perl-ldap-dev

0.26 DSML.pm error

[Clif H. <cl...@di...>]

Graham,

We have any error in the DSML.pm file.

Here is my trace back.



--- Begin Traceback ---
Can't use string ("start_document") as a symbol ref while "strict refs" in use at /usr/local/lib/perl5/site_perl/5.6.1/Net/LDAP/DSML.pm line 653.
Net::LDAP::DSML::pp::AUTOLOAD at /usr/local/lib/perl5/site_perl/5.6.1/Net/LDAP/DSML.pm line 653
Net::LDAP::DSML::_dsml_context at /usr/local/lib/perl5/site_perl/5.6.1/Net/LDAP/DSML.pm line 311
Net::LDAP::DSML::write_schema at /usr/local/lib/perl5/site_perl/5.6.1/Net/LDAP/DSML.pm line 440
main::schema at ./tklkup line 1685
[\&main::schema]
Tk callback for .frame.button
Tk::__ANON__ at /usr/local/lib/perl5/site_perl/5.6.1/i686-linux/Tk.pm line 228
Tk::Button::butUp at /usr/local/lib/perl5/site_perl/5.6.1/i686-linux/Tk/Button.pm line 111
(command bound to event)


Regards,

Clif 















> 
> perl-ldap-0.26 has been uploaded to CPAN.
> 
> Graham.
> 
> ----- Forwarded message from PAUSE <up...@p1...> -----
> 
> Date: Thu, 18 Jul 2002 15:13:03 +0200
> To: "Graham Barr" <GB...@cp...>, cpa...@pe...
> From: PAUSE <up...@p1...>
> Subject: CPAN Upload: G/GB/GBARR/perl-ldap-0.26.tar.gz
> 
> The uploaded file
> 
>     perl-ldap-0.26.tar.gz
> 
> has entered CPAN as
> 
>   file: $CPAN/authors/id/G/GB/GBARR/perl-ldap-0.26.tar.gz
>   size: 199812 bytes
>    md5: fe0810d663b9d04c536e6dfab8f55777
> 
> No action is required on your part
> Request entered by: GBARR (Graham Barr)
> Request entered on: Thu, 18 Jul 2002 13:11:08 GMT
> Request completed:  Thu, 18 Jul 2002 13:13:03 GMT
> 
> 	Virtually Yours,
> 	Id: paused,v 1.80 2002/03/10 06:40:03 k Exp k 
> 
> ----- End forwarded message -----
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> 


-- 

Accessing attributes with the same name

[Isaac <tom...@so...>]

I am working on a cablemodem registration script that collects 
information on the user, and stores it in an ldap database.  So far 
everything is working fine, but I'm not sure how I should go about 
implementing the next stage.

As it is the database requires that I store 2 ip addresses and 2 mac 
addresses for each user (one for the modem, and one for the client).  My 
question is this:  How do I distinguish between the modem mac address/ip 
and the client?

Also, at the moment, if the user registers a new device on the network 
their old entry is overwritten. I would like the user to be able to 
register multiple devices, and to have the database keep distinct 
records for each device.

Here is how the attributes are laid out in my script:

$CreateArray = [
		objectClass		=> 
["ipHost","ieee802Device","person","organizationalPerson"],
		cn				=> $query->param('login'),
		sn				=> $query->param('name'),			userPassword		=> $query->param('pass')
,
		street			=> $query->param('address'),
		telephoneNumber	=> $query->param('phone'),
		ipHostNumber		=> $client_IP,
		macAddress		=> $client_MAC,
		ipHostNumber		=> $modem_IP,
		macAddress		=> $query->param('modem_MAC'),
    ];

Thank you for your time,
	
	-Isaac Davis-King

[Fwd] CPAN Upload: G/GB/GBARR/perl-ldap-0.26.tar.gz

[Graham B. <gb...@po...>]

perl-ldap-0.26 has been uploaded to CPAN.

Graham.

----- Forwarded message from PAUSE <up...@p1...> -----

Date: Thu, 18 Jul 2002 15:13:03 +0200
To: "Graham Barr" <GB...@cp...>, cpa...@pe...
From: PAUSE <up...@p1...>
Subject: CPAN Upload: G/GB/GBARR/perl-ldap-0.26.tar.gz

The uploaded file

    perl-ldap-0.26.tar.gz

has entered CPAN as

  file: $CPAN/authors/id/G/GB/GBARR/perl-ldap-0.26.tar.gz
  size: 199812 bytes
   md5: fe0810d663b9d04c536e6dfab8f55777

No action is required on your part
Request entered by: GBARR (Graham Barr)
Request entered on: Thu, 18 Jul 2002 13:11:08 GMT
Request completed:  Thu, 18 Jul 2002 13:13:03 GMT

	Virtually Yours,
	Id: paused,v 1.80 2002/03/10 06:40:03 k Exp k 

----- End forwarded message -----

Re: GSSAPI, Authen::SASL{::Cyrus} and Net::LDAP

[<jh...@of...>]

Ok, I removed Mark's Authen::SASL::Cyrus and reinstalled Simon's
Authen::SASL::Cyrus and ::GSSAPI.  Then I copied the GSSAPI.pm you
provided to Authen/SASL/Perl/.

Added the Plugins line you suggested below to my test app, and now
I get:

> ./test_netldap_sasl_basic 
generic failure at /usr/lib/perl5/site_perl/5.6.1/Authen/SASL/Perl/GSSAPI.pm line 34

That line being:

Authen::SASL::GSSAPI::initial($self->{'_gssapi'});

Which in turn croaks due to:

my $mesg=Authen::SASL::Cyrus::start($self->{'conn'},"GSSAPI");

returning undef.  It looks like it is being passed valid stuff, and
a look at the code for the start function seems to indicate that it
only returns undef if it gets an error back from the SASL library, so
maybe something's not quite right on my end.

I'll poke at it some more and let you know if I make any progress.
Thanks for providing the GSSAPI module.

Jason

On Wed, Jul 17, 2002 at 11:08:40AM +0100, Graham Barr wrote:
> 
> I have not tested this, but attached is a module for Authen::SASL 2.0 that should
> allow you to use Simons GSSAPI module. As Simons Cyrus module is not written for 2.0
> you will also need todo
> 
>   use Authen::SASL;
>   @Authen::SASL::Plugins = qw(Authen::SASL::Perl);
> 
> Of course Simons module has a module called Authen::SASL::Cyrus, so you cannot
> have his and Marks modules installed together.
> 
> Graham.

Re: GSSAPI, Authen::SASL{::Cyrus} and Net::LDAP

[Graham B. <gb...@po...>]

On Wed, Jul 17, 2002 at 10:13:59AM +0100, Simon Wilkinson wrote:
> On Wednesday 17 July 2002 01:42, jhe...@of... wrote:
> > Anyone have this working?  Is it possible with just Authen::SASL::Cyrus?
> > Or do I still need an Authen::SASL::GSSAPI module?  If so, anyone
> > working on an updated one and need a beta tester?  :)
> 
> Several people have asked me if I'm going to look at this! I intend to at 
> some point, but at present we've got something that works (we've just frozen 
> at a version of Net::LDAP that works with my GSSAPI module). I'm not likely 
> to get round to looking at any changes until late September at the earliest.

I have not tested this, but attached is a module for Authen::SASL 2.0 that should
allow you to use Simons GSSAPI module. As Simons Cyrus module is not written for 2.0
you will also need todo

  use Authen::SASL;
  @Authen::SASL::Plugins = qw(Authen::SASL::Perl);


Of course Simons module has a module called Authen::SASL::Cyrus, so you cannot
have his and Marks modules installed together.

Graham.

Re: GSSAPI, Authen::SASL{::Cyrus} and Net::LDAP

[Simon W. <si...@sx...>]

On Wednesday 17 July 2002 01:42, jhe...@of... wrote:
> Anyone have this working?  Is it possible with just Authen::SASL::Cyrus?
> Or do I still need an Authen::SASL::GSSAPI module?  If so, anyone
> working on an updated one and need a beta tester?  :)

Several people have asked me if I'm going to look at this! I intend to at 
some point, but at present we've got something that works (we've just frozen 
at a version of Net::LDAP that works with my GSSAPI module). I'm not likely 
to get round to looking at any changes until late September at the earliest.

Cheers,

Simon.
-- 
Simon Wilkinson            <si...@sx...>          http://www.sxw.org.uk
"When all you have is an axe, every problem looks like fun"

GSSAPI, Authen::SASL{::Cyrus} and Net::LDAP

[<jhe...@of...>]

Environment:
Perl 5.6.1
Net::LDAP 0.251
Authen::SASL 2.02
Authen::SASL::Cyrus 0.05

Trying to use Net::LDAP with GSSAPI authentication.  I know GSSAPI
authentication against my LDAP server works in my environment outside
of Perl (ldapsearch, etc.)  I also had it working within Perl with an
earlier version of Net::LDAP and the Authen::SASL::GSSAPI module from
Simon Wilkinson.  However, with the latest stuff I get:

> ./test_netldap_sasl_basic 
SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context at ./test_netldap_sasl_basic line 11.
Segmentation fault

Where test_netldap_sasl_basic is:

--------------------------------------------------
#!/usr/bin/perl -w

use Net::LDAP;
use Authen::SASL;

my $ldap = Net::LDAP->new('ldap1.aput.net') || die "$@";

my $sasl = Authen::SASL->new(mechanism => 'GSSAPI');

my $mesg = $ldap->bind('uid=test', sasl => $sasl, version => 3);
$mesg->code && die $mesg->error;
--------------------------------------------------

Anyone have this working?  Is it possible with just Authen::SASL::Cyrus?
Or do I still need an Authen::SASL::GSSAPI module?  If so, anyone
working on an updated one and need a beta tester?  :)

Jason

Re: Any help...

[Bing Du <du...@mo...>]

Is /usr/perl5/site_perl/5.005/Net listed in the list of directories
returned by the following command?

 % perl -e 'print "@INC"'

If not, you will want to include 

  use lib '/usr/perl5/site_perl/5.005/Net';

before

  use NET::LDAP;

Bing Du <bi...@ta..., 979-845-9577>
Texas A&M University, CIS, Operating Systems, Unix

On Tue, 16 Jul 2002, Khandelwal, Radhesham (Radhesham) % wrote:

> Hello,
> I have a problem, I am unable to run my perl script at command line of Unix.
> perl script has just 2 lines.
> 
> #! usr/bin/perl
> use NET::LDAP;
> 
> it end up throwing error
> 
> Can't locate Net/LDAP.pm in @INC (@INC contains...path) at ldap_test.pl line
> 2.
> 
> I have LDAP.pm package existing at /usr/perl5/site_perl/5.005/Net
> I have all other scripts running, even DBI too.
> 
> 
> 
> I will appreciate your help
> Thanks
> Sham
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by: Jabber - The world's fastest growing 
> real-time communications platform! Don't just IM. Build it in! 
> http://www.jabber.com/osdn/xim
> 

Any help...

[Khandelwal, R. (R. % <sh...@ag...>]

Hello,
I have a problem, I am unable to run my perl script at command line of Unix.
perl script has just 2 lines.

#! usr/bin/perl
use NET::LDAP;

it end up throwing error

Can't locate Net/LDAP.pm in @INC (@INC contains...path) at ldap_test.pl line
2.

I have LDAP.pm package existing at /usr/perl5/site_perl/5.005/Net
I have all other scripts running, even DBI too.



I will appreciate your help
Thanks
Sham

Vacances - Immo - Auto - Animaux - Emplois - SMS

[<ge...@we...>]

 
 Si ce message vous importune et ne plus en recevoir.
  allez sur:  http://www.freevisit.net/maillistvacances/gestion.html   
 
 et Mille pardons pour ce désagrément
 
 Gérard
 
 --------------------------------------------------------------------
-
Bonjour à tous !

C'est les vacances ...  cool
Nous avons placé un nouveau programme sur tous nos sites.
Il vous permet de vous créer une Home Page avec photo et texte ( que vous pouvez modifier quand vous le souhaitez ) et l'inscrire dans nos annuaires et autre moteurs de recherche.
http://www.freevisit.net

Egalement 5 SMS Gratuits par jour
http://www.freevisit.net

et bien sûr:
Les Annonces photos des Locations saisonnières
Les Annonces photos des Loisirs
Les Annonces photos Immobilières
Les Annonces photos Animalières
Les Annonces photos de Rencontres
Les Annonces photos Emplois
Les Annonces photos Automobiles
http://www.freevisit.net

et ...  et Les 30 Annuaires Régionaux Français et des Pays Francophones
+
l'Annuaire des PROfessionnels du TOURISME

et 

l'Annuaire des PROfessionnels de L'IMMObilier
http://www.freevisit.net

* * * * *
 Passez de Bonnes Vacances

Gérard

--------------------------

.


 
 Pour vous désabonner, allez sur :http://www.freevisit.net/maillistvacances/gestion.html

Re: start_tls with verify=>none and certificate verify failed error

[Graham B. <gb...@po...>]

Thanks, I have applied the patch to CVS

Graham.

On Tue, Jul 16, 2002 at 12:07:33AM +0200, Herbert Straub wrote:
> Graham Barr wrote:
> 
> >Could someone verify this with
> >
> >  http://monty.mutatus.co.uk/~gbarr/perl-ldap-0.25_03.tar.gz
> >
> >and send a patch if it needs it. I cannot test anything SSL right now.
> >
> >Graham.
> >  
> >
> With the version from your URL i get the same error with start_tls:
> 
> Net::SSLeay::connect Error: error:14090086:SSL 
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> start_tls returns: 1 Operations error
> 
> With my attached patch, the start_tls returns success and the connection 
> are established. Now, if i call start_tls with the argument verify => 
> 'require' then i get the same error as i descriped above (that is correct).
> 
> I think, the problem is with the Option Arguments wich are passed from 
> the start_tls routine to the IO::Socket::SSL::socketToSSL routine. With 
> my patch, the Arguments are passed to socketToSSL routine, without this 
> patch, it seems that the Options are lost. In the ChangeLog of 
> IO-Socket-SSL v0.81 i found the following two points:
> 
> - calling context_init twice destroyed global context. fix from
> Jason Heiss <jh...@of...>.
> - socketToSSL() now respects context's SSL verify setting
> reported by Uri Guttman <ur...@st...>.
> 
> The difference of SSL.pm v.80 - v.81 shows:
> 
> # ***** socketToSSL
> 
> # support for startTLS.
> sub socketToSSL {
> my $sock = shift;
> + my $args = shift || {};
> my $r;
> 
> if(!$sock) {
> croak 'usage: IO::Socket::SSL::socketToSSL(socket)';
> }
> + _preBlessInitAttrs($sock, fileno($sock));
> 
> # transform IO::Socket::INET to IO::Socket::SSL.
> 
> # create an SSL object.
> my $ssl_obj;
> - if( ! ($ssl_obj = SSL_SSL->new($sock, {})) ) {
> - return undef; # can't create SSL_SSL.
> + if( ! ($ssl_obj = SSL_SSL->new($sock, $args)) ) {
> + my $err_str = IO::Socket::SSL::_get_SSL_err_str();
> + return IO::Socket::SSL::_myerror($sock, "socketToSSL(): " .
> + "unable to create SSL object");
> }
> 
> It looks like, that the call of context_init in LDAP.pm::start_tls is 
> useless for the socketToSSL routine:
> 
> IO::Socket::SSL::context_init( { Net::LDAPS::SSL_context_init_args($arg) 
> } );
> IO::Socket::SSL::socketToSSL($sock, 
> {Net::LDAPS::SSL_context_init_args($arg)})
> 
> I don't know if the first line is for the operation of start_tls 
> obsolet, or if it is required on another point?
> 
> 
> Herbert

> --- LDAP.pm.ORIG	Mon Jul 15 07:02:29 2002
> +++ LDAP.pm	Mon Jul 15 07:04:17 2002
> @@ -808,7 +808,7 @@
>    require Net::LDAPS;
>    $arg->{sslversion} = 'tlsv1' unless defined $arg->{sslversion};
>    IO::Socket::SSL::context_init( { Net::LDAPS::SSL_context_init_args($arg) } );
> -  IO::Socket::SSL::socketToSSL($sock)
> +  IO::Socket::SSL::socketToSSL($sock, {Net::LDAPS::SSL_context_init_args($arg)})
>      ? $mesg
>      : _error($ldap, $mesg, LDAP_OPERATIONS_ERROR, $@);
>  }

Re: start_tls with verify=>none and certificate verify failed error

[Herbert S. <h.s...@ao...>]

Graham Barr wrote:

>Could someone verify this with
>
>  http://monty.mutatus.co.uk/~gbarr/perl-ldap-0.25_03.tar.gz
>
>and send a patch if it needs it. I cannot test anything SSL right now.
>
>Graham.
>  
>
With the version from your URL i get the same error with start_tls:

Net::SSLeay::connect Error: error:14090086:SSL 
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
start_tls returns: 1 Operations error

With my attached patch, the start_tls returns success and the connection 
are established. Now, if i call start_tls with the argument verify => 
'require' then i get the same error as i descriped above (that is correct).

I think, the problem is with the Option Arguments wich are passed from 
the start_tls routine to the IO::Socket::SSL::socketToSSL routine. With 
my patch, the Arguments are passed to socketToSSL routine, without this 
patch, it seems that the Options are lost. In the ChangeLog of 
IO-Socket-SSL v0.81 i found the following two points:

- calling context_init twice destroyed global context. fix from
Jason Heiss <jh...@of...>.
- socketToSSL() now respects context's SSL verify setting
reported by Uri Guttman <ur...@st...>.

The difference of SSL.pm v.80 - v.81 shows:

# ***** socketToSSL

# support for startTLS.
sub socketToSSL {
my $sock = shift;
+ my $args = shift || {};
my $r;

if(!$sock) {
croak 'usage: IO::Socket::SSL::socketToSSL(socket)';
}
+ _preBlessInitAttrs($sock, fileno($sock));

# transform IO::Socket::INET to IO::Socket::SSL.

# create an SSL object.
my $ssl_obj;
- if( ! ($ssl_obj = SSL_SSL->new($sock, {})) ) {
- return undef; # can't create SSL_SSL.
+ if( ! ($ssl_obj = SSL_SSL->new($sock, $args)) ) {
+ my $err_str = IO::Socket::SSL::_get_SSL_err_str();
+ return IO::Socket::SSL::_myerror($sock, "socketToSSL(): " .
+ "unable to create SSL object");
}

It looks like, that the call of context_init in LDAP.pm::start_tls is 
useless for the socketToSSL routine:

IO::Socket::SSL::context_init( { Net::LDAPS::SSL_context_init_args($arg) 
} );
IO::Socket::SSL::socketToSSL($sock, 
{Net::LDAPS::SSL_context_init_args($arg)})

I don't know if the first line is for the operation of start_tls 
obsolet, or if it is required on another point?


Herbert

Re: ldap authentication is driving me to drink

[eric G. <eri...@wa...>]

----- Original Message -----
From: Chris Ronstadt <not...@ho...>
To: <per...@li...>
Sent: Tuesday, July 09, 2002 4:33 PM
Subject: ldap authentication is driving me to drink


> I am trying to do an ldap authentication program (still) and no matter
what
> I do I am having problems and I am extremely new to both perl and ldap and
> am having trouble finding any decent documentation on it I am about ready
to
> go crazy with this, here is my WHOLE program and the web output I get, any
> help at all would be beyond apreciated:
>
> #!/usr/bin/perl
>
> #Get HTML Input
> my $field;
>
> &GetFormInput;
> my $name = $field{'name'} ;
> my $password = $field{'password'} ;
>
> #use strict;
> use Net::LDAP;
>
> #ldap search variables
>         my $results;
>         my $matchAttr = "uid";
>         my $baseDN = "ou=People,o=alcdsb.on.ca";
>         my @attrs;
>
> #error checking
>         my $errorMsg;
>         my $error;
>         my $bindError;
>
> #variables for dn
>         my $ent;
>         my $dn;
>         my $mesg;
>
> #variables for html retrieval
>         my $i;
>         my @fval;
>         my $val;
>         my %field;
>
> #connect to LDAP server
>      my $ldapServer = "mail.alcdsb.on.ca";
>      my $ldapPort = 389;
>
>      my $ldap = Net::LDAP -> new($ldapServer, port => $ldapPort,
>                                                           debug=>1)
>                 or die "LDAP Server Connection Failed :$error";
> #Annonymous Query to LDAP baseed on DN
>     $results = $ldap->search(
>                                   base => $baseDN,
>                                   scope => "sub",
>                                   filter => "$matchAttr=$name"
>                                   attrs => @attrs,
>                                   $dn => dn
>                                 );
>
> # request all available attributes
>         @attrs = ();
>
> #check for search error
>          $error = $results->code();
>          if ($error != 0){
>                   $errorMsg =  "Critical LDAP search failed";
>                   printError();
>                   }
>
>          if ($results->count ==0) {
>                 $errorMsg= "Invalid Authentication Information";
>                 printError();
>      }
>
> #get DN
>         # while  ($ent = $results -> shift_entry())
>         # {
>                 #$ent = results -> shift_entry();
> #               $dn = $ent -> dn;
> #        }
>
>
> #bind user
>         $mesg =$ldap->bind(dn=>$dn, password=>$password);
>
> #bind fails
>                          $bindError = $mesg->code();
>                          if ($bindError > 0) {
>                                 $errorMsg="Invalid Authentication
> Information";
>
>                                 printError();
>
>      }
>
> print "<html>\n" ;
> print "<head>\n" ;
> print "<title>Success</title>\n" ;
> print '<meta http-equiv="Content-Type" content="text/html;
> charset=iso-8859-1">'
> ."\n" ;
> print "</head>\n" ;
> print "\n" ;
> print '<body bgcolor="#FFFFFF" text="#000000">'."\n" ;
> print "Privilaged Info so yeah\n" ;
> print "<br><br><br>\n" ;
> print "</body>\n" ;
> print "</html>\n" ;
>
> sub printError {
> print "Content-type: text/html\n\n";
> print "<html>\n" ;
> print "<head>\n" ;
> print "<title>Error</title>\n" ;
> print '<meta http-equiv="Content-Type" content="text/html;
> charset=iso-8859-1">'
> ."\n" ;
> print "</head>\n" ;
> print "\n" ;
> print '<body bgcolor="#FFFFFF" text="#000000">'."\n" ;
> print "$errorMsg<br><br><br>\n" ;
> print "</body>\n" ;
> print "</html>\n" ;
> }
>
> sub GetFormInput {
> #Rerreive from form
>
>         (*fval) = @_ if @_ ;
>
>         local ($buf);
>         if ($ENV{'REQUEST_METHOD'} eq 'POST') {
>         if ($ENV{'REQUEST_METHOD'} eq 'POST') {
>                 read(STDIN,$buf,$ENV{'CONTENT_LENGTH'});
>         }
>         else {
>                 $buf=$ENV{'QUERY_STRING'};
>         }
>         if ($buf eq "") {
>                         return 0 ;
>                 }
>         else {
>                 @fval=split(/&/,$buf);
>                 foreach $i (0 .. $#fval){
>                         ($name,$val)=split (/=/,$fval[$i],2);
>                         $val=~tr/+/ /;
>                         $val=~ s/%(..)/pack("c",hex($1))/ge;
>                         $name=~tr/+/ /;
>                         $name=~ s/%(..)/pack("c",hex($1))/ge;
>
>                         if (!defined($field{$name})) {
>                                 $field{$name}=$val;
>                         }
>                         else {
>                                 $field{$name} .= ",$val";
>                         }
>                    }
>                 }
> return 1;
> }
>
> web output no matter what DN style that I ahve there that I use is:
>
>
> Invalid Authentication Information
>
>
> Content-type: text/html Invalid Authentication Information
>
>
> Privilaged Info so yeah
>
>
>
> _________________________________________________________________
> MSN Photos is the easiest way to share and print your photos:
> http://photos.msn.com/support/worldwide.aspx
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Stuff, things, and much much more.
> http://thinkgeek.com/sf

I just look at your code and  I see in search method

>                                   base => $baseDN,
>                                   scope => "sub",
>                                   filter => "$matchAttr=$name"
>                                   attrs => @attrs,
>                                   $dn => dn
 IMHO , you must have :  attrs=>\@attrs  like  attrs =>['cn','uid' ] eg.
and  what is   $dn=>dn  ???

$a+
eric german

Re: Net::LDAP::extension buglet and PasswdModify exop example

[Graham B. <gb...@po...>]

On Fri, Jul 12, 2002 at 04:42:08PM +0200, Arne Georg Gleditsch wrote:
> * Graham Barr
> > When the last person asked about this I posted the attached module.
> >
> > Install it as Net/LDAP/Extension/SetPassword.pm and then you
> > should be able todo
> >
> > use Net::LDAP::Extension::SetPassword;
> >
> > $result = $ldap->set_password(
> >   user => $user,
> >   oldpasswd => $old,
> >   newpasswd => $new
> > );
> >
> > And if you are expecting the server to generate a new password
> >
> > $result->gen_password; # Need a better name ??
> >
> > But nobody got back to say if it worked (I cannot test it)
> 
> How ungrateful.  This works as a charm for me, both supplying a new
> password and letting slapd generate one for me, with and without the
> user dn explicitly given.  (Supplying a value for old password yields
> the error message "use bind to verify old password", but that's
> probably server specific and perfectly acceptable.)

Thanks for letting me know. I will add it in.

I may be pushing my luck here, but as you know how this all works (which is
probably more than me) do you feel like contributing a POD for it ?

And can you think of a better name for gen_password, my thouught is that
generated_password is too long, what do people think ?

Thanks,
Graham.

Re: Net::LDAP::extension buglet and PasswdModify exop example

[Arne G. G. <ar...@li...>]

* Graham Barr
> When the last person asked about this I posted the attached module.
>
> Install it as Net/LDAP/Extension/SetPassword.pm and then you
> should be able todo
>
> use Net::LDAP::Extension::SetPassword;
>
> $result = $ldap->set_password(
>   user => $user,
>   oldpasswd => $old,
>   newpasswd => $new
> );
>
> And if you are expecting the server to generate a new password
>
> $result->gen_password; # Need a better name ??
>
> But nobody got back to say if it worked (I cannot test it)

How ungrateful.  This works as a charm for me, both supplying a new
password and letting slapd generate one for me, with and without the
user dn explicitly given.  (Supplying a value for old password yields
the error message "use bind to verify old password", but that's
probably server specific and perfectly acceptable.)

Of course, I still need to patch Net/LDAP.pm:

--- Net/LDAP.pm~        Fri Jul 12 16:33:53 2002
+++ Net/LDAP.pm Fri Jul 12 16:34:06 2002
@@ -566,7 +566,7 @@
     if $ldap->{net_ldap_version} < 3;
 
   $mesg->encode(
-    extendedRequest => {
+    extendedReq => {
       requestName  => $arg->{name},
       requestValue => $arg->{value}
     },

But that's no surprise.

Thanks,

							Arne.

Re: Net::LDAP::extension buglet and PasswdModify exop example

[Graham B. <gb...@po...>]

On Fri, Jul 12, 2002 at 03:57:33PM +0200, Arne Georg Gleditsch wrote:
> Hi,
> 
> I've attempted to access my LDAP server's password modify extended
> operation via Net::LDAP, and found what appears to be a bug.  In
> Net::LDAP::extension a message is encoded with the key
> "extendedRequest".  This does not match the id "extendedReq" which is
> used in Net::LDAP::ASN (and elsewhere in Net::LDAP as well), and
> attempts to use $ldap->extension consequently bomb out.
> 
> Upon rectifying this, however, I'm able to access the password modify
> operation as below, which might perhaps make for a good example of the
> exop-functionality to include with Net::LDAP.  I know I would have
> appreciated it. :)

When the last person asked about this I posted the attached module.

Install it as Net/LDAP/Extension/SetPassword.pm and then you
should be able todo

use Net::LDAP::Extension::SetPassword;

$result = $ldap->set_password(
  user => $user,
  oldpasswd => $old,
  newpasswd => $new
);

And if you are expecting the server to generate a new password

$result->gen_password; # Need a better name ??

But nobody got back to say if it worked (I cannot test it)

If it works, I will add it to the distribution.

Graham.

Re: start_tls with verify=>none and certificate verify failed error

[Graham B. <gb...@po...>]

Could someone verify this with

  http://monty.mutatus.co.uk/~gbarr/perl-ldap-0.25_03.tar.gz

and send a patch if it needs it. I cannot test anything SSL right now.

Graham.

On Thu, Jul 11, 2002 at 10:10:42AM +0200, Herbert Straub wrote:
> I see in the CVS LDAP.pm V1.33 that the start_tls is modified, but i 
> think, that the parameter handling is nor correct. Please see the 
> details below.
> 
> See also Debian Bug report: #150413. The patch in this report does not 
> put the start_tls Parameter to the socketToSSL Routine. Without the 
> Paramter verify => 'none' i get the error:
> 
> Net::SSLeay::connect Error: error:14090086:SSL 
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> 
> See details below.
> 
> $ dpkg -l libnet-ldap-perl libio-socket-ssl-perl
> Desired=Unknown/Install/Remove/Purge/Hold
> | Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed
> |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: 
> uppercase=bad)
> ||/ Name               Version            Description
> +++-==================-==================-==================================================== 
> 
> ii  libnet-ldap-perl   0.25-2             A Client interface to LDAP 
> servers.
> ii  libio-socket-ssl-p 0.81-1             Class implementing an object 
> oriented interface to S
> $
> 
> In my test perl script, the following line returns an error:
> $mesg = $ldap->start_tls (verify => 'none');
> 
> On the LDAP Server in debug mode i can see:
> 
> a:~# slapd  -d 1 -h "ldap:/// ldaps:///"
> [...]
> connection_get(10): got connid=0
> connection_read(10): checking for input on id=0
> TLS trace: SSL_accept:before/accept initialization
> TLS trace: SSL_accept:SSLv3 read client hello A
> TLS trace: SSL_accept:SSLv3 write server hello A
> TLS trace: SSL_accept:SSLv3 write certificate A
> TLS trace: SSL_accept:SSLv3 write server done A
> TLS trace: SSL_accept:SSLv3 flush data
> TLS trace: SSL_accept:error in SSLv3 read client certificate A
> TLS trace: SSL_accept:error in SSLv3 read client certificate A
> connection_get(10): got connid=0
> connection_read(10): checking for input on id=0
> TLS trace: SSL3 alert read:fatal:unknown CA
> TLS trace: SSL_accept:failed in SSLv3 read client certificate A
> TLS: can't accept.
> TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca 
> s3_pkt.c:985
> connection_read(10): TLS accept error error=-1 id=0, closing
> connection_closing: readying conn=0 sd=10 for close
> connection_close: conn=0 sd=10
> 
> With the this patch on SSL.pm
> # diff -u SSL.pm.orig SSL.pm
> --- SSL.pm.orig Wed Jul  3 10:39:39 2002
> +++ SSL.pm      Wed Jul  3 10:39:45 2002
> @@ -505,6 +505,7 @@
>   my $ssl = $ssl_obj->get_ssl_handle();
>   if ( ($r = Net::SSLeay::connect($ssl)) <= 0 ) { # ssl/s23_clnt.c
>     my $err_str = IO::Socket::SSL::_get_SSL_err_str();
> +    print "Net::SSLeay::connect Error: $err_str\n";
>     return IO::Socket::SSL::_myerror($sock,"socketToSSL(): connect 
> failed");
>   }
> 
> #
> 
> The $mesg = $ldap->start_tls (verify => 'none');
> 
> prints out:
> Net::SSLeay::connect Error: error:14090086:SSL 
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> 
> With the input from 
> http://www.rosat.mpe-garching.mpg.de/mailing-lists/perl-ldap/2002-05/msg00037.html 
> 
> 
> I modified the LDAP.pm:
> 
> # diff -u LDAP.pm.orig LDAP.pm
> --- LDAP.pm.orig        Wed Jul  3 11:03:50 2002
> +++ LDAP.pm     Wed Jul  3 11:04:00 2002
> @@ -790,7 +790,7 @@
>   require Net::LDAPS;
>   $arg->{sslversion} = 'tlsv1' unless defined $arg->{sslversion};
>   IO::Socket::SSL::context_init( { 
> Net::LDAPS::SSL_context_init_args($arg) } );
> -  (IO::Socket::SSL::socketToSSL($sock) and tie *{$sock}, 
> 'IO::Socket::SSL', $sock)
> +  (IO::Socket::SSL::socketToSSL($sock,{ 
> Net::LDAPS::SSL_context_init_args($arg) } ))
>     ? $mesg
>     : _error($ldap, $mesg, LDAP_OPERATIONS_ERROR, $@);
> }
> #
> 
> and the start_tls returns success.
> 
> The TLS Messages from the LDAP:
> 
> TLS trace: SSL_accept:before/accept initialization
> TLS trace: SSL_accept:SSLv3 read client hello A
> TLS trace: SSL_accept:SSLv3 write server hello A
> TLS trace: SSL_accept:SSLv3 write certificate A
> TLS trace: SSL_accept:SSLv3 write server done A
> TLS trace: SSL_accept:SSLv3 flush data
> TLS trace: SSL_accept:error in SSLv3 read client certificate A
> TLS trace: SSL_accept:error in SSLv3 read client certificate A
> connection_get(10): got connid=0
> connection_read(10): checking for input on id=0
> TLS trace: SSL_accept:SSLv3 read client key exchange A
> TLS trace: SSL_accept:SSLv3 read finished A
> TLS trace: SSL_accept:SSLv3 write change cipher spec A
> TLS trace: SSL_accept:SSLv3 write finished A
> TLS trace: SSL_accept:SSLv3 flush data
> 
> [...]
> 
> connection_closing: readying conn=0 sd=10 for close
> connection_close: conn=0 sd=10
> TLS trace: SSL3 alert write:warning:close notify
> 
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> PC Mods, Computing goodies, cases & more
> http://thinkgeek.com/sf

Net::LDAP::extension buglet and PasswdModify exop example

[Arne G. G. <ar...@li...>]

Hi,

I've attempted to access my LDAP server's password modify extended
operation via Net::LDAP, and found what appears to be a bug.  In
Net::LDAP::extension a message is encoded with the key
"extendedRequest".  This does not match the id "extendedReq" which is
used in Net::LDAP::ASN (and elsewhere in Net::LDAP as well), and
attempts to use $ldap->extension consequently bomb out.

Upon rectifying this, however, I'm able to access the password modify
operation as below, which might perhaps make for a good example of the
exop-functionality to include with Net::LDAP.  I know I would have
appreciated it. :)


							Arne.

#!/usr/bin/perl

use strict;
use Net::LDAP;
use Convert::ASN1;

use vars qw($ldap);

# LDAP Password Modify Extended Operation, as per RFC 3062

my $id = 'uid=foo,...';

$ldap = Net::LDAP->new('server', version => 3) or die "$@";
$ldap->bind($id, password => 'bar') or die "$!";

my $pwmodoid = '1.3.6.1.4.1.4203.1.11.1';
my $pwmodreq = Convert::ASN1->new;
$pwmodreq->prepare(q{
   PasswdModifyRequestValue ::= SEQUENCE {
     userIdentity    [0]  OCTET STRING OPTIONAL,
     oldPasswd       [1]  OCTET STRING OPTIONAL,
     newPasswd       [2]  OCTET STRING OPTIONAL }
});

my $mesg = $ldap->extension(name => $pwmodoid,
			    value => $pwmodreq->encode(userIdentity => $id,
						       newPasswd => 'zoo'));

die $mesg->error if $mesg->code;

$ldap->unbind;

Re: ldap authentication is driving me to drink

[Graham B. <gb...@po...>]

On Tue, Jul 09, 2002 at 10:33:42AM -0400, Chris Ronstadt wrote:
> I am trying to do an ldap authentication program (still) and no matter what 
> I do I am having problems and I am extremely new to both perl and ldap and 
> am having trouble finding any decent documentation on it I am about ready to 
> go crazy with this, here is my WHOLE program and the web output I get, any 
> help at all would be beyond apreciated:
> 
> #!/usr/bin/perl
> 
> #Get HTML Input
> my $field;
> 
> &GetFormInput;
> my $name = $field{'name'} ;
> my $password = $field{'password'} ;
> 
> #use strict;

Why do you have use strict commented out. That will help you find many common mistakes.
And if it was a few lines earlier it would flag a problem with those lines.

Put use strinct at the top of your script.

> use Net::LDAP;
> 
> #ldap search variables
>         my $results;
>         my $matchAttr = "uid";
>         my $baseDN = "ou=People,o=alcdsb.on.ca";
>         my @attrs;
> 
> #error checking
>         my $errorMsg;
>         my $error;
>         my $bindError;
> 
> #variables for dn
>         my $ent;
>         my $dn;
>         my $mesg;
> 
> #variables for html retrieval
>         my $i;
>         my @fval;
>         my $val;
>         my %field;
> 
> #connect to LDAP server
>      my $ldapServer = "mail.alcdsb.on.ca";
>      my $ldapPort = 389;
> 
>      my $ldap = Net::LDAP -> new($ldapServer, port => $ldapPort,
>                                                           debug=>1)
>                 or die "LDAP Server Connection Failed :$error";
> #Annonymous Query to LDAP baseed on DN
>     $results = $ldap->search(
>                                   base => $baseDN,
>                                   scope => "sub",
>                                   filter => "$matchAttr=$name"

Have you looked at the content of $nmae

>                                   attrs => @attrs,

You need to pass an array reference. Perl will flatten the @attrs
array, which is not what you want. use \@attrs

>                                   $dn => dn
>                                 );
> 
> # request all available attributes
>         @attrs = ();

You never use attrs again.

> 
> #check for search error
>          $error = $results->code();
>          if ($error != 0){
>                   $errorMsg =  "Critical LDAP search failed";
>                   printError();
>                   }
> 
>          if ($results->count ==0) {
>                 $errorMsg= "Invalid Authentication Information";
>                 printError();
>      }
> 
> #get DN
>         # while  ($ent = $results -> shift_entry())
>         # {
>                 #$ent = results -> shift_entry();
> #               $dn = $ent -> dn;
> #        }

I would hope the previous search would only return one entry. If
you get more than one which do you use ??

  $dn = $results->entry(0);

Graham.

> 
> 
> #bind user
>         $mesg =$ldap->bind(dn=>$dn, password=>$password);
> 
> #bind fails
>                          $bindError = $mesg->code();
>                          if ($bindError > 0) {
>                                 $errorMsg="Invalid Authentication 
> Information";
> 
>                                 printError();
> 
>      }
> 
> print "<html>\n" ;
> print "<head>\n" ;
> print "<title>Success</title>\n" ;
> print '<meta http-equiv="Content-Type" content="text/html; 
> charset=iso-8859-1">'
> ."\n" ;
> print "</head>\n" ;
> print "\n" ;
> print '<body bgcolor="#FFFFFF" text="#000000">'."\n" ;
> print "Privilaged Info so yeah\n" ;
> print "<br><br><br>\n" ;
> print "</body>\n" ;
> print "</html>\n" ;
> 
> sub printError {
> print "Content-type: text/html\n\n";
> print "<html>\n" ;
> print "<head>\n" ;
> print "<title>Error</title>\n" ;
> print '<meta http-equiv="Content-Type" content="text/html; 
> charset=iso-8859-1">'
> ."\n" ;
> print "</head>\n" ;
> print "\n" ;
> print '<body bgcolor="#FFFFFF" text="#000000">'."\n" ;
> print "$errorMsg<br><br><br>\n" ;
> print "</body>\n" ;
> print "</html>\n" ;
> }
> 
> sub GetFormInput {
> #Rerreive from form
> 
>         (*fval) = @_ if @_ ;
> 
>         local ($buf);
>         if ($ENV{'REQUEST_METHOD'} eq 'POST') {
>         if ($ENV{'REQUEST_METHOD'} eq 'POST') {
>                 read(STDIN,$buf,$ENV{'CONTENT_LENGTH'});
>         }
>         else {
>                 $buf=$ENV{'QUERY_STRING'};
>         }
>         if ($buf eq "") {
>                         return 0 ;
>                 }
>         else {
>                 @fval=split(/&/,$buf);
>                 foreach $i (0 .. $#fval){
>                         ($name,$val)=split (/=/,$fval[$i],2);
>                         $val=~tr/+/ /;
>                         $val=~ s/%(..)/pack("c",hex($1))/ge;
>                         $name=~tr/+/ /;
>                         $name=~ s/%(..)/pack("c",hex($1))/ge;
> 
>                         if (!defined($field{$name})) {
>                                 $field{$name}=$val;
>                         }
>                         else {
>                                 $field{$name} .= ",$val";
>                         }
>                    }
>                 }
> return 1;
> }
> 
> web output no matter what DN style that I ahve there that I use is:
> 
> 
> Invalid Authentication Information
> 
> 
> Content-type: text/html Invalid Authentication Information
> 
> 
> Privilaged Info so yeah
> 
> 
> 
> _________________________________________________________________
> MSN Photos is the easiest way to share and print your photos: 
> http://photos.msn.com/support/worldwide.aspx
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Stuff, things, and much much more.
> http://thinkgeek.com/sf

Re: shift_entry

[Graham B. <gb...@po...>]

On Tue, Jul 09, 2002 at 09:56:52AM -0400, Chris Ronstadt wrote:
> I was given some code to use to get the dn and it doesn't seem to be 
> working...here is what I have:
> #get DN
>         $ent = $results -> shift_entry();
>         $dn = $ent -> dn;
> what does shift entry do? thats what I wish to know right now

Well after a search $results has an array of entry objects. Given
that shift() removes and returns the first element from an array, what
do you think shift_entry does ?

Also the docs are a good place to look

  perldoc Net::LDAP::Search

Graham.

Re: ldap modify problem

[Graham B. <gb...@po...>]

On Sat, Jul 06, 2002 at 01:28:17AM -0700, Murugan K G wrote:
> Hi
>    Thanks for your help in advance.
>     I want to know , whether i am doing something
> wrong in my code  or any other problem.
> 
> please refer the  following response value    
> 
> responseValue ::=
>    SEQUENCE of SEQUENCE {
>       name OCTET STRING 
>       SEQUENCE of ATTRIBUTES 
>    } 
>    where 
>       ATTRIBUTES:: OCTET STRING
> 
> But when i am decoding the above response value , i
> had given like this. 
> .............
> $asn->prepare(q<
> 	   name  OCTET STRING,
> 	   attributeList  SEQUENCE OF OCTET STRING
>           >);
> my $res=$asn->decode($response->response);

You seem to have forgotten the outer SEQUENCE OF SEQUENCE

> But i am always getting $res as undefined value as a
> result. 

Whenever youhave a deode problem it is always worth a look
at the result of asn_dump($data), which can be imported
from Convert::ASN1

Graham.

> But the server is returning the correct result.  Is it
> a problem in the decoding module or something.  But
> other than this  response structure, i am getting all
> the values properly without any problem like  SEQUENCE
> OF OCTET STRING,SEQUENCE OF INTEGER.  etc 
> 
>    Any HELP.
> 
> Regards
> K.Murugan
> 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Sign up for SBC Yahoo! Dial - First Month Free
> http://sbc.yahoo.com
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Got root? We do.
> http://thinkgeek.com/sf

start_tls with verify=>none and certificate verify failed error

[Herbert S. <h.s...@ao...>]

I see in the CVS LDAP.pm V1.33 that the start_tls is modified, but i 
think, that the parameter handling is nor correct. Please see the 
details below.

See also Debian Bug report: #150413. The patch in this report does not 
put the start_tls Parameter to the socketToSSL Routine. Without the 
Paramter verify => 'none' i get the error:

Net::SSLeay::connect Error: error:14090086:SSL 
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

See details below.

$ dpkg -l libnet-ldap-perl libio-socket-ssl-perl
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: 
uppercase=bad)
||/ Name               Version            Description
+++-==================-==================-==================================================== 

ii  libnet-ldap-perl   0.25-2             A Client interface to LDAP 
servers.
ii  libio-socket-ssl-p 0.81-1             Class implementing an object 
oriented interface to S
$

In my test perl script, the following line returns an error:
$mesg = $ldap->start_tls (verify => 'none');

On the LDAP Server in debug mode i can see:

a:~# slapd  -d 1 -h "ldap:/// ldaps:///"
[...]
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
TLS trace: SSL3 alert read:fatal:unknown CA
TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept.
TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca 
s3_pkt.c:985
connection_read(10): TLS accept error error=-1 id=0, closing
connection_closing: readying conn=0 sd=10 for close
connection_close: conn=0 sd=10

With the this patch on SSL.pm
# diff -u SSL.pm.orig SSL.pm
--- SSL.pm.orig Wed Jul  3 10:39:39 2002
+++ SSL.pm      Wed Jul  3 10:39:45 2002
@@ -505,6 +505,7 @@
  my $ssl = $ssl_obj->get_ssl_handle();
  if ( ($r = Net::SSLeay::connect($ssl)) <= 0 ) { # ssl/s23_clnt.c
    my $err_str = IO::Socket::SSL::_get_SSL_err_str();
+    print "Net::SSLeay::connect Error: $err_str\n";
    return IO::Socket::SSL::_myerror($sock,"socketToSSL(): connect 
failed");
  }

#

The $mesg = $ldap->start_tls (verify => 'none');

prints out:
Net::SSLeay::connect Error: error:14090086:SSL 
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

With the input from 
http://www.rosat.mpe-garching.mpg.de/mailing-lists/perl-ldap/2002-05/msg00037.html 


I modified the LDAP.pm:

# diff -u LDAP.pm.orig LDAP.pm
--- LDAP.pm.orig        Wed Jul  3 11:03:50 2002
+++ LDAP.pm     Wed Jul  3 11:04:00 2002
@@ -790,7 +790,7 @@
  require Net::LDAPS;
  $arg->{sslversion} = 'tlsv1' unless defined $arg->{sslversion};
  IO::Socket::SSL::context_init( { 
Net::LDAPS::SSL_context_init_args($arg) } );
-  (IO::Socket::SSL::socketToSSL($sock) and tie *{$sock}, 
'IO::Socket::SSL', $sock)
+  (IO::Socket::SSL::socketToSSL($sock,{ 
Net::LDAPS::SSL_context_init_args($arg) } ))
    ? $mesg
    : _error($ldap, $mesg, LDAP_OPERATIONS_ERROR, $@);
}
#

and the start_tls returns success.

The TLS Messages from the LDAP:

TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
TLS trace: SSL_accept:SSLv3 read client key exchange A
TLS trace: SSL_accept:SSLv3 read finished A
TLS trace: SSL_accept:SSLv3 write change cipher spec A
TLS trace: SSL_accept:SSLv3 write finished A
TLS trace: SSL_accept:SSLv3 flush data

[...]

connection_closing: readying conn=0 sd=10 for close
connection_close: conn=0 sd=10
TLS trace: SSL3 alert write:warning:close notify

ldap authentication is driving me to drink

[Chris R. <not...@ho...>]

I am trying to do an ldap authentication program (still) and no matter what 
I do I am having problems and I am extremely new to both perl and ldap and 
am having trouble finding any decent documentation on it I am about ready to 
go crazy with this, here is my WHOLE program and the web output I get, any 
help at all would be beyond apreciated:

#!/usr/bin/perl

#Get HTML Input
my $field;

&GetFormInput;
my $name = $field{'name'} ;
my $password = $field{'password'} ;

#use strict;
use Net::LDAP;

#ldap search variables
        my $results;
        my $matchAttr = "uid";
        my $baseDN = "ou=People,o=alcdsb.on.ca";
        my @attrs;

#error checking
        my $errorMsg;
        my $error;
        my $bindError;

#variables for dn
        my $ent;
        my $dn;
        my $mesg;

#variables for html retrieval
        my $i;
        my @fval;
        my $val;
        my %field;

#connect to LDAP server
     my $ldapServer = "mail.alcdsb.on.ca";
     my $ldapPort = 389;

     my $ldap = Net::LDAP -> new($ldapServer, port => $ldapPort,
                                                          debug=>1)
                or die "LDAP Server Connection Failed :$error";
#Annonymous Query to LDAP baseed on DN
    $results = $ldap->search(
                                  base => $baseDN,
                                  scope => "sub",
                                  filter => "$matchAttr=$name"
                                  attrs => @attrs,
                                  $dn => dn
                                );

# request all available attributes
        @attrs = ();

#check for search error
         $error = $results->code();
         if ($error != 0){
                  $errorMsg =  "Critical LDAP search failed";
                  printError();
                  }

         if ($results->count ==0) {
                $errorMsg= "Invalid Authentication Information";
                printError();
     }

#get DN
        # while  ($ent = $results -> shift_entry())
        # {
                #$ent = results -> shift_entry();
#               $dn = $ent -> dn;
#        }


#bind user
        $mesg =$ldap->bind(dn=>$dn, password=>$password);

#bind fails
                         $bindError = $mesg->code();
                         if ($bindError > 0) {
                                $errorMsg="Invalid Authentication 
Information";

                                printError();

     }

print "<html>\n" ;
print "<head>\n" ;
print "<title>Success</title>\n" ;
print '<meta http-equiv="Content-Type" content="text/html; 
charset=iso-8859-1">'
."\n" ;
print "</head>\n" ;
print "\n" ;
print '<body bgcolor="#FFFFFF" text="#000000">'."\n" ;
print "Privilaged Info so yeah\n" ;
print "<br><br><br>\n" ;
print "</body>\n" ;
print "</html>\n" ;

sub printError {
print "Content-type: text/html\n\n";
print "<html>\n" ;
print "<head>\n" ;
print "<title>Error</title>\n" ;
print '<meta http-equiv="Content-Type" content="text/html; 
charset=iso-8859-1">'
."\n" ;
print "</head>\n" ;
print "\n" ;
print '<body bgcolor="#FFFFFF" text="#000000">'."\n" ;
print "$errorMsg<br><br><br>\n" ;
print "</body>\n" ;
print "</html>\n" ;
}

sub GetFormInput {
#Rerreive from form

        (*fval) = @_ if @_ ;

        local ($buf);
        if ($ENV{'REQUEST_METHOD'} eq 'POST') {
        if ($ENV{'REQUEST_METHOD'} eq 'POST') {
                read(STDIN,$buf,$ENV{'CONTENT_LENGTH'});
        }
        else {
                $buf=$ENV{'QUERY_STRING'};
        }
        if ($buf eq "") {
                        return 0 ;
                }
        else {
                @fval=split(/&/,$buf);
                foreach $i (0 .. $#fval){
                        ($name,$val)=split (/=/,$fval[$i],2);
                        $val=~tr/+/ /;
                        $val=~ s/%(..)/pack("c",hex($1))/ge;
                        $name=~tr/+/ /;
                        $name=~ s/%(..)/pack("c",hex($1))/ge;

                        if (!defined($field{$name})) {
                                $field{$name}=$val;
                        }
                        else {
                                $field{$name} .= ",$val";
                        }
                   }
                }
return 1;
}

web output no matter what DN style that I ahve there that I use is:


Invalid Authentication Information


Content-type: text/html Invalid Authentication Information


Privilaged Info so yeah



_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx

shift_entry

[Chris R. <not...@ho...>]

I was given some code to use to get the dn and it doesn't seem to be 
working...here is what I have:
#get DN
        $ent = $results -> shift_entry();
        $dn = $ent -> dn;
what does shift entry do? thats what I wish to know right now




_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.

Undefined HASH

[Murugan K G <mur...@ya...>]

 Hi
    Thanks for your help in advance.
     I want to know , whether i am doing something
 wrong in my code  or any other problem.
 
 please refer the  following response value    
 
 responseValue ::=
    SEQUENCE of SEQUENCE {
       name OCTET STRING 
       SEQUENCE of ATTRIBUTES 
    } 
    where 
       ATTRIBUTES:: OCTET STRING
 
 But when i am decoding the above response value , i
 had given like this. 
 .............
 $asn->prepare(q<
 	   name  OCTET STRING,
 	   attributeList  SEQUENCE OF OCTET STRING
           >);
 my $res=$asn->decode($response->response);
 
 But i am always getting $res as undefined value as a
 result. 
 
 But the server is returning the correct result.  Is
 it
 a problem in the decoding module or something.  But
 other than this  response structure, i am getting
 all
 the values properly without any problem like 
 SEQUENCE
 OF OCTET STRING,SEQUENCE OF INTEGER.  etc 
 
    Any HELP.
 
 Regards
 K.Murugan


__________________________________________________
Do You Yahoo!?
Sign up for SBC Yahoo! Dial - First Month Free
http://sbc.yahoo.com