perl-ldap-dev

[Fwd] Help on your module needed

[Graham B. <gb...@po...>]

----- Forwarded message from Alain STEPHAN <ast...@sy...> -----

Date: Fri, 24 May 2002 14:39:23 +0200
To: <gb...@po...>
From: "Alain STEPHAN" <ast...@sy...>
Subject: Help on your module needed

Hi Graham,
 
I am a beginner perl programmer.
 
I am trying to use your Ldap Module. I am not sure having install it
correctly and I am using Mason (do you konw it ?)
 
Here is what I am testing : 
 
<html>
<body>
LDAP AUTHENTICATION<br>
 
    <hr size=1 noshade>
 
<% $@ %>
 
<%init>
 
#######################################################################
# SECTION LDAP
#######################################################################
 
use strict;
 
use Net::LDAP;
 
 
my $server = "localhost";
my $ldap = new Net::LDAP($server) || die("failed to connect to
server.$!\n");
</%init>
</body>
</html>
 <?xml:namespace prefix = o ns =
"urn:schemas-microsoft-com:office:office" />
and what I get : 
 

System error



while serving AS01 /shared/LDAP/ldap.html (referer=, agent=Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.0))

error while executing /shared/ldap/ldap.html [base]:

Can't locate object method "new" via package "Net::LDAP" at (eval 674)
line 26.

	HTML::Mason::Request::__ANON__('Can\'t locate object method
"new" via package "Net::LDAP" at (ev...') called at (eval 674) line 26

	
HTML::Mason::Request::comp1('HTML::Mason::Request::ApacheHandler=HASH(0x
4d2f26c)', 'HTML::Mason::Component::FileBased=HASH(0x50fe468)') called
at c:\avantgoserver\perl\site\lib/HTML/Mason/Request.pm line 517

	
HTML::Mason::Request::comp('HTML::Mason::Request::ApacheHandler=HASH(0x4
d2f26c)', 'HTML::Mason::Component::FileBased=HASH(0x50fe468)') called at
c:\avantgoserver\perl\site\lib/HTML/Mason/Request.pm line 294

	
HTML::Mason::Request::comp1('HTML::Mason::Request::ApacheHandler=HASH(0x
4d2f26c)', 'HASH(0x51011c0)',
'HTML::Mason::Component::FileBased=HASH(0x4d00ff0)') called at
c:\avantgoserver\perl\site\lib/HTML/Mason/Request.pm line 523

	
HTML::Mason::Request::comp('HTML::Mason::Request::ApacheHandler=HASH(0x4
d2f26c)', 'HASH(0x51011c0)',
'HTML::Mason::Component::FileBased=HASH(0x4d00ff0)') called at
c:\avantgoserver\perl\site\lib/HTML/Mason/Request.pm line 135

	eval {...} called at
c:\avantgoserver\perl\site\lib/HTML/Mason/Request.pm line 135

	
HTML::Mason::Request::exec('HTML::Mason::Request::ApacheHandler=HASH(0x4
d2f26c)', '/shared/ldap/ldap.html') called at
c:\avantgoserver\perl\site\lib/HTML/Mason/ApacheHandler.pm line 599

	
HTML::Mason::ApacheHandler::handle_request_1('HTML::Mason::ApacheHandler
=HASH(0xdc5fd4)', 'Apache=SCALAR(0x50b41c4)',
'HTML::Mason::Request::ApacheHandler=HASH(0x4d2f26c)',
'HASH(0x50b1864)') called at
c:\avantgoserver\perl\site\lib/HTML/Mason/ApacheHandler.pm line 290

	eval {...} called at
c:\avantgoserver\perl\site\lib/HTML/Mason/ApacheHandler.pm line 290

	
HTML::Mason::ApacheHandler::handle_request('HTML::Mason::ApacheHandler=H
ASH(0xdc5fd4)', 'Apache=SCALAR(0x50b41c4)') called at
c:\avantgoserver/conf/ui_handler.pl line 168

	HTML::Mason::handler('Apache=SCALAR(0x50b41c4)') called at nul
line 0

	eval {...} called at nul line 0



backtrace: /shared/ldap/ldap.html [base] <= /autohandler.mhtml [base]




Debug file is '1'.

Full debug path is 'c:/avantgoserver/cache/ui/debug/anon/1'.



I do not undersdand what is happening. 
use Net::Ldap works but not the following line : 
my $ldap = new Net::LDAP($server) || die("failed to connect to
server.$!\n");

I do not know if I missed something when installing your module.
Do you have an idea of what's happening ?
Alain

----- End forwarded message -----

ldif modrdn changerecords

[Klunder, J. (Hans) <J.A...@rf...>]

Dear all,

I'd like to write a modrdn change record using Net::LDAP::Ldif
What is the default way to do this ?
I tried the following:
my $entry= new Net::LDAP::Entry;
$entry->dn('ou=test,c=NL');
$entry->changetype('modrdn');
$entry->add('deleteoldrdn' => 0,
		'newrdn' => 'ou=newtest');
$ldif->write_cmd($entry);

This prints out:

dn: ou=ou1, c=nl
changetype: modrdn

Any hints are appreciated.

Hans



================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en 
de afzender direct te informeren door het bericht te retourneren. 
================================================
The information contained in this message may be confidential 
and is intended to be exclusively for the addressee. Should you 
receive this message unintentionally, please do not use the contents 
herein and notify the sender immediately by return e-mail.

Re: Ldap daemon in perl

[Hans K. <J.a...@He...>]

As you might have guessed I also thought of that one. As far as I can see
you'll probably want an MDLBM database to store the entries in. I haven't
taken the time to try this out. Please feel free to expand on it (and to
improve the Daemon.pm itself :-).

Hans


----- Original Message -----
From: "Atif Ghaffar" <agh...@de...>
To: "Hans Klunder" <han...@bi...>
Cc: <per...@li...>
Sent: Wednesday, May 22, 2002 4:11 PM
Subject: Re: Ldap daemon in perl


> this is nice.
> Perhaps I can play with it to allow manipulating of an LDIF file.
>
>
> Hans Klunder wrote:
> > Ls,
> >
> > sometime ago someone asked if it was possible to write a ldap server =
in
> > perl..
> > I've written a Net::LDAP::Daemon package that handles the protocol pa=
rt
of
> > an LDAP server (in a rather simple way). You are able to specify a
package
> > (using dispatch_to) that should do the real work (e.g. searching a
database
> > or updating entries).
> >
> > Daemon.pm is the actual package, ldapdaemon.pl is a sample server and
> > LdapDemoServer.pm is a sample query handler.
> >
> > Enjoy,
> >
> > Hans
>
>
> --
> Atif Ghaffar
> ---------------------------.
>            +41 78 845 31 64 =A6 tel
>      agh...@de...  =A6 email
>      http://atifghaffar.com =A6 www
>                     8206786 =A6 icq
>
>
>
> _______________________________________________________________
>
> Don't miss the 2002 Sprint PCS Application Developer's Conference
> August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
>

Re: Ldap daemon in perl

[Hans K. <han...@bi...>]

Graham,

I've got no idea on how to do that.  Feel free to include it in Net::Ldap.
If it's more appropriate to upload it seperately then let me know and I'll
look into the docs of CPAN.

Hans
----- Original Message -----
From: "Graham Barr" <gb...@po...>
To: "Hans Klunder" <han...@bi...>
Cc: <per...@li...>
Sent: Wednesday, May 22, 2002 5:18 PM
Subject: Re: Ldap daemon in perl


> This looks great. Are you planning to upload it to CPAN ?
>
> Graham.
>
> On Wed, May 22, 2002 at 09:11:29AM +0200, Hans Klunder wrote:
> > Ls,
> >
> > sometime ago someone asked if it was possible to write a ldap server in
> > perl..
> > I've written a Net::LDAP::Daemon package that handles the protocol part
of
> > an LDAP server (in a rather simple way). You are able to specify a
package
> > (using dispatch_to) that should do the real work (e.g. searching a
database
> > or updating entries).
> >
> > Daemon.pm is the actual package, ldapdaemon.pl is a sample server and
> > LdapDemoServer.pm is a sample query handler.
> >
> > Enjoy,
> >
> > Hans
> >
> >
> >
> >
>
>
>
>
>
> _______________________________________________________________
>
> Don't miss the 2002 Sprint PCS Application Developer's Conference
> August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
>

(no subject)

[Bhavesh M. U. <bha...@sd...>]

Re: Ldap daemon in perl

[Graham B. <gb...@po...>]

This looks great. Are you planning to upload it to CPAN ?

Graham.

On Wed, May 22, 2002 at 09:11:29AM +0200, Hans Klunder wrote:
> Ls,
> 
> sometime ago someone asked if it was possible to write a ldap server in
> perl..
> I've written a Net::LDAP::Daemon package that handles the protocol part of
> an LDAP server (in a rather simple way). You are able to specify a package
> (using dispatch_to) that should do the real work (e.g. searching a database
> or updating entries).
> 
> Daemon.pm is the actual package, ldapdaemon.pl is a sample server and
> LdapDemoServer.pm is a sample query handler.
> 
> Enjoy,
> 
> Hans
> 
> 
> 
> 

Re: Ldap daemon in perl

[<ma...@mj...>]

This is very cool & a sign of the end of the world :).

Mark

On 22 May 02, at 9:11, Hans Klunder wrote:

> Ls,
> 
> sometime ago someone asked if it was possible to write a ldap server
> in perl.. I've written a Net::LDAP::Daemon package that handles the
> protocol part of an LDAP server (in a rather simple way). You are able
> to specify a package (using dispatch_to) that should do the real work
> (e.g. searching a database or updating entries).
> 
> Daemon.pm is the actual package, ldapdaemon.pl is a sample server and
> LdapDemoServer.pm is a sample query handler.
> 
> Enjoy,
> 
> Hans
> 
> 
> 
> 
> 


Mark Wilcox
ma...@mj...
Got LDAP?

Re: Ldap daemon in perl

[Atif G. <agh...@de...>]

this is nice.
Perhaps I can play with it to allow manipulating of an LDIF file.


Hans Klunder wrote:
> Ls,
> 
> sometime ago someone asked if it was possible to write a ldap server in
> perl..
> I've written a Net::LDAP::Daemon package that handles the protocol part of
> an LDAP server (in a rather simple way). You are able to specify a package
> (using dispatch_to) that should do the real work (e.g. searching a database
> or updating entries).
> 
> Daemon.pm is the actual package, ldapdaemon.pl is a sample server and
> LdapDemoServer.pm is a sample query handler.
> 
> Enjoy,
> 
> Hans


-- 
Atif Ghaffar
---------------------------.
           +41 78 845 31 64 ¦ tel
     agh...@de...  ¦ email
     http://atifghaffar.com ¦ www
                    8206786 ¦ icq

Ldap daemon in perl

[Hans K. <han...@bi...>]

Ls,

sometime ago someone asked if it was possible to write a ldap server in
perl..
I've written a Net::LDAP::Daemon package that handles the protocol part of
an LDAP server (in a rather simple way). You are able to specify a package
(using dispatch_to) that should do the real work (e.g. searching a database
or updating entries).

Daemon.pm is the actual package, ldapdaemon.pl is a sample server and
LdapDemoServer.pm is a sample query handler.

Enjoy,

Hans

RE: [Fwd] Question relating to Net::LDAP 0.25

[Mark P. <mr...@ia...>]

At 10:41 AM -0400 21/5/02, Cox, Todd (NCI) wrote:
>I have a CGI script that does just what you want to do. I have a few cutom
>attributes that I have put in our NDS tree that are a pain to modify with
>the current too set. What I did to get around that (if I understand
>correctly) is a hash map that has what I want to display on the form. The
>key is the name I want to display and the value is the real LDAP value or
>attribute.
>
It's not really what I want since I wanted to use the schema to tell 
the script what attributes were possible.

Basically I am reading in the object I want to modify and then I am 
querying the schema for each of the objectClass's of the object and 
grabbing their attributes.

This comes unstuck when the attribute names returned by the schema 
routine are different to the ones returned by search.

Mark.

LDAP Shell

[Rafael C. <Raf...@li...>]

Hello,

I've written an LDAP Shell in perl, based on Net::LDAP.
It's somewhat well documented but not packaged. If I extrapolate our
needs here at business, I think it's very usefull.

With it, you can do things such as (it's a shell):

cd ou=3DUsers
search 'profilepath=3D*'
change {$_->delete('profilepath') if $_->get_value('department') =3D~
/(Old|New) NAME/i}
changes
commit

This will:
	0) Change the "working directory" to "OU=3DUsers"
	1) Search all the entries with this attribut set
	2) Delete the "profilepath" attribute for all entries where the
"department" matches /(Old|New) Name/i
	3) Show the changes done
	4) Commit the changes to the server (Net::LDAP::Entry->update)


You can also do "ls", "cd"...
You can ask for help with "help", or typing "<CTRL>-t" after a command
("bind <CTRL>-t") (provided you have Term::ReadLine::Gnu installed).

And a lot of more cool things.

See the HTML documentation (or type perlpod ldapsh) attached.

3 files attached:
1) ldapsh: The shell itself. Runs under Unix/Windows provided you have
Net::LDAP (and preferably Term::ReadLine::Gnu)
2) ldapsh.html: The code generated with pod2html
3) A sample of .ldapshrc (rename it from ldapshrc to .ldapshrc, edit it
and put it on your home directory).

Feel free to send corrections/comments.

Rafael

RE: [Fwd] Question relating to Net::LDAP 0.25

[Cox, T. (NCI) <tc...@ma...>]

I have a CGI script that does just what you want to do. I have a few cutom
attributes that I have put in our NDS tree that are a pain to modify with
the current too set. What I did to get around that (if I understand
correctly) is a hash map that has what I want to display on the form. The
key is the name I want to display and the value is the real LDAP value or
attribute.

My example is:

# Display map hash 
my %attr_hash = ("First Name" => "givenName", "Last Name" => "surname",
"Full Name" => "fullName",
                 "Title" => "title",  "Telephone Number" =>
"telephoneNumber",
			"Fax Number" => "facsimileTelephoneNumber","Email
Address" => "mail",
			"Building" => "nciBuilding", "Room Number" =>
"roomNumber",
                  "Group Volume" => "nciGroupVolume","TFS ID" => "nciTfsID",
"Support ID" => "nciSupportID", 
                  "NIH UID" => "nciNihUID","Oracle ID" => "nciOracleId",
			"Directory Exclude" => "nciDirectoryExclude"); 

# Big chunk of code missing to save space.....
foreach (@fields)
{
    $nds_attr = $attr_hash{$_}; # Map the display name to the attribute
variable
    $result = $entry->get_value($nds_attr); # Get the attribute and display
it
    if($_ eq "Group Volume")   # We have a few specific attributes that
require special handling
    {
       ($volume,$num,$path) = split("#",$result);
        push(@data,"<th align=left nowrap >$_:</th><td nowrap><font
color=\"FF0000\">$volume</td>");
    }elsif($_ eq "Path"){
        push(@data,"<th align=left nowrap >$_:</th><td nowrap><font
color=\"FF0000\">$path</td>");
    }elsif($_ eq "Password" || $_ eq "Password Again"){
        next;
    }else{
        push(@data,"<th align=left nowrap >$_:</th><td nowrap><font
color=\"FF0000\">$result</td>");
    }
    # Dummy cell placement to keep the colume aligned
    push(@data,"<th -align=LEFT nowrap> </th><td nowrap> </td>");
    push(@data,"<th -align=LEFT nowrap> </th><td nowrap> </td>");
                        
}


I hope this helps in some way. Let me also say the Net::LDAP module has been
a great enhancement/tool to our group.

K. Todd Cox
National Cancer Institute
Rockville, MD
 
-----Original Message-----
From: Graham Barr [mailto:gb...@po...]
Sent: Tuesday, May 21, 2002 10:09 AM
To: LDAP Mailing List
Cc: Mark Prior
Subject: [Fwd] Question relating to Net::LDAP 0.25


----- Forwarded message from Mark Prior <mr...@ia...> -----

Date: Tue, 21 May 2002 21:11:14 +0930
To: Graham Barr <gb...@po...>
From: Mark Prior <mr...@ia...>
Subject: Question relating to Net::LDAP 0.25

I am attempting to use Net::LDAP and I have run into a problem that 
I'm hoping you might have some advice on.

I am writing a CGI to allow our staff to modify their entries. I am 
pulling out the objectClass attribute from their entry and using the 
schema routine to display the attributes they can modify. Naturally I 
want to provide the existing data as the default and that is where I 
ran into a number of problems.

First of all I discovered that search returns the mobile phone 
attribute from the cosine schema as "mobile" but schema returns it as 
"mobileTelephoneNumber" (which I was expecting it to consider an 
alias). To try to work around that I was going to use 
Net::LDAP::Schema::item to grab the name of the attribute (which I 
was hoping would be consistent) but then I discovered that name2oid 
for telephoneNumber returned two oids (one for the syntax and another 
for the attribute). In the syntax case I would suggest that removing 
all spaces and lowercasing the value "Telephone Number" is a bad idea 
and at least replacing spaces with underscores would be better 
(although I haven't looked for other implications of that change).

Do you think that the first problem is a bug and if so can you 
suggest a fix. If  it's not a bug then any ideas on what I should be 
doing?

Thanks,
Mark.

----- End forwarded message -----

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

[Fwd] Question relating to Net::LDAP 0.25

[Graham B. <gb...@po...>]

----- Forwarded message from Mark Prior <mr...@ia...> -----

Date: Tue, 21 May 2002 21:11:14 +0930
To: Graham Barr <gb...@po...>
From: Mark Prior <mr...@ia...>
Subject: Question relating to Net::LDAP 0.25

I am attempting to use Net::LDAP and I have run into a problem that 
I'm hoping you might have some advice on.

I am writing a CGI to allow our staff to modify their entries. I am 
pulling out the objectClass attribute from their entry and using the 
schema routine to display the attributes they can modify. Naturally I 
want to provide the existing data as the default and that is where I 
ran into a number of problems.

First of all I discovered that search returns the mobile phone 
attribute from the cosine schema as "mobile" but schema returns it as 
"mobileTelephoneNumber" (which I was expecting it to consider an 
alias). To try to work around that I was going to use 
Net::LDAP::Schema::item to grab the name of the attribute (which I 
was hoping would be consistent) but then I discovered that name2oid 
for telephoneNumber returned two oids (one for the syntax and another 
for the attribute). In the syntax case I would suggest that removing 
all spaces and lowercasing the value "Telephone Number" is a bad idea 
and at least replacing spaces with underscores would be better 
(although I haven't looked for other implications of that change).

Do you think that the first problem is a bug and if so can you 
suggest a fix. If  it's not a bug then any ideas on what I should be 
doing?

Thanks,
Mark.

----- End forwarded message -----

Re: Net::LDAP CGI Script?

[<ma...@mj...>]

<FontFamily><param>Times New Roman</param><bigger> Not CGI script, but I wrote an article for Web Techniques a 
couple of years ago. go to www.webtechniques.com and search 
for LDAP & look for the article by Mark Wilcox.


mark


On 14 May 02, at 12:24, Eric Martin wrote:


<FontFamily><param>Arial</param><smaller>Newbie question: I

m looking to develop a web interface that will allow administrators 
to obtain the list of all groups that a given user in the directory 
belongs to. So as not to reinvent the wheel, does anyone know of 
a pre-existing script that does this? Thanks in advance,<FontFamily><param>Times New Roman</param><bigger>

<FontFamily><param>Arial</param><smaller><FontFamily><param>Times New Roman</param><bigger>

<FontFamily><param>Arial</param><smaller>-emm<FontFamily><param>Times New Roman</param><bigger>



_________________________________________________
______________ Have big pipes? SourceForge.net is looking 
for download mirrors. We supply the hardware. You get the 
recognition. Email Us: ban...@so... 

<nofill>
Mark Wilcox
ma...@mj...
Got LDAP?

Re: LDAP user authentication

[Jim H. <ha...@us...>]

The normal way to do this is:
  make sure the login and password are both non-null
  do an anonymous bind to the LDAP server
  do a search for something like uid=$login or cn=$login or whatever attribute
your server uses to store the login identifer
  make sure you got exactly one entry back from the search
  use the dn returned by the search and the supplied password to do an
authenticated bind
  look at the returned code (e.g., $mesg->code).  If it is zero, all the
authentication succeeded

  --Jim Harle


On Thu, 16 May 2002, Sandeep Karun wrote:

> Hi
>
> Could anyone pls let me know how to verify the username and passwd which
> is input to a perl program with an LDAP, using Net::LDAP.
>
> Thanks in advance
> Regards
> Sandeep
>
>
>
>
> _______________________________________________________________
>
> Have big pipes? SourceForge.net is looking for download mirrors. We supply
> the hardware. You get the recognition. Email Us: ban...@so...
>

LDAP user authentication

[Sandeep K. <sk...@ap...>]

Hi

Could anyone pls let me know how to verify the username and passwd which
is input to a perl program with an LDAP, using Net::LDAP.

Thanks in advance
Regards
Sandeep

LDAP user authentication

[Sandeep K. <sk...@ap...>]

Hi

Could anyone pls let me know how to verify the username and passwd which
is input to a perl program with an LDAP, using Net::LDAP.

Thanks in advance
Regards
Sandeep

Re: Net::LDAP CGI Script?

[Chris F. <cf...@vi...>]

On Tue, 14 May 2002 12:24:20 -0400  Eric Martin wrote:
 +------------------
 | <html>
 | 
 | <head>
 | <meta http-equiv=Content-Type content="text/html; charset=us-ascii">
 | <meta name=Generator content="Microsoft Word 10 (filtered)">
 | 
 | <style>
 | <!--
 |  /* Style Definitions */
 |  p.MsoNormal, li.MsoNormal, div.MsoNormal
 | 	{margin:0in;
 | 	margin-bottom:.0001pt;
 | 	font-size:12.0pt;
 | 	font-family:"Times New Roman";}
 | a:link, span.MsoHyperlink
 | 	{color:blue;
 | 	text-decoration:underline;}
 | a:visited, span.MsoHyperlinkFollowed
 | 	{color:purple;
 | 	text-decoration:underline;}
 | p.MsoAutoSig, li.MsoAutoSig, div.MsoAutoSig
 | 	{margin:0in;
 | 	margin-bottom:.0001pt;
 | 	font-size:12.0pt;
 | 	font-family:"Times New Roman";}
 | span.EmailStyle17
 | 	{font-family:Arial;
 | 	color:windowtext;}
 | @page Section1
 | 	{size:8.5in 11.0in;
 | 	margin:1.0in 1.25in 1.0in 1.25in;}
 | div.Section1
 | 	{page:Section1;}
 | -->
 | </style>
 | 
 | </head>
 | 
 | <body lang=EN-US link=blue vlink=purple>
 | 
 | <div class=Section1>
 | 
 | <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
 | font-family:Arial'>Newbie question: I&#8217;m looking to develop a web inter
face
 | that will allow administrators to obtain the list of all groups that a given
 | user in the directory belongs to.&nbsp; So as not to reinvent the wheel, doe
s
 | anyone know of a pre-existing script that does this?&nbsp; Thanks in advance
,</span></font></p>
 | 
 | <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
 | font-family:Arial'>&nbsp;</span></font></p>
 | 
 | <p class=MsoAutoSig><font size=2 face=Arial><span style='font-size:10.0pt;
 | font-family:Arial'>-emm</span></font></p>
 | 
 | <p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-siz
e:
 | 12.0pt'>&nbsp;</span></font></p>
 | 
 | </div>
 | 
 | </body>
 | 
 | </html>
 +------------------

I'm not awware of one that meets your needs directly.  But by combining
Net::LDAP and CGO.pm it is not too much of a chalange to write such a thing. 

You might consider setting your mail client to post in text/plain 
http://www.winterspeak.com/columns/080801.html

--

[Fwd] Net::LDAP new() and multiple addresses

[Graham B. <gb...@po...>]

----- Forwarded message from Alan Sparks <as...@qu...> -----

Date: 14 May 2002 12:08:20 -0600
To: gb...@po...
From: Alan Sparks <as...@qu...>
Subject: Net::LDAP new() and multiple addresses

Hi there.  I had a server drop the other day, and some Net::LDAP stuff
hung, even tho it was directed to connect to a domain name with multiple
A records associated.  Started looking at the Net::LDAP code to see why.

Noticed in the Net::LDAP.pm and Net::LDAPS.pm new() methods, you call
IO::Socket::INET->new and IO::Socket::SSL->new respectively... these two
methods accept a MultiHomed argument (" Try all addresses for
multi-homed hosts").  This isn't listed in the new() arg list

Wondered if you might want to investigate including this option in a
future rev of Net::LDAP.

Thanks for the code.  Been very very good to me.  :-)
-Alan

-- 
Alan Sparks, Sr. UNIX Administrator	as...@qu...
Quris, Inc.				(720) 836-2058


----- End forwarded message -----

Net::LDAP CGI Script?

[Eric M. <em...@ov...>]

<html>

<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 10 (filtered)">

<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman";}
a:link, span.MsoHyperlink
	{color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{color:purple;
	text-decoration:underline;}
p.MsoAutoSig, li.MsoAutoSig, div.MsoAutoSig
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman";}
span.EmailStyle17
	{font-family:Arial;
	color:windowtext;}
@page Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
	{page:Section1;}
-->
</style>

</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Newbie question: I&#8217;m looking to develop a web interface
that will allow administrators to obtain the list of all groups that a given
user in the directory belongs to.&nbsp; So as not to reinvent the wheel, does
anyone know of a pre-existing script that does this?&nbsp; Thanks in advance,</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=MsoAutoSig><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>-emm</span></font></p>

<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>&nbsp;</span></font></p>

</div>

</body>

</html>

Re: start_tls error

[Chris R. <chr...@me...>]

Ewa Skrenty <Ewa...@un...> wrote:
> Hi,
> I found the reason why I couldn't use start_tls function in my
> programms. I have used IO::Socket::SSL v.0.81 package and in this
> socketToSSL function differ from this in v.0.80 this package. Difference
> is in result of this method. In version 0.81 aren't implemented TIEHANDLE
> method ,because socketToSSL has implemented association with 
> IO::Socket::SSL and using 
> 
> tie *{$sock}, 'IO::Socket::SSL', $sock 
> 
> in Net::LDAP::start_tls function couses an error.

Yes, that would explain it.

> To use latest version of IO::Socket::SSL is possible to change
> following line of start_tls function od Net::LDAP package 
> from this:
> 
> (IO::Socket::SSL::socketToSSL($sock) and tie *{$sock}, 'IO::Socket::SSL',
> $sock)
> 
> to this 
> 
> IO::Socket::SSL::socketToSSL($sock)

If I recall (Graham?) the 'and tie ...' was to avoid a bug in
IO::Socket::SSL::socketToSSL. I guess that bug workaround could go, but
then there would need to be a test in the Makefile.PL for a specific (ie >=
0.81) version of IO::Socket::SSL.

Cheers,

Chris

Re: start_tls error

[Ewa S. <Ewa...@un...>]

Hi,
I found the reason why I couldn't use start_tls function in my
programms. I have used IO::Socket::SSL v.0.81 package and in this
socketToSSL function differ from this in v.0.80 this package. Difference
is in result of this method. In version 0.81 aren't implemented TIEHANDLE
method ,because socketToSSL has implemented association with 
IO::Socket::SSL and using 

tie *{$sock}, 'IO::Socket::SSL', $sock 

in Net::LDAP::start_tls function couses an error.
 
To use latest version of IO::Socket::SSL is possible to change
following line of start_tls function od Net::LDAP package 
from this:

(IO::Socket::SSL::socketToSSL($sock) and tie *{$sock}, 'IO::Socket::SSL', $sock)

to this 

IO::Socket::SSL::socketToSSL($sock)

I am not sure that everything will be OK, my programms work correctlly,
better for now (in my opinion) is to use 0.80 version of IO::Socket::SSL
package. When I use IO::Socket::SSL v0.80 I have successfully TLS
connection.

It seems that perl-ldap packages are implemented for IO::Socket::SSL 
v.0.80, not for the newer 0.81 version. 

Are you going to make changes in Net::LDAP to take into consideration the
latest version of IO::Socket::SSL package?

Sincerely
Eva


On Fri, 10 May 2002, Ewa Skrenty wrote:

> 
>  Hello,
>  
>  Thanks for your answer. 
>  
>  I have corecct PEM certificate (I've generated new ones) and key without
>  passphrase. I've change parameters for start_tls function from 
>  
>  start_tls(verify => 'none, "sslversion => sslv3") 
>  
>  to
>  
>  start_tls(     verify => "optional",
>             sslversion => "sslv3", 
>                cafile => "/usr/local/openldap2/etc/openldap/cacert.pem");
>  
>  And my program result was changed. Now I get following error: 
>  
>  Can't locate object method "TIEHANDLE" via package "IO::Socket::SSL" at
>  /usr/lib/perl5/site_perl/5.6.0/Net/LDAP.pm line 793. 
>  
>  Now in my slapd's log I' not found errors like "bad certificate" , it
>  seems that everything was correct but was stopped , because of (I think)  
>  this "TIEHANDLE" error above. 
>  
>  How can I correct this, I checked that TIEHANDLE method is implemented in
>  IO::Socket::SSL package so what do I have to do? 
>  
>  I will be grateful for any help.
>  
>  Eva.
>  
> > > 
> > > It looks like the problem may be the format of the files containing your
> > > client certificate and key.
> > > 
> > > Someone else recently was doing client auth with TLS and got it working,
> > > but since I can't find their messages these are guesses:
> > > 
> > > 1) make sure your cert and key are both in PEM format. OpenSSL has some
> > > utilities to convert things into PEM format.
> > > 
> > > 2) the private key has got to be unencrypted, because of the way Net::LDAP
> > > uses the SSL code. (We should fix that by eg having a callback argument on
> > > the SSL connect which returns the passphrase for the key. Doesn't look
> > > hard..)
> > > 
> > > Cheers,
> > > 
> > > Chris
> > > 
> > 
> > 
> 
> 

Re: start_tls error

[Ewa S. <Ewa...@un...>]

 Hello,
 
 Thanks for your answer. 
 
 I have corecct PEM certificate (I've generated new ones) and key without
 passphrase. I've change parameters for start_tls function from 
 
 start_tls(verify => 'none, "sslversion => sslv3") 
 
 to
 
 start_tls(     verify => "optional",
            sslversion => "sslv3", 
               cafile => "/usr/local/openldap2/etc/openldap/cacert.pem");
 
 And my program result was changed. Now I get following error: 
 
 Can't locate object method "TIEHANDLE" via package "IO::Socket::SSL" at
 /usr/lib/perl5/site_perl/5.6.0/Net/LDAP.pm line 793. 
 
 Now in my slapd's log I' not found errors like "bad certificate" , it
 seems that everything was correct but was stopped , because of (I think)  
 this "TIEHANDLE" error above. 
 
 How can I correct this, I checked that TIEHANDLE method is implemented in
 IO::Socket::SSL package so what do I have to do? 
 
 I will be grateful for any help.
 
 Eva.
 
> > 
> > It looks like the problem may be the format of the files containing your
> > client certificate and key.
> > 
> > Someone else recently was doing client auth with TLS and got it working,
> > but since I can't find their messages these are guesses:
> > 
> > 1) make sure your cert and key are both in PEM format. OpenSSL has some
> > utilities to convert things into PEM format.
> > 
> > 2) the private key has got to be unencrypted, because of the way Net::LDAP
> > uses the SSL code. (We should fix that by eg having a callback argument on
> > the SSL connect which returns the passphrase for the key. Doesn't look
> > hard..)
> > 
> > Cheers,
> > 
> > Chris
> > 
> 
> 

clone capability in perl ldap?

[James H. L. <jh...@sa...>]

Does the perl ldap interface have the capability to clone
a connection?

The problem we are having is that we connect with the
main process, that connection is passed on to children
as they are forked off. Each child makes requests, but
often the answer to the request is not the info that 
was requested. My assumption is that it is the info
that another child requested since they requests are
being made effectively over the same connection.

It seems that ldap has a clone capability, but I
cannot find this in the Net::LDAP interface for Perl.

If there is another way to ensure the correct response
like somehow making the request atomic let me know.

Thanks,,,
JIm

-- 
______________________________________________________________ 

James Laros ............................... jh...@sa...     
Dept. 09224
Scalable Systems Integration .............. PHONE:505.845.8532
Sandia National Labs ........................ FAX:505.845.7442
______________________________________________________________

	Seems my get up and go has got up and went....

                                                     Aerosmith

Re: start_tls error

[Chris R. <chr...@me...>]

Ewa Skrenty <Ewa...@un...> wrote:
> Hello,
> Can anyone tell me how to setup perl-LDAP script to use TLS/SSL
> connection? 
> Since a few days I'm trying to start TLS connection in my perl-ldap
> scripts but without success. I use start_tls function like this
> ldap->start_tls(verify => "none", sslversion => "sslv3");
> First I won't to verify client certificates. 
> I use openldap 2.0.23 and start slapd on default 389 port (non-secure).
> In slapd.conf file I set 
> TLSCertificateKeyFile /usr/local/openldap2/etc/openldap/server.key
> TLSCertificateFile /usr/local/openldap2/etc/openldap/server.crt
> 
> When I use openldap's function ldapsearch with -Z option I have correct
> TLS/SSL connection and get correct search result, but when I run
> my perl-ldap script I get following error:
> ldap_start_tls: Error 1: Operations error.
> 
> In slapd's log I have lines:
> 
> TLS trace: SSL_accept:before/accept initialization
> TLS trace: SSL_accept:SSLv3 read client hello A
> TLS trace: SSL_accept:SSLv3 write server hello A
> TLS trace: SSL_accept:SSLv3 write certificate A
> TLS trace: SSL_accept:SSLv3 write server done A
> TLS trace: SSL_accept:SSLv3 flush data
> tls_read: want=5 error=Resource temporarily unavailable
> TLS trace: SSL_accept:error in SSLv3 read client certificate A
> TLS trace: SSL_accept:error in SSLv3 read client certificate A
> TLS trace: SSL3 alert read:fatal:bad certificate
> TLS trace: SSL_accept:failed in SSLv3 read client certificate A
> TLS: can't accept.
> TLS: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
> certificate s3_pkt.c:985
> connection_read(9): TLS accept error error=-1 id=28, closing
> 
> I try to use LDAPS instead LDAP/start_tls but also without success.
> Does anyone have any suggestions? 
> Ewa

It looks like the problem may be the format of the files containing your
client certificate and key.

Someone else recently was doing client auth with TLS and got it working,
but since I can't find their messages these are guesses:

1) make sure your cert and key are both in PEM format. OpenSSL has some
utilities to convert things into PEM format.

2) the private key has got to be unencrypted, because of the way Net::LDAP
uses the SSL code. (We should fix that by eg having a callback argument on
the SSL connect which returns the passphrase for the key. Doesn't look
hard..)

Cheers,

Chris