Menu
▾
▴
perl-ldap-dev
You can subscribe to this list here.
| 2000 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(200) |
Jun
(129) |
Jul
(184) |
Aug
(204) |
Sep
(106) |
Oct
(79) |
Nov
(72) |
Dec
(54) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2001 |
Jan
(83) |
Feb
(123) |
Mar
(84) |
Apr
(184) |
May
(106) |
Jun
(111) |
Jul
(104) |
Aug
(91) |
Sep
(59) |
Oct
(99) |
Nov
(100) |
Dec
(37) |
| 2002 |
Jan
(148) |
Feb
(88) |
Mar
(85) |
Apr
(151) |
May
(80) |
Jun
(110) |
Jul
(85) |
Aug
(43) |
Sep
(64) |
Oct
(89) |
Nov
(59) |
Dec
(42) |
| 2003 |
Jan
(129) |
Feb
(104) |
Mar
(162) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Kurt D. Z. <Ku...@Op...> - 2003-01-16 10:51:34
|
At 10:19 AM 1/16/2003, Meik Hellmund wrote: >Apparently, slapd uses the encryption type (CRYPT, SSHA,..) >of the old password for the new one. Is it possible to demand >another encryption type with set_password? See slapd.conf(5). There is a directive which indicates the which hash function to use. The default, IIRC, is SSHA. I note that it might be more appropriate to post OpenLDAP configuration questions to the <ope...@op...> list (subscription required to post). Kurt |
|
From: Meik H. <hel...@ma...> - 2003-01-16 10:50:47
|
Chris Ridd <chr...@ma...> wrote:
>Yes. My guess (couldn't be bothered to read the Internet draft, sorry) is
>that the password modify extended operation is intended to allow passwords
>in *other* entries to be changed (subject to access controls of course :-)
>but OpenLDAP only implements the operation for the user on their own entry.
>Therefore passing oldpasswd is not useful if you're using that server.
OK, that's an explanation. Perhaps one should mention this in the
forthcoming documentation of set_password.
>Try hashing the password yourself (check out the Crypt modules from CPAN)
>and passing that (formatted correctly) in newpasswd. You will have to use
>one of the schemes that the server supports of course if you want to be able
>to compare() and bind() with it :-)
Yes, example code can be found somewhere in the openldap faq-o-matic.
For SSHA, something like
use Digest::SHA1;
use MIME::Base64;
sub encryptpw {
my ($newpw) = @_;
my $salt="..."; # some random string
my $ctx = Digest::SHA1->new;
$ctx->add($newpw);
$ctx->add($salt);
my $hashedPasswd = '{SSHA}' . encode_base64($ctx->digest . $salt ,'');
return $hashedPasswd;
}
works fine with:
$encpw = encryptpw($newpasswd);
$ldap->modify ($dn, replace => {userPassword => $encpw});
>The server *might* notice it has been hashed already and just store it.
>(That's the way I implemented it on our server.)
Unfortunately, Openldap 2.0.27 does *not* notice it if set_passwd is used!!
I send the string "{SSHA}KjZ8HTqq******32Nm3dOQyQd4eHl4eDE="
and it gets encrypted again. I can now authenticate using this string as
password, but this is a bit inconvenient -:).
So,it seems, set_passwd with Openldap can be used only with unencrypted
passwords, they are always encrypted by the server.
Thanks, Meik
--
Meik Hellmund
Institut fuer Mathematik, Uni Leipzig
e-mail: hel...@ma...
http://www.math.uni-leipzig.de/~hellmund
|
|
From: Bases de m. <pu...@zz...> - 2003-01-16 10:02:03
|
PUBLICC SOLUCIONES INFORMATICAS LLEGUE CON SU PUBLICIDAD A MILES DE POTENCIALES CLIENTES NUEVO PACK ACTUALIZADO A ENERO DE 2003 BASES DE MAILS DE ARGENTINA SECTORIZADAS POR RUBROS Y ZONAS UNICA EN EL MERCADO!!!!! ESTE ES EL DETALLE 2500 Adm de Consorcios y Campos 6800 Abogados 200 Ópticas y afines 35000 Profesionales en gral. 7500 Agencias de Viaje 1800 Profesionales del Área Humanística 12000 Empresas y Profesionales Agropecuarios 3800 Arquitectos 6400 Empresas de Alimentación 5500 Científicos e Investigadores 1400 Aseguradoras 39000 Comerciantes 2900 Asociaciones Bancarias 4500 Contadores Públicos 4500 Asociaciones Culturales 700 Legisladores 11000 Asociaciones y Empleados Gubernamentales 17000 Docentes e Instituciones educativas 3300 Empresas Automotrices 9500 Encargados de Sistemas 1500 Centros Comerciales y Supermercados 3500 Ingenieros 600 Asociaciones Religiosas 5800 Médicos 6800 Clubes y Act deportivas 51000 Mail de Personas del Sexo Masculino 20000 Empresas de Computación 30000 Mail de personas del Sexo Femenino 3300 Diarios y Revistas 500 Odontólogos 4400 Empresas Discográficas ,Foto ,Audio y Video 1100 Psicólogos y Psiquiatras 9500 Empresas de Electrónica y Telefonía 16000 Universitarios 7500 Empresas Gráficas 2200 Mails de Personas Clase Abc1 6000 Mail de Empresas Lideres 59000 Capital Federal (también separados por zonas) 800 Estaciones de Servicio 33000 Buenos Aires (también separados por zonas ) 5400 Organizadores de Eventos y Fiestas 500 Catamarca 2200 Exportadores, Importadores y Mayoristas 1400 Chaco 700 Empresas de Limpieza y Fumigación 1100 Chubut 2500 Farmacias ,Laboratorios y Droguerías 10100 Córdoba 5300 Ferreterías y afines 1200 Corrientes 5500 Hoteles 1400 Entre Ríos 2300 Inmobiliarias 300 Formosa 800 Jugueterías y Fabricantes 1200 Jujuy 8600 Empresas de Marketing y Publicidad 900 La Rioja 4000 Empresas Metalúrgicas 6700 Mendoza 1100 Mueblerías Y Art para el hogar 1400 Misiones 4800 Org. no Gubernamentales 3300 Neuquen 2500 Empresas Químicas y Petroleras 5200 Río Negro 4200 Estaciones de Radio y Televisión 1200 Salta 5800 Restaurantes , Bares y Pubs 1300 San Juan 2000 Empresas de Salud 1100 San Luis 450 Empresas de Seguridad 2300 Santa Cruz 250 Organizaciones militares 13200 Santa Fe 3500 Empresas Textiles 300 Santiago del Estero 2100 Empresas de Transporte 800 Tierra del Fuego 500 Veterinarias 1300 Tucumán ADEMAS LAS BASES DE LOS PRINCIPALES PROVEEDORES DE INTERNET 45000 Usuarios de Arnet 14000 Usuarios de Fibertel 50000 Usuarios de Ciudad 75000 Usuarios de Infovia 14000 Usuarios de Datamarkets 22000 Usuarios de Sinectis Y mas de 30000 usuarios de otros proveedores Y DE REGALO NUESTRA BASE DE MAS DE UN MILLON Y MEDIO DE MAIL COMPLETAMENTE ACTUALIZADA A ENERO DE 2003 Y RENOVADA, SEPARADA POR DOMINIOS TAMBIEN OBSEQUIAMOS BASES DE MAILS DE ARGENTINA ACTUALIZADAS A DICIEMBRE DE 2002 TODOS LOS RUBROS (en excel con datos adicionales p.ej, contactos teléfonos ,dirección ,etc ) Y MAILS DE AMERICA LATINA Y RESTO DEL MUNDO 5600 mails Bolivia (clasificados por rubros) 65000 mails Chile (clasificados por rubros con nombres y ciudades) 235000 mails Brasil (clasificados por rubros) 35000 mails Centro América (clasificados por rubros) 240000 mails Colombia (clasificados por rubros con nombres y ciudades 8300 mails Paraguay (clasificados por rubros) 5700 mails Ecuador (clasificados por rubros) 280000 mails Perú (clasificados por rubros con nombres y ciudades 12000 mails Uruguay (clasificados por rubros) 50000 mails Venezuela (clasificados por rubros) 186000 mails España (clasificados por rubros) 672000 mails México (clasificados por rubros) 650000 mails Resto del Mundo (clasificados por países ) 15.000.000 mails Estados Unidos Y TODO ESTE SOFTWARE Programas para envio de mails Stealth Mail Master Excelente programa de envío masivo que oculta la dirección de ip de la maquina remitente Group Mail Plus Con todos los plugins y manual Completo .Versión Plus. World Cast Envia a través de Servidor de correo o del DNS ,sin molestar a los proveedores de Internet Gammadyne Mailer Excelente aplicación. Completísimo Bulk Mail Sender Rapidísimo. No usa smtp Multi Mail En castellano. Version Full Mi Lista En castellano. Facil de usar. Mail Bomber Mail Bomber es uno de los programas para envío masivos de E-Mails mas utilizados del mundo y que mayor velocidad a la hora de enviarlos posee. Nos permite crear y gestionar listas de correo, así como generar mensajes desde hojas ya predefinidas. The Bat! v1.62.B4 Completo y compacto cliente de correo electrónico!! Cliente de correo electrónico lleno de funciones, pequeño de tamaño y fácil de usar. Max Bulk Mailer Especial para usuarios de Mac SERVIDORES DE CORREO PARA ENVIO DE MAILS Mailer Daemon. Excelente server de correo. Instalado en la maquina no se necesita de ningún smtp. HERRAMIENTAS PARA ARMADO Y MANEJO DE BASES Extractor de mails Extrae mails de paginas web,texto y ottros archivos Teleport Pro v1.29 Build 1926 Es un excelente programa que busca y captura archivos de Internet. Puedes recibir una Web completa, definir un mirror de una Web, buscar archivos, explorar los enlaces (links), y más. Black Widow 4.32 Espía la estructura interna de una Web, y descarga los archivos que quieras Programa que te permite escanear una página Web y presentar los archivos que encuentre en un formato idéntico al del Explorador, luego podrás descargar los ficheros que quieras. WebCopier v3.2a Español WebCopier te permitirá descargarte sitios Web completos y verlos tranquilamente cuando estés desconectado. El programa es capaz de descargar simultáneamente hasta 100 archivos, soporta JavaScript, y es capaz de realizar búsquedas de enlaces Web. Prospect finder Busca mails en la web por palabras clave. Edit Pad El mejor editor de texto.Con mas capacidad que el Bloc de Notas de Windows,permite manejar listas de mail. MailList King v4.06 Automatiza , administra y envia mensajes de mails masivos con el mejor MAS DE 18 MILLONES DE MAILS , PROGRAMAS PARA ENVIO MASIVO, ARMADO Y ORGANIZACION DE BASE DE DATOS ,ENVIO A TODO EL PAIS SIN CARGO TODO ESTO POR SOLAMENTE $100 SOLICITE YA SU PRODUCTO pub...@we... o por teléfono al 54 11 4942 0093 Para no recibir mas nuestros mensajes web...@pu... |
|
From: Chris R. <chr...@ma...> - 2003-01-16 09:31:10
|
On 16/1/03 9:19 am, Meik Hellmund <hel...@ma...>
wrote:
> Hi,
>
> just an observation I made with set_password using OpenLDAP 2.0.27
> and perl-ldap0.26 (the versions that come with Debian unstable).
>
> my $ldap = Net::LDAP->new('localhost', version=>3);
> my $m = $ldap->bind($dn,password=>$password, version=>3);
> # the version argument is important for set_password!
> if($m->code) {$msg = ($m->error); return 0;}
> $m = $ldap->set_password(
> user =>$dn,
> oldpasswd => $password,
> newpasswd => $newpasswd
> );
>
> returns "use bind to verify old password"
>
> It took me a while to get the message: It seems that slapd doesn't want to
> make a verification as part of the `Password Modify Extended Operation'.
> So I tried
>
> $m = $ldap->set_password(newpasswd => $newpasswd):
>
> and this works fine!
Yes. My guess (couldn't be bothered to read the Internet draft, sorry) is
that the password modify extended operation is intended to allow passwords
in *other* entries to be changed (subject to access controls of course :-)
but OpenLDAP only implements the operation for the user on their own entry.
Therefore passing oldpasswd is not useful if you're using that server.
>
> I have still a question:
>
> Apparently, slapd uses the encryption type (CRYPT, SSHA,..)
> of the old password for the new one. Is it possible to demand
> another encryption type with set_password?
Try hashing the password yourself (check out the Crypt modules from CPAN)
and passing that (formatted correctly) in newpasswd. You will have to use
one of the schemes that the server supports of course if you want to be able
to compare() and bind() with it :-)
The server *might* notice it has been hashed already and just store it.
(That's the way I implemented it on our server.)
>
> Thanks, Meik
Cheers,
Chris
|
|
From: Meik H. <hel...@ma...> - 2003-01-16 09:20:57
|
Hi,
just an observation I made with set_password using OpenLDAP 2.0.27
and perl-ldap0.26 (the versions that come with Debian unstable).
my $ldap = Net::LDAP->new('localhost', version=>3);
my $m = $ldap->bind($dn,password=>$password, version=>3);
# the version argument is important for set_password!
if($m->code) {$msg = ($m->error); return 0;}
$m = $ldap->set_password(
user =>$dn,
oldpasswd => $password,
newpasswd => $newpasswd
);
returns "use bind to verify old password"
It took me a while to get the message: It seems that slapd doesn't want to
make a verification as part of the `Password Modify Extended Operation'.
So I tried
$m = $ldap->set_password(newpasswd => $newpasswd):
and this works fine!
I have still a question:
Apparently, slapd uses the encryption type (CRYPT, SSHA,..)
of the old password for the new one. Is it possible to demand
another encryption type with set_password?
Thanks, Meik
--
Meik Hellmund
Institut fuer Mathematik, Uni Leipzig
e-mail: hel...@ma...
http://www.math.uni-leipzig.de/~hellmund
|
|
From: Chris R. <chr...@ma...> - 2003-01-15 17:21:42
|
On 15/1/03 4:51 pm, Graham Barr <gb...@po...> wrote:
> On Wed, Jan 15, 2003 at 11:23:51AM -0500, Wilbur M. Sims III wrote:
>> I've got attribute pulling down okay thanks to the great examples and
>> perldoc. However I am having a hard time figuring out how to simply
>> pullout everyone's DN.
>
>> $mesg->code && die $mesg->error;
>> |---- foreach $entry ($mesg->all_entries) {
>> ||---- foreach $attr ($entry->attributes) {
>
> $entry->dn;
In addition if all you want are DNs then the search will be most efficient
if you can stop the server returning any attributes in the search results as
well. If you don't care what an attribute is, why get the server to send it
to you? ;-)
To do that, just add the following parameters to the search method:
attrs => [ '1.1' ]
That requires that you bind to the server using LDAPv3.
Cheers,
Chris
|
|
From: Christopher A B. <ca...@tc...> - 2003-01-15 16:56:26
|
As Squibb Stuart once put it so eloquently: > > For instance I can modify "department" attribute all day. But cannot > > change say Extension-Attribute-2 (which is what microsoft call Custom > > Attribute 2). > > I think the problem may be that you need to *create* some of these > attributes if they haven't been used before ( hence the > LDAP_NO_SUCH_ATTRIBUTE). The 'Custom Attribute' attributes are optional; > they're not there if they haven't been created. We ran into a similar issue when doing updates to Active Directory. I no longer remember the details, but I remember we had to change the way we fed updates (we had to remember the exact state of all entries on the db server and construct LDIF change files that accurately described the difference - couldn't just say "here's the new values, replace existing attributes if any"). %% Christopher A. Bongaarts %% ca...@tc... %% %% Internet Services %% http://umn.edu/~cab %% %% University of Minnesota %% +1 (612) 625-1809 %% |
|
From: Graham B. <gb...@po...> - 2003-01-15 16:52:09
|
On Wed, Jan 15, 2003 at 11:23:51AM -0500, Wilbur M. Sims III wrote:
> I've got attribute pulling down okay thanks to the great examples and
> perldoc. However I am having a hard time figuring out how to simply
> pullout everyone's DN.
> $mesg->code && die $mesg->error;
> |---- foreach $entry ($mesg->all_entries) {
> ||---- foreach $attr ($entry->attributes) {
$entry->dn;
Graham.
|
|
From: Wilbur M. S. I. <ph...@th...> - 2003-01-15 16:48:13
|
I've got attribute pulling down okay thanks to the great examples and
perldoc. However I am having a hard time figuring out how to simply
pullout everyone's DN.
use Net::LDAP;
$ldap = Net::LDAP->new('some.dir') or die "$@";
$mesg = $ldap->bind("cn=bindme, ou=Hosts, o=Some Location, c=US",
password => "weakpassword",
version => 3);
$mesg = $ldap->search ( # perform a search
base => "ou=Users,o=Some Location,c=US",
filter => "(&(objectclass=inetOrgPerson))"
$mesg->code && die $mesg->error;
|---- foreach $entry ($mesg->all_entries) {
||---- foreach $attr ($entry->attributes) {
||
\\
--> what changes here to pull the DN as opposed to attributes? Please
respond directly as I couldn't find subscription information for the
list.
Ie; I just want to gank... "dn: uid=user, ou=thing, ou=Users, o=Some
Location, c=US"
Thanks for any assistance... I feel like I should have been able to
figure out how to do this from the perldoc - so slap me if needed :/
|
|
From: Wilbur M. S. I. <ph...@th...> - 2003-01-15 16:30:36
|
I've got attribute pulling down okay thanks to the great examples and
perldoc. However I am having a hard time figuring out how to simply
pullout everyone's DN.
use Net::LDAP;
$ldap = Net::LDAP->new('some.dir') or die "$@";
$mesg = $ldap->bind("cn=bindme, ou=Hosts, o=Some Location, c=US",
password => "weakpassword",
version => 3);
$mesg = $ldap->search ( # perform a search
base => "ou=Users,o=Some Location,c=US",
filter => "(&(objectclass=inetOrgPerson))"
$mesg->code && die $mesg->error;
|---- foreach $entry ($mesg->all_entries) {
||---- foreach $attr ($entry->attributes) {
||
\\
--> what changes here to pull the DN as opposed to attributes? Please
respond directly as I couldn't find subscription information for the
list.
Ie; I just want to gank... "dn: uid=user, ou=thing, ou=Users, o=Some
Location, c=US"
Thanks for any assistance... I feel like I should have been able to
figure out how to do this from the perldoc - so slap me if needed :/
|
|
From: Graham B. <gb...@po...> - 2003-01-15 15:08:18
|
----- Forwarded message from Mike Kruckenberg <mi...@kr...> ----- Date: Wed, 15 Jan 2003 08:00:35 -0700 (MST) To: <gb...@po...> From: Mike Kruckenberg <mi...@kr...> Subject: Net::LDAP Gary, I'm using Net::LDAP (v0.26) and Net::LDAPS in a mod_perl project running on Solaris 8. I'm using the standard bind and unbind as recommended in the docs but have found that upon unbind a netstat reveals that the socket is still hanging around. After a few days our application has used all the available sockets and Net::LDAP objects begin to fail. To work around this I added a $ldap->close method to Net::LDAP which calls close on the IO::Socket instantiated by the Net::LDAP object. I'm really quite new to open source and to your project. Not sure if I have violated some thinking about socket persistence or if my addition might be valuable to others. If it would be useful I'm happy to contribute if you could provide me with a method. Thanks, Mike ----- End forwarded message ----- |
|
From: <Al...@GO...> - 2003-01-15 14:55:50
|
Dear Reseller: Do your clients pull their hair out trying to keep their Microsoft Exchange Servers running? GOexchange can help. It's the ONLY Automated Maintenance Solution for Exchange 5.5 and 2000 that is taking the industry by storm. GOexchange contains expert knowledge and processes that check the Exchange databases for consistency, correct errors, warnings, MTA issues, and more to improve system performance, while reducing the average message store by 30-55%, when first used, and then 5-20% thereafter. We are actively seeking new Resellers and Distributors worldwide to support the customer demand. Check out our website at www.GOexchange.com to learn more about the product and If you're interested in reselling GOexchange, please visit reseller center at http://www.goexchange.com/resellerSignUp.asp , send an email to sa...@go..., or call us at 425.451.2595, Option 1. Sincerely, Alexis Newmark al...@go... P.S. Find out for yourself what GOexchange can do for your clients:at www.GOexchange.com This message was sent to the per...@li... email address. If you no longer wish to receive messages from GOexchange, send an unsubscribe email to Uns...@GO... and place the words "REMOVE" in the subject line. |
|
From: Squibb S. <Stu...@io...> - 2003-01-15 13:40:08
|
Sean, > > I am tring to manage my new Exchange 5.5 server via ldap code I have > already written. > > I can view all the attributes (thanks to Stuart Squibb and his code > examples in the FAQ). And I can even modify SOME of the attributes > useing code examples from the FAQ and docs. But some, > attributes I cannot > modify, I get back as an ldap error : LDAP_NO_SUCH_ATTRIBUTE > > For instance I can modify "department" attribute all day. But cannot > change say Extension-Attribute-2 (which is what microsoft call Custom > Attribute 2). > I think the problem may be that you need to *create* some of these attributes if they haven't been used before ( hence the LDAP_NO_SUCH_ATTRIBUTE). The 'Custom Attribute' attributes are optional; they're not there if they haven't been created. Hope this makes sense. Stuart |
|
From: Sean D. <se...@co...> - 2003-01-13 21:11:32
|
On Mon, 13 Jan 2003, Eric Nichols wrote: > There are two types of attributes: user and admin. If you look through > the rights on the Exchange object you'll see permissions for both. Give > yourself access to modify admin attributes. I can't lay my hands on > which attributes are which but I think you can find it in MSDN somewhere... Thanks Eric, my understanding is this: There is the access category, which has 4 values (according to msdn) 0: Only the system can modify the attributes 1: Users with Modify Admin Atrribute permission can modify the attrib. 2: Users with Modify User Attributes permission can modify... 3: Users with Modify Permissions rights can modify... In my example, the department attribute is in access category 1, I have placed Extension-Attribute-2 into the same category but that still does not work. Is that the user/admin rights you are speaking of or is there another location? Oh for anyone interested, firing up the exchange 5.5 admin with a /r command like: c:\exchngsrv\bin\admin.exe /r puts the silly thing in raw mode so you can view the schema. > > Sean Dougherty wrote: > > I am tring to manage my new Exchange 5.5 server via ldap code I have > > already written. > > > > I can view all the attributes (thanks to Stuart Squibb and his code > > examples in the FAQ). And I can even modify SOME of the attributes > > useing code examples from the FAQ and docs. But some, attributes I cannot > > modify, I get back as an ldap error : LDAP_NO_SUCH_ATTRIBUTE > > > > I have read the microsoft docs on the access,heuristic, and search fields > > and have modified those values on attributes I cannot modify to be the > > same as attributes I can modify. > > > > For instance I can modify "department" attribute all day. But cannot > > change say Extension-Attribute-2 (which is what microsoft call Custom > > Attribute 2). > > > > I am out of ideas. My question is, first can it be done, or are the ldap > > services for 5.5 (from microsoft) not as inclusive as I was hoping? > > Second if it can, what am I missing do I need a different objectclass > > other than organizationalPerson? > > > > Pointing me the right direction would be most appreciated. > > > > Thanks > > Sean Dougherty > > > > ------ > > cutesy tag line goes here...when I have time to think of one. > > > > > > ------------------------------------------------------- > > This SF.NET email is sponsored by: FREE SSL Guide from Thawte > > are you planning your Web Server Security? Click here to get a FREE > > Thawte SSL guide and find the answers to all your SSL security issues. > > http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en > > > > > > > > ------------------------------------------------------- > This SF.NET email is sponsored by: FREE SSL Guide from Thawte > are you planning your Web Server Security? Click here to get a FREE > Thawte SSL guide and find the answers to all your SSL security issues. > http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en > |
|
From: Eric N. <eri...@di...> - 2003-01-13 20:43:48
|
Hi Sean, There are two types of attributes: user and admin. If you look through the rights on the Exchange object you'll see permissions for both. Give yourself access to modify admin attributes. I can't lay my hands on which attributes are which but I think you can find it in MSDN somewhere... Sean Dougherty wrote: > I am tring to manage my new Exchange 5.5 server via ldap code I have > already written. > > I can view all the attributes (thanks to Stuart Squibb and his code > examples in the FAQ). And I can even modify SOME of the attributes > useing code examples from the FAQ and docs. But some, attributes I cannot > modify, I get back as an ldap error : LDAP_NO_SUCH_ATTRIBUTE > > I have read the microsoft docs on the access,heuristic, and search fields > and have modified those values on attributes I cannot modify to be the > same as attributes I can modify. > > For instance I can modify "department" attribute all day. But cannot > change say Extension-Attribute-2 (which is what microsoft call Custom > Attribute 2). > > I am out of ideas. My question is, first can it be done, or are the ldap > services for 5.5 (from microsoft) not as inclusive as I was hoping? > Second if it can, what am I missing do I need a different objectclass > other than organizationalPerson? > > Pointing me the right direction would be most appreciated. > > Thanks > Sean Dougherty > > ------ > cutesy tag line goes here...when I have time to think of one. > > > ------------------------------------------------------- > This SF.NET email is sponsored by: FREE SSL Guide from Thawte > are you planning your Web Server Security? Click here to get a FREE > Thawte SSL guide and find the answers to all your SSL security issues. > http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en > > |
|
From: Sean D. <se...@co...> - 2003-01-13 20:27:01
|
I am tring to manage my new Exchange 5.5 server via ldap code I have already written. I can view all the attributes (thanks to Stuart Squibb and his code examples in the FAQ). And I can even modify SOME of the attributes useing code examples from the FAQ and docs. But some, attributes I cannot modify, I get back as an ldap error : LDAP_NO_SUCH_ATTRIBUTE I have read the microsoft docs on the access,heuristic, and search fields and have modified those values on attributes I cannot modify to be the same as attributes I can modify. For instance I can modify "department" attribute all day. But cannot change say Extension-Attribute-2 (which is what microsoft call Custom Attribute 2). I am out of ideas. My question is, first can it be done, or are the ldap services for 5.5 (from microsoft) not as inclusive as I was hoping? Second if it can, what am I missing do I need a different objectclass other than organizationalPerson? Pointing me the right direction would be most appreciated. Thanks Sean Dougherty ------ cutesy tag line goes here...when I have time to think of one. |
|
From: Clif H. <cl...@go...> - 2003-01-13 13:00:56
|
I have not used perl 5.8, but I think your current perl version is okay. I have copied the list on this message, if I am wrong hopefully someone on the list will catch it. You just need to install the perl modules Perl-LDAP and Convert::Asn1 to use Net::LDAP in your perl programs. Regards, Clif On Mon, Jan 13, 2003 at 11:26:13AM +0100, Trond SAUE wrote: >=20 > Thanks for your reply. I have perl-5.8.0-55 installed as part of my=20 > RH8.0 > and this leads to conflicts: >=20 > [root@quantonakessa downloads]# rpm -Uvh perl-base-5.8.0-13mdk.i586.rpm > warning: perl-base-5.8.0-13mdk.i586.rpm: V3 DSA signature: NOKEY, key=20 > ID 70771ff3 > Preparing... ###########################################= =20 > [100%] > file /usr/bin/perl from install of perl-base-5.8.0-13mdk=20 > conflicts with file from package perl-5.8.0-55 > file /usr/bin/perl5.8.0 from install of perl-base-5.8.0-13mdk=20 > conflicts with file from package perl-5.8.0-55 > file=20 > /usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE/libperl.so from=20 > install of perl-base-5.8.0-13mdk conflicts with file from package=20 > perl-5.8.0-55 > file /usr/lib/perl5/5.8.0/i386-linux-thread-multi/Config.pm=20 > from install of perl-base-5.8.0-13mdk conflicts with file from package=20 > perl-5.8.0-55 > file /usr/lib/perl5/5.8.0/i386-linux-thread-multi/_h2ph_pre.ph=20 > from install of perl-base-5.8.0-13mdk conflicts with file from package=20 > perl-5.8.0-55 > file=20 > /usr/lib/perl5/5.8.0/i386-linux-thread-multi/auto/Cwd/Cwd.so from=20 > install of perl-base-5.8.0-13mdk conflicts with file from package=20 > perl-5.8.0-55 > file=20 > /usr/lib/perl5/5.8.0/i386-linux-thread-multi/auto/Data/Dumper/Dumper.so= =20 > from install of perl-base-5.8.0-13mdk conflicts with file from package=20 > perl-5.8.0-55 > file=20 > /usr/lib/perl5/5.8.0/i386-linux-thread-multi/auto/File/Glob/Glob.so=20 > from install of perl-base-5.8.0-13mdk conflicts with file from package=20 > perl-5.8.0-55 > file=20 > /usr/lib/perl5/5.8.0/i386-linux-thread-multi/auto/IO/IO.so from install= =20 > of perl-base-5.8.0-13mdk conflicts with file from package perl-5.8.0-55 > file=20 > /usr/lib/perl5/5.8.0/i386-linux-thread-multi/auto/POSIX/POSIX.so from=20 > install of perl-base-5.8.0-13mdk conflicts with file from package=20 > perl-5.8.0-55 > file=20 > /usr/lib/perl5/5.8.0/i386-linux-thread-multi/auto/Socket/Socket.so from= =20 > install of perl-base-5.8.0-13mdk conflicts with file from package=20 > perl-5.8.0-55 > file=20 > /usr/lib/perl5/5.8.0/i386-linux-thread-multi/auto/re/re.so from install= =20 > of perl-base-5.8.0-13mdk conflicts with file from package perl-5.8.0-55 > file=20 > /usr/lib/perl5/5.8.0/i386-linux-thread-multi/bits/syscall.ph from=20 > install of perl-base-5.8.0-13mdk conflicts with file from package=20 > perl-5.8.0-55 >=20 > I have the feeling that the perl that I have already installed is=20 > sufficient, or is it not ? >=20 > All the best, > Trond SAUE > --=20 > Trond SAUE (DIRAC:=20 > http://dirac.chem.sdu.dk/) > Laboratoire de Chimie Quantique et Mod=E9lisation Mol=E9culaire > Universite Louis Pasteur ; 4, rue Blaise Pascal ; F-67000 STRASBOURG > t=E9l: 03 90 24 13 01 fax: 03 90 24 15 89 email:=20 > sa...@qu... |
|
From: Terry D. <td...@ap...> - 2003-01-12 21:11:22
|
Hello,
I am apparently having difficulty with my design.
Can't locate object method "as_struct" via package "Net::LDAP::Search=HASH
(0x83807cc)" (perhaps you forgot to load "Net::LDAP::Search=HASH(0x83807cc)"?)
This is where the error occurs:
sub displayResults
{
my $result = shift;
my $href = $result->as_struct;
my @arrayOfDNs = keys %$href ; # use DN hashes
foreach (@arrayOfDNs) {
print $_,"\n";
my $valref = $$href{$_};
my @arrayOfAttrs = sort keys %$valref; #use Attr hashes
my $attrName;
foreach $attrName (@arrayOfAttrs) {
next if ( $attrName =~ /;binary$/ );
my $attrVal = @$valref{$attrName} ;
print "\t $attrName: @$attrVal \n";
}
}
}
I ask for this subroutine here:
sub read_user
{
my $user = shift;
my @attrs = ();
my $lines = ldapsearch($slaveLDAP,"(&(objectclass=posixAccount)
(uid=$user))",\@attrs );
chomp $lines;
if ($lines eq '') {
return undef;
}
my $results = displayResults("$lines");
return $results;
}
which is called from:
my $lines = read_user($user);
if (!defined($lines)) {
print "$0: user $user doesn't exist\n";
exit (1);
}
print $lines;
I worked this email backwards hoping that would help clear it up. I of course
do this in one of my config files:
use Net::LDAP qw(:all);
Any ideas?
--
Terry Davis
http://approbation.org/
-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
|
|
From: <ch...@po...> - 2003-01-12 19:43:00
|
> On 12/1/03 1:31 am, Terry Davis <td...@ap...> wrote: > > > Hello, > > > > I am new to perl-ldap. Since net::ldap doesnt support referrals, at this > > Eh? Net::LDAP supports referrals ($res->referrals) and continuation > references ($res->references) just fine! > > What it *doesn't* do is automatically follow referrals that are returned to > it. That's a feature ... for one thing it avoids the problem of deciding > what to bind as when following the referral. > > > time, > > what is the best way to handle reading from the slave and writing to the > > master? > > Can't you send add/delete/modify operations to the slave, and the slave > sends them to the master for you? That is a useful thing for a directory > service to do for you. In a chained x.500 evironment you can do this, most Native LDAP directories do not do x.500 style chaining. Hopefully some day... In any case what Terry wants to do is very easly done with Net::LDAP. I would provide code examples but I currently I do not have access to my software. Chris's comments below are a very good outline of what you need to do. Clif > > > Do I have to initialize a new connection to a different server with each > > operation? > > You'd only need to keep one connection to each server, authenticated > appropriately, and then work out which one to use when your server returns a > referral/continuation reference to you. > > > > > Thank you! > > Cheers, > > Chris --------------------------------------------- This message was sent using Endymion MailMan. http://www.endymion.com/products/mailman/ |
|
From: Chris R. <chr...@ma...> - 2003-01-12 09:11:15
|
On 12/1/03 1:31 am, Terry Davis <td...@ap...> wrote: > Hello, > > I am new to perl-ldap. Since net::ldap doesnt support referrals, at this Eh? Net::LDAP supports referrals ($res->referrals) and continuation references ($res->references) just fine! What it *doesn't* do is automatically follow referrals that are returned to it. That's a feature ... for one thing it avoids the problem of deciding what to bind as when following the referral. > time, > what is the best way to handle reading from the slave and writing to the > master? Can't you send add/delete/modify operations to the slave, and the slave sends them to the master for you? That is a useful thing for a directory service to do for you. > Do I have to initialize a new connection to a different server with each > operation? You'd only need to keep one connection to each server, authenticated appropriately, and then work out which one to use when your server returns a referral/continuation reference to you. > > Thank you! Cheers, Chris |
|
From: Terry D. <td...@ap...> - 2003-01-12 01:29:18
|
Hello, I am new to perl-ldap. Since net::ldap doesnt support referrals, at this time, what is the best way to handle reading from the slave and writing to the master? Do I have to initialize a new connection to a different server with each operation? Thank you! -- Terry Davis http://approbation.org/ ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ |
|
From: Peter M. <pet...@ma...> - 2003-01-11 15:48:29
|
Hi, On Thursday 09 January 2003 14:43, Ziya Suzen wrote: > I was running some tests on my sand-box station and because my OpenLDAP > is compiled with TCP wrappers I cannot connect to it. Sure the > solution can be adding slapd to hosts.allow but I thought a better > solution could be using Unix sockets. And I came up with the following > patch to LDAP.pm. What do you think? > > BTW, I have only tested ldapi:// syntax. I wanted to get your opinions > before going any further. there has been a similar patch on the list a few weeks ago. It added a Net::LDAPI.pm file for the ldapi:// connection. Yours PEter --=20 Peter Marschall | eMail: pet...@ma... Scheffelstra=DFe 15 | pet...@ad... D-97072 W=FCrzburg | Tel: +49 931 14721 PGP: 0BB1 04A3 0FB0 E27F 8018 52BA A286 7B23 9C22 2C83 |
|
From: Chris R. <chr...@ma...> - 2003-01-11 08:36:18
|
On 10/1/03 8:14 pm, Kurt D. Zeilenga <Ku...@Op...> wrote: > At 01:51 AM 1/10/2003, Chris Ridd wrote: >> I don't think that's a valid search filter in LDAP (you can empty '&' >> filters in DAP if I recall), > > LDAPv2 actually allowed empty AND/OR sets on the wire > yet the LDAPv2 filter string representation was > defined such that one element was required. When > LDAPv3 was defined, instead of correcting the string > representation to allow empty sets, a restriction > was placed upon the protocol. This is unfortunate > as now clients have no standard way to assert absolute > truth or absolute false. I hadn't looked as far back as LDAPv2 :-) You're right though, there does sometimes need to be a way to have a filter which is always true or false. >> Try a filter of "(objectclass=*)" instead, as this will normally match every >> entry. > > Yes, ***normally***. There are cases where (objectClass=*) > may evaluate to False (or Undefined and, hence, treated as > False). Indeed. Access controls might prevent the filter match, there may not *be* an objectclass in the object (like in a DSE), that kind of thing. > A number of LDAP servers however do support assertions > with empty AND/OR sets. For example, OpenLDAP 2.1. > Because this feature is considered generally useful, I've > written draft-zeilenga-ldap-t-f to (re)introduce them > back into LDAP as an extension. Obviously the string representation of search filters document needs updating too; the BNF I posted from 2252 doesn't permit empty AND/OR sets (ie filterlist = 1*filter) Cheers, Chris |
|
From: Graham B. <gb...@po...> - 2003-01-10 23:19:59
|
On Fri, Jan 10, 2003 at 02:25:37PM -0800, Paul wrote: > I'd like to join this list, but I don't have a join reference. List-Help: <mailto:per...@li...?subject=help> List-Post: <mailto:per...@li...> List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/perl-ldap-dev>, <mailto:per...@li...?subject=subscribe> List-Id: The perl Net::LDAP client library <perl-ldap-dev.lists.sourceforge.net> List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/perl-ldap-dev>, <mailto:per...@li...?subject=unsubscribe> List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum=perl-ldap-dev> |
|
From: Paul <yd...@ya...> - 2003-01-10 22:26:00
|
I'd like to join this list, but I don't have a join reference. Paul __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com |
7902 messages has been excluded from this view by a project administrator.
