Menu
▾
▴
perl-ldap-dev
You can subscribe to this list here.
| 2000 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(200) |
Jun
(129) |
Jul
(184) |
Aug
(204) |
Sep
(106) |
Oct
(79) |
Nov
(72) |
Dec
(54) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2001 |
Jan
(83) |
Feb
(123) |
Mar
(84) |
Apr
(184) |
May
(106) |
Jun
(111) |
Jul
(104) |
Aug
(91) |
Sep
(59) |
Oct
(99) |
Nov
(100) |
Dec
(37) |
| 2002 |
Jan
(148) |
Feb
(88) |
Mar
(85) |
Apr
(151) |
May
(80) |
Jun
(110) |
Jul
(85) |
Aug
(43) |
Sep
(64) |
Oct
(89) |
Nov
(59) |
Dec
(42) |
| 2003 |
Jan
(129) |
Feb
(104) |
Mar
(162) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Kurt D. Z. <Ku...@Op...> - 2003-01-10 20:44:38
|
At 01:51 AM 1/10/2003, Chris Ridd wrote: >I don't think that's a valid search filter in LDAP (you can empty '&' >filters in DAP if I recall), LDAPv2 actually allowed empty AND/OR sets on the wire yet the LDAPv2 filter string representation was defined such that one element was required. When LDAPv3 was defined, instead of correcting the string representation to allow empty sets, a restriction was placed upon the protocol. This is unfortunate as now clients have no standard way to assert absolute truth or absolute false. >Try a filter of "(objectclass=*)" instead, as this will normally match every >entry. Yes, ***normally***. There are cases where (objectClass=*) may evaluate to False (or Undefined and, hence, treated as False). A number of LDAP servers however do support assertions with empty AND/OR sets. For example, OpenLDAP 2.1. Because this feature is considered generally useful, I've written draft-zeilenga-ldap-t-f to (re)introduce them back into LDAP as an extension. Kurt |
|
From: Clif H. <cl...@go...> - 2003-01-10 16:31:37
|
On Fri, Jan 10, 2003 at 10:44:43AM +0100, Trond SAUE wrote: > Hi, > I have Red Hat version 8.0 with perl-5.8.0-55 and would like > to convert a ldif adressbook from Netscape to VCARD. However, > I have problems installing the LDIF to VCARD File Conversion Utility. > Does anybode have suggestions ? > All the best, > Trond SAUE >=20 > --=20 > Trond SAUE (DIRAC:=20 > http://dirac.chem.sdu.dk/) > Laboratoire de Chimie Quantique et Mod=E9lisation Mol=E9culaire > Universite Louis Pasteur ; 4, rue Blaise Pascal ; F-67000 STRASBOURG > t=E9l: 03 90 24 13 01 fax: 03 90 24 15 89 email:=20 > sa...@qu... >=20 >=20 > ------------------------------------------------------- > This SF.NET email is sponsored by: > SourceForge Enterprise Edition + IBM + LinuxWorld =3D Something 2 See! > http://www.vasoftware.com Are you using D. Scott Barninger's ldif-to-vcard program? I have used it on Solaris, Red Hat 7.3, Mandrake 6.5; other than changing the first line of the program to match my perl location I have had no problem using it. I would make sure that you are using the latest version of PERL-LDAP (0.26) and the latest version of Convert-ASN1 (0.16). Clif=20 |
|
From: Eric N. <eri...@di...> - 2003-01-10 11:52:25
|
You are correct in searching the Global Catalog on port 3268.
The quick and dirty way to search is by search for all users or contacts
that have mail populated:
$mesg = $ldap->search( base => "",
filter => "(& (objectclass=person) (mail=*) )"
scope => "sub");
Also you cannot do an anonymous bind to the GC. You must use a user
account ie: "user@domain"
If the search yields more than about 1,500 objects I would suggest using
the Net::LDAP::Control::Paged control. But that's another email <grin>
Mikael Lindmark wrote:
> Here is the code. I'm happy for any kind of help.
>
> I use the same server as Directory Server with my Mozilla,
> and I can access the mail addresses in the address book
> that way.
>
> -----------------------------------------------------------
> #!/usr/bin/perl
>
> use Net::LDAP;
>
> # Connect to the "ActiveDirectory" server.
> $ldap = Net::LDAP->new('server.company.com', port => 3268 ) or die "$@";
>
> $ldap->bind ; # an anonymous bind
> $mesg = $ldap->search ( # perform a search
> base => "",
> filter => "(&)"
> );
>
> $mesg->code && die $mesg->error;
> foreach $entry ($mesg->all_entries) { $entry->dump; }
> $ldap->unbind; # take down session
>
> -----------------------------------------------------------
>
> Eric Nichols wrote:
>
>>Can you post your code?
>>
>>Mikael Lindmark wrote:
>>
>>>Hi!
>>>
>>>I'm trying to write a perl-script that get all the
>>>users and their e-mail addresses from a NTDS.
>>>
>>>When I run the example code I get alot of info, but
>>>no email fields (and I know they are there).
>>>
>>>Is there anyone that has such code, or someone that
>>>could guide me in the right direction? I'm not that
>>>good at LDAP (yet).
>>>
>>>
>>>Sincerely,
>>>
>>>Mike
>>
>
>
|
|
From: Mikael L. <mik...@te...> - 2003-01-10 11:44:05
|
Chris Ridd wrote:
>
> On 10/1/03 11:39 am, Mikael Lindmark <mik...@te...> wrote:
>
> > Chris Ridd wrote:
> >
> > <snip>
> >
> >>> I have allready tried it, and it gave me the same (flat) output.
> >>>
> >>> /Mike
> >>>
> >>
> >> By "(flat) output" do you mean that you're only seeing entries directly
> >> below root (your search base)? If so then try adding
> >>
> >> scope => "subtree"
> >>
> >> to your search.
> >>
> >> If not, could you explain in more detail what you're getting back and what
> >> you want, giving some examples?
> >>
> >> Cheers,
> >>
> >> Chris
> >
> > It gave the same result (since subtree is default). Sorry about the
> > confusion.
> > Here is the top of the output since the output is almost 4000 lines, but
> > I can't
> > find any usernames or user e-mails.
> >
> > (I have change company internal names for security reasons).
>
> I couldn't see anything much (apart from a quite non-standard schema!) in
> the output you quoted. Do you get entries returned which should have email
> addresses, only without the email addresses?
>
> Do you need to authenticate to the directory? You're just using anonymous
> auth at the moment.
>
> Cheers,
>
> Chris
Thanks! It worked! I got everything I wanted! Here is the working code:
#!/usr/bin/perl
use Net::LDAP;
use Net::LDAP::Util qw(ldap_error_name ldap_error_text) ; # use for
Error handling
$base = "OU=Users,OU=AB,OU=City5,DC=Company,DC=org";
$scope = "subtree";
$filter = "(objectclass=*)";
$attrs = "";
# Connect to the "ActiveDirectory" server.
$ldap = Net::LDAP->new('server.company.com', port => 3268 ) or die "$@";
$ldap->bind('CN=myusername,OU=Users,OU=AB,OU=City5,DC=Company,DC=org',
password => 'mypassword');
$mesg = $ldap->search ( # perform a search
base => "$base",
scope => "$scope",
filter => "$filter",
attrs => $attrs
);
$mesg->code && die $mesg->error;
foreach $entry ($mesg->all_entries) { $entry->dump; }
$ldap->unbind; # take down session
|
|
From: Chris R. <chr...@ma...> - 2003-01-10 11:15:27
|
On 10/1/03 11:39 am, Mikael Lindmark <mik...@te...> wrote: > Chris Ridd wrote: > > <snip> > >>> I have allready tried it, and it gave me the same (flat) output. >>> >>> /Mike >>> >> >> By "(flat) output" do you mean that you're only seeing entries directly >> below root (your search base)? If so then try adding >> >> scope => "subtree" >> >> to your search. >> >> If not, could you explain in more detail what you're getting back and what >> you want, giving some examples? >> >> Cheers, >> >> Chris > > It gave the same result (since subtree is default). Sorry about the > confusion. > Here is the top of the output since the output is almost 4000 lines, but > I can't > find any usernames or user e-mails. > > (I have change company internal names for security reasons). I couldn't see anything much (apart from a quite non-standard schema!) in the output you quoted. Do you get entries returned which should have email addresses, only without the email addresses? Do you need to authenticate to the directory? You're just using anonymous auth at the moment. Cheers, Chris |
|
From: Graham B. <gb...@po...> - 2003-01-10 11:06:20
|
This may be related to another issue when Net::LDAP will look for an incoming PDU when there is not one. Can you turn on Net::LDAP's debug trace Graham. On Thu, Jan 09, 2003 at 02:40:41PM -0700, Chris Fedde wrote: > I'm trying to do a mass delete from a directory. > The code below is a frag from a system that used to work. After upgrading > OpenLDAP to 2.0.27 the code blocks here: > > Convert::ASN1::asn_read(/usr/local/lib/perl5/site_perl/5.8.0/Convert/ASN1/IO.pm: > 157): > 157: sysread($_[0],$_[1],$n,length $_[1]) or > 158: goto READ_ERR; > > Is there some other technique I should be using to do this kind of > conditional delete? > > -- > Chris Fedde > -- > > #!/bin/perl > > use strict; > use warnings; > use Net::LDAP; > use Time::Local; > > my $search; > my $prune; > my $server = 'bender.area31.viawest.net'; > my $prunebase = 'ou=access,ou=SendmailMaps,ou=Applications,dc=viawest,dc=net'; > my $binddn = 'cn=root,dc=ldapusers,dc=viawest,dc=net'; > my $passwd = 'axaxotif'; > my $timeout = 10; > > # > # 20020411013841Z > # YYYYMMDDHHmmss > # 0....+....1....+ > # > sub timestamp_to_epoch { > my $ts = shift; > > my ( $year, $month, $day, $hour, $minute, $sec ) = ( > substr( $ts, 0, 4 ), > substr( $ts, 4, 2 ), > substr( $ts, 6, 2 ), > substr( $ts, 8, 2 ), > substr( $ts, 10, 2 ), > substr( $ts, 12, 2 ) > ); > > return timegm( $sec, $minute, $hour, $day, $month - 1, $year - 1900 ); > } > > sub prune { > > my $result; > > warn("prune starting"); > > $search = Net::LDAP->new( $server, ) or die "$0: $@"; > $prune = Net::LDAP->new( $server, ) or die "$0: $@"; > > $search->bind( > dn => $binddn, > password => $passwd, > ) > or die "$0: $@"; > > $prune->bind( > dn => $binddn, > password => $passwd, > ) > or die "$0: $@"; > > my $msg = $search->search( > base => $prunebase, > filter => '(&(objectClass=vwSendmailMap)(vwMapDynamicEntry=*))', > attrs => [ '*', 'modifyTimestamp' ], > callback => \&prune_each, > ); > > $search->unbind; > $prune->unbind; > } > > sub prune_each { > my $msg = shift; > my $entry = shift; > > return unless ( defined $entry ); > > my $ts = $entry->get_value('modifyTimestamp'); > my $epoch = timestamp_to_epoch($ts); > > my $dynamic = $entry->get_value('vwMapDynamicEntry'); > my $dn = $entry->dn; > my $key = $entry->get_value('vwMapKey'); > warn("prune_each $key"); > > if ( time() > $epoch + $timeout and defined $dynamic ) { > > my $result = $prune->delete($entry); > warn( "prune_each: delete $key, ldapcode: " . $result->code ); > > } > > $msg->pop_entry; > } > > prune(); > > > > ------------------------------------------------------- > This SF.NET email is sponsored by: > SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! > http://www.vasoftware.com |
|
From: Mikael L. <mik...@te...> - 2003-01-10 10:27:50
|
Chris Ridd wrote:
<snip>
> > I have allready tried it, and it gave me the same (flat) output.
> >
> > /Mike
> >
>=20
> By "(flat) output" do you mean that you're only seeing entries directly
> below root (your search base)? If so then try adding
>=20
> scope =3D> "subtree"
>=20
> to your search.
>=20
> If not, could you explain in more detail what you're getting back and w=
hat
> you want, giving some examples?
>=20
> Cheers,
>=20
> Chris
It gave the same result (since subtree is default). Sorry about the
confusion.
Here is the top of the output since the output is almost 4000 lines, but
I can't
find any usernames or user e-mails.
(I have change company internal names for security reasons).
------------------------------------------------------------------------
dn:DC=3Dcompany,DC=3Dorg
masteredBy: CN=3DNTDS
Settings,CN=3DSESTBCK01,CN=3DServers,CN=3DCity1,CN=3DSites,CN=3DConfigura=
tion,DC=3Dcompany,DC=3Dorg
CN=3DNTDS
Settings,CN=3DSENYBCK01,CN=3DServers,CN=3DCity2,CN=3DSites,CN=3DConfigura=
tion,DC=3Dcompany,DC=3Dorg
CN=3DNTDS
Settings,CN=3DDC-LINK,CN=3DServers,CN=3DCity3,CN=3DSites,CN=3DConfigurati=
on,DC=3Dcompany,DC=3Dorg
dc: company
gPLink:
[LDAP://CN=3D{31B2F340-016D-11D2-945F-00C04FB984F9},CN=3DPolicies,CN=3DSy=
stem,DC=3Dcompany,DC=3Dorg;0]
instanceType: 5
distinguishedName: DC=3Dcompany,DC=3Dorg
objectCategory:
CN=3DDomain-DNS,CN=3DSchema,CN=3DConfiguration,DC=3Dcompany,DC=3Dorg
objectClass: top
domain
domainDNS
objectGUID: 1B+=EB~^=B4JE| =C6=EB^M~M=F1^T~C
objectSid: ^A^D^@^@^@^@^@^E^U^@^@^@&v^^/=D1=DAt^Cu=B9uT
name: company
replUpToDateVector:
^A^@^@^@^@^@^@^@^B^@^@^@^@^@^@^@~Q^?^@Y=A2CdH~E5=DC~C#{Q=C9=A4=C3^C^@^@^@=
^@^@=A5*,l=DF~DXC=AE=FA=FF^U(=B6=F1=D5fg^@^@^@^@^@^@
repsFrom:
^A^@^@^@^@^@^@^@^M^A^@^@^@^@^@^@m^M/=F4^B^@^@^@m^M/=F4^B^@^@^@^@^@^@^@=D0=
^@^@^@=3D^@^@^@P^@^@0^A^@^P^A^@^P^A^@^P^A^@^P^A^@^P^A^@^P^A^@^P^A^@^P^A^@=
^P^A^@^P^A^@^P^A^@^P^A^@^P^A^@^P^A^@^P^A^@^P^A^@^P^A^@^P^A^@^P^A^@^P^A^@^=
P^A^@^P^A^@^P^A^@^P^A^@^P^A^@^P^A^@^P^A^@^P^@^@^@^@ag^@^@^@^@^@^@^@^@^@^@=
^@^@^@^@ag^@^@^@^@^@^@a=A3q=B2=F1=DD=F8B~Z=F5*=F4%^^=B7=DA=A5*,l=DF~DXC=AE=
=FA=FF^U(=B6=F1=D5^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@9^@^@^@b271a361-ddf1-42=
f8-9af5-2af4251eb7da._msdcs.company.org^@
subRefs: CN=3DConfiguration,DC=3Dcompany,DC=3Dorg
uSNChanged: 307754
uSNCreated: 3754
wellKnownObjects: B:32:18E2EA80684F11D2B9AA00C04F79F805:CN=3DDeleted
Objects,DC=3Dcompany,DC=3Dorg
=20
B:32:2FBAC1870ADE11D297C400C04FD8D5CD:CN=3DInfrastructure,DC=3Dcompany,DC=
=3Dorg
=20
B:32:AB8153B7768811D1ADED00C04FD8D5CD:CN=3DLostAndFound,DC=3Dcompany,DC=3D=
org
=20
B:32:AB1D30F3768811D1ADED00C04FD8D5CD:CN=3DSystem,DC=3Dcompany,DC=3Dorg
B:32:A361B2FFFFD211D1AA4B00C04FD7D83A:OU=3DDomain
Controllers,DC=3Dcompany,DC=3Dorg
=20
B:32:AA312825768811D1ADED00C04FD8D5CD:CN=3DComputers,DC=3Dcompany,DC=3Dor=
g
=20
B:32:A9D1CA15768811D1ADED00C04FD8D5CD:CN=3DUsers,DC=3Dcompany,DC=3Dorg
whenChanged: 20021218144625.0Z
whenCreated: 20020516090020.0Z
------------------------------------------------------------------------
dn:CN=3DEveryone,CN=3DWellKnown Security
Principals,CN=3DConfiguration,DC=3Dcompany,DC=3Dorg
cn: Everyone
instanceType: 4
distinguishedName: CN=3DEveryone,CN=3DWellKnown Security
Principals,CN=3DConfiguration,DC=3Dcompany,DC=3Dorg
objectCategory:
CN=3DForeign-Security-Principal,CN=3DSchema,CN=3DConfiguration,DC=3Dcompa=
ny,DC=3Dorg
objectClass: top
foreignSecurityPrincipal
objectGUID: /"=AC4xzM=A4~F~[=C4=F6=D7=ED^G
objectSid: ^A^A^@^@^@^@^@^A^@^@^@^@
name: Everyone
uSNChanged: 2520
uSNCreated: 2520
whenChanged: 20020608120813.0Z
whenCreated: 20020516090034.0Z
------------------------------------------------------------------------
|
|
From: Chris R. <chr...@ma...> - 2003-01-10 10:05:04
|
On 10/1/03 9:44 am, Trond SAUE <sa...@qu...> wrote: > Hi, > I have Red Hat version 8.0 with perl-5.8.0-55 and would like > to convert a ldif adressbook from Netscape to VCARD. However, > I have problems installing the LDIF to VCARD File Conversion Utility. > Does anybode have suggestions ? > All the best, > Trond SAUE Does it use Net::LDAP::LDIF? In what way doesn't it install? Do you have a URL for it? Cheers, Chris |
|
From: Chris R. <chr...@ma...> - 2003-01-10 10:03:59
|
On 10/1/03 11:10 am, Mikael Lindmark <mik...@te...> wrote:
> Chris Ridd wrote:
>>
>> On 10/1/03 10:32 am, Mikael Lindmark <mik...@te...> wrote:
>>
>>> Here is the code. I'm happy for any kind of help.
>>>
>>> I use the same server as Directory Server with my Mozilla,
>>> and I can access the mail addresses in the address book
>>> that way.
>>>
>>> -----------------------------------------------------------
>>> #!/usr/bin/perl
>>>
>>> use Net::LDAP;
>>>
>>> # Connect to the "ActiveDirectory" server.
>>> $ldap = Net::LDAP->new('server.company.com', port => 3268 ) or die "$@";
>>>
>>> $ldap->bind ; # an anonymous bind
>>> $mesg = $ldap->search ( # perform a search
>>> base => "",
>>> filter => "(&)"
>>
>> I don't think that's a valid search filter in LDAP (you can empty '&'
>> filters in DAP if I recall), so maybe Net::LDAP::Filter is misparsing it.
>> Here's some of the BNF from RFC 2252:
>>
>> filter = "(" filtercomp ")"
>> filtercomp = and / or / not / item
>> and = "&" filterlist
>> filterlist = 1*filter
>> item = simple / present / substring / extensible
>> [...]
>>
>> Try a filter of "(objectclass=*)" instead, as this will normally match every
>> entry.
>>
>> Cheers,
>>
>> Chris
>
> I have allready tried it, and it gave me the same (flat) output.
>
> /Mike
>
By "(flat) output" do you mean that you're only seeing entries directly
below root (your search base)? If so then try adding
scope => "subtree"
to your search.
If not, could you explain in more detail what you're getting back and what
you want, giving some examples?
Cheers,
Chris
|
|
From: Mikael L. <mik...@te...> - 2003-01-10 09:59:07
|
Chris Ridd wrote:
>
> On 10/1/03 10:32 am, Mikael Lindmark <mik...@te...> wrote:
>
> > Here is the code. I'm happy for any kind of help.
> >
> > I use the same server as Directory Server with my Mozilla,
> > and I can access the mail addresses in the address book
> > that way.
> >
> > -----------------------------------------------------------
> > #!/usr/bin/perl
> >
> > use Net::LDAP;
> >
> > # Connect to the "ActiveDirectory" server.
> > $ldap = Net::LDAP->new('server.company.com', port => 3268 ) or die "$@";
> >
> > $ldap->bind ; # an anonymous bind
> > $mesg = $ldap->search ( # perform a search
> > base => "",
> > filter => "(&)"
>
> I don't think that's a valid search filter in LDAP (you can empty '&'
> filters in DAP if I recall), so maybe Net::LDAP::Filter is misparsing it.
> Here's some of the BNF from RFC 2252:
>
> filter = "(" filtercomp ")"
> filtercomp = and / or / not / item
> and = "&" filterlist
> filterlist = 1*filter
> item = simple / present / substring / extensible
> [...]
>
> Try a filter of "(objectclass=*)" instead, as this will normally match every
> entry.
>
> Cheers,
>
> Chris
I have allready tried it, and it gave me the same (flat) output.
/Mike
|
|
From: Chris R. <chr...@ma...> - 2003-01-10 09:51:57
|
On 10/1/03 10:32 am, Mikael Lindmark <mik...@te...> wrote:
> Here is the code. I'm happy for any kind of help.
>
> I use the same server as Directory Server with my Mozilla,
> and I can access the mail addresses in the address book
> that way.
>
> -----------------------------------------------------------
> #!/usr/bin/perl
>
> use Net::LDAP;
>
> # Connect to the "ActiveDirectory" server.
> $ldap = Net::LDAP->new('server.company.com', port => 3268 ) or die "$@";
>
> $ldap->bind ; # an anonymous bind
> $mesg = $ldap->search ( # perform a search
> base => "",
> filter => "(&)"
I don't think that's a valid search filter in LDAP (you can empty '&'
filters in DAP if I recall), so maybe Net::LDAP::Filter is misparsing it.
Here's some of the BNF from RFC 2252:
filter = "(" filtercomp ")"
filtercomp = and / or / not / item
and = "&" filterlist
filterlist = 1*filter
item = simple / present / substring / extensible
[...]
Try a filter of "(objectclass=*)" instead, as this will normally match every
entry.
Cheers,
Chris
|
|
From: Trond S. <sa...@qu...> - 2003-01-10 09:44:50
|
Hi,
I have Red Hat version 8.0 with perl-5.8.0-55 and would like
to convert a ldif adressbook from Netscape to VCARD. However,
I have problems installing the LDIF to VCARD File Conversion Utility.
Does anybode have suggestions ?
All the best,
Trond SAUE
--
Trond SAUE (DIRAC:
http://dirac.chem.sdu.dk/)
Laboratoire de Chimie Quantique et Modélisation Moléculaire
Universite Louis Pasteur ; 4, rue Blaise Pascal ; F-67000 STRASBOURG
tél: 03 90 24 13 01 fax: 03 90 24 15 89 email:
sa...@qu...
|
|
From: Mikael L. <mik...@te...> - 2003-01-10 09:20:51
|
Here is the code. I'm happy for any kind of help.
I use the same server as Directory Server with my Mozilla,
and I can access the mail addresses in the address book
that way.
-----------------------------------------------------------
#!/usr/bin/perl
use Net::LDAP;
# Connect to the "ActiveDirectory" server.
$ldap = Net::LDAP->new('server.company.com', port => 3268 ) or die "$@";
$ldap->bind ; # an anonymous bind
$mesg = $ldap->search ( # perform a search
base => "",
filter => "(&)"
);
$mesg->code && die $mesg->error;
foreach $entry ($mesg->all_entries) { $entry->dump; }
$ldap->unbind; # take down session
-----------------------------------------------------------
Eric Nichols wrote:
>
> Can you post your code?
>
> Mikael Lindmark wrote:
> > Hi!
> >
> > I'm trying to write a perl-script that get all the
> > users and their e-mail addresses from a NTDS.
> >
> > When I run the example code I get alot of info, but
> > no email fields (and I know they are there).
> >
> > Is there anyone that has such code, or someone that
> > could guide me in the right direction? I'm not that
> > good at LDAP (yet).
> >
> >
> > Sincerely,
> >
> > Mike
|
|
From: Chris F. <cf...@vi...> - 2003-01-09 21:40:45
|
I'm trying to do a mass delete from a directory.
The code below is a frag from a system that used to work. After upgrading
OpenLDAP to 2.0.27 the code blocks here:
Convert::ASN1::asn_read(/usr/local/lib/perl5/site_perl/5.8.0/Convert/ASN1/IO.pm:
157):
157: sysread($_[0],$_[1],$n,length $_[1]) or
158: goto READ_ERR;
Is there some other technique I should be using to do this kind of
conditional delete?
--
Chris Fedde
--
#!/bin/perl
use strict;
use warnings;
use Net::LDAP;
use Time::Local;
my $search;
my $prune;
my $server = 'bender.area31.viawest.net';
my $prunebase = 'ou=access,ou=SendmailMaps,ou=Applications,dc=viawest,dc=net';
my $binddn = 'cn=root,dc=ldapusers,dc=viawest,dc=net';
my $passwd = 'axaxotif';
my $timeout = 10;
#
# 20020411013841Z
# YYYYMMDDHHmmss
# 0....+....1....+
#
sub timestamp_to_epoch {
my $ts = shift;
my ( $year, $month, $day, $hour, $minute, $sec ) = (
substr( $ts, 0, 4 ),
substr( $ts, 4, 2 ),
substr( $ts, 6, 2 ),
substr( $ts, 8, 2 ),
substr( $ts, 10, 2 ),
substr( $ts, 12, 2 )
);
return timegm( $sec, $minute, $hour, $day, $month - 1, $year - 1900 );
}
sub prune {
my $result;
warn("prune starting");
$search = Net::LDAP->new( $server, ) or die "$0: $@";
$prune = Net::LDAP->new( $server, ) or die "$0: $@";
$search->bind(
dn => $binddn,
password => $passwd,
)
or die "$0: $@";
$prune->bind(
dn => $binddn,
password => $passwd,
)
or die "$0: $@";
my $msg = $search->search(
base => $prunebase,
filter => '(&(objectClass=vwSendmailMap)(vwMapDynamicEntry=*))',
attrs => [ '*', 'modifyTimestamp' ],
callback => \&prune_each,
);
$search->unbind;
$prune->unbind;
}
sub prune_each {
my $msg = shift;
my $entry = shift;
return unless ( defined $entry );
my $ts = $entry->get_value('modifyTimestamp');
my $epoch = timestamp_to_epoch($ts);
my $dynamic = $entry->get_value('vwMapDynamicEntry');
my $dn = $entry->dn;
my $key = $entry->get_value('vwMapKey');
warn("prune_each $key");
if ( time() > $epoch + $timeout and defined $dynamic ) {
my $result = $prune->delete($entry);
warn( "prune_each: delete $key, ldapcode: " . $result->code );
}
$msg->pop_entry;
}
prune();
|
|
From: Eric N. <eri...@di...> - 2003-01-09 18:16:06
|
Can you post your code? Mikael Lindmark wrote: > Hi! > > I'm trying to write a perl-script that get all the > users and their e-mail addresses from a NTDS. > > When I run the example code I get alot of info, but > no email fields (and I know they are there). > > Is there anyone that has such code, or someone that > could guide me in the right direction? I'm not that > good at LDAP (yet). > > > Sincerely, > > Mike > > > ------------------------------------------------------- > This SF.NET email is sponsored by: > SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! > http://www.vasoftware.com > > |
|
From: Mikael L. <mik...@te...> - 2003-01-09 18:00:04
|
Hi! I'm trying to write a perl-script that get all the users and their e-mail addresses from a NTDS. When I run the example code I get alot of info, but no email fields (and I know they are there). Is there anyone that has such code, or someone that could guide me in the right direction? I'm not that good at LDAP (yet). Sincerely, Mike |
|
From: Ziya S. <zi...@ri...> - 2003-01-09 13:43:57
|
Hi,
I was running some tests on my sand-box station and because my OpenLDAP
is compiled with TCP wrappers I cannot connect to it. Sure the
solution can be adding slapd to hosts.allow but I thought a better
solution could be using Unix sockets. And I came up with the following
patch to LDAP.pm. What do you think?
BTW, I have only tested ldapi:// syntax. I wanted to get your opinions
before going any further.
Cheers,
Ziya Suzen.
---
RIPE NCC
--- /usr/local/lib/perl5/site_perl/5.8.0/Net/LDAP.pm 2002-07-18 14:56:29.000000000 +0200
+++ blib/lib/Net/LDAP.pm 2003-01-09 13:54:27.000000000 +0100
@@ -92,14 +92,28 @@
sub new {
my $self = shift;
my $type = ref($self) || $self;
- my $host = shift if @_ % 2;
+ my $host_or_url = shift if @_ % 2;
my $arg = &_options;
my $obj = bless {}, $type;
- foreach my $h (ref($host) ? @$host : ($host)) {
- if ($obj->_connect($host, $arg)) {
- $obj->{net_ldap_host} = $h;
- last;
+ my $host;
+
+ if ($host_or_url =~m!^ldap([si])?://([/\w\.\-\@\#\~]+?)(?::(\d+))?/?$!i) {
+ my $ssl_or_ipc = lc($1);
+ $host = $2;
+ $arg->{port} = $3;
+
+ $obj->_connect_ssl($host, $arg) if $ssl_or_ipc eq 's';
+ $obj->_connect_ipc($host, $arg) if $ssl_or_ipc eq 'i';
+ $obj->_connect_tcp($host, $arg) if not $ssl_or_ipc;
+ }
+ else {
+ $host = $host_or_url;
+ foreach my $h (ref($host) ? @$host : ($host)) {
+ if ($obj->_connect_tcp($host, $arg)) {
+ $obj->{net_ldap_host} = $h;
+ last;
+ }
}
}
@@ -120,7 +134,13 @@
$obj;
}
-sub _connect {
+sub _connect_ssl {
+ my ($ldap, $host, $arg) = @_;
+ $ldap->_connect_tcp(@_) and
+ $ldap->start_tls($ldap,%$arg);
+}
+
+sub _connect_tcp {
my ($ldap, $host, $arg) = @_;
$ldap->{net_ldap_socket} = IO::Socket::INET->new(
@@ -133,6 +153,21 @@
);
}
+sub _connect_ipc {
+ my ($ldap, $host, $arg) = @_;
+
+ #DEBUG
+ print "connect IPC\n";
+
+ require IO::Socket::UNIX and
+ $ldap->{net_ldap_socket} = IO::Socket::UNIX->new(
+ Peer => $host,
+ Timeout => defined $arg->{timeout}
+ ? $arg->{timeout}
+ : 120
+ );
+}
+
sub message {
my $ldap = shift;
shift->new($ldap, @_);
|
|
From: Ziya S. <zi...@ri...> - 2003-01-09 13:28:00
|
> It looks fine to me. I am intrigued why this fixes the problem though
> as it changes little.
In Net::LDAP::Message::error() $self->server_error returns
$self->{errorMessage} which is considered tainted by Perl 5.6.0 but
not 5.8.0.
Is $self->{errorMessage} set anywhere else then set_error()? by
Convert::ASN1?
Maybe its not a real big deal since with 5.8.0 it seems to be working
fine (Altho I haven't upgraded the production to 5.8 yet, where I get
this Taint errors now and then).
The patch I sent is actually a work around kind of thing. According to
Perl issue 17867:
http://archive.develooper.com/per...@pe.../msg87991.html
From that article:
$ perl -Tle '$cmd="print q(foo)";$cmd.=".q(bar)" if pop; eval $cmd' foo
Insecure dependency in eval while running with -T switch at -e line 1.
$ perl -Tle '$cmd="print q(foo)";if(pop){$cmd.=".q(bar)"} eval $cmd' foo
foobar
Cheers,
Ziya.
|
|
From: Markus W. <mw...@fa...> - 2003-01-08 17:56:53
|
hi!
as I am the author of the ResourcePool package I would like to suggest two
changes to the Net::LDAP::FAQ to mention the existence of ResourcePool ;)
the first change is regarding the already existing question "How can I
simulate server failover?", i felt so free to remove the original example
and replaced it by a ResourcePool example (or should we keep the old one
as well?)
the second change introduces a new question "How do I get persistent LDAP
connections with mod_perl?" which seems to be freqently enought to get
mentioned. Of course, it's also answered with ResourcePool :)
please find the patch below...
somebody better suggestions?
-markus
- - - - - - - - - - - - -
Markus Winand
e-mail: mw...@fa...
web: www.fatalmind.com
--- FAQ.pod.1.25 Sat Jan 4 15:26:55 2003
+++ FAQ.pod Wed Jan 8 18:32:32 2003
@@ -1031,22 +1031,65 @@
print ldap_error_name($result->code);
-=head2 How can I simiulate server failover.
+=head2 How can I simulate server failover?
Perl-LDAP does not do server failover, however there are several
programming options for getting around this situation.
-Here is one possible solution.
+One is to use the ResourcePool package since the ResourcePool::LoadBalancer
+can handle failover for LDAP. The following example
+demonstrates a simple failover configuration using
+ResourcePool::LoadBalancer:
- unless ( $ldaps =
- Net::LDAPS->new($ldapserverone,
- port=>636,timeout=>5) )
- {
- $ldaps = Net::LDAPS->new($ldapservertwo,
- port=>636,timeout=>20) ||
- return
- "Can't connect to $ldapserverone or $ldapservertwo via LDAPS: $@";
- }
+ use ResourcePool;
+ use ResourcePool::Factory::Net::LDAP;
+ use ResourcePool::LoadBalancer;
+
+ # create a pool to a ldap server
+ my $factory1 = ResourcePool::Factory::Net::LDAP->new("ldap.you.com");
+ my $pool1 = ResourcePool->new($factory1);
+
+ # create a pool to another ldap server
+ my $factory2 = ResourcePool::Factory::Net::LDAP->new("ldap2.you.com");
+ my $pool2 = ResourcePool->new($factory2);
+
+ # create an empty loadbalancer with a FallBack policy
+ my $loadbalancer = ResourcePool::LoadBalancer->new("LDAP",
+ Policy => "FallBack");
+
+ # add the first pool to the LoadBalancer
+ # since this LoadBalancer was configured to use the FallBack
+ # policy, this is the primary used pool
+ $loadbalancer->add_pool($pool1);
+
+ # add the second pool to the LoadBalancer.
+ # This pool is only used when first pool fails
+ $loadbalancer->add_pool($pool2);
+
+ # get a ldap connection
+ my $ldaph = $loadbalancer->get();
+
+ # add your code here
+
+ # release the ldap connection
+ $loadbalancer->free($ldaph);
+
+ResourcePool is available on CPAN, please refer to the included
+documentation for further details.
+
+=head2 How do I get persistent LDAP connections with mod_perl?
+
+There is no direct equivalent to Apache::DBI for LDAP.
+
+But anyway, the ResourcePool package supports persistent connections.
+So if you use ResourcePool to manage your LDAP connections
+ResourcePool will manage those connections persistent when you use
+Apache/mod_perl.
+Very similar to Apache::DBI, ResourcePool will also handle broken
+connections and re-establish them as needed.
+
+ResourcePool is available on CPAN, please refer to the included
+documentation for further details.
=head1 Using X.509 certificates.
|
|
From: Peter M. <pet...@ma...> - 2003-01-07 19:06:40
|
Hi, On Tuesday 07 January 2003 19:16, Jim Harle wrote: > > So you could use something like "(cn=3DJohan Lindstrom)" for your fil= ter. > > You could also set your base to "cn=3Dusers,dc=3Dad,dc=3Dbossmedia,dc= =3Dse" > > if you wanted to just look in the users portion of the tree. > That may still not do the trick. The cn's are part of the structure of = the > DN (Distinguished Name), they are not necessarily an attribute with the > same name. Johan didn't say what he was trying to do. IIRC, the RFCs say, that the RDN (attribute name and it's value) of an ob= ject has to be present as an attribute of the object as well. So "(cn=3DJohan Lindstrom)" should be a safe bet for a filter if (and onl= y=20 if ;-) MS adheres to the standards. Of course your solution works in either case. Yours Peter --=20 Peter Marschall | eMail: pet...@ma... Scheffelstra=DFe 15 | pet...@ad... D-97072 W=FCrzburg | Tel: +49 931 14721 PGP: 0BB1 04A3 0FB0 E27F 8018 52BA A286 7B23 9C22 2C83 |
|
From: Chris R. <chr...@ma...> - 2003-01-07 18:32:11
|
On 7/1/03 6:16 pm, Jim Harle <ha...@us...> wrote: > That may still not do the trick. The cn's are part of the structure of the DN > (Distinguished Name), they are not necessarily an attribute with the same > name. Johan didn't say what he was trying to do. If he just wants If the entry has a DN of <cn=Johan Lindstrom,cn=users,dc=ad,dc=bossmedia,dc=se> then the entry BY DEFINITION has an attribute called cn with a value of Johan Lindstrom! There's no guarantee the cn attribute has any other values, and there's no guarantee that you will be able to read or search the cn attribute or any of its values. > information > about the object whose DN is known he should use: > > my $mesg = $oLdap->search ( >>> base => "dc=cn=Johan Lindstrom,cn=users,ad,dc=bossmedia,dc=se", >>> filter => "(objectClass=*)", Right, except there's a cut and paste error: base should have that leading "dc=" in front of the "ad,", and you'd probably also want scope => 'base'. > The last line is something that is guaranteed to work. It is certainly the recommended way to "read" an entry, though it could still fail if there were access controls prohibiting that filter. Sure it is unlikely, but it is possible. > --Jim Harle Cheers, Chris |
|
From: Jim H. <ha...@us...> - 2003-01-07 18:16:25
|
That may still not do the trick. The cn's are part of the structure of the DN (Distinguished Name), they are not necessarily an attribute with the same name. Johan didn't say what he was trying to do. If he just wants information about the object whose DN is known he should use: my $mesg = $oLdap->search ( > > base => "dc=cn=Johan Lindstrom,cn=users,ad,dc=bossmedia,dc=se", > > filter => "(objectClass=*)", The last line is something that is guaranteed to work. --Jim Harle On Tue, 7 Jan 2003, Ian Logan wrote: > Hello Johan, > Your sysadmin has given you a DN. If you're going to do a search, > you really only want to look at the last component, the cn=Johan Lindstrom > part. > > So you could use something like "(cn=Johan Lindstrom)" for your filter. > You could also set your base to "cn=users,dc=ad,dc=bossmedia,dc=se" > if you wanted to just look in the users portion of the tree. > > On Tue, Jan 07, 2003 at 05:24:33PM +0000, Graham Barr wrote: > > ----- Forwarded message from Johan Lindstrom <jo...@ba...> ----- > > > > Date: Tue, 07 Jan 2003 15:27:15 +0100 > > To: gb...@po... > > From: Johan Lindstrom <jo...@ba...> > > Subject: Net::LDAP syntax Q > > > > Hi! > > > > Sorry for the intrusion, but I thought you might have the easy answer to a > > question I have for using Net::LDAP. Please don't put any time into it if > > you don't want. > > > > Given this syntax I got from my local Windows sysadmin: > > ENUMPROP "LDAP://cn=Johan Lindstrom,cn=users,dc=ad,dc=bossmedia,dc=se" > > > > What would the corresponding Net::LDAP syntax be? The closes I got was: > > > > my $mesg = $oLdap->search ( > > base => "dc=ad,dc=bossmedia,dc=se", > > filter => "(&(cn=Johan Lindstrom) (cn=users))", > > ) or die($oLdap->error()); > > > > But that only says it works and doesn't match anything (whereas the command > > above does). > > > > > > /J > > -------- ------ ---- --- -- -- -- - - - - - > > Johan Lindstr?m Sourcerer @ Boss Casinos jo...@ba... > > > > Latest bookmark: "Pack-Unpack Tutorial (aka How the System Stores..." > > http://www.perlmonks.org/index.pl?node_id=224666 > > dmoz (1 of 6): /Arts/Animation/Cartoons/Titles/ 84 > > > > > > > > ----- End forwarded message ----- > > > > > > ------------------------------------------------------- > > This SF.NET email is sponsored by: > > SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! > > http://www.vasoftware.com > > -- > Ian Logan > Information and Communication Technologies > New Mexico State University > Email: ia...@nm... Phone: 505-646-6034 Fax: 505-646-4560 > > > > ------------------------------------------------------- > This SF.NET email is sponsored by: > SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! > http://www.vasoftware.com > |
|
From: Ian L. <ia...@nm...> - 2003-01-07 17:43:08
|
Hello Johan, Your sysadmin has given you a DN. If you're going to do a search, you really only want to look at the last component, the cn=Johan Lindstrom part. So you could use something like "(cn=Johan Lindstrom)" for your filter. You could also set your base to "cn=users,dc=ad,dc=bossmedia,dc=se" if you wanted to just look in the users portion of the tree. On Tue, Jan 07, 2003 at 05:24:33PM +0000, Graham Barr wrote: > ----- Forwarded message from Johan Lindstrom <jo...@ba...> ----- > > Date: Tue, 07 Jan 2003 15:27:15 +0100 > To: gb...@po... > From: Johan Lindstrom <jo...@ba...> > Subject: Net::LDAP syntax Q > > Hi! > > Sorry for the intrusion, but I thought you might have the easy answer to a > question I have for using Net::LDAP. Please don't put any time into it if > you don't want. > > Given this syntax I got from my local Windows sysadmin: > ENUMPROP "LDAP://cn=Johan Lindstrom,cn=users,dc=ad,dc=bossmedia,dc=se" > > What would the corresponding Net::LDAP syntax be? The closes I got was: > > my $mesg = $oLdap->search ( > base => "dc=ad,dc=bossmedia,dc=se", > filter => "(&(cn=Johan Lindstrom) (cn=users))", > ) or die($oLdap->error()); > > But that only says it works and doesn't match anything (whereas the command > above does). > > > /J > -------- ------ ---- --- -- -- -- - - - - - > Johan Lindstr?m Sourcerer @ Boss Casinos jo...@ba... > > Latest bookmark: "Pack-Unpack Tutorial (aka How the System Stores..." > http://www.perlmonks.org/index.pl?node_id=224666 > dmoz (1 of 6): /Arts/Animation/Cartoons/Titles/ 84 > > > > ----- End forwarded message ----- > > > ------------------------------------------------------- > This SF.NET email is sponsored by: > SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! > http://www.vasoftware.com -- Ian Logan Information and Communication Technologies New Mexico State University Email: ia...@nm... Phone: 505-646-6034 Fax: 505-646-4560 |
|
From: Graham B. <gb...@po...> - 2003-01-07 17:25:13
|
----- Forwarded message from Johan Lindstrom <jo...@ba...> -----
Date: Tue, 07 Jan 2003 15:27:15 +0100
To: gb...@po...
From: Johan Lindstrom <jo...@ba...>
Subject: Net::LDAP syntax Q
Hi!
Sorry for the intrusion, but I thought you might have the easy answer to a
question I have for using Net::LDAP. Please don't put any time into it if
you don't want.
Given this syntax I got from my local Windows sysadmin:
ENUMPROP "LDAP://cn=Johan Lindstrom,cn=users,dc=ad,dc=bossmedia,dc=se"
What would the corresponding Net::LDAP syntax be? The closes I got was:
my $mesg = $oLdap->search (
base => "dc=ad,dc=bossmedia,dc=se",
filter => "(&(cn=Johan Lindstrom) (cn=users))",
) or die($oLdap->error());
But that only says it works and doesn't match anything (whereas the command
above does).
/J
-------- ------ ---- --- -- -- -- - - - - -
Johan Lindström Sourcerer @ Boss Casinos jo...@ba...
Latest bookmark: "Pack-Unpack Tutorial (aka How the System Stores..."
http://www.perlmonks.org/index.pl?node_id=224666
dmoz (1 of 6): /Arts/Animation/Cartoons/Titles/ 84
----- End forwarded message -----
|
|
From: Graham B. <gb...@po...> - 2003-01-06 20:38:01
|
On Mon, Jan 06, 2003 at 08:22:27PM +0000, Stephen Brandon wrote:
> I think I have found the bug -- see below.
> YES -- that's it -- it's the "message" hashes held in ::LDAP objects that
> have the parent references. If these messages are still contained in the
> object, then it won't automatically be destroyed.
>
> I had to do the following after finishing with an LDAP object:
>
> $ldap->{net_ldap_mesg} = "";
Yes that is one place that reference loops are kept, but thay should be managed
to not create problems. It does seem there are some cases where the loops
could be left, preventing DESTROY being called. I will see what can be done,
but it may be that we add a disconnect method that will ensure the connection
is closed and all cleenup done.
Graham.
>
> Then I could create a new ldap object in $ldap, and the 1st one is
> deallocated properly (at last).
>
> Is there a more official way of doing this? I can't see anything particular
> in the source...
>
> So far, I consider this a bug. I can see plenty of occasions where people
> will have made a number of connections and the objects will not have been
> deallocated because of this issue.
>
> Cheers,
> Stephen Brandon
>
>
> >
> > > To fix this for the time being, after getting the Connection Reset error
> > > I (i) call $ldap->unbind, and (ii) close $ldap->socket()
> > >
> > > This seems to stop the file descriptor problem, but I am concerned that
> > > there may be a larger scale memory leak going on.
> > >
> > > - Can anyone shed any light on this?
> > > - Should there be some other method in perl-ldap that does a more
> > > thorough, explicit cleanup?
> >
> > This all ought to happen when the Net::LDAP object is destroyed, eg it goes
> > out of scope. Try adding a Net::LDAP::DESTROY method to see when (if!) it
> > gets called.
> >
> > Cheers,
> >
> > Chris
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
|
7902 messages has been excluded from this view by a project administrator.
