Menu
▾
▴
perl-ldap-dev
You can subscribe to this list here.
| 2000 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(200) |
Jun
(129) |
Jul
(184) |
Aug
(204) |
Sep
(106) |
Oct
(79) |
Nov
(72) |
Dec
(54) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2001 |
Jan
(83) |
Feb
(123) |
Mar
(84) |
Apr
(184) |
May
(106) |
Jun
(111) |
Jul
(104) |
Aug
(91) |
Sep
(59) |
Oct
(99) |
Nov
(100) |
Dec
(37) |
| 2002 |
Jan
(148) |
Feb
(88) |
Mar
(85) |
Apr
(151) |
May
(80) |
Jun
(110) |
Jul
(85) |
Aug
(43) |
Sep
(64) |
Oct
(89) |
Nov
(59) |
Dec
(42) |
| 2003 |
Jan
(129) |
Feb
(104) |
Mar
(162) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: ¿ÀÇǽº19 <ey...@ms...> - 2002-12-25 18:16:30
|
<html> <head> <meta http-equiv="content-type" content="text/html; charset=euc-kr"> <title>IT º¥Ã³ ÀÓ´ë »ç¹«½Ç - office19 </title> <meta name="generator" content="Microsoft FrontPage 5.0"> </head> <BODY text=black vLink=purple aLink=red link=blue bgColor=white><A href="http://www.office19.co.kr"><IMG height=50 src="http://www.office19.co.kr/mailimage/top_title.gif" width=160 border=0></A><BR> <TABLE style="BORDER-RIGHT: rgb(187,187,187) 1px solid; BORDER-TOP: rgb(187,187,187) 1px solid; BORDER-LEFT: rgb(187,187,187) 1px solid; BORDER-BOTTOM: rgb(187,187,187) 1px solid" cellSpacing=0 cellPadding=0 width=600 border=0> <TBODY> <TR> <TD> <P><SPAN style="FONT-SIZE: 9pt"><A href="http://www.office19.co.kr" target=new><IMG height=200 src="http://www.office19.co.kr/mailimage/top.gif" width=780 border=0></A></SPAN></P></TD></TR> <TR> <TD> <TABLE height="100%" cellSpacing=0 cellPadding=15 width="100%" border=0> <TBODY> <TR> <TD width=770> <TABLE cellSpacing=0 cellPadding=0 width="100%" border=0> <TBODY> <TR> <TD width=200><A onfocus=this.blur() onclick="show_openBrWindow('/show.html','','scrollbars=no, status=no, width=600,height=500')"><IMG height=133 src="http://www.office19.co.kr/mailimage/introduction_show_logo.gif" width=200 border=0></A></TD> <TD width=10 rowSpan=8> <P>¡¡</P></TD> <TD vAlign=top rowSpan=6><A href="http://www.office19.co.kr"><IMG height=143 hspace=10 src="http://www.office19.co.kr/mailimage/introduction_sub1_c.gif" width=493 border=0></A> <TABLE cellSpacing=0 cellPadding=15 border=0> <TBODY> <TR> <TD> <P><SPAN style="FONT-SIZE: 9pt; COLOR: #5b7ea2; TEXT-DECORATION: none"><B>IT º¥Ã³ Àü¿ë ¼ÒÈ£ ÀÓ´ë»ç¹«½Ç 10Mbps/dedicate Àü¿ë¼± Á¦°ø </B><BR><BR></A>ÀÓ´ë »ç¹«½Ç·Î IT°ü·Ã º¥Ã³ÀÎÀ¸·Î ÀÔÁÖÁ¦ÇÑÀ» ÇÕ´Ï´Ù.. ÀÔÁÖ»çÀÇ ÀÎÀû ±¸¼ºÀº ±×·¡ÇÈ,À¥ µðÀÚÀÎ, À¥ ÇÁ·Î±×·¥, À¥ ÇÁ·Î¸ð¼Ç, ÇÁ·Î±×·¥ ¿£Áö´Ï¾î µî ÀÔÁÖ»çÀÇ ¾Æ¿ô¼Ò½Ì ¸¸À¸·Îµµ ÈǸ¢ÇÑ ÀÚ¿øÀÌ µÉ °ÍÀÔ´Ï´Ù. 1ÀÎ ½Ç¿¡¼ 8ÀÎ ½Ç±îÁö ´Ù¾çÇÑ ¹æ Å©±â¿Í Â¥ÀÓ ÀÖ´Â ³»ºÎ ÀÎÅ׸®¾î¿Í ½Ç¼ÓÀû °¡°ÝÀ¸·Î ÀÔÁֻ翡°Ô Á¦°øÇÕ´Ï´Ù. <BR><BR><BR><B><A href="http://www.office19.co.kr/introduction.html#¼Ò°³">10Mbps°íÇ°Áú ±¤ÄÉÀ̺í·Î ±¹³»ÃÖ°í 155Mbps ±¹³» ¹éº»¸Á ¿¬°á </A><BR></B><BR>¿ÀÇǽº19´Â ±âÁ¸ ¼ÒÈ£»ç¹«½ÇµéÀÇ Àü¿ë¼± ¼Óµµ¿¡ ¸¸Á·ÇÏÁö ¸øÇÏ´Â Àü¹® IT º¥Ã³ÀεéÀ» ´ë»óÀ¸·Î E1ÀÇ 5¹è, T1ÀÇ 10¹è ºü¸¥ ¼Óµµ 10Mbps, µ¿ÃàÀÌ ¾Æ´Ñ ±¤¸ðµâ·¯ÀÇ ¾ÈÁ¤µÈ 99.999% °¡¿ë·ü (½Ã½ºÄÚ ¼±Á¤ ³×Æ®¿÷¾ÈÁ¤¼º ºÎ¹® ¼¼°è 1À§ ISP µ¥ÀÌÄÞ º¸¶ó³Ý) Àü¿ë¼±À» »ç¹«½Ç ÀÔÁֽà ¹«·á·Î Á¦°øÇÕ´Ï´Ù. <BR><BR><A href="http://office19.co.kr/contactus.html#¾àµµ"><B>°³²¿ª±îÁö ÁöÇÏö 5Á¤°ÅÀå 15ºÐ³» Á¢±Ù ¿ëÀÌÇÑ ³«¼º´ë¿ª 150¹ÌÅÍ </B><BR><BR>ÀÚ¼¼ÇÑ Á¤º¸´Â </SPAN><A href="http://www.office19.co.kr/"><FONT color=black><B><B><SPAN style="FONT-SIZE: 9pt">Office19.co.kr</SPAN></B></B></FONT></A><FONT color=black><B><B><SPAN style="FONT-SIZE: 9pt"> </SPAN></B></B></FONT><SPAN style="FONT-SIZE: 9pt; COLOR: #5b7ea2; TEXT-DECORATION: none">¿¬¶ôó : 02-878-5353, 011-740-4545 </SPAN></P></TD></TR></TBODY></TABLE>¡¡</TD></TR> <TR> <TD width=200> <P>¡¡</P></TD></TR> <TR> <TD width=200><A onfocus=this.blur() onclick="show_openBrWindow('/show_lobby.html','','scrollbars=no, status=no, width=600,height=500')"><IMG height=133 src="http://www.office19.co.kr/mailimage/introduction_show_lobby.gif" width=200 border=0></A></TD></TR> <TR> <TD width=200> <P>¡¡</P></TD></TR> <TR> <TD width=200><A onfocus=this.blur() onclick="show_openBrWindow('/show_67.html','','scrollbars=no, status=no, width=600,height=500')"><IMG height=133 src="http://www.office19.co.kr/mailimage/introduction_show_67.gif" width=200 border=0></A></TD></TR> <TR> <TD width=200> <P>¡¡</P></TD></TR> <TR> <TD width=200><IMG height=133 src="http://www.office19.co.kr/mailimage/introduction_show_theme.gif" width=200 border=0></TD> <TD> <TABLE cellSpacing=0 cellPadding=0 border=0> <TBODY> <TR> <TD><A onfocus=this.blur() onclick="show_openBrWindow('/show_door.html','','scrollbars=no, status=no, width=600,height=500')"><IMG height=133 src="http://www.office19.co.kr/mailimage/introduction_show_door.gif" width=200 border=0></A></TD> <TD width=10> <P>¡¡</P></TD> <TD><A onfocus=this.blur() onclick="show_openBrWindow('/show_56.html','','scrollbars=no, status=no, width=600,height=500')"><IMG height=133 src="http://www.office19.co.kr/mailimage/introduction_show_56.gif" width=200 border=0></A></TD> <TD width=120> <TABLE cellSpacing=0 cellPadding=3 border=0> <TBODY> <TR> <TD><A href="http://www.office19.co.kr"><IMG height=33 src="http://www.office19.co.kr/mailimage/top_title.gif" width=128 border=0></A></TD></TR> <TR> <TD><SPAN style="FONT-SIZE: 9pt; COLOR: #5b7ea2; TEXT-DECORATION: none"><B>ÁöÇÏö 2È£¼± ³«¼º´ë¿ª 5¹ø Ãⱸ 150¹ÌÅÍ</B></SPAN></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR> <TR> <TD width=200> <P>¡¡</P></TD> <TD> <P>¡¡</P></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE> <DIV align=right> <TABLE cellSpacing=0 cellPadding=0 width="100%" border=0> <TBODY> <TR> <TD> <P>¡¡</P></TD> <TD> <P align=center><SPAN style="FONT-SIZE: 9pt"><BR><IMG height=37 src="http://www.office19.co.kr/mailimage/bt_copy.gif" width=597 border=0><BR>¡¡</SPAN></P></TD></TR></TBODY></TABLE></DIV></TD></TR></TBODY></TABLE> </BODY> </html><br><br><font size=2 color=black>±ÍÇÏÀÇ ¸ÞÀÏÁÖ¼Ò´Â À¥¼ÇÎÁß, ÀÎÅÍ³Ý http://www.softbrain.co.kr/CPANdoc/Net/LDAP/Schema.html¿¡¼ ¾Ë°Ô µÈ°ÍÀÔ´Ï´Ù.E-Mail ÁÖ¼Ò ¿Ü¿¡, ´Ù¸¥ Á¤º¸´Â °®°í ÀÖÁö ¾Ê½À´Ï´Ù.Á¤ÅëºÎ ±Ç°í»çÇ׿¡ ÀÇ°Å Á¦¸ñ¿¡ [±¤°í]¶ó°í Ç¥±âÇÑ ¸ÞÀÏÀÔ´Ï´Ù.</font><br><br><font size=2>¸ÞÀϹ߼ۿ¡ ºÒÆíÀ» µå·È´Ù¸é Á¤ÁßÇÏ°Ô »ç°úµå¸³´Ï´Ù. ¸ÞÀϹޱ⸦ ¿øÄ¡ ¾ÊÀ¸½Ã¸é <a href=http://www.pronetkorea.com/Service/Product/MailGrabber/CheckDenyTrueRegKey.asp?MyRegKey=246&DenyMail=per...@li...>¼ö½Å°ÅºÎ</a>¸¦ ´·¯ÁÖ¼¼¿ä.</font><br><br><font size=2></font> |
|
From: Eric N. <eri...@di...> - 2002-12-24 02:06:51
|
As far as I know the Net::LDAP::Entry does not do recursive deletes.
You'll need to write a recursive function. If you need one let me know.
I've got one laying around here somewhere :)
Gary C. New wrote:
> I am currently using ISPMan 0.9.3 and have made a few
> modifications to the ldap directory to better fit my
> needs. I have run into a little snag in that, now,
> when I try and delete a user account it gives me the
> following error:
>
> Return code: 66
> Error name: LDAP_NOT_ALLOWED_ON_NONLEAF
> Error text:
> Error desc: Operation not allowed on nonleaf
> MessageID: 5
> Error: subtree delete not supported
> Server Error: subtree delete not supported
> DN:
> Canonical DN:
>
>
>
> Package: ISPMan::LDAP
> Filename: /opt/ispman/lib/ISPMan/LDAP.pm
> Line: 646
>
> As stated, the ISPMan::LDAP module can't delete the
> user entry due to additional subtrees I've added to
> the user's directory. Upon looking at the code, it
> seems that the ISPMan::LDAP module is using
> Net::LDAP::Entry to delete the user entry, but it
> isn't configured to do so recursively. The following
> is the subroutine in question:
>
> sub deleteEntry {
> my $self=shift;
> my $dn=shift;
>
> # dont give error. just quit
> # ATIF FixME: 10 May 2002.
> # In future there should be some error reporting
> mech
> # sort of an array of error array etc.
> return unless $self->entryExists($dn);
>
> my $entry=Net::LDAP::Entry->new();
> $entry->changetype("delete");
> $entry->dn($dn);
> $self->log_event("Trying to delete ", $dn , "from
> LDAP");
>
> $entry->delete();
> if (try($entry->update($LDAP))){
> $self->log_event("Entry deleted from LDAP");
> return 1;
> }
> }
>
> Is it possible to recursively delete subtrees of a
> directory using the delete object of Net::LDAP::Entry?
>
> Thank you for your assistance.
>
> Respectfully,
>
>
> Gary
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
>
>
|
|
From: Gary C. N. <gar...@ya...> - 2002-12-23 21:22:24
|
I am currently using ISPMan 0.9.3 and have made a few
modifications to the ldap directory to better fit my
needs. I have run into a little snag in that, now,
when I try and delete a user account it gives me the
following error:
Return code: 66
Error name: LDAP_NOT_ALLOWED_ON_NONLEAF
Error text:
Error desc: Operation not allowed on nonleaf
MessageID: 5
Error: subtree delete not supported
Server Error: subtree delete not supported
DN:
Canonical DN:
Package: ISPMan::LDAP
Filename: /opt/ispman/lib/ISPMan/LDAP.pm
Line: 646
As stated, the ISPMan::LDAP module can't delete the
user entry due to additional subtrees I've added to
the user's directory. Upon looking at the code, it
seems that the ISPMan::LDAP module is using
Net::LDAP::Entry to delete the user entry, but it
isn't configured to do so recursively. The following
is the subroutine in question:
sub deleteEntry {
my $self=shift;
my $dn=shift;
# dont give error. just quit
# ATIF FixME: 10 May 2002.
# In future there should be some error reporting
mech
# sort of an array of error array etc.
return unless $self->entryExists($dn);
my $entry=Net::LDAP::Entry->new();
$entry->changetype("delete");
$entry->dn($dn);
$self->log_event("Trying to delete ", $dn , "from
LDAP");
$entry->delete();
if (try($entry->update($LDAP))){
$self->log_event("Entry deleted from LDAP");
return 1;
}
}
Is it possible to recursively delete subtrees of a
directory using the delete object of Net::LDAP::Entry?
Thank you for your assistance.
Respectfully,
Gary
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
|
|
From: Chris R. <chr...@ma...> - 2002-12-16 13:55:26
|
On 16/12/02 1:30 pm, Eric Nichols <eri...@di...> wrote: > Hi Chris, > I believe I've answered my own question. There are 3 levels of > encryption you can use with openssl: > high >128bit > medium =128bit > low <128bit I think HIGH/MEDIUM/LOW are magic cipher strings in OpenSSL describing a list of ciphersuites: % openssl ciphers HIGH EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:ADH-DES-CBC3-SHA:DES- CBC3-MD5 % openssl ciphers MEDIUM DHE-DSS-RC4-SHA:IDEA-CBC-SHA:RC4-SHA:RC4-MD5:ADH-RC4-MD5:IDEA-CBC-MD5:RC2-CB C-MD5:RC4-MD5 % openssl ciphers LOW EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:ADH-DES-CBC-SHA:RC4-64-M D5:DES-CBC-MD5 Do a "man ciphers" to find out more, including other magic cipher strings. Cheers, Chris |
|
From: Eric N. <eri...@di...> - 2002-12-16 13:29:34
|
Hi Chris,
I believe I've answered my own question. There are 3 levels of
encryption you can use with openssl:
high >128bit
medium =128bit
low <128bit
I basically tested connecting with each level until I figured out which
sucessfully connected:
foreach $cipher ('LOW','MEDIUM','HIGH')
{
$ldaps=undef;
print "Attempting $cipher connection: ";
$ldaps = new Net::LDAPS('192.168.2.100',
port => '636',
ciphers=>$cipher);
if ($ldaps)
{
print $ldaps->cipher() , "\n";
}
else
{
print "Failed\n";
}
}
Eric
Chris Ridd wrote:
> On 14/12/02 6:49 pm, Eric Nichols <eri...@di...> wrote:
>
>
>>Just started using ldaps on winxp, excellent work Chris!
>>
>>I had a quick question, is there a way (once connected) to find out what
>>ciphers the LDAP server supports or should I be checking into openssl docs?
>>Thanks
>>Eric
>
>
> Glad it works!
>
> There's no standard way in LDAP. Some servers might publish this information
> in an attribute of the root DSE, but this isn't standardised anywhere.
>
> There might be something you can do at the SSL layer. Does
> IO::Socket::SSL/Net::SSLeay give any clues?
>
> Cheers,
>
> Chris
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:
> With Great Power, Comes Great Responsibility
> Learn to use your power at OSDN's High Performance Computing Channel
> http://hpc.devchannel.org/
>
>
|
|
From: Chris R. <chr...@ma...> - 2002-12-14 19:13:22
|
On 14/12/02 6:49 pm, Eric Nichols <eri...@di...> wrote: > Just started using ldaps on winxp, excellent work Chris! > > I had a quick question, is there a way (once connected) to find out what > ciphers the LDAP server supports or should I be checking into openssl docs? > Thanks > Eric Glad it works! There's no standard way in LDAP. Some servers might publish this information in an attribute of the root DSE, but this isn't standardised anywhere. There might be something you can do at the SSL layer. Does IO::Socket::SSL/Net::SSLeay give any clues? Cheers, Chris |
|
From: Eric N. <eri...@di...> - 2002-12-14 18:48:53
|
Just started using ldaps on winxp, excellent work Chris! I had a quick question, is there a way (once connected) to find out what ciphers the LDAP server supports or should I be checking into openssl docs? Thanks Eric |
|
From: <ti...@uc...> - 2002-12-13 15:41:56
|
I am using a CGI perl script to show users what the directory knows about them that they are allowed to see. The way I do this is to connect to the directory, find the cert the user presented to the server, and proxying as the user. This worked fine, until we switched to IPlanet 6 Directory server. Then the search for the users cert failed. The script grabs the cert the user presented, performs the substitions required by RFC 2254, and sends it as a filter to the Directory. It seems that how the directory handles binary data has changed. I look in the diretories access logs, and everything in the cert has been escaped. Is there any way to prevent this? |
|
From: Eric N. <eri...@di...> - 2002-12-12 02:23:14
|
I answered my own question. I thought it best to share it with the group. Querying a Global Catalog for list of domain names is easy if each domain is a child domain. Get the default context and walk the tree... The problem I had is that can exist peer domains. These are not viewable through the structure or rootdse record. The solution is a fairly simple query: base="" objectclass=trusteddomain attrib=cn Each object will be a domain name inside the forest. From the cn attribute it's possible to guess the context of each domain (test.root.com = dc=test,dc=root,dc=com). I hope this helps someone! |
|
From: Graham B. <gb...@po...> - 2002-12-11 19:28:21
|
On Wed, Dec 11, 2002 at 10:49:20AM -0800, Eric Stokes wrote:
> Ok, thanks for you help, the actual solution is rather strange.
>
> This does not work
> $result = $ldaps -> modify($dn, replace => [unicodePwd => $pass]);
>
> While this does work
> $result = $ldaps -> modify($dn, replace => {unicodePwd => $pass});
>
> just a guess, we must be sending a ghost operation when [] are used,
> and that is killing the whole transaction. Anyway, thanks again.
Its a bug. In both cases if you replace $pass wit [$pass] it should work.
This gets done for you when using a HASH, it should also when using
an ARRAY
Graham.
>
> -E
>
> On Tuesday, December 10, 2002, at 04:34 PM, Eric Stokes wrote:
>
>
> > Hello Gentlemen. I'm trying set a password in Active Directory via
> > Net::LDAP. I've been running into trouble for a while now. I've
> > read both your posts on the subject, and have tried your solutions.
> > Needless to say, neither of them worked for me.
> >
> > Here is the code I am currently trying. Christopher Bongaarts's
> > method yielded the same result.
> > ...
> > sub MakeUnicodePwd # from Norbert Klasen's post
> >
> > {
> >
> > my $u = latin1("\"".$_[0]."\"");
> >
> > $u->byteswap();
> >
> > return $u->ucs2;
> >
> > }
> > my $pass = MakeUnicodePwd("passw0rd1");
> >
> > $result = $ldaps -> modify($dn, replace => [unicodePwd => $pass]);
> >
> > print $result -> code()."\n";
> >
> > print $result -> error()."\n";
> >
> >
> > The error I get is
> >
> > 19
> > 00002081: AtrErr: DSID-031D0AA0, #1:
> > 0: 00002081: DSID-031D0AA0, problem 1005
> > (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)
> >
> > Constraint violation? Possibly my data is not in the right format?
> > I have verified that the DN I'm binding as has permission to set
> > the password. I'm going over SSL (ciphers => "HIGH"). I've tried
> > various different passwords just to make sure they're not trying to
> > enforce good passwords at the ldap layer. I'm stumped, any ideas
> > would be very helpful.
> >
> >
> > -Eric Stokes
> >
> > Programmer Analyst,
> > Information Technology Resources - Middleware Group,
> > California State University Northridge
>
>
|
|
From: Chris R. <chr...@ma...> - 2002-12-11 19:13:29
|
On 11/12/02 6:49 pm, Eric Stokes <eri...@CS...> wrote:
> Ok, thanks for you help, the actual solution is rather strange.
>
> This does not work
> $result = $ldaps -> modify($dn, replace => [unicodePwd => $pass]);
>
> While this does work
> $result = $ldaps -> modify($dn, replace => {unicodePwd => $pass});
>
> just a guess, we must be sending a ghost operation when [] are used,
> and that is killing the whole transaction. Anyway, thanks again.
I think I've seen that before - if you use [...] you get a replace with an
empty AttributeTypeAndValues SEQUENCE encoded and sent to the server. It
would be a bug if it did that, as that is not legal in LDAP's ASN.1.
I'll see if I can verify that and rustle a patch up, but I'm kind of busy
ATM.
Cheers,
Chris
|
|
From: Eric S. <eri...@CS...> - 2002-12-11 18:49:31
|
Ok, thanks for you help, the actual solution is rather strange.
This does not work
$result = $ldaps -> modify($dn, replace => [unicodePwd => $pass]);
While this does work
$result = $ldaps -> modify($dn, replace => {unicodePwd => $pass});
just a guess, we must be sending a ghost operation when [] are used,
and that is killing the whole transaction. Anyway, thanks again.
-E
On Tuesday, December 10, 2002, at 04:34 PM, Eric Stokes wrote:
> Hello Gentlemen. I'm trying set a password in Active Directory via
> Net::LDAP. I've been running into trouble for a while now. I've read
> both your posts on the subject, and have tried your solutions.
> Needless to say, neither of them worked for me.
>
> Here is the code I am currently trying. Christopher Bongaarts's method
> yielded the same result.
> ...
> sub MakeUnicodePwd # from Norbert Klasen's post
> {
> my $u = latin1("\"".$_[0]."\"");
> $u->byteswap();
> return $u->ucs2;
> }
> my $pass = MakeUnicodePwd("passw0rd1");
> $result = $ldaps -> modify($dn, replace => [unicodePwd => $pass]);
> print $result -> code()."\n";
> print $result -> error()."\n";
>
> The error I get is
>
> 19
> 00002081: AtrErr: DSID-031D0AA0, #1:
> 0: 00002081: DSID-031D0AA0, problem 1005
> (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)
>
> Constraint violation? Possibly my data is not in the right format? I
> have verified that the DN I'm binding as has permission to set the
> password. I'm going over SSL (ciphers => "HIGH"). I've tried various
> different passwords just to make sure they're not trying to enforce
> good passwords at the ldap layer. I'm stumped, any ideas would be very
> helpful.
>
>
> -Eric Stokes
>
> Programmer Analyst,
> Information Technology Resources - Middleware Group,
> California State University Northridge |
|
From: Wai Un <un...@tr...> - 2002-12-11 14:31:20
|
subscribe |
|
From: <Nor...@av...> - 2002-12-11 08:54:30
|
Hi Eric,
does the user you're bound as have the right to reset the password of =
the target DN entry?
Which cypher is used by the ldaps object?
=20
Norbert
-----Urspr=FCngliche Nachricht-----=20
Von: Eric Stokes [mailto:eri...@cs...]=20
Gesendet: Mi 11.12.2002 01:34=20
An: Norbert Klasen; Christopher A Bongaarts=20
Cc: per...@li...=20
Betreff: Re: Changing passwords in Active Directory
=09
=09
Hello Gentlemen. I'm trying set a password in Active Directory via =
Net::LDAP. I've been running into trouble for a while now. I've read =
both your posts on the subject, and have tried your solutions. Needless =
to say, neither of them worked for me.=20
Here is the code I am currently trying. Christopher Bongaarts's method =
yielded the same result.=20
...=20
sub MakeUnicodePwd # from Norbert Klasen's post=20
{=20
my $u =3D latin1("\"".$_[0]."\"");=20
$u->byteswap();=20
return $u->ucs2;=20
}=20
my $pass =3D MakeUnicodePwd("passw0rd1");=20
$result =3D $ldaps -> modify($dn, replace =3D> [unicodePwd =3D> =
$pass]);=20
print $result -> code()."\n";=20
print $result -> error()."\n";=20
The error I get is=20
19=20
00002081: AtrErr: DSID-031D0AA0, #1:=20
0: 00002081: DSID-031D0AA0, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, =
Att 9005a (unicodePwd)=20
Constraint violation? Possibly my data is not in the right format? I =
have verified that the DN I'm binding as has permission to set the =
password. I'm going over SSL (ciphers =3D> "HIGH"). I've tried various =
different passwords just to make sure they're not trying to enforce good =
passwords at the ldap layer. I'm stumped, any ideas would be very =
helpful.=20
-Eric Stokes=20
Programmer Analyst,=20
Information Technology Resources - Middleware Group,=20
California State University Northridge
|
|
From: Chris R. <chr...@ma...> - 2002-12-11 07:13:26
|
On 11/12/02 12:34 am, Eric Stokes <eri...@cs...> wrote:
> Hello Gentlemen. I'm trying set a password in Active Directory via
> Net::LDAP. I've been running into trouble for a while now. I've read
> both your posts on the subject, and have tried your solutions. Needless
> to say, neither of them worked for me.
>
> Here is the code I am currently trying. Christopher Bongaarts's method
> yielded the same result.
> ...
> sub MakeUnicodePwd # from Norbert Klasen's post
> {
> my $u = latin1("\"".$_[0]."\"");
> $u->byteswap();
> return $u->ucs2;
> }
> my $pass = MakeUnicodePwd("passw0rd1");
> $result = $ldaps -> modify($dn, replace => [unicodePwd => $pass]);
> print $result -> code()."\n";
> print $result -> error()."\n";
>
> The error I get is
>
> 19
> 00002081: AtrErr: DSID-031D0AA0, #1:
> 0: 00002081: DSID-031D0AA0, problem 1005 (CONSTRAINT_ATT_TYPE),
> data 0, Att 9005a (unicodePwd)
>
> Constraint violation? Possibly my data is not in the right format? I
Maybe, but there are more appropriate errors to return in that case (eg
invalidAttributeSyntax).
Is there a password policy set in the directory somewhere which your
passwords aren't complying with?
Are you binding as v3? The semantics of replace are (subtly!) different in
LDAPv2.
A longer shot this - is unicodePwd single- or multi-valued, and does it
contain a password before your code is run? I've seen constraint violations
returned (from other directories) when trying to add multiple values to a
single-valued attribute. I know "replace" is meant to cope with all that
but...
Cheers,
Chris
|
|
From: Eric S. <eri...@cs...> - 2002-12-11 00:35:40
|
Hello Gentlemen. I'm trying set a password in Active Directory via
Net::LDAP. I've been running into trouble for a while now. I've read
both your posts on the subject, and have tried your solutions. Needless
to say, neither of them worked for me.
Here is the code I am currently trying. Christopher Bongaarts's method
yielded the same result.
...
sub MakeUnicodePwd # from Norbert Klasen's post
{
my $u = latin1("\"".$_[0]."\"");
$u->byteswap();
return $u->ucs2;
}
my $pass = MakeUnicodePwd("passw0rd1");
$result = $ldaps -> modify($dn, replace => [unicodePwd => $pass]);
print $result -> code()."\n";
print $result -> error()."\n";
The error I get is
19
00002081: AtrErr: DSID-031D0AA0, #1:
0: 00002081: DSID-031D0AA0, problem 1005 (CONSTRAINT_ATT_TYPE),
data 0, Att 9005a (unicodePwd)
Constraint violation? Possibly my data is not in the right format? I
have verified that the DN I'm binding as has permission to set the
password. I'm going over SSL (ciphers => "HIGH"). I've tried various
different passwords just to make sure they're not trying to enforce
good passwords at the ldap layer. I'm stumped, any ideas would be very
helpful.
-Eric Stokes
Programmer Analyst,
Information Technology Resources - Middleware Group,
California State University Northridge |
|
From: Chris R. <chr...@ma...> - 2002-12-10 11:34:54
|
On 10/12/02 10:58 am, Edouard FAUCHILLE <edo...@pa...> wrote: > > Hi, > > I'm still trying to develop my perl server in order to make communicate ldap > client with sql databases. > > I manage the first step (bindRequest / bindResponse), but I have > difficulties with the searchRequest : i don't manage to get the information > in the filter because of the tree structure. > Is there a function (maybe in Data::Dumper) which convert the filter from > the tree structure (with tab, hash ...) into linear structure (as > "sn=joe,givenName=too" ). > > Thanks a lot for your help, > Edouard. Net::LDAP::Filter has an as_string method, which looks as though it might work. Cheers, Chris |
|
From: Edouard F. <edo...@pa...> - 2002-12-10 10:57:42
|
Hi, I'm still trying to develop my perl server in order to make communicate ldap client with sql databases. I manage the first step (bindRequest / bindResponse), but I have difficulties with the searchRequest : i don't manage to get the information in the filter because of the tree structure. Is there a function (maybe in Data::Dumper) which convert the filter from the tree structure (with tab, hash ...) into linear structure (as "sn=joe,givenName=too" ). Thanks a lot for your help, Edouard. |
|
From: Jim H. <ha...@us...> - 2002-12-09 16:12:01
|
Check $mesg->count() for the number of 'successes' you have. Zero means you didn't get anything. $mesg->code() is for nastier things. --Jim Harle On Fri, 6 Dec 2002, Eric Santonacci wrote: > Hello list, > > I'm quite new with Net::LDAP module and I have a question about > ldapsearch. > > I have the following perl code: > > > $mesg = $ldap->search ( # perform a search > base => "ou=people, o=test, c=net", > filter => "uid=$uid" > ); > > > When the $uid is in LDAP database everything is fine, if $uid is not in > LDAP, $mesg->code returns 0 (means "success"). But it couldn't find any > answer. Is that a normal answer for LDAP? I expected to have an answer > like "Not Found". Currently, I need to check $entry->get_value to see if > I have an error or not to ensure ldapsearch found or not a record. > > But may be you have better solution... > > > Congratulations to the developers of Net::LDAP which is a good module. > regards > -- > Eric Santonacci > TALC Informatique > http://www.talc.fr > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > |
|
From: Lone W. C. <hol...@lo...> - 2002-12-09 07:31:25
|
<html>
<head>
<title>Lone Wolf Cigar Specials</title>
</head>
<body>
<table>
<TR>
<td><a href ="http://www.lonewolfcigars.com"><img src="http://www.lonewolfcigars.com/images/LoneWolfSpecials.jpg" width="637" height="825" alt="" border="0"></a></td>
<tr>
<td><b><FONT color=#336633
size=2>To stop receiving emails of this sort from Lone Wolf Cigars, you
may do so by replying to this message with the word "unsubscribe" as the
subject.<br>Sales and Promotion of Lone Wolf products is only intended exclusively for adults age 18 and over </FONT> </b></td></tr>
</table>
</body>
</html>
|
|
From: Tim C. <tim...@to...> - 2002-12-08 18:24:32
|
>===== Original Message From Tim Connop <tim...@to...> ===== I have a small perl script to test out SMTP Auth. Now this works fine on W2K/Activeperl 5.6.1 but under RH/Perl 5.8.0 I get the message "No SASL mechanism found". I have installed the Authen module (2.02) correctly, and this is all that was required under W2K. Can anyone give me any pointers on this issue? I'm posting here because that's where it says to on the notes. Regards, Tim Update: I've done a lot of digging and it appears that the problems are related to the install. There were no specific install steps (that i could find) so I just did the usual (decomp, unpack, perl Makefile.PL, make, make test & make install). However on the make test the t/cram_md5 line was skipped with the statement "all skipped, no reason given". All of the other lines were ok though. Can anyone suggest why this could be the case and what i could do to get round it? regards, Tim |
|
From: <dp...@ds...> - 2002-12-06 16:09:54
|
As it's something I'm interested in using, and I'd seen it mentioned that other people would like to see it as well, I went ahead and hacked a copy of Net/LDAPS.pm to create LDAPI.pm. It works perfectly, just replacing IO::Socket::INET with IO::Socket::UNIX. -- Derrik Pates dp...@ds... dp...@vo... |
|
From: Graham B. <gb...@po...> - 2002-12-06 15:00:32
|
----- Forwarded message from Wai Un <un...@tr...> ----- Date: Fri, 06 Dec 2002 14:45:36 +0100 To: gb...@po... From: Wai Un <un...@tr...> Subject: Authen:SASL EXTERNAL authentication Q&As Hallo Mr. Graham Barr, this week I 've tried to build a simple LDAP client that uses the Authen::SASL modules you've written , I had some problems concerning using the Authen::SASL framework to use the SASL EXTERNAL mechanism. The SASL EXTERNAL mechanism determines the authentication identity of a client form an external source, e.g. from X.509 client certificates that are exchanged during the negotiation of a security layer as TLS, so I figure if there is a way to pass the certificate/key path of the client to the SASL layer. How does Authen::SASL work in a EXTERNAL mechanism scenario? Please kindly give me some advice and thank you. regards, Un ----- End forwarded message ----- |
|
From: Chris R. <chr...@ma...> - 2002-12-06 09:24:10
|
On 6/12/02 8:18 am, Eric Santonacci <Eri...@ta...> wrote: > Hello list, > > I'm quite new with Net::LDAP module and I have a question about > ldapsearch. > > I have the following perl code: > > > $mesg = $ldap->search ( # perform a search > base => "ou=people, o=test, c=net", > filter => "uid=$uid" > ); > > > When the $uid is in LDAP database everything is fine, if $uid is not in > LDAP, $mesg->code returns 0 (means "success"). But it couldn't find any > answer. Is that a normal answer for LDAP? I expected to have an answer > like "Not Found". Currently, I need to check $entry->get_value to see if > I have an error or not to ensure ldapsearch found or not a record. That's correct - searches can succeed but return no results. You can call $mesg->count() to find out how many results you got back - see the Net::LDAP::Search man page. Cheers, Chris |
|
From: Michael M. <mmn...@gm...> - 2002-12-06 08:34:41
|
This is a normal answer for LDAP. A search without results is not an error
in any way.
Florian
-----Ursprungliche Nachricht-----
Von: per...@li...
[mailto:per...@li...]Im Auftrag von Eric
Santonacci
Gesendet: Freitag, 6. Dezember 2002 09:18
An: per...@li...
Betreff: ldapsearch question.
Hello list,
I'm quite new with Net::LDAP module and I have a question about
ldapsearch.
I have the following perl code:
$mesg = $ldap->search ( # perform a search
base => "ou=people, o=test, c=net",
filter => "uid=$uid"
);
When the $uid is in LDAP database everything is fine, if $uid is not in
LDAP, $mesg->code returns 0 (means "success"). But it couldn't find any
answer. Is that a normal answer for LDAP? I expected to have an answer
like "Not Found". Currently, I need to check $entry->get_value to see if
I have an error or not to ensure ldapsearch found or not a record.
But may be you have better solution...
Congratulations to the developers of Net::LDAP which is a good module.
regards
--
Eric Santonacci
TALC Informatique
http://www.talc.fr
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
|
7902 messages has been excluded from this view by a project administrator.
![http://www.office19.co.kr/mailimage/top_title.gif"](http://www.office19.co.kr/mailimage/top_title.gif"){kind=link}
![http://www.office19.co.kr/mailimage/top.gif"](http://www.office19.co.kr/mailimage/top.gif"){kind=link}
![http://www.office19.co.kr/mailimage/introduction_show_logo.gif"](http://www.office19.co.kr/mailimage/introduction_show_logo.gif"){kind=link}
![http://www.office19.co.kr/mailimage/introduction_sub1_c.gif"](http://www.office19.co.kr/mailimage/introduction_sub1_c.gif"){kind=link}
![http://www.office19.co.kr/mailimage/introduction_show_lobby.gif"](http://www.office19.co.kr/mailimage/introduction_show_lobby.gif"){kind=link}
![http://www.office19.co.kr/mailimage/introduction_show_67.gif"](http://www.office19.co.kr/mailimage/introduction_show_67.gif"){kind=link}
![http://www.office19.co.kr/mailimage/introduction_show_theme.gif"](http://www.office19.co.kr/mailimage/introduction_show_theme.gif"){kind=link}
![http://www.office19.co.kr/mailimage/introduction_show_door.gif"](http://www.office19.co.kr/mailimage/introduction_show_door.gif"){kind=link}
![http://www.office19.co.kr/mailimage/introduction_show_56.gif"](http://www.office19.co.kr/mailimage/introduction_show_56.gif"){kind=link}
![http://www.office19.co.kr/mailimage/bt_copy.gif"](http://www.office19.co.kr/mailimage/bt_copy.gif"){kind=link}
![http://www.lonewolfcigars.com/images/LoneWolfSpecials.jpg"](http://www.lonewolfcigars.com/images/LoneWolfSpecials.jpg"){kind=link}