Menu
▾
▴
perl-ldap-dev
You can subscribe to this list here.
| 2000 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(200) |
Jun
(129) |
Jul
(184) |
Aug
(204) |
Sep
(106) |
Oct
(79) |
Nov
(72) |
Dec
(54) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2001 |
Jan
(83) |
Feb
(123) |
Mar
(84) |
Apr
(184) |
May
(106) |
Jun
(111) |
Jul
(104) |
Aug
(91) |
Sep
(59) |
Oct
(99) |
Nov
(100) |
Dec
(37) |
| 2002 |
Jan
(148) |
Feb
(88) |
Mar
(85) |
Apr
(151) |
May
(80) |
Jun
(110) |
Jul
(85) |
Aug
(43) |
Sep
(64) |
Oct
(89) |
Nov
(59) |
Dec
(42) |
| 2003 |
Jan
(129) |
Feb
(104) |
Mar
(162) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Graham B. <gb...@po...> - 2002-03-20 16:12:48
|
----- Forwarded message from CZa...@wi... -----
Date: Wed, 20 Mar 2002 10:55:04 -0500
To: gb...@po...
From: CZa...@wi...
Subject: Net::LDAP "CN"
Hello, I would like to know how can I get the value of the common name "cn"
from this statment " foreach $entry ($mesg->entries) { $entry->dump; }"
I tried changing "$entry->dump" to "$entry->cn", but that appears to be
unacceptable.
----- End forwarded message -----
|
|
From: Chris R. <chr...@me...> - 2002-03-20 16:00:35
|
Michael Wille <mw...@do...> wrote: > It returned the full dn: > > cn=mwille, ou=MIS, ou=SOUTHFIELD, o=WBDONER, c=US > > Once I added the full dn to the named bind request, the bind was > successful! I guess you have to have every element, which is > unfortunate. If we are using the bind for authentication in web apps, we Well, that's the way LDAP simple binds work.. :-) > really only know by default the cn, o=WBDONER, and c=US. Does anyone > know if there is any other way to find this info or not use it in the > bind? For performance reasons, doing a search before the authentication > is not desireable, nor is asking the user which office and department > they are from. You *have* to do a search if you're going to be using simple binds. The search base would presumably be "o=WBDONER,c=US", and you will need equality indexes on cn of course. If you're not doing simple binds, you might be able to do something with SASL. I'm not too sure about this, but IIRC you bind with an authentication ID and not a DN. Cheers, Chris |
|
From: Michael W. <mw...@do...> - 2002-03-20 15:31:51
|
It returned the full dn: =20 cn=3Dmwille, ou=3DMIS, ou=3DSOUTHFIELD, o=3DWBDONER, c=3DUS Once I added the full dn to the named bind request, the bind was successful= ! I guess you have to have every element, which is unfortunate. If we = are using the bind for authentication in web apps, we really only know by = default the cn, o=3DWBDONER, and c=3DUS. Does anyone know if there is any = other way to find this info or not use it in the bind? For performance = reasons, doing a search before the authentication is not desireable, nor = is asking the user which office and department they are from. =20 Thanks a bunch! - Mike >>> Chris Ridd <chr...@me...> 03/20/02 08:26AM >>> What does $entry->dn() return? Cheers, Chris |
|
From: Chris R. <chr...@me...> - 2002-03-20 13:26:09
|
Michael Wille <mw...@do...> wrote:
> Hello all,
>
> I am having a problem with named binds against a Novell server running
> NDS 8. The response I receive is code 32 and "NDS error: no such entry
> (-601)". The strange thing is I can do an anonymous bind and search on
> that username. Has anyone had any experience with this?
>
> Thanks for any pointers!
>
> - Mike Wille
>
>
> Here is the test script I am using:
>
> use Net::LDAP;
>
> $LDAPAddress = "172.16.1.21";
>
> #####################################################
> # Try an anonymous bind and search
>
> $ldap = Net::LDAP->new($LDAPAddress) or die("Unable to connect to LDAP
> server<br>Reason: $@"); $ldap->bind (version => 3) or die "Couldn't bind
> $@";
>
> $mesg = $ldap->search(
> filter => "(cn=mwille)",
> attrs => ['uid','fullName','title','telephoneNumber']
> );
>
> if($mesg->code()) {
> print "Search returned, errorcode #".$mesg->code()."\n";
> print "Message: ".$mesg->error."\n";
> }
> print "Search Results: \n";
> for(my $i = 0; $i < $mesg->count; $i++) {
> my $entry = $mesg->entry($i);
What does $entry->dn() return?
Cheers,
Chris
|
|
From: Michael W. <mw...@do...> - 2002-03-19 21:45:08
|
Hello all,
I am having a problem with named binds against a Novell server running NDS =
8. The response I receive is code 32 and "NDS error: no such entry =
(-601)". The strange thing is I can do an anonymous bind and search on =
that username. Has anyone had any experience with this?
Thanks for any pointers!
- Mike Wille
Here is the test script I am using:
use Net::LDAP;
$LDAPAddress =3D "172.16.1.21";
#####################################################
# Try an anonymous bind and search
$ldap =3D Net::LDAP->new($LDAPAddress) or die("Unable to connect to LDAP =
server<br>Reason: $@");
$ldap->bind (version =3D> 3) or die "Couldn't bind $@";
$mesg =3D $ldap->search(
filter =3D> "(cn=3Dmwille)",
attrs =3D> ['uid','fullName','title','telephoneNumber']
);
if($mesg->code()) {
print "Search returned, errorcode #".$mesg->code()."\n";
print "Message: ".$mesg->error."\n";
}
print "Search Results: \n";
for(my $i =3D 0; $i < $mesg->count; $i++) {
my $entry =3D $mesg->entry($i);
foreach my $attr ($entry->attributes) {
$User{$attr} =3D $entry->get_value($attr);
print "$attr: ".$entry->get_value($attr)."\n";
}
}
$ldap->unbind;
#######################################################
# Try a Named bind...
undef $ldap;
print "\nPerforming Bind\n";
$ldap =3D Net::LDAP->new($LDAPAddress, version =3D> 3) or die "$@";
#$ldap->start_tls(verify =3D> 'none', sslversion =3D> 'tlsv1') or die =
"$@";
# all of these below come up with the same results...
#$mesg =3D $ldap->bind (dn =3D> "cn=3Dmwille, o=3Dxxx, c=3Dus", password =
=3D> "password");
#$mesg =3D $ldap->bind (dn =3D> "cn=3Dmwille, o=3Dxxx", password =3D> =
"password");
$mesg =3D $ldap->bind (dn =3D> "cn=3Dmwille", password=3D>"password");
if($mesg->code()) {
print "Return Code: ".$mesg->code()."\n";
print "Error: ".$mesg->error."\n";
}
print "\n**** Done ****\n";
$ldap->unbind();
|
|
From: °í¿µÅà <ni...@ne...> - 2002-03-18 13:47:25
|
<HTML>
<HEAD>
<META content="text/html; charset=ks_c_5601-1987" http-equiv=Content-Type>
<STYLE> p, font, span { line-height:120%; margin-top:0; margin-bottom:0; }</STYLE>
</HEAD><BODY>
<P>전 조성운(011-441-4354)이라고 합니다.. 실명을 밝히고 연락처까지 남기는 것은 <BR>그만큼 사실이고 합법이기 때문입니다..
단, 호기심이나 미성년자는 절대 연락하지 마세요.. </P>
<P>제가 말씀 드리는 이 일을 시작한지는 1주일 정도 되었습니다.. </P>
<P>단지, 전화상담(하루에 3~4통)만으로 3개월이내에 월500만원을 벌 수 있습니다.. </P>
<P>우연히 이와 같은 멜을 받았고, 지금의 제 스폰서에게 연락을 하고 만났습니다.. </P>
<P>모두가 돈을 잘버니 즐겁게 일을 하더군요.. </P>
<P>제 스폰서의 통장을 확인했습니다.. </P>
<P>시작한지 2주밖에 안되었는데, 76만원이 통장에 들어와 있더군요.. </P>
<P>그런데, 그 분의 윗스폰서통장을 보니 더욱 놀랄 수 밖에 없었습니다.. </P>
<P>한달동안에 1000만원이 넘는 돈이 매일 나뉘어서 들어 와 있었거든요.. </P>
<P>(통장확인하고 싶은 분은 연락주시면 인터넷주소 가르쳐 드립니다..) </P>
<P>3월부터는 월3000만원씩 번다니 전 입을 다물수가 없었습니다.. </P>
<P>아래 내용은 제 스폰서가 저에게 보낸 멜입니다.. </P>
<P> </P>
<P>------------------------------------------------------------
-------------------- </P>
<P><BR>안녕하세요? NV21팀의 이 OO입니다.. </P>
<P>NV21팀은 네트웤마케팅을 온라인으로 이끌어 가는 팀입니다.. </P>
<P>회원으로 가입하시면 온라인 홍보를 대신 해 드리고, <BR>님에게 오는 전화문의만 잘 받으시면 됩니다.. </P>
<P>겨우 하루에 3~4통의 문의만 잘 받으시면 되며, 첫달에 못해도 100만원이상의 <BR>수입을 올리실수 있습니다.. 두번째달부터는 전달
수입의 두배씩 생각하시면 됩니다.. </P>
<P>100%합법적인 일이며, 처음에 55만원어치의 핸드폰선불카드만 구입해서 쓰시면 됩니다.. </P>
<P>카드할부로 하실 경우, 한달에 겨우 4만원정도의 투자가 되는 셈입니다.. </P>
<P>정말 저도 한지는 얼마 안되었지만, 하루 종일 제가 하고 싶은 일하고 <BR>하루에 겨우 전화 3~4통 받으면서 첫달부터 160만원의
수입을 얻었습니다..다음달은 <BR>약 300만원이상이 될 것 같네요.. </P>
<P>-------시스템을 요약해서 설명 드리면--------- </P>
<P>1. 회원가입하시면, 온라인홍보를 2주일동안 님의 이름으로 해 드립니다.. </P>
<P>2. 홍보가 시작되면, 하루에 3~4통의 연락이 올 것입니다.. </P>
<P>3. 그럼, 간단히 돈버는 시스템에 대해 설명해 주고 미팅약속 장소와 시간을 정합니다.. </P>
<P>4. 그다음 NV21팀에게 연락주시면 NV21팀원들이 대신 미팅을 하고 님 밑으로 가입을 시켜드 </P>
<P>립니다.. </P>
<P>5. 수입은 수당조건성립일로부터 5일뒤 매일 지급합니다.. </P>
<P> </P>
<P>호기심이나 20세 미만은 절대 전화하지 마시고요.. </P>
<P>정말로 돈벌고 싶은 분만 연락주세요.. </P>
<P><BR>----------------------------------------------------------------
---------------- </P>
<P>윗 글을 읽고 </P>
<P>처음엔 믿지 않았지만, 저 역시 그대로 따라하고 있고, 다음주면 시작한지 2주만에 약 60만원 </P>
<P>이 들어옵니다.. 수당은 실적이 일어난 날로부터 5일뒤 매일 지급합니다.. </P>
<P>정말로 이 일에 대해 제대로 알아보고 돈을 벌고 싶은 분은 연락주세요.. </P>
<P>지금까지 본 마케팅에서 가장 성장하기 좋은 시스템이라고 생각합니다 </P>
<P>참고로 저의회사 사장님은 가수 윤수일 씨입니다 </P>
<P>12주성공프로그램을 통해 3개월 만에 일반 직장인 월급의 </P>
<P>3~5배를 벌 수 있다면 믿으시겠습니까? </P>
<P>거짓말이라고 생각하시는 분이 있겠지만, 극히 사실입니다.. </P>
<P>현재 NV21을 통해 사업하시는 회원중 80%이상이 12주성공프로그램의 <BR>목표이상을 달성하고 있습니다. </P>
<P>선불카드네트웤회사인 NTI의 온라인사업팀인 NV21은 일반 상식으로는 믿기 어려운 </P>
<P>기적을 이루어 내고 있습니다.. </P>
<P>자세한 아이템이나 가입방법에 대해 알고 싶은 분은 홈페이지바로가기를 클릭해 주 </P>
<P>세요. </P>
<P>또한, 상담을 원하는 분은 저에게 바로 연락주시거나 홈페이지의 상담예약 코너를 </P>
<P>이용해 주세요.. </P>
<P>추천인 조성운(011-441-4354) </P>
<P> </P>
<P>더좋은 정보를 알고 싶으시면 011-441-4354 조성운 저한테 연락주시고요 </P>
<P><A href="http://nti21.biz">http://nti21.biz</A> 홈페이지를 방문해보세요 </P>
<P>그리고 전혀관심이 없는 분에게 이글이 전달되었으면 죄송합니다 </P>
<P>그런데 돈을벌고 생활이 윤택해질수있는 정보라 누구나 도움이 되리라 생각합니다 <BR><center><a href='http://itnsoft.com/~mailtouch/user/touch.cgi?cmd=refuse_view&usercode=jmknhqnv-hrqoqt-Hhmmm&group=6&name=&mail=per...@ma...'><img src='http://itnsoft.com/~mailtouch/user/mail-refuse.gif' border=0)></center></P>
</BODY>
</HTML>
|
|
From: Todd P. <tc...@mt...> - 2002-03-14 14:39:37
|
Craig,
If you know the DN you can do a base level search with a filter of
objectclass=* (iPlanet/OpenLDAP) to retrieve everything in just that
entry. If you only want certain attributes you can specify those in an
array. For example:
$mesg = $ldap->search(base => $dn, scope => "base",
filter => "objectclass=*", @attrs);
Hope that helps.
--
Regards,
------------------------------------------------------------
| Todd Piket | Email: tc...@mt... |
| Programmer/Analyst | Phone: (906) 487-1720 |
| Distributed Computing Services | |
| Michigan Technological University | |
------------------------------------------------------------
Craig Robinson wrote:
>
> Experts,
>
> Maybe a simple question, but I have no idea how to do it!
>
> Normally, when I do searches I specify a filter to seach for [eg. $filter=(uid=*);] and some attributes [eg. @attrs=qw(mail);]. However, I cannot use the DN as a filter [eg. $filter=(dn=cn=Craig Robinson);].
>
> If you know the DN, does anyone know how to return a single (or a number of) attributes for that DN only?
>
> Much Thanks!
>
> Craig Robinson
> Environmental Protection Agency
> Tel: (07) 3006 4629 Fax: (07) 3247 6534
> Email: cra...@en...
>
> Visit us at: http://www.env.qld.gov.au
>
|
|
From: Chris R. <chr...@me...> - 2002-03-14 10:32:13
|
Craig Robinson <cra...@en...> wrote: > Experts, > > Maybe a simple question, but I have no idea how to do it! > > Normally, when I do searches I specify a filter to seach for [eg. > $filter=(uid=*);] and some attributes [eg. @attrs=qw(mail);]. However, I > cannot use the DN as a filter [eg. $filter=(dn=cn=Craig Robinson);]. Since the DN isn't an attribute of the entry (according to the standards), you can't search for it like that. What you *might* be able to do (depending on your server) is to do an extensible match. See this excerpt from RFC 2254: ----- The following examples illustrate the use of extensible matching. (cn:1.2.3.4.5:=Fred Flintstone) (sn:dn:2.4.6.8.10:=Barney Rubble) (o:dn:=Ace Industry) (:dn:2.4.6.8.10:=Dino) The second example illustrates the use of the ":dn" notation to indicate that matching rule "2.4.6.8.10" should be used when making comparisons, and that the attributes of an entry's distinguished name should be considered part of the entry when evaluating the match. The third example denotes an equality match, except that DN components should be considered part of the entry when doing the match. The fourth example is a filter that should be applied to any attribute supporting the matching rule given (since the attr has been left off). Attributes supporting the matching rule contained in the DN should also be considered. ----- Given your next question, I'm unsure if this is what you really want to do... > If you know the DN, does anyone know how to return a single (or a number > of) attributes for that DN only? What you want is a 'read' operation. Unfortunately LDAP doesn't have a read operation, so you have to simulate it with a search. Do a base object search with the base set to that DN, and list the attributes you want in attrs. Use a filter that "must" succeed on the entry, like (objectclass=*), ie check for presence of objectclass: $ldap->search(base => "cn=That Entry,o=My Company,c=WW", scope => "base", filter => "(objectclass=*)", attrs => [qw(cn sn mail)]); Cheers, Chris |
|
From: Craig R. <cra...@en...> - 2002-03-14 04:55:07
|
Experts, Maybe a simple question, but I have no idea how to do it! Normally, when I do searches I specify a filter to seach for [eg. $filter=3D= (uid=3D*);] and some attributes [eg. @attrs=3Dqw(mail);]. However, I canno= t use the DN as a filter [eg. $filter=3D(dn=3Dcn=3DCraig Robinson);]. If you know the DN, does anyone know how to return a single (or a number of= ) attributes for that DN only? = Much Thanks! Craig Robinson Environmental Protection Agency Tel: (07) 3006 4629 Fax: (07) 3247 6534 Email: cra...@en... Visit us at: http://www.env.qld.gov.au |
|
From: <Sri...@i2...> - 2002-03-13 16:41:09
|
Hi,
I am new to perl-ldap and trying to use it to connect to a iplanet
5.1 directory server. The following code hangs at the bind stage:
use Net::LDAP;
$ldap = Net::LDAP->new('myhost',port => 389)
or die "Can't bind to ldap: $!\n";
$ldap->bind(version => 3);
I can connect to the directory using Java (JNDI). I have Net::LDAP and
Convert::ASN installed as specified. Can somebody tell me what could be
wrong? I am working off a NT 4.0 laptop.
Any help is appreciated.
Thanks!
-Prabhu
|
|
From: TOBO D. <Den...@ju...> - 2002-03-12 12:44:29
|
Hi, I would like to obtain the list of the members of a list LDAP (LDAP = Object groupofNames). How may I make? Thank you in advance. Denis TOBO Bureau ATI Minist=E8re de la Justice Tel : 01.44.77.77.70 Fax : 01.44.77.76.95 EMail: Den...@ju... |
|
From: Chris R. <chr...@me...> - 2002-03-11 13:44:25
|
Graham Barr <gb...@po...> wrote: > ----- Forwarded message from Michael Donnelly <don...@ld...> ----- > > Date: Sat, 09 Mar 2002 08:42:16 -0800 > To: gb...@po... > From: Michael Donnelly <don...@ld...> > Subject: Net::LDAP > > Thanks for writing Net::LDAP. I've really enjoyed programming with your > modules. > > Reading the man pages, I don't see any way to perform a connection to a > local domain socket, i.e. ldapi:/// Isn't that some OpenLDAP-specific thing? Is it described by any RFCs? > Do you plan to include support for this in the future? It wouldn't be too hard as the connection code is abstracted out. Look at the LDAPS.pm module for an example. Cheers, Chris |
|
From: Graham B. <gb...@po...> - 2002-03-11 13:14:57
|
----- Forwarded message from Michael Donnelly <don...@ld...> ----- Date: Sat, 09 Mar 2002 08:42:16 -0800 To: gb...@po... From: Michael Donnelly <don...@ld...> Subject: Net::LDAP Thanks for writing Net::LDAP. I've really enjoyed programming with your modules. Reading the man pages, I don't see any way to perform a connection to a local domain socket, i.e. ldapi:/// Do you plan to include support for this in the future? ----- End forwarded message ----- |
|
From: Chris R. <chr...@me...> - 2002-03-07 08:38:41
|
Norbert Klasen <nor...@da...> wrote: >=20 >=20 > --On Mittwoch, 6. M=E4rz 2002 15:55 +0000 Chris Ridd > <chr...@me...> wrote: >=20 >> The "file not found" error might be referring to your certificate - it >> may be in the wrong format or something. >>=20 >> Try commenting out the two lines: >>=20 >> verify =3D> 'require', >> certpath =3D> '/home/sean/mycert.cer', >=20 > IIRC Net_SSLeay (as OpenSSL) expects certificates to be in PEM (ascii) > format and DER (binary). Convert with openssl x509 -inform der -in > mycert.cer -out mycert.pem That's correct. There's a note about the required format in the Net::LDAPS manpage, and assuming that the extract from Microsoft's certificate store saved the cert in DER format, that's a good way to convert the cert for OpenSSL's use. There probably should be a HOWTO somewhere describing how to get certs and keys out of various systems (eg MS, Netscape) and into OpenSSL, as this always causes problems for people. This document wouldn't be specific to LDAPS of course.=20 Cheers, Chris |
|
From: Norbert K. <nor...@da...> - 2002-03-06 23:50:45
|
--On Mittwoch, 6. M=E4rz 2002 15:55 +0000 Chris Ridd=20
<chr...@me...> wrote:
> The "file not found" error might be referring to your certificate - it =
may
> be in the wrong format or something.
>
> Try commenting out the two lines:
>
> verify =3D> 'require',
> certpath =3D> '/home/sean/mycert.cer',
IIRC Net_SSLeay (as OpenSSL) expects certificates to be in PEM (ascii)=20
format and DER (binary). Convert with
openssl x509 -inform der -in mycert.cer -out mycert.pem
To fix up passwords for ADs UnicodePwd attribute syntax, you'll need=20
something like:
use Unicode::String qw(latin1 utf16);
sub MakeUnicodePwd($)
{
my $u =3D latin1("\"".$_[0]."\"");
$u->byteswap();
return $u->ucs2;
}
--=20
Norbert Klasen, Dipl.-Inform.
DAASI International GmbH phone: +49 7071 29 70336
Wilhelmstr. 106 fax: +49 7071 29 5114
72074 T=FCbingen email: nor...@da...
Germany web: http://www.daasi.de
|
|
From: Chris R. <chr...@me...> - 2002-03-06 16:00:00
|
Graham Barr <gb...@po...> wrote: > > The error: failed to add entry: Type or value exists at b.pl line 27 > > I checked my directory server and there is no such value. The code is > attached. <<b.pl>> [...] > my $result = $ldap->add ( > dn => 'cn=mark Jensens,o=infores.com', > attr => [ 'cn' => ['mark Jensens', 'mark Jensens'], You're trying to add the same value twice to one attribute, which is illegal. The information model that LDAP directories use require that all values of a given attribute are different (*), and your server is spotting that 'mark Jensens' is the same as 'mark Jensens'. (* where "different" is roughly defined as "do not compare equal using the equality matching rule defined in the schema") Remove one of the 'mark Jensens' values. Cheers, Chris |
|
From: Chris R. <chr...@me...> - 2002-03-06 15:55:41
|
Sean Eckton <Sea...@by...> wrote:
> First, let me say I'm not a very good perl programmer so my code may
> look like a hack, but I have a project that I'm working on that I can't
> quite figure out. I'm trying to make a web page where people can set
> their Active Directory password. I am using a Linux box to run my perl
> script on. I've tried using Net::LDAPS but every time it gets to that
> line in the script (the one where I do $ldaps = new Net::LDAPS etc), it
> says file not found. This doesn't make any sense to me because LDAPS.pm
> is in the same place as LDAP.pm and it works fine. Here is the code
> I've been trying:
>
> #!/usr/bin/perl -w
> local $^W = 0;
> no strict;
> require Net::SSLeay;
> Net::SSLeay::randomize('/dev/urandom');
> require Net::LDAPS;
>
> $ldap = new Net::LDAPS('ldapserver',
> verify => 'require',
> certpath => '/home/sean/mycert.cer',
> port => 636) or die $!;
>
> The only thing I can find is that LDAP.pm is in two places:
>
> /usr/lib/perl5/site_perl/5.005/Net/LDAP.pm
> /usr/lib/perl5/site_perl/5.005/Bundle/Net/LDAP.pm
>
> While LDAPS.pm is only in one:
>
> /usr/lib/perl5/site_perl/5.005/Net/LDAPS.pm
>
> I doubt this is the problem, though, because if I change it from
> Net::LDAPS to Net::LDPS (just to see) it gives me a different error.
> Also, I exported the certificate from the Win2K server and I'm pointed
> to it in the code above. Is that the right thing to do? Do I need to
> do that at all?
>
> I've used Net::LDAP quite a bit, but never Net::LDAPS. Can anyone help
> me?
>
> Sean Eckton
> Brigham Young University
>
>
>
The stuff from 'local $^W = 0;' to 'require Net::LDAPS;' is only needed to
avoid some annoying bugs in old versions of Net::SSLeay. Nowadays, you
should just be able to say 'use Net::LDAPS;'. In fact, your 'local $^W =
0;' line is turning off warnings in the entire script, which probably isn't
helpful.
The "file not found" error might be referring to your certificate - it may
be in the wrong format or something.
Try commenting out the two lines:
verify => 'require',
certpath => '/home/sean/mycert.cer',
and see if that makes a difference. It will mean that the connection won't
be as secure (because you're not verifying the server you're talking to)
but it'll give us more clues about what's failing.
What's the exact error message that gets reported?
Cheers,
Chris
|
|
From: Graham B. <gb...@po...> - 2002-03-06 15:26:32
|
----- Forwarded message from "Harum, Bradford" <Bra...@in...> ----- Date: Wed, 6 Mar 2002 09:24:37 -0600 To: <gb...@po...> From: "Harum, Bradford" <Bra...@in...> Subject: question about NET::LDAP HI, I recently tried using the NET::LDAP package to add a new user to my Directory server, I keep getting a error that I don't understand and I was woundering if you could tell me what I am doing wrong.. Any help here would be greatly apprieciated. I attached the source code I am using and a copy of the error I get. The error: failed to add entry: Type or value exists at b.pl line 27 I checked my directory server and there is no such value. The code is attached. <<b.pl>> Thank you. Brad Harum Content-Description: b.pl use Net::LDAP; use strict; # base: o=infores.com my $base = 'o=infores.com'; my $host = 'bradspcb'; my $port = 389; my $ldap = Net::LDAP->new($host, port => $port); #$ldap->bind; # anonymous bind $ldap->bind( "cn=Directory Manager", password => "password"); my $result = $ldap->add ( dn => 'cn=mark Jensens,o=infores.com', attr => [ 'cn' => ['mark Jensens', 'mark Jensens'], 'sn' => 'Jensens', 'mail' => 'm.j...@no...', 'objectclass' => ['top', 'person', 'organizationalPerson', 'inetOrgPerson' ], ] ); $result->code && warn "failed to add entry: ", $result->error ; $ldap->unbind; ----- End forwarded message ----- |
|
From: Sean E. <Sea...@by...> - 2002-03-06 15:14:23
|
First, let me say I'm not a very good perl programmer so my code may
look like a hack, but I have a project that I'm working on that I can't
quite figure out. I'm trying to make a web page where people can set
their Active Directory password. I am using a Linux box to run my perl
script on. I've tried using Net::LDAPS but every time it gets to that
line in the script (the one where I do $ldaps =3D new Net::LDAPS etc), =
it
says file not found. This doesn't make any sense to me because LDAPS.pm
is in the same place as LDAP.pm and it works fine. Here is the code
I've been trying:
=20
#!/usr/bin/perl -w
local $^W =3D 0;
no strict;
require Net::SSLeay;
Net::SSLeay::randomize('/dev/urandom');
require Net::LDAPS;
=20
$ldap =3D new Net::LDAPS('ldapserver',
verify =3D> 'require',
certpath =3D> '/home/sean/mycert.cer',
port =3D> 636) or die $!;
=20
The only thing I can find is that LDAP.pm is in two places: =20
=20
/usr/lib/perl5/site_perl/5.005/Net/LDAP.pm
/usr/lib/perl5/site_perl/5.005/Bundle/Net/LDAP.pm
While LDAPS.pm is only in one:
=20
/usr/lib/perl5/site_perl/5.005/Net/LDAPS.pm
I doubt this is the problem, though, because if I change it from
Net::LDAPS to Net::LDPS (just to see) it gives me a different error.
Also, I exported the certificate from the Win2K server and I'm pointed
to it in the code above. Is that the right thing to do? Do I need to
do that at all?
=20
I've used Net::LDAP quite a bit, but never Net::LDAPS. Can anyone help
me?
=20
Sean Eckton
Brigham Young University
=20
=20
=20
|
|
From: Chris R. <chr...@me...> - 2002-03-05 17:44:30
|
Armin Fuerst <ar...@co...> wrote: > $ldapresults=$ldapconnection->add ($dn,attr=>['objectClass'=>['top', > 'person', > 'ciscoocUser', > 'dcdPerson', > 'organizationalPerson', > 'inetOrgPerson']]); You haven't specified any other attributes in the entry, so the server should have rejected the add operation. The entry has an RDN of cn=BBBB, so you *must* at least have a cn attribute, which you haven't specified. (The server does not infer it from the RDN.) The person object class requires that you specify the sn attribute, and I'm not sure what ciscoocUser and dcdPerson require; are there any content rules which permit the absence of these mandatory attributes? Cheers, Chris |
|
From: David K. <dk...@li...> - 2002-03-05 17:08:18
|
Dear Colleagues -- I am new to Perl-Ldap and to this list. I have just
installed Perl-Ldap-0.25 and have already run headlong into a brick wall.
I've paged through this list's archive without finding any subject line
that even vaguely suggests my situation, but please forgive me if I've
missed something obvious and this matter has already been discussed. I
shall first describe my problem, then I'll describe what I tried that
failed to solve the problem, then I'll describe my system and installed
prerequisites, so you'll know where I'm coming from.
I'm building a proxy server using Apache built with mod_perl and mod_ssl,
and I need to do secure (viz. SSL) LDAP searches against our campus LDAP
server for authentication/authorization processing. I am currently trying
to use Net::LDAPS because I have been unable to get a secure connection to
our LDAP server using Net::LDAP and the start_tls() method. (I hope you're
still willing to talk to me!) I have been very successful in making a secure
connection and running searches with this syntax:
use Net::LDAPS;
my $ldap = new Net::LDAPS($directoryURL, port => "636") or die "$@";
but only from a simple perl script. When I try to add the LDAPS stuff to
my Apache authentication module, everything falls apart:
[Mon Mar 4 09:51:59 2002] [error] Bareword "gensym" not allowed while "strict subs" in use
at /usr/local/perl-5.6/lib/5.6.0/i386-linux/IO/Handle.pm line 286.
BEGIN not safe after errors--compilation aborted at /usr/local/perl-5.6/lib/5.6.0/i386-linux/IO/Handle.pm
line 573.
Compilation failed in require at /usr/local/perl-5.6/lib/5.6.0/i386-linux/IO/Socket.pm line 11.
BEGIN failed--compilation aborted at /usr/local/perl-5.6/lib/5.6.0/i386-linux/IO/Socket.pm line 11.
Compilation failed in require at /usr/local/perl-5.6/lib/site_perl/5.6.0/Net/LDAP.pm line 8.
BEGIN failed--compilation aborted at /usr/local/perl-5.6/lib/site_perl/5.6.0/Net/LDAP.pm line 8.
Compilation failed in require at /usr/local/perl-5.6/lib/site_perl/5.6.0/Net/LDAPS.pm line 11.
BEGIN failed--compilation aborted at /usr/local/perl-5.6/lib/site_perl/5.6.0/Net/LDAPS.pm line 11.
Compilation failed in require at /usr/local/apache.test/http-calnet/lib/Apache/AccessMan.pm line 30.
BEGIN failed--compilation aborted at /usr/local/apache.test/http-calnet/lib/Apache/AccessMan.pm line 30.
Compilation failed in require at (eval 11) line 3.
Examining the IO::Handle module, I see that this refers to its new()
constructor method:
sub new {
my $class = ref($_[0]) || $_[0] || "IO::Handle";
@_ == 1 or croak "usage: new $class";
my $io = gensym;
bless $io, $class;
}
where the pragmas "use Symbol" and "use strict" have already been issued.
Well, "gensym" is a function in the Symbol package (part of the standard Perl library)
which is supposed to return a reference to an anonymous glob. For some reason in
this context, the token "gensym" is being considered a "bareword".
So I tried to rectify this flop by adding a "no strict subs" to this function:
sub new {
no strict subs;
my $class = ref($_[0]) || $_[0] || "IO::Handle";
@_ == 1 or croak "usage: new $class";
my $io = gensym;
bless $io, $class;
}
Now, however, my module crashes with this error:
[Mon Mar 4 11:11:22 2002] [error] Can't bless non-reference value at /usr/local/perl-5.6/lib/5.6.
0/i386-linux/IO/Handle.pm line 288.
So I took out the "no strict subs" and put parentheses after "gensym":
sub new {
my $class = ref($_[0]) || $_[0] || "IO::Handle";
@_ == 1 or croak "usage: new $class";
my $io = gensym();
bless $io, $class;
}
Now, however, my module crashes with this error:
[Mon Mar 4 11:32:26 2002] [error] Undefined subroutine &IO::Handle::gensym called at /usr/local/p
erl-5.6/lib/5.6.0/i386-linux/IO/Handle.pm line 286.
So I tried to qualify the path to the gensym function:
sub new {
my $class = ref($_[0]) || $_[0] || "IO::Handle";
@_ == 1 or croak "usage: new $class";
my $io = Symbol::gensym();
bless $io, $class;
}
Now, however, my module crashes with this error:
[Mon Mar 4 11:38:00 2002] [error] Undefined subroutine &Symbol::gensym called at /usr/local/perl-
5.6/lib/5.6.0/i386-linux/IO/Handle.pm line 286.
This message is generated, even if I write the pragma "use Symbol" right in the
new() constructor method itself.
Can anyone help me get this to work? Is tweeking IO::Handle the way
to go? Help!!! Here is what my system looks like:
My OS is linux 2.2.16-3 (from "uname -a")
perl 5.6.0
apache 1.3.17
mod_perl 1.25
mod_ssl 2.8.0
OpenSSL 0.9.6
Convert-ASN1-0.15
IO-Socket-SSL-0.80
Net_SSLeay.pm-1.06
Perl-Ldap-0.25
glibc-2.1.3-19
glibc-devel-2.1.3-19
gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2 release)
GNU make 3.77
Thanks in advance, and sorry for the length of this message.
David Kalins, Programmer/Analyst III
Library Systems Office
Univeristy of California, Berkeley
|
|
From: Armin F. <ar...@co...> - 2002-03-05 15:37:45
|
hi again, > make sure that you $dn doesn't contain any symbols like =F6=E4=FC=D6=DC= =C4=DF > This will oftne cause trouble if you try to delete the entry. it doesn't. $dn=3D cn=3DBBBB,ou=3DPersonalAddressBook,ou=3Darmin_info,ou=3Duser_info,ou=3DCCN,= o=3Dcisco.com btw: with the correct objectclasses the mandatory fields are "cn" and "sn", but the2 object i created without any objectclass and i assume that this is the problem. any ideas of how i can get rid of objects without objectclasses (-> is an object without an object class valid in ldap?) kind regards, armin |
|
From: Armin F. <ar...@co...> - 2002-03-05 15:11:54
|
On Tue, 5 Mar 2002, Jim Harle wrote: > Here are a few things to try. > > Make sure that you print the full dn ($dn) and that it is what you think. i am sure to use the correct (and fully specified) dn. > Use a generic tool like ldapsearch to display the contents of that dn and > and also the contents of something created by the vendor's tool that you > think should be very similar. It is possible that their tool expects a > certain objectclass or attribute to be present that you aren't supplying. ldapsearch brings: # # filter: (objectclass=*) # requesting: ALL # # PersonalAddressBook, armin_info, user_info, CCN, cisco.com dn: ou=PersonalAddressBook,ou=armin_info,ou=user_info,ou=CCN,o=cisco.com objectClass: organizationalUnit objectClass: top ou: PersonalAddressBook # search result search: 2 result: 0 Success text: Success # numResponses: 2 # numEntries: 1 when i try to delete it with ldapdelete the specific object: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "cn=BBBB,ou=PersonalAddressBook,ou=armin_info,ou=user_info,ou=CCN,o=cisco.com" ldap_init( x.x.x.x, y ) deleting entry "cn=BBBB,ou=PersonalAddressBook,ou=armin_info,ou=user_info,ou=CCN,o=cisco.com" deleting children of: cn=BBBB,ou=PersonalAddressBook,ou=armin_info,ou=user_info,ou=CCN,o=cisco.com ldap_search: No such object matched DN: "ou=PersonalAddressBook,ou=armin_info,ou=user_info,ou=CCN,o=cisco.com" additional info: No such object Delete Result: No such object (32) Additional info: No such object Matched DN: ou=PersonalAddressBook,ou=armin_info,ou=user_info,ou=CCN,o=cisco.com when i try to delete the whole tree: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "ou=PersonalAddressBook,ou=armin_info,ou=user_info,ou=CCN,o=cisco.com" ldap_init( x.x.x.x, y ) deleting entry "ou=PersonalAddressBook,ou=armin_info,ou=user_info,ou=CCN,o=cisco.com" deleting children of: ou=PersonalAddressBook,ou=armin_info,ou=user_info,ou=CCN,o=cisco.com Delete Result: Operation not allowed on nonleaf (66) Additional info: The operation cannot be performed on a non-leaf node > Use Net::LDAP to delete the object with the same dn. Check the status > that comes back to be sure that it worked. It is possible that the dn > that you are dinding with doesn't have sufficient privileges to eithr add > a certain attribute of to deleted objects. this is what i originally did: $BASE1="ou=PersonalAddressBook,ou="; $USER="armin"; $BASE2="_info,ou=user_info,ou=CCN,o=cisco.com"; dn="cn=BBBB,".$BASE1.$USER.$BASE2; $ldapresults=$ldapconnection->add ($dn,attr=>['objectClass'=>['top', 'person', 'ciscoocUser', 'dcdPerson', 'organizationalPerson', 'inetOrgPerson']]); print "x ".$ldapresults->error." x\n"; $ldapresults=$ldapconnection->search (base=>$BASE1.$USER.$BASE2,filter=>'cn=*'); print "x ".$ldapresults->error." x\n"; foreach $entry ($ldapresults->all_entries) { print sprintf("%s",$entry->get("cn"))."\n"; } $ldapresults=$ldapconnection->delete ($dn); print "x ".$ldapresults->error." x\n"; this script returns: x The entry already exists x x Success x x No such object x when i first tried to create an entry, i didn't specify any objectclass. there is no permission problem with the login, with the same login and different utilities, i can modify the ldap-directory without any problem. kind regards, armin fuerst > > --Jim Harle > > On Tue, 5 Mar 2002, Armin Fuerst wrote: > > > > > hi! > > > > i am using the Net::LDAP library to create a little maintenance utility > > for a ldap-server. > > searching and removing was working perfectly, but i now have a problem > > adding new entries. > > the ldap-server used is from data connection limited. > > i created a new entry using (before, i used 'new' and 'bind'): > > > > $ldapresults=$ldapconnection->add ($dn) > > > > and this did something in the database, but i'm not sure exactly what. > > when i try to search this entry, i don't see it (but i see other entries). > > with the directory admin tool that came with the ldap-server, i see the > > entry, but when i try to access it, i receive the error-message, that the > > entry has been deleted. when i try again, the entry appears again and when > > i try to delete it, the directory admin closes without any comment > > (crashes?). > > > > when i try to create the entry again (like above), i get the > > error-message: "The entry already exists", when i try to delete it, i get > > the error-message : "No such object". > > when i try to delete the whole tree in the directory admin, i get the > > error-message: > > Unable to delete the entry "..." (or any of its superiors) because this > > area of the directroy contains links or aliases. > > > > > > can you please tell me: > > * how can i get rid of the entry? > > * what did i do wrong when trying to create the entry? > > > > kind regards, > > > > armin fuerst > > > > > |
|
From: Chris R. <chr...@me...> - 2002-03-05 14:49:06
|
Armin Fuerst <ar...@co...> wrote:
>
> hi!
>
> i am using the Net::LDAP library to create a little maintenance utility
> for a ldap-server.
> searching and removing was working perfectly, but i now have a problem
> adding new entries.
> the ldap-server used is from data connection limited.
> i created a new entry using (before, i used 'new' and 'bind'):
>
> $ldapresults=$ldapconnection->add ($dn)
What type is the $dn variable? If it is just a string representing a DN,
then you've possibly found two bugs:
1) Net::LDAP shouldn't let you add an entry with no attributes
2) your server has added an incomplete and illegal entry
> and this did something in the database, but i'm not sure exactly what.
> when i try to search this entry, i don't see it (but i see other entries).
> with the directory admin tool that came with the ldap-server, i see the
> entry, but when i try to access it, i receive the error-message, that the
> entry has been deleted. when i try again, the entry appears again and when
> i try to delete it, the directory admin closes without any comment
> (crashes?).
>
> when i try to create the entry again (like above), i get the
> error-message: "The entry already exists", when i try to delete it, i get
> the error-message : "No such object".
> when i try to delete the whole tree in the directory admin, i get the
> error-message:
> Unable to delete the entry "..." (or any of its superiors) because this
> area of the directroy contains links or aliases.
>
>
> can you please tell me:
> * how can i get rid of the entry?
Since you don't seem to be able to delete it over protocol, that will
probably depend on what brand of server it is. You might need to dump the
database contents to some text file (eg LDIF), edit the text file, and
reload it.
> * what did i do wrong when trying to create the entry?
Probably, you forgot to specify any attributes in the entry. As far as I
can recall, you can use add() two ways:
1) specifying the whole entry in the arguments:
$ldap->add("cn=My Entry,o=My Company,c=WW",
attr => [
"objectClass" => [qw(top person)],
"cn" => ["My Entry"],
"sn" => ["Entry"],
]);
2) creating a Net::LDAP::Entry object, and adding that object:
$e = new Net::LDAP::Entry;
$e->dn("cn=My Entry,o=My Company,c=WW");
$e->add(
"objectClass" => [qw(top person)],
"cn" => ["My Entry"],
"sn" => ["Entry"],
);
$ldap->add($e);
> kind regards,
>
> armin fuerst
>
>
Cheers,
Chris
|
|
From: Jim H. <ha...@us...> - 2002-03-05 14:24:46
|
Here are a few things to try. Make sure that you print the full dn ($dn) and that it is what you think. Use a generic tool like ldapsearch to display the contents of that dn and and also the contents of something created by the vendor's tool that you think should be very similar. It is possible that their tool expects a certain objectclass or attribute to be present that you aren't supplying. Use Net::LDAP to delete the object with the same dn. Check the status that comes back to be sure that it worked. It is possible that the dn that you are dinding with doesn't have sufficient privileges to eithr add a certain attribute of to deleted objects. --Jim Harle On Tue, 5 Mar 2002, Armin Fuerst wrote: > > hi! > > i am using the Net::LDAP library to create a little maintenance utility > for a ldap-server. > searching and removing was working perfectly, but i now have a problem > adding new entries. > the ldap-server used is from data connection limited. > i created a new entry using (before, i used 'new' and 'bind'): > > $ldapresults=$ldapconnection->add ($dn) > > and this did something in the database, but i'm not sure exactly what. > when i try to search this entry, i don't see it (but i see other entries). > with the directory admin tool that came with the ldap-server, i see the > entry, but when i try to access it, i receive the error-message, that the > entry has been deleted. when i try again, the entry appears again and when > i try to delete it, the directory admin closes without any comment > (crashes?). > > when i try to create the entry again (like above), i get the > error-message: "The entry already exists", when i try to delete it, i get > the error-message : "No such object". > when i try to delete the whole tree in the directory admin, i get the > error-message: > Unable to delete the entry "..." (or any of its superiors) because this > area of the directroy contains links or aliases. > > > can you please tell me: > * how can i get rid of the entry? > * what did i do wrong when trying to create the entry? > > kind regards, > > armin fuerst > > |
7902 messages has been excluded from this view by a project administrator.
