perl-ldap-dev

Re: Page or VLV control

[Graham B. <gb...@po...>]

On Tue, Jun 27, 2000 at 08:58:31AM -0700, Allen, Robbie wrote:
> > Neither the Sort or VLV controls have a new method. Instead 
> > they have an init method.
> 
> One thing you need to do that the docs leave out is use
> Net::LDAP::Control.  All of the controls inherit methods (look at @ISA)
> from Control.pm (new is one of them).  If you don't use or require
> Net::LDAP::Control, you won't get those methods.
> 
> The controls (Sort.pm, VLV.pm, etc.) should probably 'use
> Net::LDAP::Control'.

Yes they should. However the original intend use was

  Net::LDAP::Control->new( LDAP_CONTROL_VLVREQUEST );

So  Net::LDAP::Control would already have been loaded anyway.

Graham.

> 
> Robbie Allen
> 
>  
> > When I try to replace new with init, I get this:
> > "Can't use string ("Net::LDAP::Control::Sort") as a HASH ref 
> > while "strict
> > refs" in use at 
> > /usr/lib/perl5/site_perl/5.005/Net/LDAP/Control/Sort.pm
> > line 19."
> > 
> > I get the same thing if I change init to new in the Sort.pm file.
> > 
> > I'm using Perl 5.005_03 on Linux with Net::LDAP .19 and 
> > Convert::ASN1 .04.
> > 
> > And here's the code I'm using to setup the Sort control:
> >  $sort = Net::LDAP::Control::Sort->new(
> >    order => "cn"
> >  );
> > 
> > 
> > BTW If you use the VLV control, remember you must also include a sort
> > control as well.
> > 
> > Mark
> > 
> > 
> > On Tue, 27 Jun 2000, Graham Barr wrote:
> > 
> > > On Mon, Jun 26, 2000 at 08:18:34PM -0700, Allen, Robbie wrote:
> > > > Do the VLV.pm or Paged.pm modules work under Net::LDAP?  
> > If so, do you
> > > > have any examples?
> > > 
> > > Both of these are still under developement, so feel free to 
> > give any feedback.
> > > 
> > > Paged should work something like
> > > 
> > >   $paged = Net::LDAP::Control::Paged->new( size => 10 );
> > > 
> > >   $mesg = $ldap->search( control => [ $paged ], .... );
> > > 
> > >   $ctrl = $mesg->control( LDAP_CONTROL_PAGED );
> > > 
> > >   $paged->cookie($ctrl->cookie) if $ctrl;
> > > 
> > >   $mesg = $ldap->search( control => [ $paged ], .... );
> > > 
> > > VLV takes these arguments
> > > 
> > >   $vlv = Net::LDAP::Control::VLV->new(
> > >     before  => $beforeCount,
> > >     after   => $afterCount,
> > >     assert  => $assertValue,
> > >     offset  => $offset,
> > >     content => $contentCount,
> > >     context => $contextID,   # just noticed a bug that this 
> > is missing from new()
> > >   );
> > > 
> > > If assert is present offset and content are not used. There 
> > are methods
> > > by the same names for setting the values. 
> > > 
> > > In the response you will get a LDAP_CONTROL_VLVRESPONSE 
> > which will have
> > > methods target, result, content and context
> > > 
> > > Graham.
> > > 
> > > 
> > > 
> > > 
> > 
> > 
> > 
> 

Re: $entry->new

[Graham B. <gb...@po...>]

Do you have a

  use Net::LDAP::Entry;

in your code ?

Net::LDAP will not require this module until needed, so it may not be
loaded when you make this call.

Graham.


On Tue, Jun 27, 2000 at 11:31:44AM -0400, Charlie Pauch wrote:
> Hello.  I'm having problems getting the Net::LDAP::Entry->new method to
> work.  Here is my code:
> 
> $entry = Net::LDAP::Entry->new;
> 
> pretty simple, I know.  Here is the error message I get:
> 
> Can't locate object method "new" via package "Net::LDAP::Entry" at
> webldapadd.ple line 70.
> 
> All the other methods seem to work.  I have binds, searches and add's
> running, but the Entry refuses to fly.  Any suggestions?
> 
> 

RE: Page or VLV control

[Allen, R. <ra...@ci...>]

> Neither the Sort or VLV controls have a new method. Instead 
> they have an init method.

One thing you need to do that the docs leave out is use
Net::LDAP::Control.  All of the controls inherit methods (look at @ISA)
from Control.pm (new is one of them).  If you don't use or require
Net::LDAP::Control, you won't get those methods.

The controls (Sort.pm, VLV.pm, etc.) should probably 'use
Net::LDAP::Control'.

Robbie Allen

 
> When I try to replace new with init, I get this:
> "Can't use string ("Net::LDAP::Control::Sort") as a HASH ref 
> while "strict
> refs" in use at 
> /usr/lib/perl5/site_perl/5.005/Net/LDAP/Control/Sort.pm
> line 19."
> 
> I get the same thing if I change init to new in the Sort.pm file.
> 
> I'm using Perl 5.005_03 on Linux with Net::LDAP .19 and 
> Convert::ASN1 .04.
> 
> And here's the code I'm using to setup the Sort control:
>  $sort = Net::LDAP::Control::Sort->new(
>    order => "cn"
>  );
> 
> 
> BTW If you use the VLV control, remember you must also include a sort
> control as well.
> 
> Mark
> 
> 
> On Tue, 27 Jun 2000, Graham Barr wrote:
> 
> > On Mon, Jun 26, 2000 at 08:18:34PM -0700, Allen, Robbie wrote:
> > > Do the VLV.pm or Paged.pm modules work under Net::LDAP?  
> If so, do you
> > > have any examples?
> > 
> > Both of these are still under developement, so feel free to 
> give any feedback.
> > 
> > Paged should work something like
> > 
> >   $paged = Net::LDAP::Control::Paged->new( size => 10 );
> > 
> >   $mesg = $ldap->search( control => [ $paged ], .... );
> > 
> >   $ctrl = $mesg->control( LDAP_CONTROL_PAGED );
> > 
> >   $paged->cookie($ctrl->cookie) if $ctrl;
> > 
> >   $mesg = $ldap->search( control => [ $paged ], .... );
> > 
> > VLV takes these arguments
> > 
> >   $vlv = Net::LDAP::Control::VLV->new(
> >     before  => $beforeCount,
> >     after   => $afterCount,
> >     assert  => $assertValue,
> >     offset  => $offset,
> >     content => $contentCount,
> >     context => $contextID,   # just noticed a bug that this 
> is missing from new()
> >   );
> > 
> > If assert is present offset and content are not used. There 
> are methods
> > by the same names for setting the values. 
> > 
> > In the response you will get a LDAP_CONTROL_VLVRESPONSE 
> which will have
> > methods target, result, content and context
> > 
> > Graham.
> > 
> > 
> > 
> > 
> 
> 
> 

Re: Page or VLV control

[Graham B. <gb...@po...>]

On Tue, Jun 27, 2000 at 10:29:50AM -0500, Mark Wilcox wrote:
> Neither the Sort or VLV controls have a new method. Instead they have an
> init method.

They inherit it from ::Control, which in turn calls init

> 
> When I try to replace new with init, I get this:
> "Can't use string ("Net::LDAP::Control::Sort") as a HASH ref while "strict
> refs" in use at /usr/lib/perl5/site_perl/5.005/Net/LDAP/Control/Sort.pm
> line 19."

So you should, you are not meant to do that.

> I get the same thing if I change init to new in the Sort.pm file.
> 
> I'm using Perl 5.005_03 on Linux with Net::LDAP .19 and Convert::ASN1 .04.
> 
> And here's the code I'm using to setup the Sort control:
>  $sort = Net::LDAP::Control::Sort->new(
>    order => "cn"
>  );

That should work, does it ?

> 
> BTW If you use the VLV control, remember you must also include a sort
> control as well.

Ah yes. That will be in the docs, when I (or someone else) write them :)

Graham.

Re: Page or VLV control

[Mark W. <mew...@un...>]

Neither the Sort or VLV controls have a new method. Instead they have an
init method.

When I try to replace new with init, I get this:
"Can't use string ("Net::LDAP::Control::Sort") as a HASH ref while "strict
refs" in use at /usr/lib/perl5/site_perl/5.005/Net/LDAP/Control/Sort.pm
line 19."

I get the same thing if I change init to new in the Sort.pm file.

I'm using Perl 5.005_03 on Linux with Net::LDAP .19 and Convert::ASN1 .04.

And here's the code I'm using to setup the Sort control:
 $sort = Net::LDAP::Control::Sort->new(
   order => "cn"
 );


BTW If you use the VLV control, remember you must also include a sort
control as well.

Mark


On Tue, 27 Jun 2000, Graham Barr wrote:

> On Mon, Jun 26, 2000 at 08:18:34PM -0700, Allen, Robbie wrote:
> > Do the VLV.pm or Paged.pm modules work under Net::LDAP?  If so, do you
> > have any examples?
> 
> Both of these are still under developement, so feel free to give any feedback.
> 
> Paged should work something like
> 
>   $paged = Net::LDAP::Control::Paged->new( size => 10 );
> 
>   $mesg = $ldap->search( control => [ $paged ], .... );
> 
>   $ctrl = $mesg->control( LDAP_CONTROL_PAGED );
> 
>   $paged->cookie($ctrl->cookie) if $ctrl;
> 
>   $mesg = $ldap->search( control => [ $paged ], .... );
> 
> VLV takes these arguments
> 
>   $vlv = Net::LDAP::Control::VLV->new(
>     before  => $beforeCount,
>     after   => $afterCount,
>     assert  => $assertValue,
>     offset  => $offset,
>     content => $contentCount,
>     context => $contextID,   # just noticed a bug that this is missing from new()
>   );
> 
> If assert is present offset and content are not used. There are methods
> by the same names for setting the values. 
> 
> In the response you will get a LDAP_CONTROL_VLVRESPONSE which will have
> methods target, result, content and context
> 
> Graham.
> 
> 
> 
> 

$entry->new

[Charlie P. <cp...@ma...>]

Hello.  I'm having problems getting the Net::LDAP::Entry->new method to
work.  Here is my code:

$entry = Net::LDAP::Entry->new;

pretty simple, I know.  Here is the error message I get:

Can't locate object method "new" via package "Net::LDAP::Entry" at
webldapadd.ple line 70.

All the other methods seem to work.  I have binds, searches and add's
running, but the Entry refuses to fly.  Any suggestions?

Re: Bind failure

[Graham B. <gb...@po...>]

On Tue, Jun 27, 2000 at 11:45:02AM +0200, Klunder, JAA (Hans) wrote:
> I tried 2 things:
> 
> I tried perl 5.005_03 (activestate 522) with a small test script, the script
> runs fine from a dos box, the entries are found and dumped there (so the kit
> is correct), but when I run it from IIS (either as CGI or as ISAPI) it
> returns:
> 
> -----
> Content-type: text/html 
> Software error:
> create failed: IO::Socket::INET: Cannot determine protocol at
> C:\Inetpub\wwwroot\ldaptest.pl line 9. 

This is running perl5.6.0 as this is a known bug. Your system does not know
how to map the protocol name "ldap" to port 389.

This should be fixed in 5.6.1, but until then you just have to tell your system
about the ldap protocol. As I am not a windows user I cannot help with how to do
that.

> -----
> 
> I also tried perl 5.004_2. However I can't get either the ASN1 module or the
> perl-ldap module to install on that system:
> 
> ---------
> C:\temp\Convert-ASN1-0.07>perl makefile.pl
> Writing Makefile for Convert::ASN1
> 
> C:\temp\Convert-ASN1-0.07>d:\temp\nmake
> 
> Microsoft (R) Program Maintenance Utility   Version 1.50
> Copyright (c) Microsoft Corp 1988-94. All rights reserved.
> 
> makefile(641) : fatal error U1001: syntax error : illegal character ',' in
> macro

This is another common Win32 problem. Due to the many flavors of make on such
systems, MakeMAker will write the makefile in the format for the make app
that was used to compile perl itself. Unless you are using the same app
you will see these errors.

You need to either

1) Install manually

2) Get a copy of the same make app that was used to compile perl

3) modify the Config.pm in your perl installation so makemaker will
   write the makefile in the correct format

perl -V:make

will tell you what your config currently says.

Graham.

RE: Bind failure

[Klunder, J. (Hans) <J.A...@rf...>]

I tried 2 things:

I tried perl 5.005_03 (activestate 522) with a small test script, the script
runs fine from a dos box, the entries are found and dumped there (so the kit
is correct), but when I run it from IIS (either as CGI or as ISAPI) it
returns:

-----
Content-type: text/html 
Software error:
create failed: IO::Socket::INET: Cannot determine protocol at
C:\Inetpub\wwwroot\ldaptest.pl line 9. 
-----

I also tried perl 5.004_2. However I can't get either the ASN1 module or the
perl-ldap module to install on that system:

---------
C:\temp\Convert-ASN1-0.07>perl makefile.pl
Writing Makefile for Convert::ASN1

C:\temp\Convert-ASN1-0.07>d:\temp\nmake

Microsoft (R) Program Maintenance Utility   Version 1.50
Copyright (c) Microsoft Corp 1988-94. All rights reserved.

makefile(641) : fatal error U1001: syntax error : illegal character ',' in
macro

Stop.

-----
Any help to get this working would be gratefully appreciated,

Hans


================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en 
de afzender direct te informeren door het bericht te retourneren. 
================================================
The information contained in this message may be confidential 
and is intended to be exclusively for the addressee. Should you 
receive this message unintentionally, please do not use the contents 
herein and notify the sender immediately by return e-mail.

Re: Page or VLV control

[Graham B. <gb...@po...>]

On Mon, Jun 26, 2000 at 08:18:34PM -0700, Allen, Robbie wrote:
> Do the VLV.pm or Paged.pm modules work under Net::LDAP?  If so, do you
> have any examples?

Both of these are still under developement, so feel free to give any feedback.

Paged should work something like

  $paged = Net::LDAP::Control::Paged->new( size => 10 );

  $mesg = $ldap->search( control => [ $paged ], .... );

  $ctrl = $mesg->control( LDAP_CONTROL_PAGED );

  $paged->cookie($ctrl->cookie) if $ctrl;

  $mesg = $ldap->search( control => [ $paged ], .... );

VLV takes these arguments

  $vlv = Net::LDAP::Control::VLV->new(
    before  => $beforeCount,
    after   => $afterCount,
    assert  => $assertValue,
    offset  => $offset,
    content => $contentCount,
    context => $contextID,   # just noticed a bug that this is missing from new()
  );

If assert is present offset and content are not used. There are methods
by the same names for setting the values. 

In the response you will get a LDAP_CONTROL_VLVRESPONSE which will have
methods target, result, content and context

Graham.

Page or VLV control

[Allen, R. <ra...@ci...>]

Do the VLV.pm or Paged.pm modules work under Net::LDAP?  If so, do you
have any examples?

Thanks,
Robbie Allen

Re: LDIF use

[Graham B. <gb...@po...>]

On Mon, Jun 26, 2000 at 12:51:22PM +0200, Bouarich, Reda wrote:
> Actually i would like to open the change.ldif file to create the entries
> that are set in that file.

In other words you want to open if for reading like I said.

> I did concerning the write ENTRIES op.
> Hopw could i do?

If you want to add entries from an LDIF file

   $ldif = Net::LDAP::LDIF->new("/usr/reda/LDIF/change.ldif", "r" );
   $ldap->add($entry) while ($entry = $ldif->read);

Should work.

Graham.

> -----Original Message-----
> From: Graham Barr [mailto:gb...@po...]
> Sent: Monday, June 26, 2000 12:42 PM
> To: Bouarich, Reda
> Cc: 'per...@li...'
> Subject: Re: LDIF use
> 
> 
> On Mon, Jun 26, 2000 at 12:29:35PM +0200, Bouarich, Reda wrote:
> > 
> > Hello everyone,
> > I'm trying to update my DIT using an LDIF operation:
> > i'mn doing like the following: 
> > 
> >  $ldif = Net::LDAP::LDIF->new("/usr/reda/LDIF/change.ldif", "w" );
> >   while( $entry = $ldif->write() ) {
> >          print " \n\n EN COURS EN COURS EN COURS EN COURS \n\n";
> >   }
> >   $ldif->done();
> 
> I think you have things backwards. You have opened the file for write (to
> the file)
> and are attempting to write nothing to it.
> 
> Did you mean to open it for read and call $entry = $ldif->read() ??
> 
> > but it doesn't seem to work, i have the following error message:
> > 
> > Can't locate object method "dn" via package "ENTRIES" at
> > lib/Net/LDAP/LDIF.pm line 167
> 
> Odd, LDIF.pm has no reference to ENTRIES. Did you perhaps pass the string
> 'ENTRIES' in
> as an argument to write ?
> 
> Graham.

Re: LDIF use

[Graham B. <gb...@po...>]

On Mon, Jun 26, 2000 at 12:29:35PM +0200, Bouarich, Reda wrote:
> 
> Hello everyone,
> I'm trying to update my DIT using an LDIF operation:
> i'mn doing like the following: 
> 
>  $ldif = Net::LDAP::LDIF->new("/usr/reda/LDIF/change.ldif", "w" );
>   while( $entry = $ldif->write() ) {
>          print " \n\n EN COURS EN COURS EN COURS EN COURS \n\n";
>   }
>   $ldif->done();

I think you have things backwards. You have opened the file for write (to the file)
and are attempting to write nothing to it.

Did you mean to open it for read and call $entry = $ldif->read() ??

> but it doesn't seem to work, i have the following error message:
> 
> Can't locate object method "dn" via package "ENTRIES" at
> lib/Net/LDAP/LDIF.pm line 167

Odd, LDIF.pm has no reference to ENTRIES. Did you perhaps pass the string 'ENTRIES' in
as an argument to write ?

Graham.

LDIF use

[Bouarich, R. <Red...@co...>]

Hello everyone,
I'm trying to update my DIT using an LDIF operation:
i'mn doing like the following: 

 $ldif = Net::LDAP::LDIF->new("/usr/reda/LDIF/change.ldif", "w" );
  while( $entry = $ldif->write() ) {
         print " \n\n EN COURS EN COURS EN COURS EN COURS \n\n";
  }
  $ldif->done();

but it doesn't seem to work, i have the following error message:

Can't locate object method "dn" via package "ENTRIES" at
lib/Net/LDAP/LDIF.pm line 167

Can someone help me?

Thanks a lot.

Reda Bouarich
Compaq Computer Corp
tel: 04-92-95-58-65
email: Red...@co...

RE: Bind failure

[Klunder, J. (Hans) <J.A...@rf...>]

Mark,

As requested by Graham, I ran:

C:\>perl  -MConvert::ASN1 -e "die $Convert::ASN1::VERSION"

which returns:

0.07 at -e line 1.

The ASN1.pm shows:
# $Id: //depot/asn/lib/Convert/ASN1.pm#10 $

This pm holds the line:

sub ASN_APPLICATION 	() { 0x40 }

Apparently I have a 0.07 but with older files, the zipped archive I
downloaded from CPAN is 34.560 bytes.

Hans

-----Oorspronkelijk bericht-----
Van: Mark Wilcox [mailto:mew...@un...]
Verzonden: vrijdag 23 juni 2000 16:14
Aan: Klunder, JAA (Hans)
CC: 'per...@li...'
Onderwerp: Re: Bind failure


There are bugs in 5.6 that Net::LDAP exposes. This might be one of
them. Either downgrade to a pre 5.6 release like 5.0005 of Perl or wait
until 5.6.1.

Mark

On Fri, 23 Jun 2000, Klunder, JAA (Hans) wrote:

> Hi,
> 
> I'm trying to run perl-ldap on NT 4.0. running perl 5.6  (activestate)
> I installed perl-ldap-0.19 and Convert-ASN1.0.07 
> 
> The server is LDAP V3 compliant (according to the supplier)  and works
with
> several clients.
> 
> I use the following script to get to my server:
> 
> #-----
> use Net::LDAP qw(:all);
> use Net::LDAP::Util qw( ldap_error_name
>                           ldap_error_text) ;
>                       
> my $ldap = Net::LDAP->new("10.1.1.144",debug => 3) or die "$@";
> my $mesg = $ldap->bind(version => 3
> 			) or die "$@";        
> #------
> 
> This results in:
> 
> Net::LDAP=HASH(0x8e9f190) sending:
> 
> 30 0C 02 01 01 40 07 02 01 03 04 00 80 00 __ __ 0....@........
> 
> Net::LDAP=HASH(0x8e9f190) received:
> 
> 30 38 02 01 00 78 33 0A 01 02 04 00 04 14 55 6E 08...x3.......Un
> 6B 6E 6F 77 6E 20 72 65 71 75 65 73 74 20 74 79 known request ty
> 70 65 8A 16 31 2E 33 2E 36 2E 31 2E 34 2E 31 2E pe..1.3.6.1.4.1.
> 31 34 36 36 2E 32 30 30 33 36 __ __ __ __ __ __ 1466.20036
> 
> And the request type is indeed unknown. When I look at the traffic using
NT
> network monitor it defines the operation as BindRequest (hex 40).
> However if I bind using another Ldap client (ldp)  the network monitor
shows
> the BindRequest as hex 60.
> 
> I found out that I can change asn_application in ASN1.pm from 40 to 60 and
> then the bind succeeds, however, the search then dies because the results
> can't be parsed by perl LDAP.
> 
> Any hints ?
> 
> Hans
> 
>  
> 
> ================================================
> De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
> is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
> onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en 
> de afzender direct te informeren door het bericht te retourneren. 
> ================================================
> The information contained in this message may be confidential 
> and is intended to be exclusively for the addressee. Should you 
> receive this message unintentionally, please do not use the contents 
> herein and notify the sender immediately by return e-mail.
> 
> 
> 
> 


================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en 
de afzender direct te informeren door het bericht te retourneren. 
================================================
The information contained in this message may be confidential 
and is intended to be exclusively for the addressee. Should you 
receive this message unintentionally, please do not use the contents 
herein and notify the sender immediately by return e-mail.

Re: Bind failure

[Mark W. <mew...@un...>]

There are bugs in 5.6 that Net::LDAP exposes. This might be one of
them. Either downgrade to a pre 5.6 release like 5.0005 of Perl or wait
until 5.6.1.

Mark

On Fri, 23 Jun 2000, Klunder, JAA (Hans) wrote:

> Hi,
> 
> I'm trying to run perl-ldap on NT 4.0. running perl 5.6  (activestate)
> I installed perl-ldap-0.19 and Convert-ASN1.0.07 
> 
> The server is LDAP V3 compliant (according to the supplier)  and works with
> several clients.
> 
> I use the following script to get to my server:
> 
> #-----
> use Net::LDAP qw(:all);
> use Net::LDAP::Util qw( ldap_error_name
>                           ldap_error_text) ;
>                       
> my $ldap = Net::LDAP->new("10.1.1.144",debug => 3) or die "$@";
> my $mesg = $ldap->bind(version => 3
> 			) or die "$@";        
> #------
> 
> This results in:
> 
> Net::LDAP=HASH(0x8e9f190) sending:
> 
> 30 0C 02 01 01 40 07 02 01 03 04 00 80 00 __ __ 0....@........
> 
> Net::LDAP=HASH(0x8e9f190) received:
> 
> 30 38 02 01 00 78 33 0A 01 02 04 00 04 14 55 6E 08...x3.......Un
> 6B 6E 6F 77 6E 20 72 65 71 75 65 73 74 20 74 79 known request ty
> 70 65 8A 16 31 2E 33 2E 36 2E 31 2E 34 2E 31 2E pe..1.3.6.1.4.1.
> 31 34 36 36 2E 32 30 30 33 36 __ __ __ __ __ __ 1466.20036
> 
> And the request type is indeed unknown. When I look at the traffic using NT
> network monitor it defines the operation as BindRequest (hex 40).
> However if I bind using another Ldap client (ldp)  the network monitor shows
> the BindRequest as hex 60.
> 
> I found out that I can change asn_application in ASN1.pm from 40 to 60 and
> then the bind succeeds, however, the search then dies because the results
> can't be parsed by perl LDAP.
> 
> Any hints ?
> 
> Hans
> 
>  
> 
> ================================================
> De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
> is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
> onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en 
> de afzender direct te informeren door het bericht te retourneren. 
> ================================================
> The information contained in this message may be confidential 
> and is intended to be exclusively for the addressee. Should you 
> receive this message unintentionally, please do not use the contents 
> herein and notify the sender immediately by return e-mail.
> 
> 
> 
> 

Re: Bind failure

[Graham B. <gb...@po...>]

Are you sure that it is version 0.07 of Convert::ASN1 that is being used ?

This was a bug in a previous release, but has been fixed.

I just tried it here with 0.07 and it did use 60, not 40

What does

  perl -MConvert::ASN1 -e 'die $Convert::ASN1::VERSION'

output ?

Graham.

On Fri, Jun 23, 2000 at 03:11:39PM +0200, Klunder, JAA (Hans) wrote:
> Hi,
> 
> I'm trying to run perl-ldap on NT 4.0. running perl 5.6  (activestate)
> I installed perl-ldap-0.19 and Convert-ASN1.0.07 
> 
> The server is LDAP V3 compliant (according to the supplier)  and works with
> several clients.
> 
> I use the following script to get to my server:
> 
> #-----
> use Net::LDAP qw(:all);
> use Net::LDAP::Util qw( ldap_error_name
>                           ldap_error_text) ;
>                       
> my $ldap = Net::LDAP->new("10.1.1.144",debug => 3) or die "$@";
> my $mesg = $ldap->bind(version => 3
> 			) or die "$@";        
> #------
> 
> This results in:
> 
> Net::LDAP=HASH(0x8e9f190) sending:
> 
> 30 0C 02 01 01 40 07 02 01 03 04 00 80 00 __ __ 0....@........
> 
> Net::LDAP=HASH(0x8e9f190) received:
> 
> 30 38 02 01 00 78 33 0A 01 02 04 00 04 14 55 6E 08...x3.......Un
> 6B 6E 6F 77 6E 20 72 65 71 75 65 73 74 20 74 79 known request ty
> 70 65 8A 16 31 2E 33 2E 36 2E 31 2E 34 2E 31 2E pe..1.3.6.1.4.1.
> 31 34 36 36 2E 32 30 30 33 36 __ __ __ __ __ __ 1466.20036
> 
> And the request type is indeed unknown. When I look at the traffic using NT
> network monitor it defines the operation as BindRequest (hex 40).
> However if I bind using another Ldap client (ldp)  the network monitor shows
> the BindRequest as hex 60.
> 
> I found out that I can change asn_application in ASN1.pm from 40 to 60 and
> then the bind succeeds, however, the search then dies because the results
> can't be parsed by perl LDAP.
> 
> Any hints ?
> 
> Hans
> 
>  
> 
> ================================================
> De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
> is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
> onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en 
> de afzender direct te informeren door het bericht te retourneren. 
> ================================================
> The information contained in this message may be confidential 
> and is intended to be exclusively for the addressee. Should you 
> receive this message unintentionally, please do not use the contents 
> herein and notify the sender immediately by return e-mail.
> 
> 
> 

Bind failure

[Klunder, J. (Hans) <J.A...@rf...>]

Hi,

I'm trying to run perl-ldap on NT 4.0. running perl 5.6  (activestate)
I installed perl-ldap-0.19 and Convert-ASN1.0.07 

The server is LDAP V3 compliant (according to the supplier)  and works with
several clients.

I use the following script to get to my server:

#-----
use Net::LDAP qw(:all);
use Net::LDAP::Util qw( ldap_error_name
                          ldap_error_text) ;
                      
my $ldap = Net::LDAP->new("10.1.1.144",debug => 3) or die "$@";
my $mesg = $ldap->bind(version => 3
			) or die "$@";        
#------

This results in:

Net::LDAP=HASH(0x8e9f190) sending:

30 0C 02 01 01 40 07 02 01 03 04 00 80 00 __ __ 0....@........

Net::LDAP=HASH(0x8e9f190) received:

30 38 02 01 00 78 33 0A 01 02 04 00 04 14 55 6E 08...x3.......Un
6B 6E 6F 77 6E 20 72 65 71 75 65 73 74 20 74 79 known request ty
70 65 8A 16 31 2E 33 2E 36 2E 31 2E 34 2E 31 2E pe..1.3.6.1.4.1.
31 34 36 36 2E 32 30 30 33 36 __ __ __ __ __ __ 1466.20036

And the request type is indeed unknown. When I look at the traffic using NT
network monitor it defines the operation as BindRequest (hex 40).
However if I bind using another Ldap client (ldp)  the network monitor shows
the BindRequest as hex 60.

I found out that I can change asn_application in ASN1.pm from 40 to 60 and
then the bind succeeds, however, the search then dies because the results
can't be parsed by perl LDAP.

Any hints ?

Hans

 

================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en 
de afzender direct te informeren door het bericht te retourneren. 
================================================
The information contained in this message may be confidential 
and is intended to be exclusively for the addressee. Should you 
receive this message unintentionally, please do not use the contents 
herein and notify the sender immediately by return e-mail.

Re: [Fwd] Net::LDAP - how to connect over SSL?

[Mark W. <mew...@un...>]

In the meantime if you need SSL you can get an SSL proxy like stunnel (see
the misc section on openssl.org) and use that to connect to the LDAP
server.

We've done this for our IMAP authentication server on campus (it's written
with the openLDAP C API which doesn't support SSL either [at least in
its current implementation]).

Mark

On Wed, 21 Jun 2000, Chris Ridd wrote:

> On Wed, 21 Jun 2000 00:44:53 BST, Graham Barr wrote:
> > ----- Forwarded message from Carol Mattsson <mat...@cu...> -----
> > 
> > Date: Tue, 20 Jun 2000 16:33:32 -0700
> > From: Carol Mattsson <mat...@cu...>
> > X-Mailer: Mozilla 4.72 [en] (WinNT; I)
> > To: gb...@po...
> > Subject: Net::LDAP - how to connect over SSL?
> > 
> > Hi Graham,
> > 
> > I'm trying out Net::LDAP and am a current PerLDAP user.  I want to bind
> > over SSL.  Is that just a PerLDAP thing or can I do it with Net::LDAP as
> > well?
> > 
> > To do this in PerLDAP I connect via port 636 and give my Netscape
> > certificate, named "cert7.db."
> > 
> > I see ldap->new takes a port number to connect to, but where/how do I
> > specify the location of the certificate?
> > 
> > Thanks in advance,
> > Carol Mattsson 
> > _________________________________________________________________
> > Carol Mattsson
> > ESP User Accounts Management
> > Hewlett-Packard Company (MS 46U-A)  Email: mat...@cu...
> > 19091 Pruneridge Ave.               phone: (408)447-2779
> > Cupertino, CA  USA  95014-0794        FAX: (408)447-1682
> > _________________________________________________________________
> > 
> > ----- End forwarded message -----
> > 
> 
> There are two ways to do this. One is to use an SSL connection to the 
> server, and transfer LDAP over it. This is called the LDAPS protocol, 
> and it is deprecated.
> 
> The correct way to do this is to use a normal LDAP connection and then 
> to use the startTLS control to switch the connection to using TLS 
> (which is a standardized version of SSL.)
> 
> A while ago I had a module called Net::LDAPS which used OpenSSL etc, 
> and which worked OK. However it broke due to recent architectural 
> changes in Net::LDAP, and I haven't fixed it yet. I also want to make 
> it do startTLS.
> 
> So the short answer is 'no', not yet. But I will try hard and fix my 
> Net::LDAPS module. Stay tuned...
> 
> Cheers,
> 
> Chris
> 
> 
> 

Re: [Fwd] Net::LDAP - how to connect over SSL?

[Chris R. <Chr...@me...>]

On Wed, 21 Jun 2000 00:44:53 BST, Graham Barr wrote:
> ----- Forwarded message from Carol Mattsson <mat...@cu...> -----
> 
> Date: Tue, 20 Jun 2000 16:33:32 -0700
> From: Carol Mattsson <mat...@cu...>
> X-Mailer: Mozilla 4.72 [en] (WinNT; I)
> To: gb...@po...
> Subject: Net::LDAP - how to connect over SSL?
> 
> Hi Graham,
> 
> I'm trying out Net::LDAP and am a current PerLDAP user.  I want to bind
> over SSL.  Is that just a PerLDAP thing or can I do it with Net::LDAP as
> well?
> 
> To do this in PerLDAP I connect via port 636 and give my Netscape
> certificate, named "cert7.db."
> 
> I see ldap->new takes a port number to connect to, but where/how do I
> specify the location of the certificate?
> 
> Thanks in advance,
> Carol Mattsson 
> _________________________________________________________________
> Carol Mattsson
> ESP User Accounts Management
> Hewlett-Packard Company (MS 46U-A)  Email: mat...@cu...
> 19091 Pruneridge Ave.               phone: (408)447-2779
> Cupertino, CA  USA  95014-0794        FAX: (408)447-1682
> _________________________________________________________________
> 
> ----- End forwarded message -----
> 

There are two ways to do this. One is to use an SSL connection to the 
server, and transfer LDAP over it. This is called the LDAPS protocol, 
and it is deprecated.

The correct way to do this is to use a normal LDAP connection and then 
to use the startTLS control to switch the connection to using TLS 
(which is a standardized version of SSL.)

A while ago I had a module called Net::LDAPS which used OpenSSL etc, 
and which worked OK. However it broke due to recent architectural 
changes in Net::LDAP, and I haven't fixed it yet. I also want to make 
it do startTLS.

So the short answer is 'no', not yet. But I will try hard and fix my 
Net::LDAPS module. Stay tuned...

Cheers,

Chris

Re: Diff files for Schema.pod and Examples.pod

[Chris R. <Chr...@me...>]

On Tue, 20 Jun 2000 23:02:25 BST, Graham Barr wrote:
> OK, I changed this bit to
> 
>   After a successful bind you are ready to retrieve the schema 
>   information.  You do this by initializing a schema object.
> 
>    $schema = $ldap->schema();
> 
>   In this case Net::LDAP will attempt to determine the dn under which
>   the schema can be found. First it will look for the attribute
>   C<subschemasubentry> in the root DSE. If that cannot be found then
>   it will default to the assumption of C<cn=schema>
> 
>   Alternatively you can specify the dn where the schema is to be found
>   with
> 
>    $schema = $ldap->schema(dn => $dn);
> 
>   Once we have a dn to search for, Net::LDAP will fetch the schema entry with
> 
>     $mesg = $self->search(
>       base   => $dn,
>       scope  => 'base',
>       filter => '(objectClass=*)',
>     );
> 
>   Once the schema object has been initialized, schema methods 
>   are used to retrieve the data.  There are a number of ways this
>   can be done.  Information on the schema methods can be found 
>   in the Net::LDAP::Schema pod documentation.
> 
> Graham.

Great!

Chris

[Fwd] Net::LDAP - how to connect over SSL?

[Graham B. <gb...@po...>]

----- Forwarded message from Carol Mattsson <mat...@cu...> -----

Date: Tue, 20 Jun 2000 16:33:32 -0700
From: Carol Mattsson <mat...@cu...>
X-Mailer: Mozilla 4.72 [en] (WinNT; I)
To: gb...@po...
Subject: Net::LDAP - how to connect over SSL?

Hi Graham,

I'm trying out Net::LDAP and am a current PerLDAP user.  I want to bind
over SSL.  Is that just a PerLDAP thing or can I do it with Net::LDAP as
well?

To do this in PerLDAP I connect via port 636 and give my Netscape
certificate, named "cert7.db."

I see ldap->new takes a port number to connect to, but where/how do I
specify the location of the certificate?

Thanks in advance,
Carol Mattsson 
_________________________________________________________________
Carol Mattsson
ESP User Accounts Management
Hewlett-Packard Company (MS 46U-A)  Email: mat...@cu...
19091 Pruneridge Ave.               phone: (408)447-2779
Cupertino, CA  USA  95014-0794        FAX: (408)447-1682
_________________________________________________________________

----- End forwarded message -----

Re: Diff files for Schema.pod and Examples.pod

[Graham B. <gb...@po...>]

OK, I changed this bit to

  After a successful bind you are ready to retrieve the schema 
  information.  You do this by initializing a schema object.

   $schema = $ldap->schema();

  In this case Net::LDAP will attempt to determine the dn under which
  the schema can be found. First it will look for the attribute
  C<subschemasubentry> in the root DSE. If that cannot be found then
  it will default to the assumption of C<cn=schema>

  Alternatively you can specify the dn where the schema is to be found
  with

   $schema = $ldap->schema(dn => $dn);

  Once we have a dn to search for, Net::LDAP will fetch the schema entry with

    $mesg = $self->search(
      base   => $dn,
      scope  => 'base',
      filter => '(objectClass=*)',
    );

  Once the schema object has been initialized, schema methods 
  are used to retrieve the data.  There are a number of ways this
  can be done.  Information on the schema methods can be found 
  in the Net::LDAP::Schema pod documentation.

Graham.


On Tue, Jun 20, 2000 at 02:44:04PM +0100, Chris Ridd wrote:
> On Mon, 19 Jun 2000 13:52:31 CDT, Clif Harden wrote:
> > + After a successful bind you are ready to retrieve the schema 
> > + information.  You do this by initializing a schema object.
> > + 
> > +  $schema = $ldap->schema();
> > + 
> > +  In this case the default schema commonName (cn) is being 
> > +  used to retrieve the schema.
> 
> That description is wrong. schema() will retrieve the schema held by 
> the server using information present in the server's root DSE. See RFC 
> 2251 section 3.4
> 
> > + or
> > + 
> > +  $schema = $ldap->schema($cn);
> > + 
> > +  In this case an alternative schema commonName (cn) is being
> > +  used to retrieve the schema.
> 
> That's wrong for similar reasons. The argument is actually the DN of a 
> subentry or entry that contains the schema.
> 
> X.500 servers will for instance, have subschema stored in subentries 
> below the points which they are mastering, eg <cn=subschema-subentry,o=Y
> oyodyne,c=US>, *not* directly below the root.
> 
> > + The default LDAP schema name is cn=schema.  However this 
> > + may not always be the case, Microsoft Exchange systems are known
> > + to build a schema commonName (cn) that is based on domain and 
> > + server name.
> 
> There is no default schema name in the standards. However, Net::LDAP 
> will guess at a DN of <cn=schema> if it cannot find the 
> subschemaSubentry attribute in the root DSE.
> 
> Looks good otherwise!
> 
> Chris
> 
> 

Re: How do I keep a search from hanging?

[Graham B. <gb...@po...>]

Hm, I am not sure many people have used async, but here goes.

With async the ->search method will return immediately.

You will then have to check for data on the socket, you can get this from
$ldap->socket.

You can use select() to determine when there is something ready, and when
there is call $ldap->_recvresp (this method needs to be renamed)

_recvresp will read everything it can from the socket and process it.

You can check if the search has completed with $mesg->done, any other method
called will cause Net::LDAP to block until the search has completed.

This is where the async code really needs work as it is not really async
as there are cases where it will still block.

It needs to be made to return error values (probably undef) and have a way
for the API to show something equivalent to EWOULDBLOCK.

Graham.

So in code terms

  $ldap->async(1);
  $mesg = $ldap->search(...);
  $sel = IO::Select->new( $ldap->socket );
  do {
    $sel->can_read( $timeout ) or die "Bang!";
    $ldap->_recvresp();
  } until ($mesg->done);

On Tue, Jun 20, 2000 at 03:14:03PM -0500, Bryan Thale wrote:
> OK, maybe I can use the async capability instead.  How do I test to determine
> if an async request has completed?  It looks like the sync method will also
> wait forever.
> 
> Bryan.
> 
> --
> Bryan Thale
> Motorola Labs, Networking and Infrastructure Research
> mailto:th...@rs...
> 
> Graham Barr wrote:
> 
> > The timeout argument to search is a parameter given to the server
> > as a timeout for the query. It is not a timeout that Net::LDAP uses to
> > determine how long to wait.
> >
> > Net::LDAP does not have this, maybe it should. This is something to
> > think about.
> >
> > Graham.
> >
> 
> 

Re: How do I keep a search from hanging?

[Bryan T. <th...@rs...>]

OK, maybe I can use the async capability instead.  How do I test to determine
if an async request has completed?  It looks like the sync method will also
wait forever.

Bryan.

--
Bryan Thale
Motorola Labs, Networking and Infrastructure Research
mailto:th...@rs...

Graham Barr wrote:

> The timeout argument to search is a parameter given to the server
> as a timeout for the query. It is not a timeout that Net::LDAP uses to
> determine how long to wait.
>
> Net::LDAP does not have this, maybe it should. This is something to
> think about.
>
> Graham.
>

Re: How do I keep a search from hanging?

[Graham B. <gb...@po...>]

The timeout argument to search is a parameter given to the server
as a timeout for the query. It is not a timeout that Net::LDAP uses to
determine how long to wait.

Net::LDAP does not have this, maybe it should. This is something to
think about.

Graham.

On Tue, Jun 20, 2000 at 02:00:54PM -0500, Bryan Thale wrote:
> Hi,
> 
> How do I prevent a non-responsive server from hanging my client?  I've
> tried specifying  timelimit => 10 when I invoke the search method but
> the call just hangs.
> 
> I am using Net::LDAP from CPAN (G/GB/GBARR/perl-ldap-0.19.tar.gz)  under
> RH linux v6.1, Perl 5.005_03
> 
> Here's the debug output produced.
> 
> > Net::LDAP=HASH(0x81b3438) sending:
> >
> > 30 0C 02 01 01 60 07 02 01 02 04 00 80 00 __ __ 0....`........
> >
> > Net::LDAP=HASH(0x81b3438) received:
> >
> > 30 0C 02 01 01 61 07 0A 01 00 04 00 04 00 __ __ 0....a........
> >
> > Bind returned: code=0, error=
> > Net::LDAP=HASH(0x81b3438) sending:
> >
> > 30 81 8E 02 01 02 63 81 88 04 0F 6F 3D 4D 6F 74 0.....c....o=Mot
> > 6F 72 6F 6C 61 2C 63 3D 55 53 0A 01 02 0A 01 02 orola,c=US......
> > 02 01 00 02 01 00 01 01 00 A3 2A 04 0D 72 66 63 ..........*..rfc
> > 38 32 32 4D 61 69 6C 62 6F 78 04 19 42 72 79 61 822Mailbox..Brya
> > 6E 5F 54 68 61 6C 65 40 65 6D 61 69 6C 2E 6D 6F n_...@em...
> > 74 2E 63 6F 6D 30 3A 04 03 75 69 64 04 0A 63 6F t.com0:..uid..co
> > 6D 6D 65 72 63 65 69 64 04 09 67 69 76 65 6E 4E mmerceid..givenN
> > 61 6D 65 04 07 73 75 72 6E 61 6D 65 04 0D 72 66 ame..surname..rf
> > 63 38 32 32 4D 61 69 6C 62 6F 78 04 04 6D 61 69 c822Mailbox..mai
> > 6C __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ l
> >
> Thanks,
> Bryan.
> 
> --
> Bryan Thale
> Motorola Labs, Networking and Infrastructure Research
> mailto:th...@rs...
> 
> 
> 
>