Menu
▾
▴
perl-ldap-dev
You can subscribe to this list here.
| 2000 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(200) |
Jun
(129) |
Jul
(184) |
Aug
(204) |
Sep
(106) |
Oct
(79) |
Nov
(72) |
Dec
(54) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2001 |
Jan
(83) |
Feb
(123) |
Mar
(84) |
Apr
(184) |
May
(106) |
Jun
(111) |
Jul
(104) |
Aug
(91) |
Sep
(59) |
Oct
(99) |
Nov
(100) |
Dec
(37) |
| 2002 |
Jan
(148) |
Feb
(88) |
Mar
(85) |
Apr
(151) |
May
(80) |
Jun
(110) |
Jul
(85) |
Aug
(43) |
Sep
(64) |
Oct
(89) |
Nov
(59) |
Dec
(42) |
| 2003 |
Jan
(129) |
Feb
(104) |
Mar
(162) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Graham B. <gb...@po...> - 2002-01-24 16:27:17
|
On Thu, Jan 24, 2002 at 09:44:57AM -0600, Drew Raines wrote: > Drew Raines <dr...@ph...>: > > > > > WHat version of Convert::ASN1 do you have installed ? > > > > 0.14 > > The package is 0.14, but > > /usr/local/libdata/perl5/site_perl/Convert/ASN1.pm The latest on CPAN and sourceforge is 0.15, so you might want to try that. But I don't think it will change anything. Graham. |
|
From: Drew R. <dre...@ph...> - 2002-01-24 15:44:50
|
Drew Raines <dr...@ph...>: > > > WHat version of Convert::ASN1 do you have installed ? > > 0.14 The package is 0.14, but /usr/local/libdata/perl5/site_perl/Convert/ASN1.pm reveals # $Id: ASN1.pm,v 1.15 2001/09/10 18:03:47 gbarr Exp $ Not sure which you needed to know. -- Drew |
|
From: Drew R. <dr...@ph...> - 2002-01-24 15:36:26
|
Graham Barr <gb...@po...>:
>
> Can you do a debug=15 and send that, it may be a decoding problem.
Net::LDAP=HASH(0x333a4c) sending:
30 1D 02 01 01 77 18 80 16 31 2E 33 2E 36 2E 31 0....w...1.3.6.1
2E 34 2E 31 2E 31 34 36 36 2E 32 30 30 33 37 __ .4.1.1466.20037
0000 29: SEQUENCE {
0002 1: INTEGER = 1
0005 24: [APPLICATION 23] {
0007 22: [CONTEXT 0]
0009 : 31 2E 33 2E 36 2E 31 2E 34 2E 31 2E 31 34 36 36 1.3.6.1.4.1.1466
0019 : 2E 32 30 30 33 37 __ __ __ __ __ __ __ __ __ __ .20037
001F : }
001F : }
Net::LDAP=HASH(0x333a4c) received:
30 0C 02 01 01 78 07 0A 01 00 04 00 04 00 __ __ 0....x........
0000 12: SEQUENCE {
0002 1: INTEGER = 1
0005 7: [APPLICATION 24] {
0007 1: ENUM = 0
000A 0: STRING = ''
000C 0: STRING = ''
000E : }
000E : }
> WHat version of Convert::ASN1 do you have installed ?
0.14
--
Drew
|
|
From: Graham B. <gb...@po...> - 2002-01-24 15:29:14
|
On Thu, Jan 24, 2002 at 09:00:59AM -0600, Drew Raines wrote: > Drew Raines: > > > > > > my $mesg = $ldap->start_tls( verify=>'optional', > > > cafile=>"$cafile" ); > > > error_msg( $mesg->code . "/" . $mesg->error ); > > Graham Barr <gb...@po...>: > > > > I don't see an Operations error here. The received packet has a code > > of 0x00 which is success > > Hmm. I must not have successfully logged the debugging info. > $mesg->code is 1 and $mesg->error is "Operations error" when I run my > application. > > Perhaps the output I showed was just for the creation of the ldap > object? Which works fine, hence the 0 return code. How do I debug the > start_tls problem? Hm, well [APPLICATION 23] is an ExtendedRequest (which is what start_tls is) and [APPLICATION 24] is an ExtendedResponse Can you do a debug=15 and send that, it may be a decoding problem. WHat version of Convert::ASN1 do you have installed ? Graham. |
|
From: Drew R. <dr...@ra...> - 2002-01-24 15:01:04
|
Drew Raines: > > > > my $mesg = $ldap->start_tls( verify=>'optional', > > cafile=>"$cafile" ); > > error_msg( $mesg->code . "/" . $mesg->error ); Graham Barr <gb...@po...>: > > I don't see an Operations error here. The received packet has a code > of 0x00 which is success Hmm. I must not have successfully logged the debugging info. $mesg->code is 1 and $mesg->error is "Operations error" when I run my application. Perhaps the output I showed was just for the creation of the ldap object? Which works fine, hence the 0 return code. How do I debug the start_tls problem? -- Drew |
|
From: Graham B. <gb...@po...> - 2002-01-24 09:24:31
|
On Thu, Jan 24, 2002 at 09:48:27AM +0700, Abu wrote:
> I make litle script to get info from exchange server with option
> debug=4 but still not work debug show :
Can you do a debug=12 so we can see the packets coming back. We only need to
see the last packet recieved as that is where the problem is likely to be.
Graham.
>
> Net::LDAP=HASH(0x80fbb3c) sending:
> 0000 12: SEQUENCE {
> 0002 1: INTEGER = 1
> 0005 7: [APPLICATION 0] {
> 0007 1: INTEGER = 2
> 000A 0: STRING = ''
> 000C 0: [CONTEXT 0]
> 000E : }
> 000E : }
> Net::LDAP=HASH(0x80fbb3c) sending:
> 0000 100: SEQUENCE {
> 0002 1: INTEGER = 2
> 0005 95: [APPLICATION 3] {
> 0007 43: STRING = 'c=ID, p=astra-honda, o=PT Astra Honda Motor'
> 0034 1: ENUM = 2
> 0037 1: ENUM = 2
> 003A 1: INTEGER = 0
> 003D 1: INTEGER = 0
> 0040 1: BOOLEAN = FALSE
> 0043 31: [CONTEXT 0] {
> 0045 2: [CONTEXT 7]
> 0047 : 73 6E __ __ __ __ __ __ __ __ __ __ __ __ __ __ sn
> 0049 25: [CONTEXT 3] {
> 004B 1: STRING = 'o'
> 004E 20: STRING = 'PT Astra Honda Motor'
> 0064 : }
> 0064 : }
> 0064 0: SEQUENCE {
> 0066 : }
> 0066 : }
> 0066 : }
> Net::LDAP=HASH(0x80fbb3c) received:
> Net::LDAP=HASH(0x80fbb3c) received:
> Protocol error at test-ldap.pl line 15.
>
> what is Protocol Error mean, i want get info from exchange server on nt 4 sp4.
> is that exchange bug or ?
> Please Anybody help me.
>
>
>
>
> --
> __
> (oo) Open Solution Provider visit http://www.trabas.com
> / \/ \ GnuPg public information pub 1024/EBD26280
> `V__V' A9A9 8F57 9E9D 14E3 05B4 3EDB C241 A313 EBD2 6280
> Don't relax! It's only your tension that's holding you together.
>
|
|
From: Abu <ab...@tr...> - 2002-01-24 02:45:25
|
I make litle script to get info from exchange server with option
debug=4 but still not work debug show :
Net::LDAP=HASH(0x80fbb3c) sending:
0000 12: SEQUENCE {
0002 1: INTEGER = 1
0005 7: [APPLICATION 0] {
0007 1: INTEGER = 2
000A 0: STRING = ''
000C 0: [CONTEXT 0]
000E : }
000E : }
Net::LDAP=HASH(0x80fbb3c) sending:
0000 100: SEQUENCE {
0002 1: INTEGER = 2
0005 95: [APPLICATION 3] {
0007 43: STRING = 'c=ID, p=astra-honda, o=PT Astra Honda Motor'
0034 1: ENUM = 2
0037 1: ENUM = 2
003A 1: INTEGER = 0
003D 1: INTEGER = 0
0040 1: BOOLEAN = FALSE
0043 31: [CONTEXT 0] {
0045 2: [CONTEXT 7]
0047 : 73 6E __ __ __ __ __ __ __ __ __ __ __ __ __ __ sn
0049 25: [CONTEXT 3] {
004B 1: STRING = 'o'
004E 20: STRING = 'PT Astra Honda Motor'
0064 : }
0064 : }
0064 0: SEQUENCE {
0066 : }
0066 : }
0066 : }
Net::LDAP=HASH(0x80fbb3c) received:
Net::LDAP=HASH(0x80fbb3c) received:
Protocol error at test-ldap.pl line 15.
what is Protocol Error mean, i want get info from exchange server on nt 4 sp4.
is that exchange bug or ?
Please Anybody help me.
--
__
(oo) Open Solution Provider visit http://www.trabas.com
/ \/ \ GnuPg public information pub 1024/EBD26280
`V__V' A9A9 8F57 9E9D 14E3 05B4 3EDB C241 A313 EBD2 6280
Don't relax! It's only your tension that's holding you together.
|
|
From: Abu <ab...@tr...> - 2002-01-24 02:29:36
|
i have little script using Net::LDAP, but when i want get some info
from exchange there are any error (with debug) :
Net::LDAP=HASH(0x80fbb3c) sending:
0000 12: SEQUENCE {
0002 1: INTEGER = 1
0005 7: [APPLICATION 0] {
0007 1: INTEGER = 2
000A 0: STRING = ''
000C 0: [CONTEXT 0]
000E : }
000E : }
Net::LDAP=HASH(0x80fbb3c) sending:
0000 100: SEQUENCE {
0002 1: INTEGER = 2
0005 95: [APPLICATION 3] {
0007 43: STRING = 'c=ID, p=astra-honda, o=PT Astra Honda Motor'
0034 1: ENUM = 2
0037 1: ENUM = 2
003A 1: INTEGER = 0
003D 1: INTEGER = 0
0040 1: BOOLEAN = FALSE
0043 31: [CONTEXT 0] {
0045 2: [CONTEXT 7]
0047 : 73 6E __ __ __ __ __ __ __ __ __ __ __ __ __ __ sn
0049 25: [CONTEXT 3] {
004B 1: STRING = 'o'
004E 20: STRING = 'PT Astra Honda Motor'
0064 : }
0064 : }
0064 0: SEQUENCE {
0066 : }
0066 : }
0066 : }
Net::LDAP=HASH(0x80fbb3c) received:
Net::LDAP=HASH(0x80fbb3c) received:
Protocol error at test-ldap.pl line 15.
what is Protocol error meaning, exchange running from nt 4 sp 4.
somebody please help me.
--
__
(oo) Open Solution Provider visit http://www.trabas.com
/ \/ \ GnuPg public information pub 1024/EBD26280
`V__V' A9A9 8F57 9E9D 14E3 05B4 3EDB C241 A313 EBD2 6280
Don't relax! It's only your tension that's holding you together.
|
|
From: Graham B. <gb...@po...> - 2002-01-23 22:39:51
|
I don't see an Operations error here. The received packet has a code of 0x00 which is success Graham. On Wed, Jan 23, 2002 at 04:16:35PM -0600, Drew Raines wrote: > I have a working script with changes users passwords in an OpenLDAP > 2.0.18 database. Using version 0.25 of perl-ldap. > > However, I get an Operations error when I try to start_tls. Here's the > snippet of code: > > my $ldap = Net::LDAP->new( 'ldap.phg.mc.vanderbilt.edu', version=>3, > debug=>12 ) or error_msg($@); > my $mesg = $ldap->start_tls( verify=>'optional', > cafile=>"$cafile" ); > error_msg( $mesg->code . "/" . $mesg->error ); > $mesg = $ldap->bind( "uid=$username,ou=people,$DN", > password=>$cur_pass) or error_msg($@); > > The $ldap->start_tls is what generates the error. > > I captured the output of the attempt, but don't know what it means. > > root@mays ( ~ )$ cat /tmp/ldappw_tls > Net::LDAP=HASH(0x333a4c) sending: > 0000 29: SEQUENCE { > 0002 1: INTEGER = 1 > 0005 24: [APPLICATION 23] { > 0007 22: [CONTEXT 0] > 0009 : 31 2E 33 2E 36 2E 31 2E 34 2E 31 2E 31 34 36 36 > 1.3.6.1.4.1.1466 > 0019 : 2E 32 30 30 33 37 __ __ __ __ __ __ __ __ __ __ .20037 > 001F : } > 001F : } > Net::LDAP=HASH(0x333a4c) received: > 0000 12: SEQUENCE { > 0002 1: INTEGER = 1 > 0005 7: [APPLICATION 24] { > 0007 1: ENUM = 0 > 000A 0: STRING = '' > 000C 0: STRING = '' > 000E : } > 000E : } > > What's going on? > > -- > Drew > |
|
From: Drew R. <dr...@ph...> - 2002-01-23 22:16:31
|
I have a working script with changes users passwords in an OpenLDAP 2.0.18 database. Using version 0.25 of perl-ldap. However, I get an Operations error when I try to start_tls. Here's the snippet of code: my $ldap = Net::LDAP->new( 'ldap.phg.mc.vanderbilt.edu', version=>3, debug=>12 ) or error_msg($@); my $mesg = $ldap->start_tls( verify=>'optional', cafile=>"$cafile" ); error_msg( $mesg->code . "/" . $mesg->error ); $mesg = $ldap->bind( "uid=$username,ou=people,$DN", password=>$cur_pass) or error_msg($@); The $ldap->start_tls is what generates the error. I captured the output of the attempt, but don't know what it means. root@mays ( ~ )$ cat /tmp/ldappw_tls Net::LDAP=HASH(0x333a4c) sending: 0000 29: SEQUENCE { 0002 1: INTEGER = 1 0005 24: [APPLICATION 23] { 0007 22: [CONTEXT 0] 0009 : 31 2E 33 2E 36 2E 31 2E 34 2E 31 2E 31 34 36 36 1.3.6.1.4.1.1466 0019 : 2E 32 30 30 33 37 __ __ __ __ __ __ __ __ __ __ .20037 001F : } 001F : } Net::LDAP=HASH(0x333a4c) received: 0000 12: SEQUENCE { 0002 1: INTEGER = 1 0005 7: [APPLICATION 24] { 0007 1: ENUM = 0 000A 0: STRING = '' 000C 0: STRING = '' 000E : } 000E : } What's going on? -- Drew |
|
From: Graham B. <gb...@po...> - 2002-01-23 13:22:19
|
Ah, good point. I will put it in.
Thanks,
Graham.
On Tue, Jan 22, 2002 at 09:55:18PM +0100, Peter Marschall wrote:
> Hi,
>
> sure, laziness ;-)
>
> Sometimes one may be too lazy to write a space after the
> last element of a qdstring list. So,
> ('first' 'second' 'last')
> should parse with my proposed solution.
> The other solution should require a space after 'last'
> (worked out theoretically, not checked; But I have my s
> olution running in some programs for over a week now)
>
> Yours
> PEter
>
> On Tuesday 22 January 2002 21:25, you wrote:
> > On Sun, Jan 20, 2002 at 05:23:23PM +0100, Peter Marschall wrote:
> > > I like Graham's idea very much.
> > > It's a short simple parser that does it's best to decode these
> > > things and works in most cases.
> > > Since RFC2252 allows schemas that allow different interpretations
> > > (see Chris' mail with the EQUALITYNOORDERINGBORGCOLLECTIVE example)
> > > one has to make restrictions on schemas to be able to parse them
> > > successfully.
> > >
> > > Reading my last lines again, I would suggest a simple
> > > change to Grahans solution:
> > > I would disallow closing braces after single quotes inside
> > > qdstrings, but would allow for qdstringlists with no space between
> > > the last qdstring and the follwoing closing brace..
> > >
> > > So instead of changing
> > > '([^']*)'
> > > to
> > > '((?:[^']+|'\S)*)'
> > > I would suggest changing it to
> > > '((?:[^']+|'[^\s)])*)'
> >
> > I don't really mind either way. But can you give a reason for this ?
> >
> > Graham.
>
> --
> Peter Marschall | eMail: pet...@ma...
> Scheffelstraße 15 | pet...@is...
> 97072 Würzburg | Tel: 0931/14721
> PGP: D7 FF 20 FE E6 6B 31 74 D1 10 88 E0 3C FE 28 35
>
|
|
From: Peter M. <pet...@ma...> - 2002-01-23 04:41:17
|
Hi,
sure, laziness ;-)
Sometimes one may be too lazy to write a space after the
last element of a qdstring list. So, =20
=09('first' 'second' 'last')
should parse with my proposed solution.
The other solution should require a space after 'last'=20
(worked out theoretically, not checked; But I have my s
olution running in some programs for over a week now)
Yours
PEter
On Tuesday 22 January 2002 21:25, you wrote:
> On Sun, Jan 20, 2002 at 05:23:23PM +0100, Peter Marschall wrote:
> > I like Graham's idea very much.
> > It's a short simple parser that does it's best to decode these
> > things and works in most cases.
> > Since RFC2252 allows schemas that allow different interpretations
> > (see Chris' mail with the EQUALITYNOORDERINGBORGCOLLECTIVE example)
> > one has to make restrictions on schemas to be able to parse them
> > successfully.
> >
> > Reading my last lines again, I would suggest a simple
> > change to Grahans solution:
> > I would disallow closing braces after single quotes inside
> > qdstrings, but would allow for qdstringlists with no space between
> > the last qdstring and the follwoing closing brace..
> >
> > So instead of changing
> > =09'([^']*)'
> > to
> > =09'((?:[^']+|'\S)*)'
> > I would suggest changing it to
> > =09'((?:[^']+|'[^\s)])*)'
>
> I don't really mind either way. But can you give a reason for this ?
>
> Graham.
--=20
Peter Marschall | eMail: pet...@ma...
Scheffelstra=DFe 15 | pet...@is...
97072 W=FCrzburg | Tel: 0931/14721
PGP: D7 FF 20 FE E6 6B 31 74 D1 10 88 E0 3C FE 28 35
|
|
From: Graham B. <gb...@po...> - 2002-01-22 20:24:46
|
On Sun, Jan 20, 2002 at 05:23:23PM +0100, Peter Marschall wrote: > I like Graham's idea very much. > It's a short simple parser that does it's best to decode these > things and works in most cases. > Since RFC2252 allows schemas that allow different interpretations > (see Chris' mail with the EQUALITYNOORDERINGBORGCOLLECTIVE example) > one has to make restrictions on schemas to be able to parse them > successfully. > > Reading my last lines again, I would suggest a simple > change to Grahans solution: > I would disallow closing braces after single quotes inside > qdstrings, but would allow for qdstringlists with no space between > the last qdstring and the follwoing closing brace.. > > So instead of changing > '([^']*)' > to > '((?:[^']+|'\S)*)' > I would suggest changing it to > '((?:[^']+|'[^\s)])*)' I don't really mind either way. But can you give a reason for this ? Graham. |
|
From: Graham B. <gb...@po...> - 2002-01-22 20:22:34
|
I have been working on re-architecting Authen::SASL, but at the same time I want to keep it backward compatable. Attached is a patch vs the perl-ldap-0.25 release. If anyone is brave (stupid? :-) enough to try it, please let me know if it works without modifying your script. Graham. |
|
From: Peter M. <pet...@ma...> - 2002-01-22 19:35:07
|
Hi, unfortunately I forgot to send this mail to the l=F6ist too. Yours Peter ---------- Forwarded Message ---------- Subject: Re: schema format questions Date: Sun, 13 Jan 2002 13:04:01 +0100 From: Peter Marschall <pet...@ma...> To: John Berthels <joh...@ne...> Hi, On Friday 11 January 2002 10:29, you wrote: > > Since all separation characters used in RFC 2252 are 7bit ASCII, > > parsing stays possible without having to think about those non-ASCII > > characters (just let them where they are ;-) > > Isn't that the problem? The qdstrings are allowed to contain all the > seperation characters in any combination they like. How then to detect = the > end of the qdstring? You are right ! This is the reason. I was mislead by my thinking about non-ASCII characters. > > > I don't see how it is possible at all, without defining an addition= al > > > escape mechanism or list of disallowed characters (the previous > > > approach). > > > > My first idea was not only to check for allowed characters but to che= ck > > for those special words defined in RFC 2252 (DESC, MUST, MAY, ..) > > But I was to lazy to do it that way ;-)) > > And those special words may also exist inside a qdstring. Also correct. > I am sure that we can define a reasonable approach by adding restrictio= ns > on qdstrings. I like Graham's idea very much. It's a short simple parser that does it's best to decode these things and works in most cases. Since RFC2252 allows schemas that allow different interpretations (see Chris' mail with the EQUALITYNOORDERINGBORGCOLLECTIVE example) one has to make restrictions on schemas to be able to parse them successfully. Reading my last lines again, I would suggest a simple change to Grahans solution: I would disallow closing braces after single quotes inside qdstrings, but would allow for qdstringlists with no space between the last qdstring and the follwoing closing brace.. So instead of changing =09'([^']*)' to =09'((?:[^']+|'\S)*)' I would suggest changing it to =09'((?:[^']+|'[^\s)])*)' But i can live well with Graham's version. Yours Peter -- Peter Marschall | eMail: pet...@ma... Scheffelstra=DFe 15 | pet...@is... 97072 W=FCrzburg | Tel: 0931/14721 PGP: D7 FF 20 FE E6 6B 31 74 D1 10 88 E0 3C FE 28 35 ------------------------------------------------------- --=20 Peter Marschall | eMail: pet...@ma... Scheffelstra=DFe 15 | pet...@is... 97072 W=FCrzburg | Tel: 0931/14721 PGP: D7 FF 20 FE E6 6B 31 74 D1 10 88 E0 3C FE 28 35 |
|
From: Peter M. <pet...@ma...> - 2002-01-22 19:35:04
|
Hi Michael, On Thursday 17 January 2002 10:40, you wrote: > I'd like to pose a question for you that no one else seems to be able t= o > answer for me. > > We use Net::LDAP in several web applications to authenticate and retrie= ve > information from our Novell Directory Services. Everything has worked > great until recently when we upgraded our LDAP server. Every search th= at > is performed on the new servers return empty data. If we search from a > browser on the new servers, the result comes back fine. > > I've talked with people from Novell and they can't seem to find anythin= g > that would cause this. I thought I would ask you if there was anything= in > the library that might break between these two versions. Again, a sear= ch > will work from other sources, it just returns nothing with Net::LDAP.=20 > There are no errors either. > > Have you heard of anyone else having this problem? Do you have any ide= as? > > The versions are: > Original: Netware 5 - LDAPv3 - 3.08 - July 31, 2000 > Upgrade: NDS 8 - LDAPv3 - 85.10 - Dec 12, 2000 > > Thanks for any input you have on the matter. Its greatly appreciated. Do you use schema information in your application ? Does the app fail there ? If yes, there recently was athread on this list treating tis topic. Yours Peter --=20 Peter Marschall | eMail: pet...@ma... Scheffelstra=DFe 15 | pet...@is... 97072 W=FCrzburg | Tel: 0931/14721 PGP: D7 FF 20 FE E6 6B 31 74 D1 10 88 E0 3C FE 28 35 |
|
From: Peter M. <pet...@ma...> - 2002-01-22 19:35:04
|
Hi Alexander, On Monday 14 January 2002 20:02, you wrote: > we here at dasburo.de use Net::LDAP since we found its existance. thank= you > a lot for this module. > > my question: > > i can simply retrieve schemas from a file with > > my $schema =3D new Net::LDAP::Schema; > $schema->parse('schema.dump') or die $schema->error; > > but how can i make this loaded schema persistent in my ldap-server? that depends on the LDAP server you use. Here are two examples I know: * With Novell eDirectory 85.x, you have to extend the cn=3Dschema entry. This can be done with ICE (Novell's tool) or ldapmodify using an LDIF f= ile or programmatically with Net::LDAP * With OpenLDAP, you have to write a schema definition file and include=20 it into slapd.conf Generating a schema definition file from an existing LDIF is quite easy= : Usually it is sufficient to strip "es:" from the "attributetypes:" and "objectclasses:" strings in the file. Unfortunately Net::LDAP does not (not yes ?) support the parsing or wri= ting of those files ;-( Yours Peter --=20 Peter Marschall | eMail: pet...@ma... Scheffelstra=DFe 15 | pet...@is... 97072 W=FCrzburg | Tel: 0931/14721 PGP: D7 FF 20 FE E6 6B 31 74 D1 10 88 E0 3C FE 28 35 |
|
From: Graham B. <gb...@po...> - 2002-01-22 11:39:31
|
The uploaded file
Convert-ASN1-0.15.tar.gz
has entered CPAN as
file: $CPAN/authors/id/G/GB/GBARR/Convert-ASN1-0.15.tar.gz
size: 36285 bytes
md5: 02f3a3c209ad18001b5d8e394276c2d7
No action is required on your part
Request entered by: GBARR (Graham Barr)
Request entered on: Tue, 22 Jan 2002 11:32:36 GMT
Request completed: Tue, 22 Jan 2002 11:33:25 GMT
Virtually Yours,
Id: paused,v 1.74 2001/05/20 14:59:52 k Exp k
2002-01-22 11:24 Graham Barr
* README, parser.y, lib/Convert/ASN1.pm, lib/Convert/ASN1.pod,
lib/Convert/ASN1/Debug.pm, lib/Convert/ASN1/IO.pm,
lib/Convert/ASN1/_decode.pm, lib/Convert/ASN1/_encode.pm,
lib/Convert/ASN1/parser.pm:
Release 0.15
2002-01-21 20:00 Graham Barr
* t/06bigint.t:
Be safer in creating BigInt objects
2002-01-02 16:56 Graham Barr
* lib/Convert/ASN1/_encode.pm:
Change the encode errors to include the hierarchical name of the
element in the ASN.1 which is causing the problem
2002-01-02 16:31 Graham Barr
* lib/Convert/ASN1.pm:
Remove unwanted warn statement
2001-09-25 00:05 Graham Barr
* lib/Convert/ASN1.pm:
Better error reporting for encoding
2001-09-22 01:16 Graham Barr
* parser.y, lib/Convert/ASN1.pm, lib/Convert/ASN1/Debug.pm,
lib/Convert/ASN1/_decode.pm, lib/Convert/ASN1/_encode.pm,
lib/Convert/ASN1/parser.pm, t/00prim.t:
Add support for RELATIVE-OID
2001-09-22 01:14 Graham Barr
* t/: 00prim.t, 06bigint.t:
Move some integer tests that really use bigint from 00prim.t into 06bigint.t
2001-09-21 23:24 Graham Barr
* lib/Convert/ASN1.pm, lib/Convert/ASN1/_decode.pm, t/03seqof.t:
Support for nested SEQUENCE/SET OF's
|
|
From: Chris R. <chr...@me...> - 2002-01-22 09:09:13
|
Bea...@hy... wrote: > I have a couple of question reguarding LDAP over SSL > > - what is a PEM file? It is a text file, formatted according to the Privacy Enhanced Mail (hence PEM) rules. RFC 1421 might give more details. There is a PEM format for holding certificates, and there is a PEM format for holding private keys. > - what does it contains? a trusted root certificate? Well, they could do. But they can also contain private keys and certificate signing requests etc. As they are text files, you can look at the first couple of lines in the file to find out what a particular file contains. > - do I really need openssl to generate the hash of the PEM file? Technically no. Actually the Net::LDAPS documentation's slightly wrong - "openssl x509 -hash -noout" actually returns a hash of the subject name (which is a DN encoded in BER and not a simple string like in LDAP) in the certificate. In other words if you can extract this name yourself and hash it yourself, then you don't need to use openssl ;-) Since there are various snippets of code around which will read in certificates and extract subject names, this might not be so hard. > - which specific packages does I need to use LDAP over SSL? IO::Socket::SSL, and Net::SSLeay (because IO::Socket::SSL relies on it.) > tia > > Louis > Cheers, Chris |
|
From: <Bea...@hy...> - 2002-01-21 23:08:40
|
I have a couple of question reguarding LDAP over SSL - what is a PEM file? - what does it contains? a trusted root certificate? - do I really need openssl to generate the hash of the PEM file? - which specific packages does I need to use LDAP over SSL? tia Louis |
|
From: Padraig R. <rya...@it...> - 2002-01-18 15:39:35
|
Thanks Micheal & Chris,
Chris, the code snippit works I just have to allow Anonymous access on the
AD. This is achieved by setting the security on all objects to allow the
ANONYMOUS LOGON user the read right.
my $ldap = Net::LDAP->new('scarden.campus.itsligo.ie');
my $res = $ldap->search(base => 'dc=campus,dc=itsligo,dc=ie',
scope=> 'subtree',
filter => '(cn=pryan)',
);
if ($res->code) {
die "Search problem";
}
if ($res->count != 1) {
die "Indeterminate user";
}
my $dn = $res->entry(0)->dn;
print "<br><br><br>=======================>login is $dn";
if ($res->code) {
die "Login unsuccessful";
}
Thanks.
Padraig.
----------------------------------------------------------------
Padraig Ryan
IT Manager
Institute of Technology, Sligo
Ireland
P +353(0)71.55365
F +353(0)71.60475
M +353(0)87.2334062
E rya...@it...
W http://www.itsligo.ie/staff/pryan
----- Original Message -----
From: "Chris Ridd" <chr...@me...>
To: "Padraig Ryan" <rya...@it...>; "perl-ldap-dev"
<per...@li...>
Sent: Friday, January 18, 2002 10:27 AM
Subject: Re: Bind() question for users in different OU's
> Padraig Ryan <rya...@it...> wrote:
> > Hi,
> >
> > We're using MS AD to authenticate users for some of our web based apps
> > using bind() where we get the user to enter their UID and Password on a
> > web form and then perl uses this info coupled with the search base info
> > from a config file to actually do the bind and authenticate the user.
> >
> > Q. Is it possible to bind without knowing the particular ou that a user
> > belongs to ?
> >
> > For example we have one ou for staff and another for students yet we
won;t
> > know whether it's a staff member or a student logging in and so in our
> > Perl we have to do 2 binds, one for each ou to actually authenticate.
> > This slows up the whole process.
> >
> > Any help appreciated. Thanks.
>
> The usual procedure is for the app to connect to the directory, do a
single
> subtree search for the user (ie from some highish point in the directory),
> and then do the bind.
>
> Cheers,
>
> Chris
|
|
From: Graham B. <gb...@po...> - 2002-01-18 10:58:32
|
On Fri, Jan 18, 2002 at 05:16:28AM +0100, Kjetil Torgrim Homme wrote:
> Bob...@kp... writes:
>
> > The size limit is imposed on the Server side, sigh.
> >
> > for i ("a" .. "z") {
> >
> > $filter = "mailhost=ms001" . $i . "dc3.adelphia.net";
>
> This filter should be immutable if I read the OP correctly. Something
> like
>
> $filter = "(|(mailhost=ms001a.dc3.adelphia.net)(mail=$i*))";
>
> may make more sense.
>
> It would also be pertinent to specify a smaller set of attributes to
> reduce the load on the server and network. You can also use a trivial
> callback function to reduce memory requirements on the client.
> (Otherwise Perl will need to hold _all_ entries in memory.)
>
> $count = 0;
>
> $message = $ldap->search(
> base => ("$ouline,$oline"),
> scope => 'sub',
> filter => ("$filter"),
> attrs => [ "objectClass" ],
Adding
typesonly => 1
will also help reduce network traffic. As you are only looking for the dn
there is no need to request the content of the attributes.
> callback => sub { $_[0]->pop_entry; ++$count },
That will count 1 too many. When the serch completes the callback is called
without a second argument.
callback => sub { $_[0]->pop_entry and ++$count },
Graham.
> );
>
> > (Coded, but not verified.)
>
> Ditto :-)
>
> The callback really should handle the case where $_[1] isn't an
> Net::LDAP::Entry (e.g. is a reference).
>
>
> Kjetil T.
>
|
|
From: Chris R. <chr...@me...> - 2002-01-18 10:28:00
|
Padraig Ryan <rya...@it...> wrote: > Hi, > > We're using MS AD to authenticate users for some of our web based apps > using bind() where we get the user to enter their UID and Password on a > web form and then perl uses this info coupled with the search base info > from a config file to actually do the bind and authenticate the user. > > Q. Is it possible to bind without knowing the particular ou that a user > belongs to ? > > For example we have one ou for staff and another for students yet we won;t > know whether it's a staff member or a student logging in and so in our > Perl we have to do 2 binds, one for each ou to actually authenticate. > This slows up the whole process. > > Any help appreciated. Thanks. The usual procedure is for the app to connect to the directory, do a single subtree search for the user (ie from some highish point in the directory), and then do the bind. Cheers, Chris |
|
From: Padraig R. <rya...@it...> - 2002-01-18 09:56:22
|
Hi, We're using MS AD to authenticate users for some of our web based apps using bind() where we get the user to enter their UID and Password on a web form and then perl uses this info coupled with the search base info from a config file to actually do the bind and authenticate the user. Q. Is it possible to bind without knowing the particular ou that a user belongs to ? For example we have one ou for staff and another for students yet we won;t know whether it's a staff member or a student logging in and so in our Perl we have to do 2 binds, one for each ou to actually authenticate. This slows up the whole process. Any help appreciated. Thanks. Padraig. ---------------------------------------------------------------- Padraig Ryan IT Manager Institute of Technology, Sligo Ireland P +353(0)71.55365 F +353(0)71.60475 M +353(0)87.2334062 E rya...@it... W http://www.itsligo.ie/staff/pryan |
|
From: Kjetil T. H. <kje...@li...> - 2002-01-18 04:16:36
|
Bob...@kp... writes:
> The size limit is imposed on the Server side, sigh.
>
> for i ("a" .. "z") {
>
> $filter = "mailhost=ms001" . $i . "dc3.adelphia.net";
This filter should be immutable if I read the OP correctly. Something
like
$filter = "(|(mailhost=ms001a.dc3.adelphia.net)(mail=$i*))";
may make more sense.
It would also be pertinent to specify a smaller set of attributes to
reduce the load on the server and network. You can also use a trivial
callback function to reduce memory requirements on the client.
(Otherwise Perl will need to hold _all_ entries in memory.)
$count = 0;
$message = $ldap->search(
base => ("$ouline,$oline"),
scope => 'sub',
filter => ("$filter"),
attrs => [ "objectClass" ],
callback => sub { $_[0]->pop_entry; ++$count },
);
> (Coded, but not verified.)
Ditto :-)
The callback really should handle the case where $_[1] isn't an
Net::LDAP::Entry (e.g. is a reference).
Kjetil T.
|
7902 messages has been excluded from this view by a project administrator.
