perl-ldap-dev

Search for a DN

[<ra...@gm...>]

Hi 
 
A part of a script i made should search for the value of an Attribute in an
Entry and when the 
attribute does not exist or is empty it should search for the same one level
below. 
 
So far no problems... but to get the Entry wich is one level below the
starting entry i need to 
search fot a DN: 
 
original Entry eg: 
 
cn=item,cn=group,dc=host,dc=com		=> Here i cant find the value i need so... 
 
i search one level below: 
 
cn=group,dc=host,dc=com 
 
So i need to search for "cn=group,dc=host,dc=com". I recognized that i could
not use a DN in a filer 
argument ( "(dn=cn=group,dc=host,dc=com)" ) does not return any results. 
 
So how can i search for an DN or better: How can i get an Entry on wich i
know the DN? 
 
cheers, 
Raffaele 

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net

Added ldifuniq.pl to contrib

[Kartik S. <sub...@co...>]

I have checked in ldifuniq.pl to the contrib directory. It culls unique 
entries from a reference file with respect to a comparison file.

Where this comes in handy is when using ldifdiff.pl against large files 
which are mostly identical (e.g. checking for data drift between two 
directory server LDIF dumps). Using ldifuniq.pl to preprocess both files 
yields smaller files that can be diff'ed much more quickly with ldifdiff.pl.

For more information, see the POD documentation in the script.

	-Kartik

problems when upgrading to IO::Socket::SSL 0.90

[Kartik S. <sub...@co...>]

Just a heads up -- I recently upgraded to IO::Socket::SSL version 0.90, 
and noticed that Net::LDAPS stopped working. Sometimes I get a timeout 
error message, other times I get a general "failed to establish 
connection" message.

Not sure yet whether this is a bug in IO::Socket::SSL or if they changed 
their calling conventions somehow, but I wanted to let everyone know.

	-Kartik

Re: memory-leak ?

[Graham B. <gb...@po...>]

By default Net::LDAP will wait for all entries to be returned
from the server before the ->search method returns. If you are
returning this many entries then it will consume a lot of
memory.

The solution is to use a callback

See http://search.cpan.org/perldoc?Net::LDAP#CALLBACKS

By adding  callback => \&my_callback  to the search arguments and having

sub my_callback {
  my ($mesg, $entry) = @_;
  # Callback is called without an entry when search finishes
  return unless $entry;
  if ($entry->isa('Net::LDAP::Entry')) {
    # Do what you want here, print it etc

    # Ensure the object does not keep the entry around and consume memory
    $mesg->shift_entry;

  }
  elsif ($entry->isa('Net::LDAP::Reference')) {
    # Do what you want with references here
  }
  else {
    warn "Unknown entry type " . ref($entry);
  }
}

Graham.


On Wed, Aug 21, 2002 at 04:00:14PM +0200, Christer Hoel wrote:
> Hi!
> 
> I'm trying the following search:
> 
> $res = $conn->search (              
> 	base    => "ou=$stuff,dc=mycompany,dc=com",
> 	filter  => "(&(objectclass=person)(!(mydate=NONE)))",
> 	attrs   => "[$charge]",                                              
> 	deref   => "never",                                                  
>         scope   => "one"       
> );
> 
> The prog's are perl v5.6.1 on solaris 2.8 using perl-ldap-0.25. The
> directory is iPlanet 4.13.
> 
> The ou=$stuff-tree contains about 27000 objects. This search run
> an run until the perl-process reaches 250 Mb of memory-use and, on my
> machine, runs out of memory. When the same search are performed with
> iPlanets 'ldapsearch' from the shell and concatenated into a file, 
> this file reaches a filesize of only approx. 2,5 Mb.
> 
> Why is perl-ldap eating my memory? Any ideas?
> 
> Christer
> 
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by: OSDN - Tired of that same old
> cell phone?  Get a new here for FREE!
> https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390

memory-leak ?

[Christer H. <ch...@dr...>]

Hi!

I'm trying the following search:

$res = $conn->search (              
	base    => "ou=$stuff,dc=mycompany,dc=com",
	filter  => "(&(objectclass=person)(!(mydate=NONE)))",
	attrs   => "[$charge]",                                              
	deref   => "never",                                                  
        scope   => "one"       
);

The prog's are perl v5.6.1 on solaris 2.8 using perl-ldap-0.25. The
directory is iPlanet 4.13.

The ou=$stuff-tree contains about 27000 objects. This search run
an run until the perl-process reaches 250 Mb of memory-use and, on my
machine, runs out of memory. When the same search are performed with
iPlanets 'ldapsearch' from the shell and concatenated into a file, 
this file reaches a filesize of only approx. 2,5 Mb.

Why is perl-ldap eating my memory? Any ideas?

Christer

Module for CDO access from UNIX??

[Vanole, M. <mik...@at...>]

I would like the ability to look up (or manipulate?) MS Outlook calendar
information from UNIX. Is there something like Net::CDO that provides this
capability?? I'm asking this list since LDAP seems to be a [distant] cousin
of CDO (Active Messaging).

Thanks,
Mike

Re: Problem with referals

[Chris R. <chr...@me...>]

On 20/8/02 10:05 am, Carlos Fuentes Bermejo <car...@re...>
wrote:

> Hello, 
> 
> I have a problem when I use the "search" method with a LDAPv3 directory,
> which have referals to others directories. When I run the next sentence:
> 
> my $mesg = $ldap->search(
>  base       =>   'dc=rediris,dc=es',
>  scope      =>   'one',
>  filter     =>   '(uid=masa)',
>  callback   =>   sub {
>            my ($mesg,$entry) = @_;
>            $dsml->write_entry($entry) if (ref $entry eq
> 'Net::LDAP::Entry');
>            } 
>       ); 
> 
> With this search, I get the follow report error:
> 
> search failed with 9
> Referral: ldap://mater.rediris.es:1389
> 
> How I could solved this problem?, What it is the problem?

If a search causes the server to return referrals, your callback will be
called with an object of class Net::LDAP::Reference instead of class
Net::LDAP::Entry. 

Return code 9 means "partial results", which is the result you get when the
server returns referrals to you (as well as maybe returning matching
entries.)

If you're not using callbacks then you can use $mesg->references() to get
the list of referrals back. (Actually that might work even if you do use
callbacks.)

Note that Net::LDAP does not automatically "chase" referrals for you, as
that is considered by many to be a security risk. It is pretty easy to
follow referrals yourself, and at least then you have control over how you
authenticate to the other servers. I recall the ldapsearch.PL program
provided in the Net::LDAP distribution does referral chasing, so you could
look at the algorithm that script uses for inspiration :-)

Cheers,

Chris

Problem with referals

[Carlos F. B. <car...@re...>]

Hello,=20

I have a problem when I use the "search" method with a LDAPv3 directory,
which have referals to others directories. When I run the next sentence:

my $mesg =3D $ldap->search(=20
   base       =3D>   'dc=3Drediris,dc=3Des',=20
   scope      =3D>   'one',=20
   filter     =3D>   '(uid=3Dmasa)',=20
   callback   =3D>   sub {=20
             my ($mesg,$entry) =3D @_;=20
             $dsml->write_entry($entry) if (ref $entry eq
'Net::LDAP::Entry');=20
             }=20
        );=20

With this search, I get the follow report error:

search failed with 9
Referral: ldap://mater.rediris.es:1389

How I could solved this problem?, What it is the problem?

--=20
 ______________               __          _____________________________
                             /_/
 Carlos Fuentes Bermejo __            __   car...@re...
 RedIRIS/CSIC          /_/  RedIRIS  /_/   Tel:   + 34 915855124
 Serrano,142                 __            Fax:   + 34 915855146
 28006  Madrid              /_/            http://www.rediris.es
 SPAIN                                     Sistemas de Informaci=F3n -=20
                                           Redes Tem=E1ticas=20
					   Co-Responsable de Correo
					   Electr=F3nico=09
____________ Spanish Academic & Research Network ___________________

URGENT: How to create non-leaf nodes in a directory subtree

[Parthasarathi V <vpa...@ci...>]

Hi,
Is there any way to create a non-leaf nodes under a node on a directory =
server.

I need to create a node say

ou=3Duserid_info,ou=3DMA,dc=3Dmyserver,dc=3Dcom
under an existing node ou=3Duser_info,dc=3Dmyserver,dc=3Dcom.

the userid varies for different users, and i want to create the sub node =
dynamically reading the ldap entries from a file where the information =
is available.

Alternately is it possible to create/add an entry without the subtree =
existing on the server using perl-ldap ??

Please respond ASAP.

Thanks,
Partha.

Re: Bug in Filter.pm when using perl 5.004_04.

[Graham B. <gb...@po...>]

The were probably added for performance reasons. They should be
replaced by a + instead of being removed.

Graham.

On Mon, Aug 19, 2002 at 01:32:51PM +0200, Mathias Meisfjordskar wrote:
> 
> Hello all.
> 
> I've just installed Net::LDAP with perl 5.004_04. When using filers I
> get:
> 
> /^(\\.|[^\\*]*)*\*/: regexp *+ operand could be empty at /usit/saruman/gt-u1/mathiasm/.perl/linux/lib/Net/LDAP/Filter.pm line 120.
> BEGIN failed--compilation aborted at /usit/saruman/gt-u1/mathiasm/.perl/linux/lib/Net/LDAP/Search.pm line 11.
> 
> on both line 120 and 125. I removed two '*'s from Filter.pm and
> everything works like a dream. (Shouldn't change the behavior of the
> regex'es.) Patch follows:
> 
> -----------------------------Patch begin-------------------------------------
> 
> --- /usit/dumbo/site/Download/perl-ldap-0.26/lib/Net/LDAP/Filter.pm     Thu Jan 31 15:02:25 2002
> +++ /usit/saruman/gt-u1/mathiasm/.perl/linux/lib/Net/LDAP/Filter.pm     Mon Aug 19 13:21:15 2002
> @@ -117,12 +117,12 @@
>    # If the op is = and contains one or more * not
>    # preceeded by \ then do partial matches
>  
> -  if ($op eq '=' && $val =~ /^(\\.|[^\\*]*)*\*/o ) {
> +  if ($op eq '=' && $val =~ /^(\\.|[^\\*])*\*/o ) {
>  
>      my $n = [];
>      my $type = 'initial';
>  
> -    while ($val =~ s/^((\\.|[^\\*]*)*)\*//) {
> +    while ($val =~ s/^((\\.|[^\\*])*)\*//) {
>        push(@$n, { $type, _unescape("$1") })         # $1 is readonly, copy it
>         if length($1) or $type eq 'any';
> 
> ----------------------------Patch end---------------------------------------
> 
> Hope it helps.
> 
> (I'm not on the list, so if any comments please Cc.)
> 
> 
> Cheers,
> -- 
> Mathias Meisfjordskar
> 
> GNU/Linux addict.
> Debian - What your mom would use if it were twenty times easier.
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by: OSDN - Tired of that same old
> cell phone?  Get a new here for FREE!
> https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390

Bug in Filter.pm when using perl 5.004_04.

[Mathias M. <mat...@us...>]

Hello all.

I've just installed Net::LDAP with perl 5.004_04. When using filers I
get:

/^(\\.|[^\\*]*)*\*/: regexp *+ operand could be empty at /usit/saruman/gt-u1/mathiasm/.perl/linux/lib/Net/LDAP/Filter.pm line 120.
BEGIN failed--compilation aborted at /usit/saruman/gt-u1/mathiasm/.perl/linux/lib/Net/LDAP/Search.pm line 11.

on both line 120 and 125. I removed two '*'s from Filter.pm and
everything works like a dream. (Shouldn't change the behavior of the
regex'es.) Patch follows:

-----------------------------Patch begin-------------------------------------

--- /usit/dumbo/site/Download/perl-ldap-0.26/lib/Net/LDAP/Filter.pm     Thu Jan 31 15:02:25 2002
+++ /usit/saruman/gt-u1/mathiasm/.perl/linux/lib/Net/LDAP/Filter.pm     Mon Aug 19 13:21:15 2002
@@ -117,12 +117,12 @@
   # If the op is = and contains one or more * not
   # preceeded by \ then do partial matches
 
-  if ($op eq '=' && $val =~ /^(\\.|[^\\*]*)*\*/o ) {
+  if ($op eq '=' && $val =~ /^(\\.|[^\\*])*\*/o ) {
 
     my $n = [];
     my $type = 'initial';
 
-    while ($val =~ s/^((\\.|[^\\*]*)*)\*//) {
+    while ($val =~ s/^((\\.|[^\\*])*)\*//) {
       push(@$n, { $type, _unescape("$1") })         # $1 is readonly, copy it
        if length($1) or $type eq 'any';

----------------------------Patch end---------------------------------------

Hope it helps.

(I'm not on the list, so if any comments please Cc.)


Cheers,
-- 
Mathias Meisfjordskar

GNU/Linux addict.
Debian - What your mom would use if it were twenty times easier.

Replacing multivalued attribute using Net::LDAP

[Parthasarathi V <vpa...@ci...>]

Hi,
I'm doing migration across directories and encountered some problem.
My requirement is as follows.
There's an entry with dn pointer followed by a multivalued attribute.

appprofile: =
cn=3Dhlambert-CCNProfile,ou=3Dprofiles,ou=3DCCN,o=3DmyServer.com
appprofile: =
ou=3DMA,ou=3Dhlambert_info,ou=3Duser_info,ou=3DCCN,o=3DmyServer.com

I'm using perl-ldap using which I dump all the information into a ldif =
file and then I've to replace the string ou=3DCCN,o=3DmyServer.com for =
which the string can be passed from an INI file.

I'm using the the get_value('appprofile',asref=3D>1) and I believe it =
returns an array. I want to modify the entries in the array so that the =
"search string" is replaced by "new string" and after that I create the =
entry and write it into another ldif file using which I'm exporting the =
data.
My question is
- Can I modify the individual entries in the array if so how ( I tried =
normal array element replace but it didn't work)
- When I refer to the return value of get_value say $attrValue ( with =
no/default option), then I could change the value only for the first =
element and the second value of the attribute is not written into the =
ldif file.
- any pointers on this will be higly appreciated.

Thanks,
Partha.

Re: Net::LDAP Filter question

[Chris R. <chr...@me...>]

On 15/8/02 7:13 pm, Graham Barr <gb...@po...> wrote:
> As you can see it ignores whitespace before the operator, but not after.

That's reasonable behaviour. If you wanted to match a value that started
with a space, and the server's matching rules supported that, then removing
the whitespace after the operator would be bad.

> Re-reading the RFC I dont really want to change it. If there are other
> libraries that
> ignore whitespace after the operator, I would say they are broken.

Agreed.

Cheers,

Chris

Re: Matching Rules and RFC questions

[Kurt D. Z. <Ku...@Op...>]

At 02:13 PM 2002-08-15, Richard Fernandez wrote:
>Hello there,
>
>I have the following RFC questions regarding LDAP. Is there someone 
>there who can answer these questions?

It might be more appropriate to direct these questions to
a general LDAP list such as <ld...@um...>.  If you
believe a revision to the LDAP RFCs is called for, you should
discuss the specification issue on the IETF LDAPbis WG
<http://www.ietf.org/html.charters/ldapbis-charter.html>
mailing list.

A few quick comments...

>1) RFC 2252 section 6 states "Server SHOULD recognize all the syntaxes 
>described in this section.
>Then on RFC 2256 section 6 states the same thing as above. However, 
>the syntax list between both RFCs are not the same. So does RFC 2256 
>supercede 2252? If not why is there a conflict on the recommended 
>syntaxes. 

There is no conflict.   It is RECOMMENDED that servers recognized
all syntaxes specified in Section 6 of RFC 2252 and all syntaxes
specified in Section 6 of RFC 2256.

RFC 2256 does not supercede RFC 2252.  RFC 2251-2256, 2829, and
2830 (and their normative references) comprise the LDAPv3
technical specification.

>2) RFC 2252 lists 21 matching attribute but I have discovered three 
>more: 
>octetStringMatch
>authPasswordExactMatch
>authPasswordMatch
>
>Are the above new matching rules part of a new LDAP RFC release or just 
>proprietary to certain directory servers.

octetStringMatch is defined in RFC 2256.  authPasswordExactMatch
and authPasswordMatch are defined in RFC 3112.

>3) I work with Active Directory and eTrust (X.500) directory and when I 
>look at their schema objects (attribute, class and syntax definitions) 
>I do not see any schema objects for matching rules. Well if the 
>matching rules are not in the schema how can you use them?

no comment.

>4) Can you reference me to a good LDAP web site that has up to date RFC 
>resources?

http://www.rfc-editor.org

Kurt

Re: ldap-perl query help. URGENT!

[<Bob...@kp...>]

The quick answer is to dereference the value returned from your get  --

# PUll information from ldap record and populate local variables
my $ref = $QUERYRESULTENTRY->get( 'sn' );
my $QUERYLASTNAME = $$ref[0];
print $QUERYLASTNAME;

The longer answer is to use get_vaue() --

        $QUERYLASTNAME = $QUERYRESULTENTRY -> get_value("sn");  It does 
the dereference for you if you call it in scalar context.


B


Bob Goolsby
bob...@kp...
(925) 926-3406



"Sean" <mb...@ba...>
Sent by: per...@li...
08/15/2002 01:10 PM

To
<per...@li...>
cc

bcc

Subject
ldap-perl query help.  URGENT!



 
 
Hello.

I have a problem with a script I'm using to query an ldap server. 
Unfortunately I have to have this script done by tonight so I'm a but
rushed and need some help.


The script should always bring back only one entry, but I will be checking 
that anyway.  Once it comes back I want to pull out 4 attributes and set 
variables to the contents of those attributes for future work.

When I run the script it shows that one record is returned. However I'm 
not getting the contents of the attribute correctly.

Here's the script:

#!/usr/local/bin/perl

use CGI;
use Net::LDAP qw(:all);                      # Use the perl-ldap module

# Query ldap server for student information

$ldap = Net::LDAP->new('148.8.60.60') or die "$@";
$ldap->bind;         # Connect anonymous to server
$attrs = ['EmployeeID','userBirthDate','sn','uid' ];

my $QUERYRESULT = $ldap->search (
                base    => "o=stuorg",
                scope   => "sub",
                filter  => "uid=appletor",
                attrs   =>  $attrs
                );

my $QUERYCOUNT = $QUERYRESULT->count;
print $QUERYCOUNT;

# Verify only one record returned

if ($QUERYCOUNT eq "0") {
        print "query returned no records";
        exit (0);
    }


# Set query result to first record in array.
my $QUERYRESULTENTRY = $QUERYRESULT->entry(0);


# PUll information from ldap record and populate local variables
my $QUERYLASTNAME = $QUERYRESULTENTRY->get( 'sn' );
print $QUERYLASTNAME;




The results are:


hawk:/tmp # ./test.pl
1ARRAY(0x2f5c80)
Thanks!
 
 
Sean O'Brien
Sr. Unix Engineer
AE Business Solutions

Matching Rules and RFC questions

[Richard F. <fer...@sp...>]

Hello there,

I have the following RFC questions regarding LDAP. Is there someone 
there who can answer these questions?

1) RFC 2252 section 6 states "Server SHOULD recognize all the syntaxes 
described in this section.
Then on RFC 2256 section 6 states the same thing as above. However, 
the syntax list between both RFCs are not the same. So does RFC 2256 
supercede 2252? If not why is there a conflict on the recommended 
syntaxes. 


2) RFC 2252 lists 21 matching attribute but I have discovered three 
more: 
octetStringMatch
authPasswordExactMatch
authPasswordMatch

Are the above new matching rules part of a new LDAP RFC release or just 
proprietary to certain directory servers.


3) I work with Active Directory and eTrust (X.500) directory and when I 
look at their schema objects (attribute, class and syntax definitions) 
I do not see any schema objects for matching rules. Well if the 
matching rules are not in the schema how can you use them?

4) Can you reference me to a good LDAP web site that has up to date RFC 
resources?

Thank you ,
Richard


 
 

Net::LDAP::Search question

[Edgington, J. <je...@um...>]

I'm trying to perform a search on AD via the below piece of code... my
understanding is that by setting the below base and scope, the search
should ONLY look in 'CN=3DUsers,DC=3Ddomain,DC=3Dedu' for the item I'm =
looking
for... instead, this is returning results from OUs that aren't under
'Users' (can't be in the first place)... like it's ignoring the scope
entry.... anyone see what I may have wrong?  Thanks for any
help/suggestions in advance.



$baseDN=3D"CN=3DUsers,DC=3Ddomain,DC=3Dedu";
$mesg =3D $ldaps->search(
      base =3D> "CN=3DUsers,DC=3Ddomain,DC=3Dedu",
      scope =3D> 'base',
      filter =3D> "(|(sAMAccountName=3D$sam))",
      attrs =3D> ['userPrincipalName',
'distinguishedName','displayName','showInAddressBook','msExchHomeServerN
ame','homeMDB','legacyExchangeDN']
);

---------------------------------------
Jeffrey Edgington
Systems Administrator
University of Missouri - Rolla
Are you a Spectator or a Participant?
---------------------------------------=20

Re: ldap-perl query help. URGENT!

[Jim H. <ha...@us...>]

Sean,
  Use 'get_value' instead of 'get' in

my $QUERYLASTNAME = $QUERYRESULTENTRY->get( 'sn' );

get always returns an array, get_value returns the first value if it is in
scalar contex, else an array.  Don't forget that attributes as well as entries
can be milti-valued.

  --Jim


On Thu, 15 Aug 2002, Sean wrote:

>
>
> Hello.
>
> I have a problem with a script I'm using to query an ldap server.  Unfortunately I have to have this script done by tonight so I'm a but
> rushed and need some help.
>
>
> The script should always bring back only one entry, but I will be checking that anyway.  Once it comes back I want to pull out 4 attributes and set variables to the contents of those attributes for future work.
>
> When I run the script it shows that one record is returned. However I'm not getting the contents of the attribute correctly.
>
> Here's the script:
>
> #!/usr/local/bin/perl
>
> use CGI;
> use Net::LDAP qw(:all);                      # Use the perl-ldap module
>
> # Query ldap server for student information
>
> $ldap = Net::LDAP->new('148.8.60.60') or die "$@";
> $ldap->bind;         # Connect anonymous to server
> $attrs = ['EmployeeID','userBirthDate','sn','uid' ];
>
> my $QUERYRESULT = $ldap->search (
>                 base    => "o=stuorg",
>                 scope   => "sub",
>                 filter  => "uid=appletor",
>                 attrs   =>  $attrs
>                 );
>
> my $QUERYCOUNT = $QUERYRESULT->count;
> print $QUERYCOUNT;
>
> # Verify only one record returned
>
> if ($QUERYCOUNT eq "0") {
>         print "query returned no records";
>         exit (0);
>     }
>
>
> # Set query result to first record in array.
> my $QUERYRESULTENTRY = $QUERYRESULT->entry(0);
>
>
> # PUll information from ldap record and populate local variables
> my $QUERYLASTNAME = $QUERYRESULTENTRY->get( 'sn' );
> print $QUERYLASTNAME;
>
>
>
>
> The results are:
>
>
> hawk:/tmp # ./test.pl
> 1ARRAY(0x2f5c80)
>
> Thanks!
>
>
> Sean O'Brien
> Sr. Unix Engineer
> AE Business Solutions

ldap-perl query help. URGENT!

[Sean <mb...@ba...>]

Hello.

I have a problem with a script I'm using to query an ldap server.  =
Unfortunately I have to have this script done by tonight so I'm a but
rushed and need some help.


The script should always bring back only one entry, but I will be =
checking that anyway.  Once it comes back I want to pull out 4 =
attributes and set variables to the contents of those attributes for =
future work.

When I run the script it shows that one record is returned. However I'm =
not getting the contents of the attribute correctly.

Here's the script:

#!/usr/local/bin/perl

use CGI;
use Net::LDAP qw(:all);                      # Use the perl-ldap module

# Query ldap server for student information

$ldap =3D Net::LDAP->new('148.8.60.60') or die "$@";
$ldap->bind;         # Connect anonymous to server
$attrs =3D ['EmployeeID','userBirthDate','sn','uid' ];

my $QUERYRESULT =3D $ldap->search (
                base    =3D> "o=3Dstuorg",
                scope   =3D> "sub",
                filter  =3D> "uid=3Dappletor",
                attrs   =3D>  $attrs
                );

my $QUERYCOUNT =3D $QUERYRESULT->count;
print $QUERYCOUNT;

# Verify only one record returned

if ($QUERYCOUNT eq "0") {
        print "query returned no records";
        exit (0);
    }


# Set query result to first record in array.
my $QUERYRESULTENTRY =3D $QUERYRESULT->entry(0);


# PUll information from ldap record and populate local variables
my $QUERYLASTNAME =3D $QUERYRESULTENTRY->get( 'sn' );
print $QUERYLASTNAME;




The results are:


hawk:/tmp # ./test.pl
1ARRAY(0x2f5c80)

Thanks!


Sean O'Brien
Sr. Unix Engineer
AE Business Solutions

Re: Net::LDAP Filter question

[Graham B. <gb...@po...>]

On Thu, Aug 15, 2002 at 09:02:54AM +0100, Chris Ridd wrote:
> Ah, I hadn't noticed the whitespace before. The grammar in RFC 2254 doesn't
> appear to permit additional whitespace in the expression, so you should
> probably try to avoid adding it where you don't need it.

Yeah, I realized that after I posted. I also wrote this test

#!perl -l

use Net::LDAP::Filter;

$filter = "(&(whenCreated >= 20020812000000.0Z) (whenCreated <= 20020812235959.0Z))";
print Net::LDAP::Filter->new($filter)->as_string;

$filter = "(&(whenCreated>=20020812000000.0Z) (whenCreated<=20020812235959.0Z))";
print Net::LDAP::Filter->new($filter)->as_string;
__END__
(&(whenCreated>= 20020812000000.0Z)(whenCreated<= 20020812235959.0Z))
(&(whenCreated>=20020812000000.0Z)(whenCreated<=20020812235959.0Z))

As you can see it ignores whitespace before the operator, but not after.

Re-reading the RFC I dont really want to change it. If there are other libraries that
ignore whitespace after the operator, I would say they are broken.

Graham.

RE: Net::LDAP Filter question

[Chris R. <chr...@me...>]

"Vanole, Mike" <mik...@at...> wrote:
> Thank you for your input Chris. 
> 
> I did look at the RFC first but it couldn't help me with this. The problem
> was so simple I can't believe there was even a problem. 
> 
> This filter fails:
> $filter = "(&(whenCreated >= 20020812000000.0Z) (whenCreated <=
> 20020812235959.0Z))";
> 
> and this filter succeeds:
> $filter = "(&(whenCreated>=20020812000000.0Z)
> (whenCreated<=20020812235959.0Z))";
> 
> The only difference is the space character before and after the ordering
> matches. I don't know if this is by design or specific to my environment,
> but if it is a requirement maybe the next release of Net::LDAP could strip
> this stuff out where required.

Ah, I hadn't noticed the whitespace before. The grammar in RFC 2254 doesn't
appear to permit additional whitespace in the expression, so you should
probably try to avoid adding it where you don't need it.

Possibly the whitespace in front of the values you're testing ("
20020812000000.0Z") are being considered as part of the value to be
compared against, which is also causing problems.

Anyway, I suspect removing unnecessary whitespace from your filter string
will solve at least some of your problems.

Cheers,

Chris

SUMMARY: Testing for existence of attributes

[Craig R. <cra...@ep...>]

I knew this list would come up with the goods.  Thanks to Chris Ridd and Ji=
m Harle for their feedback.

Here's the response from Chris:
----- >% snip ------
This is not entirely what you've asked for, but it solves the problem for
the above scriptlet.

$DS_mesg =3D $ldap->search(...);
if ($DS_mesg->count() !=3D 1) {
    print "Cannot find one entry with this email address\n";
} else {
    $DS_entry =3D $DS_mesg->shift_entry;
    ...
}
----- >% unsnip ------

Here's the response from Jim:
----- >% snip ------
Your statement
    $DS_entry =3D $DS_mesg->shift_entry;
makes the assumption that one or more objects matched your filter.  There a=
re
several approaches to this:

$DS_entry =3D $DS_mesg->shift_entry;
if (defined $DS_entry) {
  $DS_dn =3D $DS_entry->dn;
  print "DN: $DS_dn\n";
} else { print "Sorry\n"}

or

foreach $DS_entry ($DS_mesg->all_entries) {
  $DS_dn =3D $DS_entry->dn;
  print "DN: $DS_dn\n";
}
----- >% unsnip ------

In the end, here is my revised bit of code which does exactly what I'm afte=
r:

use Net::LDAP;
$ldap =3D Net::LDAP->new("test.env.qld.gov.au") or die "$@";
$DS_mesg =3D $ldap->search(base =3D> "o=3Denv,st=3Dqld,c=3Dau",filter =3D> =
"mail=3Dcraig.robinson\@epa.qld.gov.au");
if ($DS_mesg->count() !=3D 1) {
    print "Cannot find one entry with this email address\n";
} else {
  $DS_entry =3D $DS_mesg->shift_entry;
  $DS_dn =3D $DS_entry->dn;
  print "DN: $DS_dn\n";
}
$ldap->unbind;

Hope this helps some others also.

Cheers, Craig

Craig Robinson
Environmental Protection Agency
Tel: (07) 3006 4629     Fax: (07) 3247 6534
Email: cra...@ep...

Visit us at: http://www.epa.qld.gov.au 

RE: Net::LDAP Filter question

[Vanole, M. <mik...@at...>]

Net::LDAP is 0.251
Net::LDAP::Filter is 0.12

Built with perl -MCPAN -e 'install Net::LDAP'

-----Original Message-----
From: Graham Barr [mailto:gb...@po...]
Sent: Wednesday, August 14, 2002 6:29 PM
To: Vanole, Mike
Cc: 'Chris Ridd'; 'per...@li...'
Subject: Re: Net::LDAP Filter question


What versions of Net::LDAP and Net::LDAP::Filter do you have ? Whitespace
should not matter

Graham.

On Wed, Aug 14, 2002 at 06:23:55PM -0500, Vanole, Mike wrote:
> Thank you for your input Chris. 
> 
> I did look at the RFC first but it couldn't help me with this. The problem
> was so simple I can't believe there was even a problem. 
> 
> This filter fails:
> $filter = "(&(whenCreated >= 20020812000000.0Z) (whenCreated <=
> 20020812235959.0Z))";
> 
> and this filter succeeds:
> $filter = "(&(whenCreated>=20020812000000.0Z)
> (whenCreated<=20020812235959.0Z))";
> 
> The only difference is the space character before and after the ordering
> matches. I don't know if this is by design or specific to my environment,
> but if it is a requirement maybe the next release of Net::LDAP could strip
> this stuff out where required.
> 
> Thanks again!
> 
> -----Original Message-----
> From: Chris Ridd [mailto:chr...@me...]
> Sent: Wednesday, August 14, 2002 02:38
> To: Vanole, Mike; 'per...@li...'
> Subject: Re: Net::LDAP Filter question
> 
> 
> On 13/8/02 7:08 pm, Vanole, Mike <mik...@at...> wrote:
> 
> > Thanks for the path to go down.
> > 
> > My ldap admin says the fields are not text so wildcards won't work. He
> 
> Correct. The syntax of your attributes seems to be GeneralizedTime;
> attributes using this syntax typically only allow equality match (=) and
> ordering matches (>= and <=). No substring matching rules are usually
> defined (though you could check your server) and hence no "wildcards" are
> allowed in searches.
> 
> > suggested trying this without the equals symbol, but it also failed (a
bit
> > differently):
> > $filter = "(&(whenCreated > 20020812000000.0Z) (whenCreated <
> > 20020812235959.0Z))";
> > 
> > Bad filter at get_ldap.pl line 63.
> > 
> > This also fails with "Bad filter":
> > my $filter = "(whencreated > 20020812000000.0Z)";
> 
> Also correct; LDAP filters support <= and >=, not < and >. See RFC 2254.
> 
> > I can do this but I still don't achieve my objective of getting under
the
> > server imposed sizelimit:
> > 
> > $whenCreated = $entry->get_value( whenCreated, asref => 0 );
> > 
> > if ($whenCreated =~ /^20020812/) {
> > ..do something perlish...
> > 
> > Working with Net::LDAP and seeking advice from my ColdFusion
counterparts
> I
> > am finding they are only a little helpful because the differences in
> options
> > available between ADO, VB, and ColdFusion (basically NT) and Net::LDAP
are
> > many. For instance I am bumping into a server imposed sizelimit with
> > Net::LDAP that the NT guys don't have. And apparently they don't have
the
> > filter issues I'm having. Is there a *differences* document that anyone
> can
> > point me to? I'm die-hard-perl-on-UNIX so moving to NT is not an option.
> 
> There's no reason you couldn't use the same sort of filter that they're
> using. Do the server logs contain their search filters? If not, consider
> snooping the LDAP network traffic between ColdFusion and the directory.
> Programs like Ethereal <http://www.ethereal.com/> will do this and decode
> lots of protocols (including LDAP :-) automatically.
> 
> Cheers,
> 
> Chris
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by: Dice - The leading online job board
> for high-tech professionals. Search and apply for tech jobs today!
> http://seeker.dice.com/seeker.epl?rel_code=31

Re: Net::LDAP Filter question

[Graham B. <gb...@po...>]

What versions of Net::LDAP and Net::LDAP::Filter do you have ? Whitespace
should not matter

Graham.

On Wed, Aug 14, 2002 at 06:23:55PM -0500, Vanole, Mike wrote:
> Thank you for your input Chris. 
> 
> I did look at the RFC first but it couldn't help me with this. The problem
> was so simple I can't believe there was even a problem. 
> 
> This filter fails:
> $filter = "(&(whenCreated >= 20020812000000.0Z) (whenCreated <=
> 20020812235959.0Z))";
> 
> and this filter succeeds:
> $filter = "(&(whenCreated>=20020812000000.0Z)
> (whenCreated<=20020812235959.0Z))";
> 
> The only difference is the space character before and after the ordering
> matches. I don't know if this is by design or specific to my environment,
> but if it is a requirement maybe the next release of Net::LDAP could strip
> this stuff out where required.
> 
> Thanks again!
> 
> -----Original Message-----
> From: Chris Ridd [mailto:chr...@me...]
> Sent: Wednesday, August 14, 2002 02:38
> To: Vanole, Mike; 'per...@li...'
> Subject: Re: Net::LDAP Filter question
> 
> 
> On 13/8/02 7:08 pm, Vanole, Mike <mik...@at...> wrote:
> 
> > Thanks for the path to go down.
> > 
> > My ldap admin says the fields are not text so wildcards won't work. He
> 
> Correct. The syntax of your attributes seems to be GeneralizedTime;
> attributes using this syntax typically only allow equality match (=) and
> ordering matches (>= and <=). No substring matching rules are usually
> defined (though you could check your server) and hence no "wildcards" are
> allowed in searches.
> 
> > suggested trying this without the equals symbol, but it also failed (a bit
> > differently):
> > $filter = "(&(whenCreated > 20020812000000.0Z) (whenCreated <
> > 20020812235959.0Z))";
> > 
> > Bad filter at get_ldap.pl line 63.
> > 
> > This also fails with "Bad filter":
> > my $filter = "(whencreated > 20020812000000.0Z)";
> 
> Also correct; LDAP filters support <= and >=, not < and >. See RFC 2254.
> 
> > I can do this but I still don't achieve my objective of getting under the
> > server imposed sizelimit:
> > 
> > $whenCreated = $entry->get_value( whenCreated, asref => 0 );
> > 
> > if ($whenCreated =~ /^20020812/) {
> > ..do something perlish...
> > 
> > Working with Net::LDAP and seeking advice from my ColdFusion counterparts
> I
> > am finding they are only a little helpful because the differences in
> options
> > available between ADO, VB, and ColdFusion (basically NT) and Net::LDAP are
> > many. For instance I am bumping into a server imposed sizelimit with
> > Net::LDAP that the NT guys don't have. And apparently they don't have the
> > filter issues I'm having. Is there a *differences* document that anyone
> can
> > point me to? I'm die-hard-perl-on-UNIX so moving to NT is not an option.
> 
> There's no reason you couldn't use the same sort of filter that they're
> using. Do the server logs contain their search filters? If not, consider
> snooping the LDAP network traffic between ColdFusion and the directory.
> Programs like Ethereal <http://www.ethereal.com/> will do this and decode
> lots of protocols (including LDAP :-) automatically.
> 
> Cheers,
> 
> Chris
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by: Dice - The leading online job board
> for high-tech professionals. Search and apply for tech jobs today!
> http://seeker.dice.com/seeker.epl?rel_code=31

RE: Net::LDAP Filter question

[Vanole, M. <mik...@at...>]

Thank you for your input Chris. 

I did look at the RFC first but it couldn't help me with this. The problem
was so simple I can't believe there was even a problem. 

This filter fails:
$filter = "(&(whenCreated >= 20020812000000.0Z) (whenCreated <=
20020812235959.0Z))";

and this filter succeeds:
$filter = "(&(whenCreated>=20020812000000.0Z)
(whenCreated<=20020812235959.0Z))";

The only difference is the space character before and after the ordering
matches. I don't know if this is by design or specific to my environment,
but if it is a requirement maybe the next release of Net::LDAP could strip
this stuff out where required.

Thanks again!

-----Original Message-----
From: Chris Ridd [mailto:chr...@me...]
Sent: Wednesday, August 14, 2002 02:38
To: Vanole, Mike; 'per...@li...'
Subject: Re: Net::LDAP Filter question


On 13/8/02 7:08 pm, Vanole, Mike <mik...@at...> wrote:

> Thanks for the path to go down.
> 
> My ldap admin says the fields are not text so wildcards won't work. He

Correct. The syntax of your attributes seems to be GeneralizedTime;
attributes using this syntax typically only allow equality match (=) and
ordering matches (>= and <=). No substring matching rules are usually
defined (though you could check your server) and hence no "wildcards" are
allowed in searches.

> suggested trying this without the equals symbol, but it also failed (a bit
> differently):
> $filter = "(&(whenCreated > 20020812000000.0Z) (whenCreated <
> 20020812235959.0Z))";
> 
> Bad filter at get_ldap.pl line 63.
> 
> This also fails with "Bad filter":
> my $filter = "(whencreated > 20020812000000.0Z)";

Also correct; LDAP filters support <= and >=, not < and >. See RFC 2254.

> I can do this but I still don't achieve my objective of getting under the
> server imposed sizelimit:
> 
> $whenCreated = $entry->get_value( whenCreated, asref => 0 );
> 
> if ($whenCreated =~ /^20020812/) {
> ..do something perlish...
> 
> Working with Net::LDAP and seeking advice from my ColdFusion counterparts
I
> am finding they are only a little helpful because the differences in
options
> available between ADO, VB, and ColdFusion (basically NT) and Net::LDAP are
> many. For instance I am bumping into a server imposed sizelimit with
> Net::LDAP that the NT guys don't have. And apparently they don't have the
> filter issues I'm having. Is there a *differences* document that anyone
can
> point me to? I'm die-hard-perl-on-UNIX so moving to NT is not an option.

There's no reason you couldn't use the same sort of filter that they're
using. Do the server logs contain their search filters? If not, consider
snooping the LDAP network traffic between ColdFusion and the directory.
Programs like Ethereal <http://www.ethereal.com/> will do this and decode
lots of protocols (including LDAP :-) automatically.

Cheers,

Chris