perl-ldap-dev

ldap modify error desc

[Prayank C. <pra...@su...>]

Hi all,
With reference to the earlier message.

I get the following error description

Failed to add entry:Insufficient 'write' privilege to the 'sn'
attribute................
I use the directory admin user and password..still I get this error. Kindly
advice

Regs
Prayank Chandorkar

ldap modify problem

[Prayank C. <pra...@su...>]

Hi all,
I tried to find a solution in the archives but cudnt unfortunately find one.
The problem is as follows:
I want to modify an attribute value(mail) for an entry,
The scriptlet is as follows :

$dn='uid=abc, ou=orgn,o=net';
$result=$ldap->modify( $dn, replace => { mail => 'ab...@or...' } );

when I do result->code..i get a return  value of 50 but the change doesnot
take effect.

Please let me the know the way.

regs

Prayank Chandorkar

Re: get_dn

[Mark W. <ma...@mj...>]

Assuming $result is an net::LDAP::Entry object you can get the DN by doing:
$ldap->dn();

Mark
----- Original Message ----- 
From: "Chris Ronstadt" <not...@ho...>
To: <per...@li...>
Sent: Friday, June 28, 2002 2:28 PM
Subject: get_dn


> Ok, I got that solved thank you, but now I need to run a get_dn to bind 
> properly?
> 
> $dn = $result->get_dn;
> 
> is that the proper line? and where exactly do I put this line? I keep 
> getting told: can't call method on undefined line
> 
> 
> 
> _________________________________________________________________
> MSN Photos is the easiest way to share and print your photos: 
> http://photos.msn.com/support/worldwide.aspx
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Caffeinated soap. No kidding.
> http://thinkgeek.com/sf
> 
> 

Re: Numerical Sort

[Bob G. <go...@at...>]

Try 

	$aa = "1000";
	$bb = "200";
	if($aa<$bb) {print"$aa < $bb is TRUe\n")}

and let me know what you see.  


B

Roland Schulz wrote:
> 
> Hey,
> 
> how can I sort by the numerical value (e.g. by uid) instead of by the string.
> So I want 1000 to be greater than 200.
> 
> Please CC to me since I'm not on the list. Thanx for you help.
> 
> regards
> Roland Schulz
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Caffeinated soap. No kidding.
> http://thinkgeek.com/sf

-- 
Bob Goolsby
go...@at...

The only thing with more energy than a puppy with a bone is a puppy with
*two* bones.

Numerical Sort

[Roland S. <ma...@r2...>]

Hey,

how can I sort by the numerical value (e.g. by uid) instead of by the string. 
So I want 1000 to be greater than 200.

Please CC to me since I'm not on the list. Thanx for you help.

regards
Roland Schulz

get_dn

[Chris R. <not...@ho...>]

Ok, I got that solved thank you, but now I need to run a get_dn to bind 
properly?

$dn = $result->get_dn;

is that the proper line? and where exactly do I put this line? I keep 
getting told: can't call method on undefined line



_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx

RE: Mailman results for perl-ldap-dev

[Paul C. <pau...@cp...>]

The line:

$filter = $filter => ($matchAttr == $name)

is wrong. Try replacing it with:

filter => "($matchAttr=$name)"

JPC.



-----Original Message-----
From: per...@li...
[mailto:per...@li...] On Behalf Of Chris
Ronstadt
Sent: 28 June 2002 16:18
To: per...@li...
Subject: Re: Mailman results for perl-ldap-dev



Hi I am extremely new to perl, ldap and ldap perl but the bos has thrown
me to the sharks on this one, I need to perform a search for
authentication and have it work but my filter is not being set of what I
have:

&GetFormInput;
my $name = $field{'name'} ;
my $password = $field{'password'} ;

use strict;
use NET::LDAP;
	my $matchAttr = "uid";
	my $baseDN = "ou=People,o=alcdsb.on.ca";
#connect to LDAP server
        my $ldapServer = "mail.alcdsb.on.ca";
        my $ldapPort = 389;

	 my $ldap = new Net::LDAP($ldapServer, port => $ldapPort,
debug=>1) or die
	 		  	"LDAP Server Connection Failed :$error";

#Annonymous Query to LDAP baseed on DN
$mesg = $ldap->search(
	              base => $baseDN,
				  $filter = $filter => ($matchAttr ==
$name)
			   	 );
#search error
	if (my $error == $mesg->code()) {
         die"Sorry $name: LDAP search Connection Failed: $error";
      }
	 unless ($mesg->count()) {
           die"User entry not found for filter:$filter";
      }

and the messege I get is: User entry not found for filter: at
ldapauth.pl 
line 29.

Any help would be apreciated, Chris


_________________________________________________________________
Join the world's largest e-mail service with MSN Hotmail. 
http://www.hotmail.com



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Caffeinated soap. No kidding.
http://thinkgeek.com/sf

Re: Mailman results for perl-ldap-dev

[Chris R. <not...@ho...>]

Hi I am extremely new to perl, ldap and ldap perl but the bos has
thrown me to the sharks on this one, I need to perform a search for
authentication and have it work but my filter is not being set
of what I have:

&GetFormInput;
my $name = $field{'name'} ;
my $password = $field{'password'} ;

use strict;
use NET::LDAP;
	my $matchAttr = "uid";
	my $baseDN = "ou=People,o=alcdsb.on.ca";
#connect to LDAP server
        my $ldapServer = "mail.alcdsb.on.ca";
        my $ldapPort = 389;

	 my $ldap = new Net::LDAP($ldapServer, port => $ldapPort, debug=>1) or die
	 		  	"LDAP Server Connection Failed :$error";

#Annonymous Query to LDAP baseed on DN
$mesg = $ldap->search(
	              base => $baseDN,
				  $filter = $filter => ($matchAttr == $name)
			   	 );
#search error
	if (my $error == $mesg->code()) {
         die"Sorry $name: LDAP search Connection Failed: $error";
      }
	 unless ($mesg->count()) {
           die"User entry not found for filter:$filter";
      }

and the messege I get is: User entry not found for filter: at ldapauth.pl 
line 29.

Any help would be apreciated, Chris


_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com

RE: GSSAPI & perl-ldap

[Johnson, B. K <bri...@lm...>]

My environmant is indeed Win32 perl connecting to Win2k AD. I haven't had
any luck so far in getting GSSAPI working in said environment and any
help/tips would be appreciated.

-----Original Message-----
From: Gerald (Jerry) Carter [mailto:je...@sa...]
Sent: Thursday, June 27, 2002 11:31 AM
To: Johnson, Brian K
Cc: per...@li...; si...@sx...
Subject: RE: GSSAPI & perl-ldap


On Thu, 27 Jun 2002, Johnson, Brian K wrote:

> Have you gotten this to work on a MS Windows platform? If so, 
> if it is not to much trouble, could you outline the sw and 
> modules that you had to install in order to get this to work?

Do you mean running a Win32 version of Perl and connecting
to Win2k AD?  I haven't tried that yet.  My tests are from a 
Linux box.  If I get a chance, i'll look at it next week
when I'm back in the office though.







cheers, jerry
 ---------------------------------------------------------------------
 Hewlett-Packard                                     http://www.hp.com
 SAMBA Team                                       http://www.samba.org
 --                                            http://www.plainjoe.org
 "Sam's Teach Yourself Samba in 24 Hours" 2ed.      ISBN 0-672-32269-2
 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--

RE: GSSAPI & perl-ldap

[Gerald (J. C. <je...@sa...>]

On Thu, 27 Jun 2002, Johnson, Brian K wrote:

> Have you gotten this to work on a MS Windows platform? If so, 
> if it is not to much trouble, could you outline the sw and 
> modules that you had to install in order to get this to work?

Do you mean running a Win32 version of Perl and connecting
to Win2k AD?  I haven't tried that yet.  My tests are from a 
Linux box.  If I get a chance, i'll look at it next week
when I'm back in the office though.







cheers, jerry
 ---------------------------------------------------------------------
 Hewlett-Packard                                     http://www.hp.com
 SAMBA Team                                       http://www.samba.org
 --                                            http://www.plainjoe.org
 "Sam's Teach Yourself Samba in 24 Hours" 2ed.      ISBN 0-672-32269-2
 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--

RE: GSSAPI & perl-ldap

[Johnson, B. K <bri...@lm...>]

Have you gotten this to work on a MS Windows platform? If so, if it is not
to much trouble, could you outline the sw and modules that you had to
install in order to get this to work?

-----Original Message-----
From: Gerald (Jerry) Carter [mailto:je...@sa...]
Sent: Thursday, June 27, 2002 1:10 AM
To: per...@li...
Cc: si...@sx...
Subject: Re: GSSAPI & perl-ldap


On Thu, 27 Jun 2002, Gerald (Jerry) Carter wrote:

> After spending some time with Simon Wilkinson's
> Authen::SASL::GSSAPI module from 
> 
>   http://www.sxw.org.uk/computing/software/
> 
> it appears that this is not compatible with the current
> Authen-SASL-2.02 distribution. Is this correct?

I knew this would happen as soon as I sent my previous mail :-)
The Authen::SASL::GSSAPI module works fine if you are using the
older Authen::SASL code included with perl-ldap-0.25 (which
is the same as 0.23).

Searching Win2k Active Directory works fine.  

I'm assuming that the SASL code in perl-ldap
will go away eventually and Authen-SASL-X.XX
will be the defacto standard for LDAP SASL support.
Can anyone wager a guess when this might happen?

Other than just using older code, if all I need is the
GSSAPI stuff, are there any pitfalls of using Authen::SASL
from perl-ldap-0.25?


Thanks again.






cheers, jerry
 ---------------------------------------------------------------------
 Hewlett-Packard                                     http://www.hp.com
 SAMBA Team                                       http://www.samba.org
 --                                            http://www.plainjoe.org
 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--



-------------------------------------------------------
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

new ldap site

[<ma...@mj...>]

Hi,
I stumbled on a new LDAP site: www.ldapzone.com. It's now my 
personal favorite general LDAP site (ok, there's not many so it's bit 
like picking your favorite Yahoo Seriousmovie). 

later,

mark
Mark Wilcox
ma...@mj...
Got LDAP?

Re: GSSAPI & perl-ldap

[Gerald (J. C. <je...@sa...>]

On Thu, 27 Jun 2002, Gerald (Jerry) Carter wrote:

> After spending some time with Simon Wilkinson's
> Authen::SASL::GSSAPI module from 
> 
>   http://www.sxw.org.uk/computing/software/
> 
> it appears that this is not compatible with the current
> Authen-SASL-2.02 distribution. Is this correct?

I knew this would happen as soon as I sent my previous mail :-)
The Authen::SASL::GSSAPI module works fine if you are using the
older Authen::SASL code included with perl-ldap-0.25 (which
is the same as 0.23).

Searching Win2k Active Directory works fine.  

I'm assuming that the SASL code in perl-ldap
will go away eventually and Authen-SASL-X.XX
will be the defacto standard for LDAP SASL support.
Can anyone wager a guess when this might happen?

Other than just using older code, if all I need is the
GSSAPI stuff, are there any pitfalls of using Authen::SASL
from perl-ldap-0.25?


Thanks again.






cheers, jerry
 ---------------------------------------------------------------------
 Hewlett-Packard                                     http://www.hp.com
 SAMBA Team                                       http://www.samba.org
 --                                            http://www.plainjoe.org
 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--

GSSAPI & perl-ldap

[Gerald (J. C. <je...@sa...>]

Greetings,

After spending some time with Simon Wilkinson's
Authen::SASL::GSSAPI module from 

  http://www.sxw.org.uk/computing/software/

it appears that this is not compatible with the current
Authen-SASL-2.02 distribution. Is this correct?

Things like missing a client_new() subroutine in GSSAPI.pm, 
etc...  make me wonder.  I did find the Authen-SASL-Cyrus
tarball on CPAN, but a quick glance did not give any information
on a GSSAPI mechanism.

Any pointers?  Thanks in advance.








cheers, jerry
 ---------------------------------------------------------------------
 Hewlett-Packard                                     http://www.hp.com
 SAMBA Team                                       http://www.samba.org
 --                                            http://www.plainjoe.org
 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--

** Outdoor Wireless Router **

[Wireless T. <mai...@wi...>]

<html>
<head>
<meta name="generator" content="HTML Tidy, see www.w3.org">
<title>Wireless Team: Outdoor Wireless Equipment</title>
<meta name="description" content=
"Wireless Team is specialized in producing wireless network equipment.
Find out more information about our award winning products at
www.wirelessteam.net">
<meta name="keywords" content=
"wireless, outdoor, router, equipment, power injector, technical, support,
ethernet, fast, network, hubs, switches, adapters, NIC, servers">
<meta http-equiv="Content-Type" content=
"text/html; charset=iso-8859-1">
<link href="http://www.wirelessteam.net/stylesheet.css" rel=
"stylesheet" type="text/css">
</head>
<body bgcolor="#FFFFFF" text="#000000" leftmargin="0" topmargin="0"
marginwidth="0" marginheight="0">
<table width="100%" border="0" cellspacing="1" cellpadding="0"
bgcolor="#FFFFFF" align="center">
<tr>
<td colspan="2">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td background="http://www.wirelessteam.net/images/bkgrnd.gif"><img
src="http://www.wirelessteam.net/images/shim.gif" width="100"
height="20"> </td>
<td align="right" width="300"><img src=
"http://www.wirelessteam.net/images/logo.gif" width="300" height=
"43" border="0"></td>
</tr>
</table>
</td>
</tr>

<tr>
<td colspan="2">
<table border="0" cellpadding="1" cellspacing="0" width="100%"
background="http://www.wirelessteam.net/images/bkgrnd_nav.gif"
height="30">
<tr>
<td align="right" valign="middle">
<table border="0" cellspacing="0" cellpadding="0">
<tr valign="bottom">
<td><a href="http://www.wirelessteam.net/index.html"><img src=
"http://www.wirelessteam.net/images/home.gif" width="90" height=
"14" border="0"></a></td>
<td><a href="http://www.wirelessteam.net/aboutus.html"><img src=
"http://www.wirelessteam.net/images/aboutus.gif" width="100"
height="14" border="0"></a></td>
<td><a href="http://www.wirelessteam.net/contactus.html"><img src=
"http://www.wirelessteam.net/images/contactus.gif" width="110"
height="14" border="0"></a></td>
<td><a href="http://www.wirelessteam.net/faq.html"><img src=
"http://www.wirelessteam.net/images/faq.gif" width="100" height=
"14" border="0"></a></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>

<tr>
<td colspan="2">
<table width="100%" border="0" cellspacing="1" cellpadding="0">
<tr>
<td valign="top">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td colspan="2"></td>
</tr>

<tr>
<td bgcolor="#F5F5F5" valign="top">&nbsp;</td>
<td align="center">
<table width="100%" border="0">
<tr>
<td>
<ul>
<li><font color="#990000"><b>Low Cost One Stop
Solution</b></font></li>

<li><font color="#990000"><b>True Easy To Use
Device.</b></font></li>

<li><font color="#990000"><b>Superior Range And
Throughput</b></font></li>

<li><font color="#990000"><b>Built-In Antenna</b></font></li>

<li><font color="#990000"><b>No Additional Equipment
Needed</b></font></li>

<li><font color="#990000"><b>Multiple Configuration
Tools</b></font></li>

<li><font color="#990000"><b>Based On Linux
Firmware</b></font></li>

<li><font color="#990000"><b>Full Network Address Translation
(NAT).</b></font></li>

<li><font color="#990000"><b>Bandwidth Shaping Support
Included.</b></font></li>

<li><font color="#990000"><b>Linux Shell For Custom
Configurations</b></font></li>
</ul>
</td>
<td colspan="2"><img src=
"http://www.wirelessteam.net/images/img-new.jpg" width="500"
height="300"></td>
</tr>

<tr>
<td>&nbsp;</td>
<td><img src="http://www.wirelessteam.net/images/price.gif" width=
"150" height="23"></td>
<td><a href="http://www.wirelessteam.net/orders.html">
<img src="http://www.wirelessteam.net/images/ordernow.gif"
width="150" height="23"></a></td>
</tr>
</table>
</td>
</tr>

<tr>
<td bgcolor="#f5f5f5">&nbsp;</td>
<td align="left" valign="top">
<table width="99%" border="0" cellspacing="5" cellpadding="5"
align="right">
<tr>
<td colspan="2">
<p><b>The Outdoor Wireless Router</b> is a flexible network
solution designed to provide a new high-speed alternative for
delivering broadband connections. The Wireless Router helps to
bypass telecommunications charges for expensive local loops and
costly equipment usually needed to establish a T1 (1.5 Mbps) or
faster connections. The Wireless Router helps you take advantage of
the rapidly changing Internet, and to enhance your company's
productivity at a very reasonable price.</p>

<p><b>The Outdoor Wireless Router</b> is totally adapted for
outdoor mounting and the base system includes integrated antenna.
It is equipped with power injector as well. Thus prevents you from
having problems with power supplies at open areas and gives you the
possibility to have the device at a distance of 100-140 m from your
switch or hub.</p>

<p><b>With a full 100mW of transmit power</b> and the best receive
sensitivity in the industry it has the longest range and best
reliability available for wireless clients. Advanced signal
processing helps manage the multi-path propagation often found in
office environments. Intelligent filtering addresses ambient noise
and interference that can decrease network performance. Building
upon Cisco leadership in wireless LAN (WLAN) performance, it
provides the greatest throughput available so users can enjoy
virtually the same connectivity they gain from wired connections.
Based on direct sequence spread spectrum (DSSS) technology and
operating in the 2.4-GHz band, the device complies with the IEEE
802.11b standard-ensuring interoperability with all other compliant
WLAN products.</p>

<p><br>
</p>
</td>
</tr>

<tr>
<td colspan="2">&nbsp;</td>
</tr>
</table>
</td>
</tr>

<tr>
<td bgcolor="#f5f5f5" rowspan="3">&nbsp;</td>
<td align="left" valign="top">&nbsp;</td>
</tr>

<tr>
<td align="left" valign="top">
<table width="100%" border="0">
<tr>
<td align="left" valign="top">
<table width="99%" border="0" cellspacing="5" cellpadding="5"
align="right">
<tr>
<td bordercolor="#CCCC99" valign="top"><font class=
"bottomtxt">This mailing is done only to people who have requested
info from one of our sites, or downloaded our Software. If you have
recieved this email in error and you wish to be removed from future
mailings, please reply with the subject "<b>Remove</b>" and our
software will automatically block you from their future
mailings.<br>
<br>
</font> </td>
</tr>
</table>
</td>
</tr>

<tr>
<td>&nbsp;</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>

Re: Net::LDAP::Entry & multivalued attribute

[Adriano N. R. <an...@es...>]

Chris Ridd writes:
> To delete one value of an attribute:
> 
> $ldap->delete( 'bar' => [ 'delete me' ] )

Ah, I had tried it on a RH 7.1 box (definitely not under my control :-)
and it didn't work (with `Error: Success' messages). I suspected
then that the ancient openldap sw was to blame, but neglected to test
it with a newer server & client lib.

It works on my Debian 3.0 box.

Thanks again,

--
Adriano

Re: Net::LDAP::Entry & multivalued attribute

[Chris R. <chr...@me...>]

On 24/6/02 10:44 pm, Adriano Nagelschmidt Rodrigues <an...@es...>
wrote:

> Hi,
> 
> I'm trying to delete a specific value from an attribute's list of
> values, but if I understood the man page correctly, it looks like
> Net::LDAP::Entry doesn't support it directly...
> 
> Should I do something like
> 
> @values = $entry->get_value('foo');
> $entry->delete('foo');
> @values = grep { ! /^bar$/ } @values;
> $entry->add(foo => \@values);

We changed the documentation recently in CVS to describe the delete method
more clearly.

To delete an entire attribute:

$ldap->delete( 'foo' )

That's just syntactic sugar though. More generally you can do this to delete
an entire attribute:

$ldap->delete( 'foo' => [ ] )

To delete one value of an attribute:

$ldap->delete( 'bar' => [ 'delete me' ] )

You can have combinations of the more general cases:

$ldap->delete( 'foo' => [ ],
               'bar' => [ 'delete me' ])

Cheers,

Chris

Net::LDAP::Entry & multivalued attribute

[Adriano N. R. <an...@es...>]

Hi,

I'm trying to delete a specific value from an attribute's list of
values, but if I understood the man page correctly, it looks like
Net::LDAP::Entry doesn't support it directly...

Should I do something like

@values = $entry->get_value('foo');
$entry->delete('foo');
@values = grep { ! /^bar$/ } @values;
$entry->add(foo => \@values);

Perhaps it would be better to just use Net::LDAP instead?

Thanks,

--
Adriano

Re: What's wrong with SASL.pm?

[Darryl C P. <da...@co...>]

Net::LDAP version is 0.251
Authen::SASL version is 2.02

--Darryl


> On Fri, Jun 21, 2002 at 01:27:21AM -0400, Darryl C Price wrote:
>> How are people able to get SASL authentication to work?  Maybe I
>> didn't  install the module properly but tinkering with and running the
>> scripts  found in the mailing list archive by all I get is 
>> 
>> 
>> No SASL mechanism found
>>  at /usr/local/lib/perl5/site_perl/5.005/Authen/SASL.pm line 62
>> 
>> Regardless of what SASL Mech or directory implementation (OpenLDAP, 
>> Mirapoint, IPlanet, ADS, Novell) I use
> 
> What versions of Net::LDAP and Authen::SASL are you using ?
> 
> Graham.
> 
> PS: I am about to leave for a vacation, so you may not hear back
> from me on this soon.


-- 
Darryl C Price
Principal Consultant
Conversant Systems, LLC

Re: [patch] keepalive=>1

[Herbert R. <he...@wi...>]

> But Net::LDAP does not hide the socket away, it is avaliable via a method

aha. didnt know that. that's not documented in Net::LDAP manpage.

> for this reason. I dont want to cram _connect with all possible options that
> people may want. In this case the author could just as easily do
> 
>   $ldap = Net::LDAP->new(...);
>   $ldap->socket->sockopt(SO_KEEPALIVE,1);

ok to me if you guarantee that $ldap->socket won't be removed (I assume
it will stay). please $ldap->socket to manpage and demonstrate a
possible use if it (e.g. by turning on keepalives).

thanks,
/herp
 
> Graham.
> 

Re: [patch] keepalive=>1

[Graham B. <gb...@po...>]

On Fri, Jun 21, 2002 at 10:34:36AM +0100, Chris Ridd wrote:
> >     116 sub _connect {
> >     117   my ($ldap, $host, $arg) = @_;
> >     118 
> >     119   $ldap->{net_ldap_socket} = IO::Socket::INET->new(
> >     120     PeerAddr => $host,
> >     121     PeerPort => $arg->{port} || '389',
> >     122     Proto    => 'tcp',
> >     123     Timeout  => defined $arg->{timeout}
> >     124                  ? $arg->{timeout}
> >     125                  : 120
> >     126   );
> > ++  127   $ldap->{net_ldap_socket}->sockopt(SO_KEEPALIVE,1)
> > ++  128         if defined $arg->{keepalive};
> >     129 
> >     130 }
> 
> That looks OK to me.

I am not so sure. Other than the defined should not be there as
it means   keepalive => 0   will do the same as keepalive => 1
which is not right IMO.

But Net::LDAP does not hide the socket away, it is avaliable via a method
for this reason. I dont want to cram _connect with all possible options that
people may want. In this case the author could just as easily do

  $ldap = Net::LDAP->new(...);
  $ldap->socket->sockopt(SO_KEEPALIVE,1);

Graham.

Re: What's wrong with SASL.pm?

[Graham B. <gb...@po...>]

On Fri, Jun 21, 2002 at 01:27:21AM -0400, Darryl C Price wrote:
> How are people able to get SASL authentication to work?  Maybe I didn't 
> install the module properly but tinkering with and running the scripts 
> found in the mailing list archive by all I get is 
> 
> 
> No SASL mechanism found
>  at /usr/local/lib/perl5/site_perl/5.005/Authen/SASL.pm line 62
> 
> Regardless of what SASL Mech or directory implementation (OpenLDAP, 
> Mirapoint, IPlanet, ADS, Novell) I use

What versions of Net::LDAP and Authen::SASL are you using ?

Graham.

PS: I am about to leave for a vacation, so you may not hear back
from me on this soon.

Re: [patch] keepalive=>1

[Chris R. <chr...@me...>]

Herbert Rosmanith <he...@wi...> wrote:
> 
> 
> hello everyone,
> 
> I've been developing an application which uses Net::LDAP. In my testing
> environment, everything was fine. When we moved the application to the
> production environement, the connection to the LDAP-server would fail
> after a while. The reason is a check-point firewall, which disconnects
> idle tcp/ip sessions after a given time. Needless to say, my
> LDAP-connection can be idle for hours (especially in the night-hours),
> but for performance reasons it is required that the connection is not
> being dropped.
> 
> I've looked into Net/LDAP.pm and found a small and easy solution:
> just use keepalive-sockets. My patch just adds two lines of perl
> code to Net/LDAP.pm:
> 
>     116 sub _connect {
>     117   my ($ldap, $host, $arg) = @_;
>     118 
>     119   $ldap->{net_ldap_socket} = IO::Socket::INET->new(
>     120     PeerAddr => $host,
>     121     PeerPort => $arg->{port} || '389',
>     122     Proto    => 'tcp',
>     123     Timeout  => defined $arg->{timeout}
>     124                  ? $arg->{timeout}
>     125                  : 120
>     126   );
> ++  127   $ldap->{net_ldap_socket}->sockopt(SO_KEEPALIVE,1)
> ++  128         if defined $arg->{keepalive};
>     129 
>     130 }
> 
> In the main-program, all you do is specifiyng "keepalive=>1" when
> issuing a new():
> 
>     :   $ldap = Net::LDAP->new( $LDAP_host,
>     :                   port => $LDAP_port,
>     :                   timeout => $ldap_connect_timeout,
>     :                   keepalive => 1);
> 

That looks OK to me.

Cheers,

Chris

[patch] keepalive=>1

[Herbert R. <he...@wi...>]

hello everyone,

I've been developing an application which uses Net::LDAP. In my testing
environment, everything was fine. When we moved the application to the
production environement, the connection to the LDAP-server would fail
after a while. The reason is a check-point firewall, which disconnects
idle tcp/ip sessions after a given time. Needless to say, my
LDAP-connection can be idle for hours (especially in the night-hours),
but for performance reasons it is required that the connection is not
being dropped.

I've looked into Net/LDAP.pm and found a small and easy solution:
just use keepalive-sockets. My patch just adds two lines of perl
code to Net/LDAP.pm:

    116 sub _connect {
    117   my ($ldap, $host, $arg) = @_;
    118 
    119   $ldap->{net_ldap_socket} = IO::Socket::INET->new(
    120     PeerAddr => $host,
    121     PeerPort => $arg->{port} || '389',
    122     Proto    => 'tcp',
    123     Timeout  => defined $arg->{timeout}
    124                  ? $arg->{timeout}
    125                  : 120
    126   );
++  127   $ldap->{net_ldap_socket}->sockopt(SO_KEEPALIVE,1)
++  128         if defined $arg->{keepalive};
    129 
    130 }

In the main-program, all you do is specifiyng "keepalive=>1" when
issuing a new():

    :   $ldap = Net::LDAP->new( $LDAP_host,
    :                   port => $LDAP_port,
    :                   timeout => $ldap_connect_timeout,
    :                   keepalive => 1);



That's it! Now the firewall doesnt kill my ldap-server-connection
anymore.

Ah, and of course, you also have to configure the tcp/ip keepalive
settings systemwide.
In linux, which is the OS we use for that task, tcp-keepalive-
configuration can be tuned via the proc-filessystem. There are three
files to make use of that:


bash-2.03# cd /proc/sys/net/ipv4/
bash-2.03# ls -l tcp_keepalive_*
-rw-r--r--   1 root     root            0 Jun 20 13:34 tcp_keepalive_intvl
-rw-r--r--   1 root     root            0 Jun 20 13:34 tcp_keepalive_probes
-rw-r--r--   1 root     root            0 Jun 20 13:34 tcp_keepalive_time


 o)  in "tcp_keepalive_time", set a value after which the tcp-stack
     should sends keepalive-packets when the connection is idle.
 o)  in "tcp_keepalive_intvl", specify the frequency in which keepalive-
     packets are sent, once the connection is idle and "tcp_keepalive_time"
     has exceeded.
 o)  in "tcp_keepalive_probes", specify after how many unsuccessful
     keepalive-packets (= sent, but no response) the connect is declared
     dead.

e.g., from our "/etc/rc.d/boot.local":

# cat /etc/rc.d/boot.local
...
echo 45 > /proc/sys/net/ipv4/tcp_keepalive_intvl
echo 2 > /proc/sys/net/ipv4/tcp_keepalive_probes
echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time



this means: if there is no ldap traffic for more then 1800 seconds = 30
minutes (connect declared "idle"), start sending keep-alive
packets. continue sending keep-alive packets each 45 seconds, if the
connection remains idle.  terminate connection if more than 2 keep-alive
requests do not get a response back. the checkpoint-firewall kicks idle
connections after 1 hour (3600 seconds), so I chose just halfe the
idle time for sending these keepalives.


please accept this patch, so we don't have to patch our perl-package
each time we install a machine!

thank you in advance,
herbert


-- 
Dipl.-Ing. Herbert Rosmanith                  Code Grinder
Tiscali Oesterreich GmbH                      Schillerstr. 53, A-4020 Linz
+43 732 610961 / 76                           her...@at...

Re: LDAP server connection question

[<CZa...@wi...>]

Do have an example of this?  The application that I have is in Perl/CGI.
It searches the LDAP server for employee info and then displays the
returned data in a table format in HTML.  The could be instances where the
main server is unavailable and the end users will not be happy to see
connection error messages in their web browsers.

Thanks



                                                                                                                 
                    rgb@dirtest3.i                                                                               
                    tg.ti.com            To:     CZa...@wi...                                              
                    (Rusty Biggs)        cc:     per...@li...                     
                                         Subject:     Re: LDAP server connection question                        
                    06/19/2002                                                                                   
                    03:44 PM                                                                                     
                    Please respond                                                                               
                    to Russell                                                                                   
                    Biggs                                                                                        
                                                                                                                 
                                                                                                                 





Some of the gurus (Graham, Chris, etc.) may have a slicker way of doing
this,
than what I do, but my method works well for me in doing web pages where
I desire fast responses (if possible).

What I do is:

  use an array of hosts to do the 'init' against, keeping my returned
objects
  in a hash.  Hosts that can't answer the init get skipped... i.e. they
don't
  get put into the hash.

  the bind operation works on the hash, and unsuccessful binds, get removed
  from the hash and the old ldap object get removed.

  queries are then put against 1 or more of the ldap objects in the hash,
   depending on what I want to do.  When checking for DSA busy, I usually
have
   a piece of 'delay/retry' code that gets around this, as DSA busy is not
   considered fatal until you continue to fail consistently.
   (well I don't consider it fatal :)


  I've found that doing it this way, gives me greater options and
flexibility.
  example, I could use it to make modifications of the same object on two
  different LDAP servers.  Although this is not my current use for it.

  My methodology also includes some fore thought on the servers in my
array...
  I use the closest(physically) server and work my way back to the
'master'.


Again, this may not work for you, but it's worked well enough for me that I
wrote a module to handle the work and include it into all my web code.




--


Russell Biggs        (Rusty)                   Internet: r-...@ti...
6500 Chase Oaks Blvd, M/S 8412
Texas Instruments
Plano Tx        75023

           Phone:  (972) 575-0826
           Fax:           (972) 575-4853
           Home Page: http://dirtest3.itg.ti.com/~rgb
           Calendar:
http://dirtest3.itg.ti.com/cgi-bin/synchronize.cgi?name=Russell+Biggs

           "I sense much NT in you...
            NT leads to bluescreen...
            Bluescreen leads to downtime...
            Downtime leads to suffering...
            NT is the path to the darkside..."
                               ...Unknown UNIX Jedi