 ............uid.
> > 09 6B 70 65 74 65 72 73 6F 6E 30 04 04 02 64 6E .kpeterson0...dn
0000 30 46: SEQUENCE {
0002 02 1: INTEGER = 2
0005 63 41: [APPLICATION 3] {
0007 04 0: STRING = ''
0009 0A 1: ENUM = 2
000C 0A 1: ENUM = 2
000F 02 1: INTEGER = 0
0012 02 1: INTEGER = 0
0015 01 1: BOOLEAN = FALSE
0018 A3 16: [CONTEXT 3] {
001A 04 3: STRING = 'uid'
001F 04 9: STRING = 'kpeterson'
002A : }
002A 30 4: SEQUENCE {
002C 04 2: STRING = 'dn'
0030 : }
0030 : }
0030 : }
(Search: base is ROOT, subtree scope, for (uid=kpeterson) and ask for
the dn attribute back.)
> > Net::LDAP=HASH(0x3fa2f8) received:
> >
> > 30 22 02 01 02 64 1D 04 19 63 6E 3D 6B 70 65 74 0"...d...cn=kpet
> > 65 72 73 6F 6E 2C 6F 3D 66 77 5F 63 6F 6E 74 65 erson,o=fw_conte
> > 78 74 30 00 __ __ __ __ __ __ __ __ __ __ __ __ xt0.
0000 30 34: SEQUENCE {
0002 02 1: INTEGER = 2
0005 64 29: [APPLICATION 4] {
0007 04 25: STRING = 'cn=kpeterson,o=fw_context'
0022 30 0: SEQUENCE {
0024 : }
0024 : }
0024 : }
(SearchResultEntry: entry called <cn=kpeterson,o=fw_context> with no
attributes)
> > Net::LDAP=HASH(0x3fa2f8) received:
> >
> > 30 0C 02 01 02 65 07 0A 01 00 04 00 04 00 __ __ 0....e........
0000 30 12: SEQUENCE {
0002 02 1: INTEGER = 2
0005 65 7: [APPLICATION 5] {
0007 0A 1: ENUM = 0
000A 04 0: STRING = ''
000C 04 0: STRING = ''
000E : }
000E : }
(SearchResultDone: OK)
> > Net::LDAP=HASH(0x3fa2f8) sending:
> >
> > 30 2B 02 01 03 60 26 02 01 02 04 19 63 6E 3D 6B 0+...`&.....cn=k
> > 70 65 74 65 72 73 6F 6E 2C 6F 3D 66 77 5F 63 6F peterson,o=fw_co
> > 6E 74 65 78 74 80 06 73 6D 61 63 6B 68 __ __ __ ntext..smackh
0000 30 43: SEQUENCE {
0002 02 1: INTEGER = 3
0005 60 38: [APPLICATION 0] {
0007 02 1: INTEGER = 2
000A 04 25: STRING = 'cn=kpeterson,o=fw_context'
0025 80 6: [CONTEXT 0]
0027 : 73 6D 61 63 6B 68 __ __ __ __ __ __ __ __ __ __
smackh
002D : }
002D : }
(Simple bind as <cn=kpeterson,o=fw_context> with a password of smackh,
using LDAPv3.)
> > Net::LDAP=HASH(0x3fa2f8) received:
> >
> > 30 0C 02 01 03 61 07 0A 01 01 04 00 04 00 __ __ 0....a........
0000 30 12: SEQUENCE {
0002 02 1: INTEGER = 3
0005 61 7: [APPLICATION 1] {
0007 0A 1: ENUM = 1
000A 04 0: STRING = ''
000C 04 0: STRING = ''
000E : }
000E : }
(BindResponse: operationsError.)
Hm. Maybe Novell isn't happy about a second bind on a single
connection, or maybe it isn't happy switching LDAP versions in the
second bind? Can you try just doing the LDAPv3 bind in a little program
instead of the additional LDAPv2 bind and search, and/or changing the
first bind in AuthNetLDAP to LDAPv3?
I find the search somewhat bizarre: why does it request a dn attribute?
It is presumably working because the server doesn't know what a dn
attribute is, so it effectively returns a list of no attributes back
for each entry. If the search used LDAPv3, then specifying an attribute
with the OID 1.1 would be more appropriate (see RFC 2251 4.5.1
"attributes" bullet)
Cheers,
Chris
|
|
From: Chris R. <Chr...@me...> - 2000-07-07 07:27:30
|
On Thu, 06 Jul 2000 12:59:54 CDT, Clif Harden wrote: > > > > On Thu, 06 Jul 2000 10:39:45 CDT, Clif Harden wrote: > > > > Oh dear, they're redefining published (in an RFC) object classes and > > attribute types! Have they at least used their own OIDs? > > > > Cheers, > > > > Chris > > > > > > Yep they used the normal oid. Doh! > I have a call into a Netscape rep, see what he have to say about this. They'll probably say they can do it because RFC 1274 isn't a standards track RFC. I'm not sure that gives them carte blanche myself... > Of course Netscape will blame it on the evil NT platform that the server > is running on. :) This system has given the blue screen of death several > times. It's a good fallback position - blame NT :-) Cheers, Chris |
|
From: David B. <d.b...@ma...> - 2000-07-07 05:23:06
|
NDS has the option of turning on/off clear password or SSL connections as
part of the LDAP configuration. I'm using clear text at the moment, cause
I haven't figured out how to get SSL working with NET::LDAP. ...anyone
got a "NET::LDAP SSL For DUMMIES"?
David.
At 09:44 PM 7/6/00 -0500, Mark Wilcox wrote:
>NDS could be the problem (not to push it off on to the server, but
Novell's LDAP
>stuff has taken a while to get straightened out). It would help if you could
>tell us what version you're using (I'm hoping that Jim Harle who use NDS LDAP
>might be able to shed some light ;).
>
>I've never used NDS LDAP so I can't say for sure. I thought that NDS wouldn't
>even authenticate unless you connected to it via SSL.
>
>One of the changes I plan to add in is to allow you to use compare instead of
>bind, that might solve this problem.
>
>BTW If you want to talk about the Apache modules at the OSS conference,
I'd be
>happy to talk about them.
>
>Mark
>
>
>
>
>
>
>Eamon Daly wrote:
>
>> I just turned on some extra logging on the Novell side of things.
>> Perhaps this is of value to someone. Also, I forgot to mention the
>> Perl version I'm using: 5.005_03 built for sun4-solaris.
>>
>> I've tried adding unbinds to places that returned "fail" values in
>> AuthNetLDAP, but that didn't seem to help any.
>>
>> 7-6-2000 9:11:01 pm Accepting TCP connection
>> 7-6-2000 9:11:01 pm Starting new monitor thread
>> 7-6-2000 9:11:01 pm Monitor thread 0x151 started
>> 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
>> on:7-6-2000 9:11:01 pm 0xd219a180r7-6-2000 9:11:01 pm
>> 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 0
>> 7-6-2000 9:11:01 pm new connection on 0xd427bcc0
>> 7-6-2000 9:11:01 pm select activity in monitor thread 0x151
>> 7-6-2000 9:11:01 pm read activity on 0xd219a180
>> 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
>> on:7-6-2000 9:11:01 pm 0xd219a180r7-6-2000 9:11:01 pm 0xd427bcc0r7-6-2000
>> 9:11:01 pm
>> 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 0
>> 7-6-2000 9:11:01 pm select activity in monitor thread 0x151
>> 7-6-2000 9:11:01 pm read activity on 0xd427bcc0
>> 7-6-2000 9:11:01 pm do_bind
>> 7-6-2000 9:11:01 pm bind: protocol version 2 dn () method 128
>> 7-6-2000 9:11:01 pm accepting NULL bind
>> 7-6-2000 9:11:01 pm send_ldap_result 0::
>> 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
>> on:7-6-2000 9:11:01 pm 0xd219a180r7-6-2000 9:11:01 pm 0xd427bcc0r7-6-2000
>> 9:11:01 pm
>> 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 0
>> 7-6-2000 9:11:01 pm select activity in monitor thread 0x151
>> 7-6-2000 9:11:01 pm read activity on 0xd427bcc0
>> 7-6-2000 9:11:01 pm do_search
>> 7-6-2000 9:11:01 pm SRCH base "" scope 2 deref 27-6-2000 9:11:01 pm
>> sizelimit 0 timelimit 0 attrsonly 0
>> 7-6-2000 9:11:01 pm begin get_filter
>> 7-6-2000 9:11:01 pm EQUALITY
>> 7-6-2000 9:11:01 pm filter: (uid=kpeterson)
>> 7-6-2000 9:11:01 pm attrs:7-6-2000 9:11:01 pm dn7-6-2000 9:11:01 pm
>> 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
>> on:7-6-2000 9:11:01 pm 0xd219a180r7-6-2000 9:11:01 pm 0xd427bcc0r7-6-2000
>> 9:11:01 pm
>> 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 1
>> 7-6-2000 9:11:01 pm => send_search_entry (cn=kpeterson,o=fw_context)
>> 7-6-2000 9:11:01 pm => acl_get: entry (cn=kpeterson,o=fw_context) attr
>> (entry)
>> 7-6-2000 9:11:01 pm <= acl_get: no match
>> 7-6-2000 9:11:01 pm <= acl: granted by default (no matching "to" entry)
>> 7-6-2000 9:11:01 pm send_ldap_result 0::
>> 7-6-2000 9:11:01 pm select activity in monitor thread 0x151
>> 7-6-2000 9:11:01 pm read activity on 0xd427bcc0
>> 7-6-2000 9:11:01 pm do_bind
>> 7-6-2000 9:11:01 pm bind: protocol version 2 dn (cn=kpeterson,o=fw_context)
>> method 128
>> 7-6-2000 9:11:01 pm dn (cn=kpeterson,o=fw_context), ndsDN
>> (CN=kpeterson.O=fw_context)
>> 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
>> on:7-6-2000 9:11:01 pm 0xd219a180r7-6-2000 9:11:01 pm 0xd427bcc0r7-6-2000
>> 9:11:01 pm
>> 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 1
>> 7-6-2000 9:11:04 pm DS login failed for NDS dn "CN=kpeterson.O=fw_context",
>> err = -217
>> 7-6-2000 9:11:04 pm send_ldap_result 1::
>> 7-6-2000 9:11:04 pm select activity in monitor thread 0x151
>> 7-6-2000 9:11:04 pm read activity on 0xd427bcc0
>> 7-6-2000 9:11:04 pm ber_get_next on fd 0xd427bcc0 failed errno 1
>> 7-6-2000 9:11:04 pm *** got 0 of 0 so far
>> 7-6-2000 9:11:04 pm close conn in close_connection 0xd4293440 on skt
>> 0xd427bcc0 from opid -1
>> 7-6-2000 9:11:04 pm called by "connection_activity"
>> 7-6-2000 9:11:04 pm freeing conn 0xd4293440 at index 1 in monitor thread
>> 0xd217d040
>> 7-6-2000 9:11:04 pm listening for activity in monitor thread 0x151
>> on:7-6-2000 9:11:04 pm 0xd219a180r7-6-2000 9:11:04 pm
>> 7-6-2000 9:11:04 pm before select in monitor thread 0x151, active_threads 0
>> 7-6-2000 9:11:11 pm Janitor thread is terminating monitor thread 0x151
>> 7-6-2000 9:11:11 pm select activity in monitor thread 0x151
>> 7-6-2000 9:11:11 pm Monitor thread 0x151 terminated
>>
>> ________________________________________
>> Eamon Daly
>> FastWeb, Inc.
>> 847 568 6410
>>
>> ----- Original Message -----
>> From: "Mark Wilcox" <mew...@un...>
>> To: "Eamon Daly" <ea...@fa...>
>> Cc: <per...@li...>
>> Sent: Thursday, July 06, 2000 9:01 PM
>> Subject: Re: LDAP_OPERATIONS_ERROR w/Net::LDAP and AuthNetLDAP?
>>
>> : Hi,
>> : This could be a bug in my AuthNetLDAP module, probably with the
opening or
>> : closing of the LDAP connection. I haven't even really used the module in
>> : production yet, so I don't know all of the bugs.
>> :
>> : Could you send a copy of the relevant Apache error log to
>> ma...@mj...
>> :
>> : I'll be out of town for the next few days, but I'll try to take a look at
>> : it when I get back.
>> :
>> : Mark
>> :
>> : Eamon Daly wrote:
>> :
>> : > A handful of our users are getting an LDAP_OPERATIONS_ERROR
>> : > when they try to authenticate. I haven't seen anything close
>> : > in the archives, and LDAP_OPERATIONS_ERROR is fairly vague,
>> : > so I'm kinda stumped. A 'debug => 3' trace follows. The name
>> : > and password is correct.
>> : >
>> : > Apache 1.3.12
>> : > Solaris 7
>> : > Net::LDAP 0.19
>> : > Apache::AuthNetLDAP 0.16
>> : >
>> : > Thanks in advance!
>> : >
>> : > [Thu Jul 6 17:03:12 2000] [error] access to / failed for xx.xx.xx.147,
>> : > reason: user kpeterson: failed bind: 1
>> : > Net::LDAP=HASH(0x3fa2f8) sending:
>> : >
>> : > 30 0C 02 01 01 60 07 02 01 02 04 00 80 00 __ __ 0....`........
>> : >
>> : > Net::LDAP=HASH(0x3fa2f8) received:
>> : >
>> : > 30 0C 02 01 01 61 07 0A 01 00 04 00 04 00 __ __ 0....a........
>> : >
>> : > Net::LDAP=HASH(0x3fa2f8) sending:
>> : >
>> : > 30 2E 02 01 02 63 29 04 00 0A 01 02 0A 01 02 02 0....c).........
>> : > 01 00 02 01 00 01 01 00 A3 10 04 03 75 69 64 04 ............uid.
>> : > 09 6B 70 65 74 65 72 73 6F 6E 30 04 04 02 64 6E .kpeterson0...dn
>> : >
>> : > Net::LDAP=HASH(0x3fa2f8) received:
>> : >
>> : > 30 22 02 01 02 64 1D 04 19 63 6E 3D 6B 70 65 74 0"...d...cn=kpet
>> : > 65 72 73 6F 6E 2C 6F 3D 66 77 5F 63 6F 6E 74 65 erson,o=fw_conte
>> : > 78 74 30 00 __ __ __ __ __ __ __ __ __ __ __ __ xt0.
>> : >
>> : > Net::LDAP=HASH(0x3fa2f8) received:
>> : >
>> : > 30 0C 02 01 02 65 07 0A 01 00 04 00 04 00 __ __ 0....e........
>> : >
>> : > Net::LDAP=HASH(0x3fa2f8) sending:
>> : >
>> : > 30 2B 02 01 03 60 26 02 01 02 04 19 63 6E 3D 6B 0+...`&.....cn=k
>> : > 70 65 74 65 72 73 6F 6E 2C 6F 3D 66 77 5F 63 6F peterson,o=fw_co
>> : > 6E 74 65 78 74 80 06 73 6D 61 63 6B 68 __ __ __ ntext..smackh
>> : >
>> : > Net::LDAP=HASH(0x3fa2f8) received:
>> : >
>> : > 30 0C 02 01 03 61 07 0A 01 01 04 00 04 00 __ __ 0....a........
>> : >
>> : > ________________________________________
>> : > Eamon Daly
>> : > FastWeb, Inc.
>> : > 847 568 6410
>> :
>> :
>
>
>
>
--------------------------------------------------------------------
David Bussenschutt Email: D.B...@ma...
Senior Computing Support Officer & Systems Administrator/Programmer
Location: Griffith University. Information Technology Services
Brisbane Qld. Aust. (TEN bldg. rm 1.33) Ph:(07)38757079
--------------------------------------------------------------------
|
7902 messages has been excluded from this view by a project administrator.
