perl-ldap-dev

Re: LDAP_OPERATIONS_ERROR w/Net::LDAP and AuthNetLDAP?

[Mark W. <mew...@un...>]

NDS could be the problem (not to push it off on to the server, but Novell's LDAP
stuff has taken a while to get straightened out). It would help if you could
tell us what version you're using (I'm hoping that Jim Harle who use NDS LDAP
might be able to shed some light ;).

I've never used NDS LDAP so I can't say for sure. I thought that NDS wouldn't
even authenticate unless you connected to it via SSL.

One of the changes I plan to add in is to allow you to use compare instead of
bind, that might solve this problem.

BTW If you want to talk about the Apache modules at the OSS conference, I'd be
happy to talk about them.

Mark






Eamon Daly wrote:

> I just turned on some extra logging on the Novell side of things.
> Perhaps this is of value to someone. Also, I forgot to mention the
> Perl version I'm using: 5.005_03 built for sun4-solaris.
>
> I've tried adding unbinds to places that returned "fail" values in
> AuthNetLDAP, but that didn't seem to help any.
>
> 7-6-2000 9:11:01 pm Accepting TCP connection
> 7-6-2000 9:11:01 pm Starting new monitor thread
> 7-6-2000 9:11:01 pm Monitor thread 0x151 started
> 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
> on:7-6-2000 9:11:01 pm  0xd219a180r7-6-2000 9:11:01 pm
> 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 0
> 7-6-2000 9:11:01 pm new connection on 0xd427bcc0
> 7-6-2000 9:11:01 pm select activity in monitor thread 0x151
> 7-6-2000 9:11:01 pm read activity on 0xd219a180
> 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
> on:7-6-2000 9:11:01 pm  0xd219a180r7-6-2000 9:11:01 pm  0xd427bcc0r7-6-2000
> 9:11:01 pm
> 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 0
> 7-6-2000 9:11:01 pm select activity in monitor thread 0x151
> 7-6-2000 9:11:01 pm read activity on 0xd427bcc0
> 7-6-2000 9:11:01 pm do_bind
> 7-6-2000 9:11:01 pm bind: protocol version 2 dn () method 128
> 7-6-2000 9:11:01 pm accepting NULL bind
> 7-6-2000 9:11:01 pm send_ldap_result 0::
> 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
> on:7-6-2000 9:11:01 pm  0xd219a180r7-6-2000 9:11:01 pm  0xd427bcc0r7-6-2000
> 9:11:01 pm
> 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 0
> 7-6-2000 9:11:01 pm select activity in monitor thread 0x151
> 7-6-2000 9:11:01 pm read activity on 0xd427bcc0
> 7-6-2000 9:11:01 pm do_search
> 7-6-2000 9:11:01 pm SRCH base "" scope 2 deref 27-6-2000 9:11:01 pm
> sizelimit 0 timelimit 0 attrsonly 0
> 7-6-2000 9:11:01 pm begin get_filter
> 7-6-2000 9:11:01 pm EQUALITY
> 7-6-2000 9:11:01 pm     filter: (uid=kpeterson)
> 7-6-2000 9:11:01 pm     attrs:7-6-2000 9:11:01 pm  dn7-6-2000 9:11:01 pm
> 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
> on:7-6-2000 9:11:01 pm  0xd219a180r7-6-2000 9:11:01 pm  0xd427bcc0r7-6-2000
> 9:11:01 pm
> 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 1
> 7-6-2000 9:11:01 pm => send_search_entry (cn=kpeterson,o=fw_context)
> 7-6-2000 9:11:01 pm => acl_get: entry (cn=kpeterson,o=fw_context) attr
> (entry)
> 7-6-2000 9:11:01 pm <= acl_get: no match
> 7-6-2000 9:11:01 pm <= acl: granted by default (no matching "to" entry)
> 7-6-2000 9:11:01 pm send_ldap_result 0::
> 7-6-2000 9:11:01 pm select activity in monitor thread 0x151
> 7-6-2000 9:11:01 pm read activity on 0xd427bcc0
> 7-6-2000 9:11:01 pm do_bind
> 7-6-2000 9:11:01 pm bind: protocol version 2 dn (cn=kpeterson,o=fw_context)
> method 128
> 7-6-2000 9:11:01 pm dn (cn=kpeterson,o=fw_context), ndsDN
> (CN=kpeterson.O=fw_context)
> 7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
> on:7-6-2000 9:11:01 pm  0xd219a180r7-6-2000 9:11:01 pm  0xd427bcc0r7-6-2000
> 9:11:01 pm
> 7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 1
> 7-6-2000 9:11:04 pm DS login failed for NDS dn "CN=kpeterson.O=fw_context",
> err = -217
> 7-6-2000 9:11:04 pm send_ldap_result 1::
> 7-6-2000 9:11:04 pm select activity in monitor thread 0x151
> 7-6-2000 9:11:04 pm read activity on 0xd427bcc0
> 7-6-2000 9:11:04 pm ber_get_next on fd 0xd427bcc0 failed errno 1
> 7-6-2000 9:11:04 pm *** got 0 of 0 so far
> 7-6-2000 9:11:04 pm close conn in close_connection 0xd4293440 on skt
> 0xd427bcc0 from opid -1
> 7-6-2000 9:11:04 pm called by "connection_activity"
> 7-6-2000 9:11:04 pm freeing conn 0xd4293440 at index 1 in monitor thread
> 0xd217d040
> 7-6-2000 9:11:04 pm listening for activity in monitor thread 0x151
> on:7-6-2000 9:11:04 pm  0xd219a180r7-6-2000 9:11:04 pm
> 7-6-2000 9:11:04 pm before select in monitor thread 0x151, active_threads 0
> 7-6-2000 9:11:11 pm Janitor thread is terminating monitor thread 0x151
> 7-6-2000 9:11:11 pm select activity in monitor thread 0x151
> 7-6-2000 9:11:11 pm Monitor thread 0x151 terminated
>
> ________________________________________
> Eamon Daly
> FastWeb, Inc.
> 847 568 6410
>
> ----- Original Message -----
> From: "Mark Wilcox" <mew...@un...>
> To: "Eamon Daly" <ea...@fa...>
> Cc: <per...@li...>
> Sent: Thursday, July 06, 2000 9:01 PM
> Subject: Re: LDAP_OPERATIONS_ERROR w/Net::LDAP and AuthNetLDAP?
>
> : Hi,
> : This could be a bug in my AuthNetLDAP module, probably with the opening or
> : closing of the LDAP connection. I haven't even really used the module in
> : production yet, so I don't know all of the bugs.
> :
> : Could you send a copy of the relevant Apache error log to
> ma...@mj...
> :
> : I'll be out of town for the next few days, but I'll try to take a look at
> : it when I get back.
> :
> : Mark
> :
> : Eamon Daly wrote:
> :
> : > A handful of our users are getting an LDAP_OPERATIONS_ERROR
> : > when they try to authenticate. I haven't seen anything close
> : > in the archives, and LDAP_OPERATIONS_ERROR is fairly vague,
> : > so I'm kinda stumped. A 'debug => 3' trace follows. The name
> : > and password is correct.
> : >
> : > Apache 1.3.12
> : > Solaris 7
> : > Net::LDAP 0.19
> : > Apache::AuthNetLDAP 0.16
> : >
> : > Thanks in advance!
> : >
> : > [Thu Jul  6 17:03:12 2000] [error] access to / failed for xx.xx.xx.147,
> : > reason: user kpeterson: failed bind: 1
> : > Net::LDAP=HASH(0x3fa2f8) sending:
> : >
> : > 30 0C 02 01 01 60 07 02 01 02 04 00 80 00 __ __ 0....`........
> : >
> : > Net::LDAP=HASH(0x3fa2f8) received:
> : >
> : > 30 0C 02 01 01 61 07 0A 01 00 04 00 04 00 __ __ 0....a........
> : >
> : > Net::LDAP=HASH(0x3fa2f8) sending:
> : >
> : > 30 2E 02 01 02 63 29 04 00 0A 01 02 0A 01 02 02 0....c).........
> : > 01 00 02 01 00 01 01 00 A3 10 04 03 75 69 64 04 ............uid.
> : > 09 6B 70 65 74 65 72 73 6F 6E 30 04 04 02 64 6E .kpeterson0...dn
> : >
> : > Net::LDAP=HASH(0x3fa2f8) received:
> : >
> : > 30 22 02 01 02 64 1D 04 19 63 6E 3D 6B 70 65 74 0"...d...cn=kpet
> : > 65 72 73 6F 6E 2C 6F 3D 66 77 5F 63 6F 6E 74 65 erson,o=fw_conte
> : > 78 74 30 00 __ __ __ __ __ __ __ __ __ __ __ __ xt0.
> : >
> : > Net::LDAP=HASH(0x3fa2f8) received:
> : >
> : > 30 0C 02 01 02 65 07 0A 01 00 04 00 04 00 __ __ 0....e........
> : >
> : > Net::LDAP=HASH(0x3fa2f8) sending:
> : >
> : > 30 2B 02 01 03 60 26 02 01 02 04 19 63 6E 3D 6B 0+...`&.....cn=k
> : > 70 65 74 65 72 73 6F 6E 2C 6F 3D 66 77 5F 63 6F peterson,o=fw_co
> : > 6E 74 65 78 74 80 06 73 6D 61 63 6B 68 __ __ __ ntext..smackh
> : >
> : > Net::LDAP=HASH(0x3fa2f8) received:
> : >
> : > 30 0C 02 01 03 61 07 0A 01 01 04 00 04 00 __ __ 0....a........
> : >
> : > ________________________________________
> : > Eamon Daly
> : > FastWeb, Inc.
> : > 847 568 6410
> :
> :

Re: LDAP_OPERATIONS_ERROR w/Net::LDAP and AuthNetLDAP?

[Eamon D. <ea...@fa...>]

I just turned on some extra logging on the Novell side of things.
Perhaps this is of value to someone. Also, I forgot to mention the
Perl version I'm using: 5.005_03 built for sun4-solaris.

I've tried adding unbinds to places that returned "fail" values in
AuthNetLDAP, but that didn't seem to help any.

7-6-2000 9:11:01 pm Accepting TCP connection
7-6-2000 9:11:01 pm Starting new monitor thread
7-6-2000 9:11:01 pm Monitor thread 0x151 started
7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
on:7-6-2000 9:11:01 pm  0xd219a180r7-6-2000 9:11:01 pm
7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 0
7-6-2000 9:11:01 pm new connection on 0xd427bcc0
7-6-2000 9:11:01 pm select activity in monitor thread 0x151
7-6-2000 9:11:01 pm read activity on 0xd219a180
7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
on:7-6-2000 9:11:01 pm  0xd219a180r7-6-2000 9:11:01 pm  0xd427bcc0r7-6-2000
9:11:01 pm
7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 0
7-6-2000 9:11:01 pm select activity in monitor thread 0x151
7-6-2000 9:11:01 pm read activity on 0xd427bcc0
7-6-2000 9:11:01 pm do_bind
7-6-2000 9:11:01 pm bind: protocol version 2 dn () method 128
7-6-2000 9:11:01 pm accepting NULL bind
7-6-2000 9:11:01 pm send_ldap_result 0::
7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
on:7-6-2000 9:11:01 pm  0xd219a180r7-6-2000 9:11:01 pm  0xd427bcc0r7-6-2000
9:11:01 pm
7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 0
7-6-2000 9:11:01 pm select activity in monitor thread 0x151
7-6-2000 9:11:01 pm read activity on 0xd427bcc0
7-6-2000 9:11:01 pm do_search
7-6-2000 9:11:01 pm SRCH base "" scope 2 deref 27-6-2000 9:11:01 pm
sizelimit 0 timelimit 0 attrsonly 0
7-6-2000 9:11:01 pm begin get_filter
7-6-2000 9:11:01 pm EQUALITY
7-6-2000 9:11:01 pm     filter: (uid=kpeterson)
7-6-2000 9:11:01 pm     attrs:7-6-2000 9:11:01 pm  dn7-6-2000 9:11:01 pm
7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
on:7-6-2000 9:11:01 pm  0xd219a180r7-6-2000 9:11:01 pm  0xd427bcc0r7-6-2000
9:11:01 pm
7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 1
7-6-2000 9:11:01 pm => send_search_entry (cn=kpeterson,o=fw_context)
7-6-2000 9:11:01 pm => acl_get: entry (cn=kpeterson,o=fw_context) attr
(entry)
7-6-2000 9:11:01 pm <= acl_get: no match
7-6-2000 9:11:01 pm <= acl: granted by default (no matching "to" entry)
7-6-2000 9:11:01 pm send_ldap_result 0::
7-6-2000 9:11:01 pm select activity in monitor thread 0x151
7-6-2000 9:11:01 pm read activity on 0xd427bcc0
7-6-2000 9:11:01 pm do_bind
7-6-2000 9:11:01 pm bind: protocol version 2 dn (cn=kpeterson,o=fw_context)
method 128
7-6-2000 9:11:01 pm dn (cn=kpeterson,o=fw_context), ndsDN
(CN=kpeterson.O=fw_context)
7-6-2000 9:11:01 pm listening for activity in monitor thread 0x151
on:7-6-2000 9:11:01 pm  0xd219a180r7-6-2000 9:11:01 pm  0xd427bcc0r7-6-2000
9:11:01 pm
7-6-2000 9:11:01 pm before select in monitor thread 0x151, active_threads 1
7-6-2000 9:11:04 pm DS login failed for NDS dn "CN=kpeterson.O=fw_context",
err = -217
7-6-2000 9:11:04 pm send_ldap_result 1::
7-6-2000 9:11:04 pm select activity in monitor thread 0x151
7-6-2000 9:11:04 pm read activity on 0xd427bcc0
7-6-2000 9:11:04 pm ber_get_next on fd 0xd427bcc0 failed errno 1
7-6-2000 9:11:04 pm *** got 0 of 0 so far
7-6-2000 9:11:04 pm close conn in close_connection 0xd4293440 on skt
0xd427bcc0 from opid -1
7-6-2000 9:11:04 pm called by "connection_activity"
7-6-2000 9:11:04 pm freeing conn 0xd4293440 at index 1 in monitor thread
0xd217d040
7-6-2000 9:11:04 pm listening for activity in monitor thread 0x151
on:7-6-2000 9:11:04 pm  0xd219a180r7-6-2000 9:11:04 pm
7-6-2000 9:11:04 pm before select in monitor thread 0x151, active_threads 0
7-6-2000 9:11:11 pm Janitor thread is terminating monitor thread 0x151
7-6-2000 9:11:11 pm select activity in monitor thread 0x151
7-6-2000 9:11:11 pm Monitor thread 0x151 terminated

________________________________________
Eamon Daly
FastWeb, Inc.
847 568 6410


----- Original Message -----
From: "Mark Wilcox" <mew...@un...>
To: "Eamon Daly" <ea...@fa...>
Cc: <per...@li...>
Sent: Thursday, July 06, 2000 9:01 PM
Subject: Re: LDAP_OPERATIONS_ERROR w/Net::LDAP and AuthNetLDAP?


: Hi,
: This could be a bug in my AuthNetLDAP module, probably with the opening or
: closing of the LDAP connection. I haven't even really used the module in
: production yet, so I don't know all of the bugs.
:
: Could you send a copy of the relevant Apache error log to
ma...@mj...
:
: I'll be out of town for the next few days, but I'll try to take a look at
: it when I get back.
:
: Mark
:
: Eamon Daly wrote:
:
: > A handful of our users are getting an LDAP_OPERATIONS_ERROR
: > when they try to authenticate. I haven't seen anything close
: > in the archives, and LDAP_OPERATIONS_ERROR is fairly vague,
: > so I'm kinda stumped. A 'debug => 3' trace follows. The name
: > and password is correct.
: >
: > Apache 1.3.12
: > Solaris 7
: > Net::LDAP 0.19
: > Apache::AuthNetLDAP 0.16
: >
: > Thanks in advance!
: >
: > [Thu Jul  6 17:03:12 2000] [error] access to / failed for xx.xx.xx.147,
: > reason: user kpeterson: failed bind: 1
: > Net::LDAP=HASH(0x3fa2f8) sending:
: >
: > 30 0C 02 01 01 60 07 02 01 02 04 00 80 00 __ __ 0....`........
: >
: > Net::LDAP=HASH(0x3fa2f8) received:
: >
: > 30 0C 02 01 01 61 07 0A 01 00 04 00 04 00 __ __ 0....a........
: >
: > Net::LDAP=HASH(0x3fa2f8) sending:
: >
: > 30 2E 02 01 02 63 29 04 00 0A 01 02 0A 01 02 02 0....c).........
: > 01 00 02 01 00 01 01 00 A3 10 04 03 75 69 64 04 ............uid.
: > 09 6B 70 65 74 65 72 73 6F 6E 30 04 04 02 64 6E .kpeterson0...dn
: >
: > Net::LDAP=HASH(0x3fa2f8) received:
: >
: > 30 22 02 01 02 64 1D 04 19 63 6E 3D 6B 70 65 74 0"...d...cn=kpet
: > 65 72 73 6F 6E 2C 6F 3D 66 77 5F 63 6F 6E 74 65 erson,o=fw_conte
: > 78 74 30 00 __ __ __ __ __ __ __ __ __ __ __ __ xt0.
: >
: > Net::LDAP=HASH(0x3fa2f8) received:
: >
: > 30 0C 02 01 02 65 07 0A 01 00 04 00 04 00 __ __ 0....e........
: >
: > Net::LDAP=HASH(0x3fa2f8) sending:
: >
: > 30 2B 02 01 03 60 26 02 01 02 04 19 63 6E 3D 6B 0+...`&.....cn=k
: > 70 65 74 65 72 73 6F 6E 2C 6F 3D 66 77 5F 63 6F peterson,o=fw_co
: > 6E 74 65 78 74 80 06 73 6D 61 63 6B 68 __ __ __ ntext..smackh
: >
: > Net::LDAP=HASH(0x3fa2f8) received:
: >
: > 30 0C 02 01 03 61 07 0A 01 01 04 00 04 00 __ __ 0....a........
: >
: > ________________________________________
: > Eamon Daly
: > FastWeb, Inc.
: > 847 568 6410
:
:

Re: LDAP_OPERATIONS_ERROR w/Net::LDAP and AuthNetLDAP?

[Mark W. <mew...@un...>]

Hi,
This could be a bug in my AuthNetLDAP module, probably with the opening or
closing of the LDAP connection. I haven't even really used the module in
production yet, so I don't know all of the bugs.

Could you send a copy of the relevant Apache error log to ma...@mj...

I'll be out of town for the next few days, but I'll try to take a look at
it when I get back.

Mark

Eamon Daly wrote:

> A handful of our users are getting an LDAP_OPERATIONS_ERROR
> when they try to authenticate. I haven't seen anything close
> in the archives, and LDAP_OPERATIONS_ERROR is fairly vague,
> so I'm kinda stumped. A 'debug => 3' trace follows. The name
> and password is correct.
>
> Apache 1.3.12
> Solaris 7
> Net::LDAP 0.19
> Apache::AuthNetLDAP 0.16
>
> Thanks in advance!
>
> [Thu Jul  6 17:03:12 2000] [error] access to / failed for xx.xx.xx.147,
> reason: user kpeterson: failed bind: 1
> Net::LDAP=HASH(0x3fa2f8) sending:
>
> 30 0C 02 01 01 60 07 02 01 02 04 00 80 00 __ __ 0....`........
>
> Net::LDAP=HASH(0x3fa2f8) received:
>
> 30 0C 02 01 01 61 07 0A 01 00 04 00 04 00 __ __ 0....a........
>
> Net::LDAP=HASH(0x3fa2f8) sending:
>
> 30 2E 02 01 02 63 29 04 00 0A 01 02 0A 01 02 02 0....c).........
> 01 00 02 01 00 01 01 00 A3 10 04 03 75 69 64 04 ............uid.
> 09 6B 70 65 74 65 72 73 6F 6E 30 04 04 02 64 6E .kpeterson0...dn
>
> Net::LDAP=HASH(0x3fa2f8) received:
>
> 30 22 02 01 02 64 1D 04 19 63 6E 3D 6B 70 65 74 0"...d...cn=kpet
> 65 72 73 6F 6E 2C 6F 3D 66 77 5F 63 6F 6E 74 65 erson,o=fw_conte
> 78 74 30 00 __ __ __ __ __ __ __ __ __ __ __ __ xt0.
>
> Net::LDAP=HASH(0x3fa2f8) received:
>
> 30 0C 02 01 02 65 07 0A 01 00 04 00 04 00 __ __ 0....e........
>
> Net::LDAP=HASH(0x3fa2f8) sending:
>
> 30 2B 02 01 03 60 26 02 01 02 04 19 63 6E 3D 6B 0+...`&.....cn=k
> 70 65 74 65 72 73 6F 6E 2C 6F 3D 66 77 5F 63 6F peterson,o=fw_co
> 6E 74 65 78 74 80 06 73 6D 61 63 6B 68 __ __ __ ntext..smackh
>
> Net::LDAP=HASH(0x3fa2f8) received:
>
> 30 0C 02 01 03 61 07 0A 01 01 04 00 04 00 __ __ 0....a........
>
> ________________________________________
> Eamon Daly
> FastWeb, Inc.
> 847 568 6410

LDAP_OPERATIONS_ERROR w/Net::LDAP and AuthNetLDAP?

[Eamon D. <ea...@fa...>]

A handful of our users are getting an LDAP_OPERATIONS_ERROR
when they try to authenticate. I haven't seen anything close
in the archives, and LDAP_OPERATIONS_ERROR is fairly vague,
so I'm kinda stumped. A 'debug => 3' trace follows. The name
and password is correct.

Apache 1.3.12
Solaris 7
Net::LDAP 0.19
Apache::AuthNetLDAP 0.16

Thanks in advance!

[Thu Jul  6 17:03:12 2000] [error] access to / failed for xx.xx.xx.147,
reason: user kpeterson: failed bind: 1
Net::LDAP=HASH(0x3fa2f8) sending:

30 0C 02 01 01 60 07 02 01 02 04 00 80 00 __ __ 0....`........

Net::LDAP=HASH(0x3fa2f8) received:

30 0C 02 01 01 61 07 0A 01 00 04 00 04 00 __ __ 0....a........

Net::LDAP=HASH(0x3fa2f8) sending:

30 2E 02 01 02 63 29 04 00 0A 01 02 0A 01 02 02 0....c).........
01 00 02 01 00 01 01 00 A3 10 04 03 75 69 64 04 ............uid.
09 6B 70 65 74 65 72 73 6F 6E 30 04 04 02 64 6E .kpeterson0...dn

Net::LDAP=HASH(0x3fa2f8) received:

30 22 02 01 02 64 1D 04 19 63 6E 3D 6B 70 65 74 0"...d...cn=kpet
65 72 73 6F 6E 2C 6F 3D 66 77 5F 63 6F 6E 74 65 erson,o=fw_conte
78 74 30 00 __ __ __ __ __ __ __ __ __ __ __ __ xt0.

Net::LDAP=HASH(0x3fa2f8) received:

30 0C 02 01 02 65 07 0A 01 00 04 00 04 00 __ __ 0....e........

Net::LDAP=HASH(0x3fa2f8) sending:

30 2B 02 01 03 60 26 02 01 02 04 19 63 6E 3D 6B 0+...`&.....cn=k
70 65 74 65 72 73 6F 6E 2C 6F 3D 66 77 5F 63 6F peterson,o=fw_co
6E 74 65 78 74 80 06 73 6D 61 63 6B 68 __ __ __ ntext..smackh

Net::LDAP=HASH(0x3fa2f8) received:

30 0C 02 01 03 61 07 0A 01 01 04 00 04 00 __ __ 0....a........

________________________________________
Eamon Daly
FastWeb, Inc.
847 568 6410

Re: adding DNS zone info into ldap

[Clif H. <cl...@di...>]

> 
> On Thu, 06 Jul 2000 10:39:45 CDT, Clif Harden wrote:
> 
> Oh dear, they're redefining published (in an RFC) object classes and 
> attribute types! Have they at least used their own OIDs?
> 
> Cheers,
> 
> Chris
> 
> 

Yep they used the normal oid.  

I have a call into a Netscape rep, see what he have to say about this.

Of course Netscape will blame it on the evil NT platform that the server 
is running on. :)  This system has given the blue screen of death several
times.

Regards,

Clif Harden           INTERNET:  c-h...@ti...

Re: [Fwd] perl ldap and active directory

[Padraig R. <rya...@it...>]

to find the schema on exchange you must open the exchange administrator app
in raw mode

exadmin.exe -r ( I'm not at the exchange box right now but I think the app
is called exadmin or something like that :-)

at the command prompt (cmd.exe)

That's what I worked from - the schema appears in the right hand pane. There
are some differences between Netscape and Exchange schema eg using CN for
UID etc.

Padraig.


----------------------------------------------------------------
Padraig Ryan
IT Manager
Institute of Technology, Sligo
Ireland

P +353(0)71.55365
F +353(0)71.60475
M +353(0)87.2334062
E rya...@it...
W http://www.itsligo.ie/staff/pryan
----- Original Message -----
From: Feisal Mohammed <Fei...@uw...>
To: Padraig Ryan <rya...@it...>
Sent: Thursday, July 06, 2000 2:25 PM
Subject: Re: [Fwd] perl ldap and active directory


> Hi,
>
> I noticed that you were sucessful in connecting
> to exchange servers.  Can you point me to some
> documentation on the schemas on exchange?
> I want to be able to query exchange and
> determine mail addresses using sendmail+ldap
>
> -Feisal
>

Re: adding DNS zone info into ldap

[Chris R. <Chr...@me...>]

On Thu, 06 Jul 2000 10:39:45 CDT, Clif Harden wrote:
> On my standard (as provided by Netscape) uncustomized Netscape 
> directory there is a 'domain' object class and it does include 
> a dnsrecord attribute.  The objectclass was predefined with dnsrecord 
> as a may contain attribute, the dnsrecord attribute was not 
> predefined, I had to define it.
> 
> I have used this objectclass and attribute to do almost exactly what
> this individual wants to do in a Netscape directory.  This is the
> reason I referred to a Netscape directory because I know it can
> be done there.
> 
> With some minor adjustments I could to the same thing in my
> x.500 directories.

Oh dear, they're redefining published (in an RFC) object classes and 
attribute types! Have they at least used their own OIDs?

Cheers,

Chris

Re: adding DNS zone info into ldap

[Clif H. <cl...@di...>]

> 
> On Thu, 06 Jul 2000 09:06:29 CDT, Clif Harden wrote:
> 
> The only 'domain' object class I can find wasn't invented by Netscape. 
> It is defined in RFC 1274, and does not include any dnsrecord 
> attribute. Perhaps you're thinking of the 'dNSDomain' object class, 
> which does contain this attribute, and is also defined in RFC 1274?
> 
> I would advise looking in RFC 1274 to see what else might be useful. If 
> nothing is appropriate, as Clif says go ahead and create your own.
> 
> Cheers,
> 
> Chris
> 


On my standard (as provided by Netscape) uncustomized Netscape 
directory there is a 'domain' object class and it does include 
a dnsrecord attribute.  The objectclass was predefined with dnsrecord 
as a may contain attribute, the dnsrecord attribute was not 
predefined, I had to define it.

I have used this objectclass and attribute to do almost exactly what
this individual wants to do in a Netscape directory.  This is the
reason I referred to a Netscape directory because I know it can
be done there.

With some minor adjustments I could to the same thing in my
x.500 directories.

Regards,

Clif Harden           INTERNET:  c-h...@ti...

Re: adding DNS zone info into ldap

[Chris R. <Chr...@me...>]

On Thu, 06 Jul 2000 09:06:29 CDT, Clif Harden wrote:
> > 
> > hi,everybody:
> > 
> > Does anybody know about any format in adding DNS zone
> > info in ldap sever? something like ldap->add {
> >                                dn........}
> >                                ........???
> > 
> > Eric
> > 
> 
> Eric,
> 
> You can put dns and network information in a directory.  There are several
> commerical products that do this.
> 
> The netscape objectClass domain has a dnsrecord attribute.
> 
> If you do not find what you what in the standard objectClasses 
> and attributes you could aways create your own objectclass or 
> attributes.  
> 
> 
> Regards,
> 
> Clif Harden           INTERNET:  c-h...@ti...
> 
> 

The only 'domain' object class I can find wasn't invented by Netscape. 
It is defined in RFC 1274, and does not include any dnsrecord 
attribute. Perhaps you're thinking of the 'dNSDomain' object class, 
which does contain this attribute, and is also defined in RFC 1274?

I would advise looking in RFC 1274 to see what else might be useful. If 
nothing is appropriate, as Clif says go ahead and create your own.

Cheers,

Chris

Re: adding DNS zone info into ldap

[Clif H. <cl...@di...>]

> 
> hi,everybody:
> 
> Does anybody know about any format in adding DNS zone
> info in ldap sever? something like ldap->add {
>                                dn........}
>                                ........???
> 
> Eric
> 

Eric,

You can put dns and network information in a directory.  There are several
commerical products that do this.

The netscape objectClass domain has a dnsrecord attribute.

If you do not find what you what in the standard objectClasses 
and attributes you could aways create your own objectclass or 
attributes.  


Regards,

Clif Harden           INTERNET:  c-h...@ti...

adding DNS zone info into ldap

[Eric Z. <eri...@ya...>]

hi,everybody:

Does anybody know about any format in adding DNS zone
info in ldap sever? something like ldap->add {
                               dn........}
                               ........???

Eric

__________________________________________________
Do You Yahoo!?
Kick off your party with Yahoo! Invites.
http://invites.yahoo.com/

Re: about synchronous/asynchronous operations

[Graham B. <gb...@po...>]

The operation will be asynchronous if $ldap->async returns zero.

So if you have done an async bind, then unless you have done $ldap->async(0)
the search will be asynchronous.

Graham.

On Wed, Jul 05, 2000 at 03:19:25PM +0200, Bouarich, Reda wrote:
> Hello u all,
> I'm binding on the LDAP server in an asynchronous way, I would like to
> perform certain tasks during this session like a search, update ect...
> I would like to know if I do a search operation for instance, will it be
> asynchronous automatically (because of the asynchronous bind) or does " an
> asynchronous search" exist?
> Thanks in advance.

about synchronous/asynchronous operations

[Bouarich, R. <Red...@co...>]

Hello u all,
I'm binding on the LDAP server in an asynchronous way, I would like to
perform certain tasks during this session like a search, update ect...
I would like to know if I do a search operation for instance, will it be
asynchronous automatically (because of the asynchronous bind) or does " an
asynchronous search" exist?
Thanks in advance.


Reda Bouarich
Compaq Computer Corp
tel: 04-92-95-58-65
email: Red...@co...

Re: [Fwd] perl ldap and active directory

[Padraig R. <rya...@it...>]

All,

Thanks for the reply. In effect it was a permissions problem on the active
directory server coupled with using netscape navigator to check using ldap
url's and forgetting to do a reload as navigator was returing a cached copy
of the "not found" message.

You need to apply list and read permissions on the users in the active
directory mmc snapin - click view, advanced and security for your directory
site and add these permission to your users.

Perl Ldap then works exactly as for netscape and exchange.


----------------------------------------------------------------
Padraig Ryan
IT Manager
Institute of Technology, Sligo
Ireland

P +353(0)71.55365
F +353(0)71.60475
M +353(0)87.2334062
E rya...@it...
W http://www.itsligo.ie/staff/pryan
----- Original Message -----
From: Graham Barr <gb...@po...>
To: LDAP Mailing List <per...@li...>
Cc: Padraig Ryan <rya...@it...>
Sent: Tuesday, July 04, 2000 2:51 PM
Subject: [Fwd] perl ldap and active directory


> ----- Forwarded message from "Padraig Ryan"
<rya...@it...> -----
>
> From: "Padraig Ryan" <rya...@it...>
> To: <gb...@po...>
> Subject: perl ldap and active directory
> Date: Tue, 4 Jul 2000 13:12:34 +0100
> X-Mailer: Microsoft Outlook Express 5.00.2314.1300
>
> Graham,
>
> We've successfully used your ldap module against netscape and ms exchange
directories but are having problems with active directory.
>
> It may be our filter is wrong but do you have any examples or resources
specififcally relating to active directory?
>
> Thanks in advance.
>
> Padraig Ryan
>
> ----------------------------------------------------------------
> Padraig Ryan
> IT Manager
> Institute of Technology, Sligo
> Ireland
>
> P +353(0)71.55365
> F +353(0)71.60475
> M +353(0)87.2334062
> E rya...@it...
> W http://www.itsligo.ie/staff/pryan
>
> ----- End forwarded message -----
>

Re: [Fwd] RE: Page or VLV control

[Graham B. <gb...@po...>]

On Tue, Jul 04, 2000 at 12:24:25PM -0500, Mark Wilcox wrote:
> 
> Graham Barr wrote:
> >
> > Ah, it sounds like you want the LDAPiranah  module someone wrote a while
> 
> ?? I couldn't find it on CPAN. I'd be happy to help someone get this to work if that
> would make your life easier. I'll be out of town for most of the next 2 weeks but
> after that I'll help with what I can.

It's mot on CPAN. It was written by Matthew Sisk. You can get a copy from
http://www.mojotoad.com/sisk/projects/LDAPiranah/

Graham.

Re: [Fwd] RE: Page or VLV control

[Mark W. <mew...@un...>]

Graham Barr wrote:

> On Mon, Jul 03, 2000 at 12:33:44PM -0700, Allen, Robbie wrote:
> > All I'm really asking is for the search method to return all entries
> > that match the search criteria.  To be safe, I need to use VLV in all of

> > my searches, because one day the number of entries returned may exceed
> > the server limit, or the server limit may one day be set lower, and the
> > application may break because it does not get all the entries it thinks
> > it should.  This may not be an issue in some environments, but it is in
> > mine.
>

If the LDAP server can return all of the entries it will during a search. If it
doesn't then it will throw an error. That's what you want! If you suddenly bind
yourself to a particular method and then one day it doesn't work (e.g. you suddenly
start searching on an LDAP server that doesn't support controls & your search is
still beyond the limit)& it's not documented, the developer won't know why.

The simple answer is to always include the proper control in all of your searches and
document why you are doing this. I don't know why that's so #!$@!$! difficult ;).

You also always have the option of binding as the Directory Manager account. Insecure
as hell, but that will work for most servers ;).


>
> Ah, it sounds like you want the LDAPiranah  module someone wrote a while

?? I couldn't find it on CPAN. I'd be happy to help someone get this to work if that
would make your life easier. I'll be out of town for most of the next 2 weeks but
after that I'll help with what I can.

> back. Itwill need so changes to work with the latest Net::LDAP though. In fact
> I have some changes planned for Net::LDAP which will make that kind of
> thing easier.

Cool.

Mark

>
>
> Graham.

[Fwd] perl ldap and active directory

[Graham B. <gb...@po...>]

----- Forwarded message from "Padraig Ryan" <rya...@it...> -----

From: "Padraig Ryan" <rya...@it...>
To: <gb...@po...>
Subject: perl ldap and active directory
Date: Tue, 4 Jul 2000 13:12:34 +0100
X-Mailer: Microsoft Outlook Express 5.00.2314.1300

Graham,

We've successfully used your ldap module against netscape and ms exchange directories but are having problems with active directory.

It may be our filter is wrong but do you have any examples or resources specififcally relating to active directory?

Thanks in advance.

Padraig Ryan

----------------------------------------------------------------
Padraig Ryan
IT Manager
Institute of Technology, Sligo
Ireland

P +353(0)71.55365
F +353(0)71.60475
M +353(0)87.2334062
E rya...@it...
W http://www.itsligo.ie/staff/pryan

----- End forwarded message -----

Re: sorting search results ?

[Chris R. <Chr...@me...>]

On Tue, 04 Jul 2000 15:23:53 +0800, wiLL wrote:
> 
> Hello !
> 
> I'm working on LDAP ... and I want to know how to sort the results from
> $ldap->search ?
> 
> tnx ..
> 
> wiLL

Use sorted('cn') (or whatever attribute you want to sort on) instead of 
entries() on the object returned by $ldap->search().

Read the perldoc for Net::LDAP::Search to find out more.

The sorted method is not strictly correct, because it doesn't do 
comparisons according to the directory rules. But it might suffice for 
you.

Cheers,

Chris

sorting search results ?

[wiLL <wol...@sk...>]

Hello !

I'm working on LDAP ... and I want to know how to sort the results from
$ldap->search ?

tnx ..

wiLL


-------------------------------------
wiLL S. Olivete Jr.
wol...@sk...
pgp key id : 0x2D85D7BF
office voice: 63.74.443.5657
mobile: 0917.972.6384
pager: ec 963576 

Re: [Fwd] RE: Page or VLV control

[Graham B. <gb...@po...>]

On Mon, Jul 03, 2000 at 12:33:44PM -0700, Allen, Robbie wrote:
> All I'm really asking is for the search method to return all entries
> that match the search criteria.  To be safe, I need to use VLV in all of
> my searches, because one day the number of entries returned may exceed
> the server limit, or the server limit may one day be set lower, and the
> application may break because it does not get all the entries it thinks
> it should.  This may not be an issue in some environments, but it is in
> mine.

Ah, it sounds like you want the LDAPiranah  module someone wrote a while back. It
will need so changes to work with the latest Net::LDAP though. In fact
I have some changes planned for Net::LDAP which will make that kind of
thing easier.

Graham.

Re: Integrating Paged control into the search method

[Graham B. <gb...@po...>]

I agree

Graham.

On Mon, Jul 03, 2000 at 04:46:19PM -0500, Mark Wilcox wrote:
> The harm is that it uncssesarily bloats the API. Net::LDAP is a low-level
> API, not a higher level API like ADSI or JNDI which it sounds like you
> want. And as Graham & I've pointed out, where does it stop?
> 
> If you want to get all of the values from a search you must use the tools
> LDAP provides, which means control, if your server supports
> it. Not all servers support them. And even if they do, it doesn't mean all
> searches can use them (e.g. they might be limited to only a particular set
> of users). 
> 
> If you want to use LDAP, then you must learn the ins and outs, which means
> controls. The average joe will either learn controls or they won't. They
> are optional and you can still program LDAP successfully without them. 
> 
> I think what you really want is a higher-level API than Net::LDAP, which
> operates on a pretty low level. The higher-level API would wrap around
> NEt::LDAP (or it could also include other directory services), this would
> make it similar to ADSI or JNDI. 
> 
> That I would support. I just can't add my support to adding built in
> controls to Net::LDAP. Now if a particular control was added to all
> servers (e.g. the LDAP RFCs were changed to say that all servers MUST
> support the VLV or Paged control), then I'd say of course we should make
> it integrated because then they literally would be a part of a standard
> operation.
> 
> But until then, I think the search API is fine. I think we should instead
> concentrate on making sure the controls work and documenting the existing
> control structure. And perhaps revisit this issue in the future if more
> people think it's a good idea.

RE: Integrating Paged control into the search method

[Mark W. <mew...@un...>]

On Mon, 3 Jul 2000, Allen, Robbie wrote:

> > From: Mark Wilcox [mailto:mew...@un...]
> > 
> > It should be integrated into the search method via a control as it is
> > now. The purpose of controls is to enxtend or enhance the 
> > functionality of a particular LDAP operation. 
> 
> I don't see the harm in having it as an extra option to the search
> method.  Of course you'd want to keep the traditional control mechanism
> as it is today.  The primary reason why I think this is a good idea is
> because many times, when developing automation processes around a
> directory, you want to be sure to get all objects that match a search,
> not what is imposed by the server limit.

The harm is that it uncssesarily bloats the API. Net::LDAP is a low-level
API, not a higher level API like ADSI or JNDI which it sounds like you
want. And as Graham & I've pointed out, where does it stop?

If you want to get all of the values from a search you must use the tools
LDAP provides, which means control, if your server supports
it. Not all servers support them. And even if they do, it doesn't mean all
searches can use them (e.g. they might be limited to only a particular set
of users). 

If you want to use LDAP, then you must learn the ins and outs, which means
controls. The average joe will either learn controls or they won't. They
are optional and you can still program LDAP successfully without them. 

I think what you really want is a higher-level API than Net::LDAP, which
operates on a pretty low level. The higher-level API would wrap around
NEt::LDAP (or it could also include other directory services), this would
make it similar to ADSI or JNDI. 

That I would support. I just can't add my support to adding built in
controls to Net::LDAP. Now if a particular control was added to all
servers (e.g. the LDAP RFCs were changed to say that all servers MUST
support the VLV or Paged control), then I'd say of course we should make
it integrated because then they literally would be a part of a standard
operation.

But until then, I think the search API is fine. I think we should instead
concentrate on making sure the controls work and documenting the existing
control structure. And perhaps revisit this issue in the future if more
people think it's a good idea.

Mark

Re: Integrating Paged control into the search method

[Graham B. <gb...@po...>]

On Mon, Jul 03, 2000 at 12:12:12PM -0700, Allen, Robbie wrote:
> > The biggest problem with this is that it makes your life 
> > easier because you have a paged controls on your LDAP Server. But my
> server 
> > doesn't use paged controls, instead it supports the Virtual List View
> control. 
> 
> I was just using the Paged control as an example.  The search method,
> could and probably should use VLV because of its acceptance.

I think Mark has a point. Where do we stop ? how many controls do we
try to integrate, how big do we allow ->search() to get, how much of this
will be bloat for the many ?

> > In other words I think it's a bad idea because:
> > 1) it violates the idea behind the use of LDAP controls
> 
> I don't see it as violating, I see it as integrating.

And we know where that will get you :)

Graham.

RE: [Fwd] RE: Page or VLV control

[Allen, R. <ra...@ci...>]

> From: Mark Wilcox [mailto:mew...@un...]
> 
> sorry I don't. I couldn't find anything on the IETF site as 
> well. I wonder if it's buried in a MS document somewhere, hidden by an
NDA :).

As Graham mentioned, checking for the Paged cookie to be unset does the
job. 

> But I did remember another argument for not including the 
> paged-control in the search method, it's a proprietary control
> for Active Directory (this is perfectly legal LDAP, however ;). It
will be
> replaced by the Virtual List View control in future versions of AD,
> because VLV provides everything Page control does, but it's 
> being agreed upon by Netscape, Microsoft and Novell, thus should be
more 
> standardized across the board (I know Netscape already supports it, I
think Novell
> does).

Ok, then replace Paged with VLV in my suggestion ;-)

All I'm really asking is for the search method to return all entries
that match the search criteria.  To be safe, I need to use VLV in all of
my searches, because one day the number of entries returned may exceed
the server limit, or the server limit may one day be set lower, and the
application may break because it does not get all the entries it thinks
it should.  This may not be an issue in some environments, but it is in
mine.

Coming from a database background where this limitation wasn't enforced,
paging creates an additional hurdle.  I'm not saying server limits are
inherently a bad thing, I just wish it was easier to get around.

Robbie Allen



> Mark
> 
> On Mon, 3 Jul 2000, Graham Barr wrote:
> 
> > Does anyone know when a Paged search is complete ?
> > 
> > ----- Forwarded message from "Allen, Robbie" 
> <ra...@ci...> -----
> > 
> > From: "Allen, Robbie" <ra...@ci...>
> > To: "'Graham Barr'" <gb...@po...>
> > Subject: RE: Page or VLV control
> > Date: Sun, 2 Jul 2000 12:49:13 -0700 
> > X-Mailer: Internet Mail Service (5.5.2650.21)
> > 
> > Yep, that's better.  So here is the finished product that 
> works for me:
> > 
> > #----------------------------------------------------#
> > use Net::LDAP;
> > use Net::LDAP::Control;
> > use Net::LDAP::Constant qw( LDAP_CONTROL_PAGED 
> LDAP_CONTROL_SORTREQUEST
> > );
> > 
> >    ...
> > 
> >    $page = Net::LDAP::Control->new( LDAP_CONTROL_PAGED, 
> size => 1000);
> >    $sort = Net::LDAP::Control->new( 
> LDAP_CONTROL_SORTREQUEST, order =>
> > 'cn');
> >    @args = ( base  => 
> "cn=subnets,cn=sites,cn=configuration,$BASE_DN",
> >              scope => "subtree",
> >              filter => "(objectClass=subnet)",
> >              control => [ $sort, $page ] );
> >    while (($mesg = $LDAP->search( @args ))) {
> >       print_subnet($_) foreach $mesg->entries;
> >       last if $mesg->count < $page->size;
> >       ($resp) = $mesg->control( LDAP_CONTROL_PAGED );
> >       $page->cookie($resp->cookie);
> >    }
> > #----------------------------------------------------#
> > 
> > The only question that still remains for me is the best way 
> to determine
> > a Paged search is complete.  Above I just check to see if 
> the mesg count
> > is less than the page size, but seems like there should be a more
> > intuitive approach.  The search inside the while clause isn't a good
> > check, because after the search completes, it starts over 
> again from 1
> > (and continues), so the only way to break out of the loop 
> is with the
> > 'last' call.
> > 
> > Thanks for working on this!!!  This is the critical piece I 
> was missing
> > to start automating a lot of our Active Directory processes.
> > 
> > Robbie Allen
> > 
> > 
> > > -----Original Message-----
> > > From: Graham Barr [mailto:gb...@po...]
> > > Sent: Sunday, July 02, 2000 12:01 AM
> > > To: Allen, Robbie
> > > Subject: Re: Page or VLV control
> > > 
> > > 
> > > Ah, OK. Try this new patch
> > > 
> > > Graham.
> > > 
> > > On Sat, Jul 01, 2000 at 08:32:35PM -0700, Allen, Robbie wrote:
> > > > Works!  At least for Paged and Sort, haven't tried VLV yet. 
> > >  For some
> > > > reason, when I used both Paged and Sort together, I also 
> > > had to 'use'
> > > > SortResult.pm or else it complained that it couldn't find init:
> > > > 
> > > > Can't locate object method "init" via package
> > > > "Net::LDAP::Control::SortResult" a
> > > > t 
> /usr/SD/perl5.004_05/lib/site_perl/Net/LDAP/Control.pm line 78.
> > > > 
> > > > Wasn't necessary though if I just used the Sort control 
> by itself.
> > > 
> > 
> > ----- End forwarded message -----
> > 
> > 
> 
> 
> 

RE: Integrating Paged control into the search method

[Allen, R. <ra...@ci...>]

> From: Mark Wilcox [mailto:mew...@un...]
> 
> It should be integrated into the search method via a control as it is
> now. The purpose of controls is to enxtend or enhance the 
> functionality of a particular LDAP operation. 

I don't see the harm in having it as an extra option to the search
method.  Of course you'd want to keep the traditional control mechanism
as it is today.  The primary reason why I think this is a good idea is
because many times, when developing automation processes around a
directory, you want to be sure to get all objects that match a search,
not what is imposed by the server limit.

> The biggest problem with this is that it makes your life 
> easier because you have a paged controls on your LDAP Server. But my
server 
> doesn't use paged controls, instead it supports the Virtual List View
control. 

I was just using the Paged control as an example.  The search method,
could and probably should use VLV because of its acceptance.

> In other words I think it's a bad idea because:
> 1) it violates the idea behind the use of LDAP controls

I don't see it as violating, I see it as integrating.

> 2) it makes the API harder to use

That is the whole reason why I think it should be added!  You've seen
the code to do paging or VLV, do you not think that it is hard?  How
about for the average joe, who doesn't know the in's and out's of LDAP?
Do you think having an extra option to turn those features on would make
the API harder to use?

> 3) it makes the API less flexible

I'm only proposing that a couple extra options are created which would
turn on Paging or VLV.  Not removing the current control functionality.
I don't know how that would make the API any less flexible.

> Now if you have a better idea about how to make controls work 
> & you can provide patches or code, I think we're all ears :).

I gave examples of how it could be used below.  If you want the actual
code for how Net::LDAP::Search would be modified, I can do that as well,
but I just wanted to get feedback first before I start devoting time to
this.

Robbie Allen


> Mark
> 
> On Sun, 2 Jul 2000, Allen, Robbie wrote:
> 
> > Would it be feasible to merge the Paged control into the 
> search method?
> > Generally when I do searches, I want all the entries 
> returned regardless
> > of the server limit.  In fact, some searches I do today will get all
> > entries, because the number returned does not exceed the 
> server limit.
> > One day that may not be the case.  I could see it as either being
> > integrated into the current search method's or even a separate one.
> > 
> > $ldap->search( @args,
> >                paged     => 1,
> >                pagesize  => 1000);
> > 
> > $ldap->search_paged( @args,
> >                      pagesize => 1000 );
> > 
> > Comments?
> > 
> > Robbie Allen
> > 
> > 
> 
> 
>