Menu
▾
▴
perl-ldap-dev
You can subscribe to this list here.
| 2000 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(200) |
Jun
(129) |
Jul
(184) |
Aug
(204) |
Sep
(106) |
Oct
(79) |
Nov
(72) |
Dec
(54) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2001 |
Jan
(83) |
Feb
(123) |
Mar
(84) |
Apr
(184) |
May
(106) |
Jun
(111) |
Jul
(104) |
Aug
(91) |
Sep
(59) |
Oct
(99) |
Nov
(100) |
Dec
(37) |
| 2002 |
Jan
(148) |
Feb
(88) |
Mar
(85) |
Apr
(151) |
May
(80) |
Jun
(110) |
Jul
(85) |
Aug
(43) |
Sep
(64) |
Oct
(89) |
Nov
(59) |
Dec
(42) |
| 2003 |
Jan
(129) |
Feb
(104) |
Mar
(162) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Ethan T. <eth...@ya...> - 2002-03-27 17:11:02
|
I'm trying to use Simon Wilkinson's perl-cyrus-sasl
package to connect to AD by GSSAPI. A minor error is
that line 29 of GSSAPI.pm has
use vars qw(@ISA, $VERSION);
instead of
use vars qw(@ISA $VERSION);
but after fixing that, I still get
generic failure at
/usr/lib/perl5/site_perl/5.6.0/Net/LDAP.pm line 238
when I try my script. Here is my code:
use Authen::SASL;
use Net::LDAP qw(:all);
$sasl = Authen::SASL->new( 'GSSAPI',
password => $pass,
service => 'ldap',
user => $user,
fqdn => $server);
$ldapobj = Net::LDAP->new($ldap_server)
|| die "LDAP error: $@\n";
$ldapmsg = $ldapobj->bind(
"dc=hillsdale,dc=edu,ou=$ou,cn=$user",
sasl => $sasl,
version => 3);
I'd be really grateful for any hint about what I'm
doing wrong and for any tips about using perl to read
& write to Active Directory.
ejt
__________________________________________________
Do You Yahoo!?
Yahoo! Movies - coverage of the 74th Academy Awards®
http://movies.yahoo.com/
|
|
From: Graham B. <gb...@po...> - 2002-03-27 16:53:08
|
On Wed, Mar 27, 2002 at 08:42:03AM -0800, Lance Uyehara wrote: > > LDAP_PARTIAL_RESULTS in an LDAPv2+ result code indicating > > the result PDU contains referrals (or references). I > > strongly recommend avoiding LDAPv2+ (and LDAPv2). > > Thanks for the replies. I'm going to check $mesg->references() to see what > it says. My ethereal trace shows that all the data is sent. It's just split > into multiple packets. Weird. No, thats how LDAP returns its results. > I don't understand the LDAPv2+ vs. LDAPv2. Are you saying that Net::LDAP is > using LDAPv2+ or are you saying the win2k server is using LDAPv2+? I didn't No, he is saying your server is. > specifically tell either the client or the server to do anything so maybe I > need to flick a switch somewhere to tell it to stop that. Ah, then you need to ask for version 3 in the bind. Net::LDAP defaults to binding for version 2. Add version => 3 into the constructor arguments. Graham. > > Thanks again, > -Lance > > > > > At 02:44 AM 2002-03-27, Chris Ridd wrote: > > >Lance Uyehara <la...@ve...> wrote: > > >> I am using Net::LDAP 0.22 to connect to a win2k Active Directory. I do > the > > >> bind which works great, then do a search. Windows sends the results > broken > > >> up into multiple packets. Net::LDAP reports $mesg->code = > > >> LDAP_PARTIAL_RESULTS, which makes sense. How do I get the packets > combined > > >> into a single result? > > >> > > >> Do I have to change something on the win2k side, or can I do something > > >> using Net::LDAP to make sense of the results? or is this fixed in a > later > > >> version of Net::LDAP? > > >> > > >> Thanks for the help, > > >> Lance > > >> > > >> > > > > > >"Partial results" is the way for an LDAP server to indicate that it could > > >send back some results directly, but there are also some continuation > > >references (references to other servers) that you may need to follow > > >yourself. > > > > > >To get the continuation references from Net::LDAP, the > $mesg->references() > > >call will return an array of LDAP URLs, which you then need to break > apart > > >using (eg) URI::ldap in order to create new connections to new LDAP > servers. > > > > > >Active Directory might also support some non-standard Control to get the > > >server to follow the continuation references for you. I've no idea what > > >that might be though. > > > > > >Cheers, > > > > > >Chris > > > > > > |
|
From: Lance U. <la...@ve...> - 2002-03-27 16:44:09
|
> LDAP_PARTIAL_RESULTS in an LDAPv2+ result code indicating > the result PDU contains referrals (or references). I > strongly recommend avoiding LDAPv2+ (and LDAPv2). Thanks for the replies. I'm going to check $mesg->references() to see what it says. My ethereal trace shows that all the data is sent. It's just split into multiple packets. Weird. I don't understand the LDAPv2+ vs. LDAPv2. Are you saying that Net::LDAP is using LDAPv2+ or are you saying the win2k server is using LDAPv2+? I didn't specifically tell either the client or the server to do anything so maybe I need to flick a switch somewhere to tell it to stop that. Thanks again, -Lance > > At 02:44 AM 2002-03-27, Chris Ridd wrote: > >Lance Uyehara <la...@ve...> wrote: > >> I am using Net::LDAP 0.22 to connect to a win2k Active Directory. I do the > >> bind which works great, then do a search. Windows sends the results broken > >> up into multiple packets. Net::LDAP reports $mesg->code = > >> LDAP_PARTIAL_RESULTS, which makes sense. How do I get the packets combined > >> into a single result? > >> > >> Do I have to change something on the win2k side, or can I do something > >> using Net::LDAP to make sense of the results? or is this fixed in a later > >> version of Net::LDAP? > >> > >> Thanks for the help, > >> Lance > >> > >> > > > >"Partial results" is the way for an LDAP server to indicate that it could > >send back some results directly, but there are also some continuation > >references (references to other servers) that you may need to follow > >yourself. > > > >To get the continuation references from Net::LDAP, the $mesg->references() > >call will return an array of LDAP URLs, which you then need to break apart > >using (eg) URI::ldap in order to create new connections to new LDAP servers. > > > >Active Directory might also support some non-standard Control to get the > >server to follow the continuation references for you. I've no idea what > >that might be though. > > > >Cheers, > > > >Chris > > |
|
From: Knut S. <knu...@se...> - 2002-03-27 15:55:21
|
What Jim says is perfectly right - never replicate data if you can avoid. In Fact replicating passwords won't work between systems using diffren password schemes, what is the case for Netscape and NDS. I do not have a working solution for your problem but I don't see, why Cognos stuff only supports Netscape. If it uses plain LDAPv3 you may be able to create a NDS to LDAP mapping (object classes and attribute names) which looks like a Netscape LDAP. An other idea, which may work, is to use the LDAP-proxy functionality of Netscape to connect your webserver to the Netscape directory which delegates the requests to NDS. If you find a good solution I would be intrested ... -knut Jim Harle wrote: > > This is an ugliness of using 2 different directories. We are looking into > how to coordinate passwords eDirctory and Active Directory. The problem > is that password values are stored internally and can't be read, thus not > copiable between the two. The only way to make this work is to have the > password changing mechanisms send things to both places. That in itself > is very difficult if you have multiple mechanisms. > --Jim Harle > > On Tue, 26 Mar 2002, Edd Dawson wrote: > > > > > Hi, > > > > Just an idea i'd like to run past people, and see if you think i'm barking > > up the wrong tree completely! > > > > At work we use Novell E-Directory for all our authentication needs, and i > > have used perl-ldap for talking to and unpdating E-directory. > > > > We have bought Cognos Impromptu Web, which for those who dont know serves > > reports via the web. Users have to log into it, and it uses Netscape > > Directory Server (which is ldap based) for user authentication... it will > > not let us use E-Directory for user authentication. > > > > We want to be able to sync the usernames and passwords in Netscape > > Directory Server with those in Novell E-Directory using Ldap, and most > > likely perl for writing the sync-ing mechanism. > > > > Does this seem like a reasonable proposition, and has anyone here ever had > > any experience of doing such a thing? > > > > Thanks for your time > > Edd Dawson |
|
From: <CZa...@wi...> - 2002-03-27 15:45:59
|
I am now getting this error message. As far as I know i have
(read,write,search,compare) access. Could is there any other access
necessary for the modify to take place?
Error Message: Insufficient access at ldif_modify.pl line 21, <GEN1> chunk
1.
Graham Barr
<gbarr@pobox.c To: CZa...@wi...
om> cc: per...@li...
Subject: Re: LDIF Modify errors
03/27/2002
10:20 AM
You cannot just pass the entry to modify, you need to call update
as a method on the entry. This is because the LDIF entry can be more than
just a modify command. So change it to
$r = $entry->update( $ldap );
Graham.
On Tue, Mar 26, 2002 at 03:08:02PM -0500, CZa...@wi... wrote:
> Hello, can anyone help with the LDIF class.
>
> I'm am reading a ldif file and trying to place the contents into a DB,
but
> I am getting errors and the modify updates are not
> being applied to the LDAP service.
>
>
> ERROR Message:
> modifytimestamp attribute has duplicate value. VALUE: at ldif_modify.pl
> line 20, <GEN1> chunk 1.
>
> CODE:
> #!/usr/bin/perl -w
>
> use Net::LDAP qw(:all);
> use Net::LDAP::Util qw(ldap_error_desc);
> use Net::LDAP::LDIF;
>
>
> $ldap = Net::LDAP->new('server.xyz.com', port => '389') || die
> "ERROR: $@";
> $ldif = Net::LDAP::LDIF->new("out.ldif", "r") || die "$@";
>
>
> while ( $entry = $ldif->read_entry ) {
>
> $r = $ldap->modify( $entry );
> if ($r->code) {
> warn $entry->dn,"; ",$r->error;
> } else {
> printf "%s\n",ldap_error_desc($r->code);
> }
> }
>
|
|
From: Kurt D. Z. <Ku...@Op...> - 2002-03-27 15:32:25
|
LDAP_PARTIAL_RESULTS in an LDAPv2+ result code indicating the result PDU contains referrals (or references). I strongly recommend avoiding LDAPv2+ (and LDAPv2). At 02:44 AM 2002-03-27, Chris Ridd wrote: >Lance Uyehara <la...@ve...> wrote: >> I am using Net::LDAP 0.22 to connect to a win2k Active Directory. I do the >> bind which works great, then do a search. Windows sends the results broken >> up into multiple packets. Net::LDAP reports $mesg->code = >> LDAP_PARTIAL_RESULTS, which makes sense. How do I get the packets combined >> into a single result? >> >> Do I have to change something on the win2k side, or can I do something >> using Net::LDAP to make sense of the results? or is this fixed in a later >> version of Net::LDAP? >> >> Thanks for the help, >> Lance >> >> > >"Partial results" is the way for an LDAP server to indicate that it could >send back some results directly, but there are also some continuation >references (references to other servers) that you may need to follow >yourself. > >To get the continuation references from Net::LDAP, the $mesg->references() >call will return an array of LDAP URLs, which you then need to break apart >using (eg) URI::ldap in order to create new connections to new LDAP servers. > >Active Directory might also support some non-standard Control to get the >server to follow the continuation references for you. I've no idea what >that might be though. > >Cheers, > >Chris |
|
From: Graham B. <gb...@po...> - 2002-03-27 15:22:13
|
You cannot just pass the entry to modify, you need to call update
as a method on the entry. This is because the LDIF entry can be more than
just a modify command. So change it to
$r = $entry->update( $ldap );
Graham.
On Tue, Mar 26, 2002 at 03:08:02PM -0500, CZa...@wi... wrote:
> Hello, can anyone help with the LDIF class.
>
> I'm am reading a ldif file and trying to place the contents into a DB, but
> I am getting errors and the modify updates are not
> being applied to the LDAP service.
>
>
> ERROR Message:
> modifytimestamp attribute has duplicate value. VALUE: at ldif_modify.pl
> line 20, <GEN1> chunk 1.
>
> CODE:
> #!/usr/bin/perl -w
>
> use Net::LDAP qw(:all);
> use Net::LDAP::Util qw(ldap_error_desc);
> use Net::LDAP::LDIF;
>
>
> $ldap = Net::LDAP->new('server.xyz.com', port => '389') || die
> "ERROR: $@";
> $ldif = Net::LDAP::LDIF->new("out.ldif", "r") || die "$@";
>
>
> while ( $entry = $ldif->read_entry ) {
>
> $r = $ldap->modify( $entry );
> if ($r->code) {
> warn $entry->dn,"; ",$r->error;
> } else {
> printf "%s\n",ldap_error_desc($r->code);
> }
> }
>
|
|
From: <CZa...@wi...> - 2002-03-27 15:02:42
|
Here is the LDIF file I'm using ......
dn: CN=John Smith,OU=IT,OU=NewYork605,O=Wiley
changetype: modify
replace: telephonenumber
telephonenumber: 28792
replace: title
title: Adminr - Unix Systems/Sr
replace: ou
ou: Info-Tech E Commerce
ou: IT
replace: l
l: 4th Floor
replace: departmentnumber
departmentnumber: 9945
replace: manager
manager: Smith, Brian
Chris Ridd
<chris.ridd@messagingd To: CZa...@wi..., per...@li...
irect.com> cc:
Subject: Re: LDIF Modify errors
03/27/2002 05:52 AM
CZa...@wi... wrote:
> Hello, can anyone help with the LDIF class.
>
> I'm am reading a ldif file and trying to place the contents into a DB,
but
> I am getting errors and the modify updates are not
> being applied to the LDAP service.
>
>
> ERROR Message:
> modifytimestamp attribute has duplicate value. VALUE: at ldif_modify.pl
> line 20, <GEN1> chunk 1.
>
> CODE:
> #!/usr/bin/perl -w
>
> use Net::LDAP qw(:all);
> use Net::LDAP::Util qw(ldap_error_desc);
> use Net::LDAP::LDIF;
>
>
> $ldap = Net::LDAP->new('server.xyz.com', port => '389') || die
> "ERROR: $@";
> $ldif = Net::LDAP::LDIF->new("out.ldif", "r") || die "$@";
>
>
> while ( $entry = $ldif->read_entry ) {
>
> $r = $ldap->modify( $entry );
> if ($r->code) {
> warn $entry->dn,"; ",$r->error;
> } else {
> printf "%s\n",ldap_error_desc($r->code);
> }
> }
>
>
It is probably an error in your LDIF file, so it would probably help if you
could send the offending entry in your LDIF file. Note that the
modifyTimestamp attribute is only permitted using the standard schema to
contain one value (makes sense) and it is not modifiable by users.
Cheers,
Chris
|
|
From: Chris R. <chr...@me...> - 2002-03-27 10:53:03
|
CZa...@wi... wrote:
> Hello, can anyone help with the LDIF class.
>
> I'm am reading a ldif file and trying to place the contents into a DB, but
> I am getting errors and the modify updates are not
> being applied to the LDAP service.
>
>
> ERROR Message:
> modifytimestamp attribute has duplicate value. VALUE: at ldif_modify.pl
> line 20, <GEN1> chunk 1.
>
> CODE:
> #!/usr/bin/perl -w
>
> use Net::LDAP qw(:all);
> use Net::LDAP::Util qw(ldap_error_desc);
> use Net::LDAP::LDIF;
>
>
> $ldap = Net::LDAP->new('server.xyz.com', port => '389') || die
> "ERROR: $@";
> $ldif = Net::LDAP::LDIF->new("out.ldif", "r") || die "$@";
>
>
> while ( $entry = $ldif->read_entry ) {
>
> $r = $ldap->modify( $entry );
> if ($r->code) {
> warn $entry->dn,"; ",$r->error;
> } else {
> printf "%s\n",ldap_error_desc($r->code);
> }
> }
>
>
It is probably an error in your LDIF file, so it would probably help if you
could send the offending entry in your LDIF file. Note that the
modifyTimestamp attribute is only permitted using the standard schema to
contain one value (makes sense) and it is not modifiable by users.
Cheers,
Chris
|
|
From: Chris R. <chr...@me...> - 2002-03-27 10:50:04
|
Brian Safford <bri...@ed...> wrote:
> I recall a thread (or two) on how to add X.509 certificates using=20
> Perl-LDAP. I'd appreciate it if someone could send me an example or two.
>=20
> --=20
> Regards,
>=20
> Brian Safford
> EDS Digital Enablement - Perimeter Messaging
>=20
>=20
This is answered by Net::LDAP::FAQ.
-----
Using X.509 certificates.
How do I store X.509 certificates in the directory?
The first problem here is that there are many different
formats to hold certificates in, for example PEM, DER,
PKCS#7 and PKCS#12. The directory *only* uses the DER for=AD
mat (more correctly, it only uses the BER format) which is
a binary format.
Your first job is to ensure that your certificates are
therefore in DER/BER format. You could use OpenSSL to
convert from PEM like this:
openssl x509 -inform PEM -in cert.pem -outform DER -out cert.der
Consult the OpenSSL documentation to find out how to per=AD
form other conversions.
To add a certificate to the directory, just slurp in the
DER/BER certificate into a scalar variable, and add it to
the entry's userCertificate attribute. How you do that
will depend on which version of LDAP you are using.
To slurp in the certificate try something like this:
my $cert;
{
local $/ =3D undef; # Slurp mode
open CERT, "cert.der" or die;
$cert =3D <CERT>;
close CERT;
}
# The certificate is now in $cert
For LDAPv2, because most directory vendors ignore the
string representation of certificates defined in RFC 1778,
you should add this value to the directory like this:
$res =3D $ldap->modify("cn=3DMy User, o=3DMy Company,c=3DXY",
add =3D> [
'userCertificate' =3D> [ $cert ]
]);
die "Modify failed (" . ldap_error_name($res->code) . ")\n"
if $res->code;
For LDAPv3, you must do this instead:
$res =3D $ldap->modify("cn=3DMy User, o=3DMy Company, c=3DXY",
add =3D> [
'userCertificate;binary' =3D> [ $cert ]
]);
die "Modify failed (" . ldap_error_name($res->code) . ")\n"
if $res->code;
Of course, the entry you are trying to add the certificate
to must use object classes that permit the userCertificate
attribute, otherwise the modify will fail with an object
class violation error. The inetOrgPerson structural object
class permits userCertificates, as does the strongAuthen=AD
ticationUser auxiliary object class. Others might also.
-----
Cheers,
Chris
|
|
From: Chris R. <chr...@me...> - 2002-03-27 10:44:30
|
Lance Uyehara <la...@ve...> wrote: > I am using Net::LDAP 0.22 to connect to a win2k Active Directory. I do the > bind which works great, then do a search. Windows sends the results broken > up into multiple packets. Net::LDAP reports $mesg->code = > LDAP_PARTIAL_RESULTS, which makes sense. How do I get the packets combined > into a single result? > > Do I have to change something on the win2k side, or can I do something > using Net::LDAP to make sense of the results? or is this fixed in a later > version of Net::LDAP? > > Thanks for the help, > Lance > > "Partial results" is the way for an LDAP server to indicate that it could send back some results directly, but there are also some continuation references (references to other servers) that you may need to follow yourself. To get the continuation references from Net::LDAP, the $mesg->references() call will return an array of LDAP URLs, which you then need to break apart using (eg) URI::ldap in order to create new connections to new LDAP servers. Active Directory might also support some non-standard Control to get the server to follow the continuation references for you. I've no idea what that might be though. Cheers, Chris |
|
From: <CZa...@wi...> - 2002-03-26 20:29:25
|
Hello, can anyone help with the LDIF class.
I'm am reading a ldif file and trying to place the contents into a DB, but
I am getting errors and the modify updates are not
being applied to the LDAP service.
ERROR Message:
modifytimestamp attribute has duplicate value. VALUE: at ldif_modify.pl
line 20, <GEN1> chunk 1.
CODE:
#!/usr/bin/perl -w
use Net::LDAP qw(:all);
use Net::LDAP::Util qw(ldap_error_desc);
use Net::LDAP::LDIF;
$ldap = Net::LDAP->new('server.xyz.com', port => '389') || die
"ERROR: $@";
$ldif = Net::LDAP::LDIF->new("out.ldif", "r") || die "$@";
while ( $entry = $ldif->read_entry ) {
$r = $ldap->modify( $entry );
if ($r->code) {
warn $entry->dn,"; ",$r->error;
} else {
printf "%s\n",ldap_error_desc($r->code);
}
}
|
|
From: Lance U. <la...@ve...> - 2002-03-26 16:18:36
|
> Hello, > > I am a fairly new Perl programmer (a few weeks), and am working on > integrating our LDAP directory with another database. I seem to be > having problems with my filter string in one particular instance. I'm > thinking that it has to do with the fact that I'm trying to use a > variable in my filter string. I know that the DBI module has the > ability to bind variables when you execute the SQL statement. Does the > search method of the LDAP module have something similar I can't figure > out? > > Here's the code that seems to be giving me trouble: > my $mesg = $ldap->search(...,filter => 'uid=$item', ...) [snip] Try using double quotes here because single quotes will not expand the variable. -Lance |
|
From: Brian S. <bri...@ed...> - 2002-03-26 16:16:33
|
I recall a thread (or two) on how to add X.509 certificates using Perl-LDAP. I'd appreciate it if someone could send me an example or two. -- Regards, Brian Safford EDS Digital Enablement - Perimeter Messaging |
|
From: Naftel, B. S <bs...@so...> - 2002-03-26 16:15:15
|
The single quote marks don't allow substitution
bs...@so...
850.968.7764
-----Original Message-----
From: Kristina Hildebrand [mailto:khi...@om...]
Sent: Tuesday, March 26, 2002 10:19 AM
To: per...@ma...
Subject: Filter Strings
Hello,
I am a fairly new Perl programmer (a few weeks), and am working on
integrating our LDAP directory with another database. I seem to be
having problems with my filter string in one particular instance. I'm
thinking that it has to do with the fact that I'm trying to use a
variable in my filter string. I know that the DBI module has the
ability to bind variables when you execute the SQL statement. Does the
search method of the LDAP module have something similar I can't figure
out?
Here's the code that seems to be giving me trouble:
my $mesg =3D $ldap->search(...,filter =3D> 'uid=3D$item', ...)
die ($mesg->error) if $mesg->code;
#put the attributes in a hash table
my %user;
my $entry =3D $mesg->entry;
#the following line is the one giving me trouble, saying I can't execute
the
#attributes method on a null value. I figure this is because it's not
finding any
#entries where uid equals "$item"
foreach my $attr ($entry->attributes){
$user{$attr} =3D $entry->get_value($attr);
}
This code works perfectly when I have "...filter=3D> 'uid=3Dkdhilde'..."
Please respond to me directly, as well as the list, because the message
that I sent to per...@ma... to subscribe to
the list bounced back.
Thank-you very much,
Kristina Hildebrand
|
|
From: Jim H. <ha...@us...> - 2002-03-26 16:14:37
|
use " instead of '
filter => "uid=$item"
single quotes say to take what is between them literally, doubles say to
interpolate values.
--Jim Harle
On Tue, 26 Mar 2002, Kristina Hildebrand wrote:
> Hello,
>
> I am a fairly new Perl programmer (a few weeks), and am working on
> integrating our LDAP directory with another database. I seem to be
> having problems with my filter string in one particular instance. I'm
> thinking that it has to do with the fact that I'm trying to use a
> variable in my filter string. I know that the DBI module has the
> ability to bind variables when you execute the SQL statement. Does the
> search method of the LDAP module have something similar I can't figure
> out?
>
> Here's the code that seems to be giving me trouble:
> my $mesg = $ldap->search(...,filter => 'uid=$item', ...)
> die ($mesg->error) if $mesg->code;
>
> #put the attributes in a hash table
> my %user;
> my $entry = $mesg->entry;
> #the following line is the one giving me trouble, saying I can't execute
> the
> #attributes method on a null value. I figure this is because it's not
> finding any
> #entries where uid equals "$item"
> foreach my $attr ($entry->attributes){
> $user{$attr} = $entry->get_value($attr);
> }
>
> This code works perfectly when I have "...filter=> 'uid=kdhilde'..."
>
> Please respond to me directly, as well as the list, because the message
> that I sent to per...@ma... to subscribe to
> the list bounced back.
>
> Thank-you very much,
> Kristina Hildebrand
>
>
|
|
From: Jim H. <ha...@us...> - 2002-03-26 16:12:56
|
This is an ugliness of using 2 different directories. We are looking into how to coordinate passwords eDirctory and Active Directory. The problem is that password values are stored internally and can't be read, thus not copiable between the two. The only way to make this work is to have the password changing mechanisms send things to both places. That in itself is very difficult if you have multiple mechanisms. --Jim Harle On Tue, 26 Mar 2002, Edd Dawson wrote: > > Hi, > > Just an idea i'd like to run past people, and see if you think i'm barking > up the wrong tree completely! > > At work we use Novell E-Directory for all our authentication needs, and i > have used perl-ldap for talking to and unpdating E-directory. > > We have bought Cognos Impromptu Web, which for those who dont know serves > reports via the web. Users have to log into it, and it uses Netscape > Directory Server (which is ldap based) for user authentication... it will > not let us use E-Directory for user authentication. > > We want to be able to sync the usernames and passwords in Netscape > Directory Server with those in Novell E-Directory using Ldap, and most > likely perl for writing the sync-ing mechanism. > > Does this seem like a reasonable proposition, and has anyone here ever had > any experience of doing such a thing? > > Thanks for your time > Edd Dawson > > |
|
From: Rafael C. <Raf...@li...> - 2002-03-26 16:11:23
|
Hello,
Change single quotes to double quotes. With single quotes your Perl
variavle is not expansed.
Do "uid=3D$item" instead of 'uid=3D$item'
Rafael
-----Original Message-----
From: Kristina Hildebrand [mailto:khi...@om...]=20
Sent: mardi, 26. mars 2002 17:19
To: per...@ma...
Subject: Filter Strings
Hello,
I am a fairly new Perl programmer (a few weeks), and am working on
integrating our LDAP directory with another database. I seem to be
having problems with my filter string in one particular instance. I'm
thinking that it has to do with the fact that I'm trying to use a
variable in my filter string. I know that the DBI module has the
ability to bind variables when you execute the SQL statement. Does the
search method of the LDAP module have something similar I can't figure
out?
Here's the code that seems to be giving me trouble:
my $mesg =3D $ldap->search(...,filter =3D> 'uid=3D$item', ...)
die ($mesg->error) if $mesg->code;
#put the attributes in a hash table
my %user;
my $entry =3D $mesg->entry;
#the following line is the one giving me trouble, saying I can't execute
the #attributes method on a null value. I figure this is because it's
not finding any #entries where uid equals "$item" foreach my $attr
($entry->attributes){
$user{$attr} =3D $entry->get_value($attr);
}
This code works perfectly when I have "...filter=3D> 'uid=3Dkdhilde'..."
Please respond to me directly, as well as the list, because the message
that I sent to per...@ma... to subscribe to
the list bounced back.
Thank-you very much,
Kristina Hildebrand
|
|
From: Kristina H. <khi...@om...> - 2002-03-26 16:03:09
|
Hello,
I am a fairly new Perl programmer (a few weeks), and am working on
integrating our LDAP directory with another database. I seem to be
having problems with my filter string in one particular instance. I'm
thinking that it has to do with the fact that I'm trying to use a
variable in my filter string. I know that the DBI module has the
ability to bind variables when you execute the SQL statement. Does the
search method of the LDAP module have something similar I can't figure
out?
Here's the code that seems to be giving me trouble:
my $mesg = $ldap->search(...,filter => 'uid=$item', ...)
die ($mesg->error) if $mesg->code;
#put the attributes in a hash table
my %user;
my $entry = $mesg->entry;
#the following line is the one giving me trouble, saying I can't execute
the
#attributes method on a null value. I figure this is because it's not
finding any
#entries where uid equals "$item"
foreach my $attr ($entry->attributes){
$user{$attr} = $entry->get_value($attr);
}
This code works perfectly when I have "...filter=> 'uid=kdhilde'..."
Please respond to me directly, as well as the list, because the message
that I sent to per...@ma... to subscribe to
the list bounced back.
Thank-you very much,
Kristina Hildebrand
|
|
From: Edd D. <e.j...@de...> - 2002-03-26 15:06:14
|
Hi, Just an idea i'd like to run past people, and see if you think i'm barking up the wrong tree completely! At work we use Novell E-Directory for all our authentication needs, and i have used perl-ldap for talking to and unpdating E-directory. We have bought Cognos Impromptu Web, which for those who dont know serves reports via the web. Users have to log into it, and it uses Netscape Directory Server (which is ldap based) for user authentication... it will not let us use E-Directory for user authentication. We want to be able to sync the usernames and passwords in Netscape Directory Server with those in Novell E-Directory using Ldap, and most likely perl for writing the sync-ing mechanism. Does this seem like a reasonable proposition, and has anyone here ever had any experience of doing such a thing? Thanks for your time Edd Dawson |
|
From: Kitchin, H. <Hea...@DR...> - 2002-03-26 10:33:57
|
eg,
From an ldif file with
dn: uid=one,ou=two,o=three
changetype: modify
delete: attributeX
and code like
$ldif = Net::LDAP::LDIF->new($ops{'f'},'r') || die "can't open $ops{'f'} for
input, $@\n";
#-- where $ops{'f'} is the ldif file name
while( my $entry = $ldif->read() )
{
print STDERR "mod $. ",$entry->dn,"\n";
print STDERR "dumping change:
",Data::Dumper->Dump([$entry],[qw(entry)]),"\n\n";
}
$ldif->done();
gives me
mod 1 uid=one,ou=two,o=three
dumping change: $entry = bless( {
'attrs' => {
'delete' => [
'attributeX'
],
'changetype' => [
'modify'
]
},
'asn' => {
'objectName' => 'uid=one,ou=two,o=three',
'attributes' => [
{
'vals' =>
$hashRef->{'attrs'}{'changetype'},
'type' => 'changetype'
},
{
'vals' =>
$hashRef->{'attrs'}{'delete'},
'type' => 'delete'
}
]
},
'changetype' => 'add' #--- what the?!?!
}, 'Net::LDAP::Entry' );
Am I missing something or is this actually a bug in the ldif implementation?
Heath
----------------------------------------------------------------------
If you have received this e-mail in error or wish to read our e-mail
disclaimer statement and monitoring policy, please refer to
http://www.drkw.com/disc/email/ or contact the sender.
----------------------------------------------------------------------
|
|
From: Lance U. <la...@ve...> - 2002-03-25 19:08:13
|
I am using Net::LDAP 0.22 to connect to a win2k Active Directory. I do the bind which works great, then do a search. Windows sends the results broken up into multiple packets. Net::LDAP reports $mesg->code = LDAP_PARTIAL_RESULTS, which makes sense. How do I get the packets combined into a single result? Do I have to change something on the win2k side, or can I do something using Net::LDAP to make sense of the results? or is this fixed in a later version of Net::LDAP? Thanks for the help, Lance |
|
From: Gary F. <fl...@jm...> - 2002-03-21 04:44:14
|
----- Original Message ----- From: "Michael Wille" <mw...@do...> Once I added the full dn to the named bind request, the bind was successful! I guess you have to have every element, which is unfortunate. If we are using the bind for authentication in web apps, we really only know by default the cn, o=WBDONER, and c=US. Does anyone know if there is any other way to find this info or not use it in the bind? For performance reasons, doing a search before the authentication is not desireable, nor is asking the user which office and department they are from. You might want to do some benchmarks to see if searching is that much of a factor. |
|
From: Chris R. <chr...@me...> - 2002-03-20 16:34:04
|
Graham Barr <gb...@po...> wrote:
> ----- Forwarded message from CZa...@wi... -----
>
> Date: Wed, 20 Mar 2002 10:55:04 -0500
> To: gb...@po...
> From: CZa...@wi...
> Subject: Net::LDAP "CN"
>
> Hello, I would like to know how can I get the value of the common name
> "cn" from this statment " foreach $entry ($mesg->entries) { $entry->dump;
> }" I tried changing "$entry->dump" to "$entry->cn", but that appears to be
> unacceptable.
Try:
$entry->get_value("cn");
This is described in the Net::LDAP::Entry documentation.
Cheers,
Chris
|
|
From: Peter M. <pet...@ma...> - 2002-03-20 16:31:59
|
Hi,
On Wednesday 20 March 2002 16:31, you wrote:
> Once I added the full dn to the named bind request, the bind was
> successful! I guess you have to have every element, which is unfortuna=
te.=20
> If we are using the bind for authentication in web apps, we really only
> know by default the cn, o=3DWBDONER, and c=3DUS. Does anyone know if t=
here is
> any other way to find this info or not use it in the bind? For perform=
ance
> reasons, doing a search before the authentication is not desireable, no=
r is
> asking the user which office and department they are from.
Sure, the classical way:
1) Have unique CNs in your tree below "o=3DWBDONER, c=3DUS"
This must be ensured by administration.
2) Have a user that is allowed to search below "o=3DWBDONER, c=3DUS"
3) On every request:
3.1) Search for CN below "o=3DWBDONER, c=3DUS"
3.2) If found: LogIn with the DN from the search (should be unique
due to 1.) else: Fail
That's it !
Yours
Peter
PS : BTW that's not NDS specific, it's LDAP.
--=20
Peter Marschall | eMail: pet...@ma...
Scheffelstra=DFe 15 | pet...@is...
97072 W=FCrzburg | Tel: 0931/14721
PGP: D7 FF 20 FE E6 6B 31 74 D1 10 88 E0 3C FE 28 35
|
7902 messages has been excluded from this view by a project administrator.
