perl-ldap-dev

Reguested Schema data

[Clif H. <ch...@po...>]

Graham,  

I have attached 2 files that contain data about the schema 
problem.  

ldap.oids.gz contains oids that do not return data.  

ldap.schema.gz is a complete schema from one of my test 
netscape directory servers.  

If possible, possibly now or in the future, I would like to 
see us do away with changing the case of the oids and names. 
I have not had a chance to see how hard this would be.  

This would do away with some confusion and I know in my case would do
away with creating multi-valued oid strings.  On one of my servers I
have an objectclass named mhsMessagingStore and an attribute aliased as
MHSMessagingStore, when we lower case the names and aliases in this case
we create the same name pointing to 2 different
oids.                                                                                 

I might be able to look into this problem some this weekend.

Regards,

Clif Harden          ch...@po...

Re: Schema.pm problem

[Clif H. <cl...@di...>]

Yes, but it will be awhile before I can send it.
I have some other things I must do first.

Clif



> 
> Can you supply a sample schema.
> 
> Graham.
> 
> On Thu, Jan 03, 2002 at 10:28:23AM -0600, Clif Harden wrote:
> > 
> > This is to let everyone know that there is a problem in
> > the Schema.pm module that can cause attribute and objectclass
> > information to not be returned when requested.  This in turn
> > can make it appear that the attribute or objectclass does not 
> > exist.  I believe someone reported this problem to the list
> > several weeks ago.
> > 
> > I know what causes the problem but I do not have a solution to
> > it.  The problem is the way Schema.pm changes the case of textual
> > information.  The biggest problem that I currently know of is 
> > with textual oids.
> > 
> > Example oid: netscapeMessagingServer-oid  
> > 
> > When you use the items method with this oid,  the method items calls
> > the method name2oid.  The name2oid method does a perl lc command on
> > the OID and because of this it does not find the items information.
> > 
> > The items information is stored in the schema object under the
> > netscapeMessagingServer-oid key.  I have confirmed this using
> > the Data::Dumper module.
> > 
> > Numerical and all lower case textual OIDs do not have this problem.
> > 
> > Regards,
> > 
> > Clif Harden 
> > 
> > 
> 


-- 

Regards,

Clif Harden           INTERNET:  c-h...@ti...
Texas Instruments                
Directory Services
6500 Chase Oaks Blvd, M/S 8412  
Plano, TX 75023        
                         Voice:  972-575-0855
                           FAX:  972-575-2418

Re: Schema.pm problem

[Graham B. <gb...@po...>]

Can you supply a sample schema.

Graham.

On Thu, Jan 03, 2002 at 10:28:23AM -0600, Clif Harden wrote:
> 
> This is to let everyone know that there is a problem in
> the Schema.pm module that can cause attribute and objectclass
> information to not be returned when requested.  This in turn
> can make it appear that the attribute or objectclass does not 
> exist.  I believe someone reported this problem to the list
> several weeks ago.
> 
> I know what causes the problem but I do not have a solution to
> it.  The problem is the way Schema.pm changes the case of textual
> information.  The biggest problem that I currently know of is 
> with textual oids.
> 
> Example oid: netscapeMessagingServer-oid  
> 
> When you use the items method with this oid,  the method items calls
> the method name2oid.  The name2oid method does a perl lc command on
> the OID and because of this it does not find the items information.
> 
> The items information is stored in the schema object under the
> netscapeMessagingServer-oid key.  I have confirmed this using
> the Data::Dumper module.
> 
> Numerical and all lower case textual OIDs do not have this problem.
> 
> Regards,
> 
> Clif Harden 
> 
> 

Schema.pm problem

[Clif H. <cl...@di...>]

This is to let everyone know that there is a problem in
the Schema.pm module that can cause attribute and objectclass
information to not be returned when requested.  This in turn
can make it appear that the attribute or objectclass does not 
exist.  I believe someone reported this problem to the list
several weeks ago.

I know what causes the problem but I do not have a solution to
it.  The problem is the way Schema.pm changes the case of textual
information.  The biggest problem that I currently know of is 
with textual oids.

Example oid: netscapeMessagingServer-oid  

When you use the items method with this oid,  the method items calls
the method name2oid.  The name2oid method does a perl lc command on
the OID and because of this it does not find the items information.

The items information is stored in the schema object under the
netscapeMessagingServer-oid key.  I have confirmed this using
the Data::Dumper module.

Numerical and all lower case textual OIDs do not have this problem.

Regards,

Clif Harden 

=?iso-8859-1?Q?R=E9f=2E_=3A_Re=3A_Problem_with_instruction_Net=3A=3ALDAP?= =?us-ascii?Q?-=3Enew?=

[Nicolas C. <nch...@co...>]

It works well now with IO version 1.20
Thanks for your help,
Nicolas





Graham Barr <gb...@po...> le 18/12/2001 12:51:53

Pour :    Nicolas CHRISTOPHE <nch...@co...>
cc :  per...@li...

Objet :   Re: Problem with instruction Net::LDAP->new


On Tue, Dec 18, 2001 at 12:02:48PM +0100, Nicolas CHRISTOPHE wrote:
>
> Hi all,
>
> With $host being an unreachable IP address, the following instruction=

does
> not take into account the "timeout" option. I.e., I would like to pas=
s to
> the next line after 1 second delay, instead of it the program is wait=
ing
> for an answer very long time
>
> $ldap =3D Net::LDAP->new($host, timeout =3D> 1);
>
> Configuration : Linux RedHat, perl 5.005_03 for i386 linux

What version of IO do you have installed ? The latest on CPAN is
1.20, if you don't have that I suggest you install it.

Graham.




****************************************************************
This email and any attachments are confidential. They may contain
privileged information and are intended for the named addressee(s) only=
.
They must not be distributed without our consent. If you are not the
intended recipient, please notify us immediately and do not disclose,
distribute, or retain this email or any part of it. Unless expressly
stated, opinions in this email are those of the individual sender, and =
not
of Coheris. We believe but do not warrant that this e-mail and any
attachments are virus free. You must therefore take full responsibility=
 for
virus checking. Coheris and its subsidiaries reserve the right to monit=
or
all email communications through their networks.
****************************************************************
Ce message et toutes les pieces jointes sont confidentiels et etablis a=

l'intention exclusive de ses destinataires. Toute utilisation ou diffus=
ion
non autorisee est interdite. Tout message electronique est susceptible
d'alteration. Coheris et ses filiales declinent toute responsabilite au=

titre de ce message s'il a ete altere, deforme ou falsifie. Coheris
s'efforce d'=E9viter la dissemination de virus par l'intermediaire de c=
e
message, sans toutefois pouvoir le garantir. Coheris se reserve le droi=
t de
controler et de visualiser les messages circulant sur son reseau, dans =
le
respect de la l=E9gislation applicable.
****************************************************************=

Re: Problem with instruction Net::LDAP->new

[Graham B. <gb...@po...>]

On Tue, Dec 18, 2001 at 12:02:48PM +0100, Nicolas CHRISTOPHE wrote:
> 
> Hi all,
> 
> With $host being an unreachable IP address, the following instruction does
> not take into account the "timeout" option. I.e., I would like to pass to
> the next line after 1 second delay, instead of it the program is waiting
> for an answer very long time
> 
> $ldap = Net::LDAP->new($host, timeout => 1);
> 
> Configuration : Linux RedHat, perl 5.005_03 for i386 linux

What version of IO do you have installed ? The latest on CPAN is
1.20, if you don't have that I suggest you install it.

Graham.

Problem with instruction Net::LDAP->new

[Nicolas C. <nch...@co...>]

Hi all,

With $host being an unreachable IP address, the following instruction d=
oes
not take into account the "timeout" option. I.e., I would like to pass =
to
the next line after 1 second delay, instead of it the program is waitin=
g
for an answer very long time

$ldap =3D Net::LDAP->new($host, timeout =3D> 1);

Configuration : Linux RedHat, perl 5.005_03 for i386 linux

Thanks a lot,
Nicolas
****************************************************************
This email and any attachments are confidential. They may contain
privileged information and are intended for the named addressee(s) only=
.
They must not be distributed without our consent. If you are not the
intended recipient, please notify us immediately and do not disclose,
distribute, or retain this email or any part of it. Unless expressly
stated, opinions in this email are those of the individual sender, and =
not
of Coheris. We believe but do not warrant that this e-mail and any
attachments are virus free. You must therefore take full responsibility=
 for
virus checking. Coheris and its subsidiaries reserve the right to monit=
or
all email communications through their networks.
****************************************************************
Ce message et toutes les pieces jointes sont confidentiels et etablis a=

l'intention exclusive de ses destinataires. Toute utilisation ou diffus=
ion
non autorisee est interdite. Tout message electronique est susceptible
d'alteration. Coheris et ses filiales declinent toute responsabilite au=

titre de ce message s'il a ete altere, deforme ou falsifie. Coheris
s'efforce d'=E9viter la dissemination de virus par l'intermediaire de c=
e
message, sans toutefois pouvoir le garantir. Coheris se reserve le droi=
t de
controler et de visualiser les messages circulant sur son reseau, dans =
le
respect de la l=E9gislation applicable.
****************************************************************=

Problem with instruction Net::LDAP->new

[Nicolas C. <nch...@co...>]

Hi all,

With $host being an unreachable IP address, the following instruction d=
oes
not take into account the "timeout" option. I.e., I would like to pass =
to
the next line after 1 second delay, instead of it the program is waitin=
g
for an answer very long time

$ldap =3D Net::LDAP->new($host, timeout =3D> 1);

Configuration : Linux RedHat, perl 5.005_03 for i386 linux

Thanks a lot,
Nicolas
****************************************************************
This email and any attachments are confidential. They may contain
privileged information and are intended for the named addressee(s) only=
.
They must not be distributed without our consent. If you are not the
intended recipient, please notify us immediately and do not disclose,
distribute, or retain this email or any part of it. Unless expressly
stated, opinions in this email are those of the individual sender, and =
not
of Coheris. We believe but do not warrant that this e-mail and any
attachments are virus free. You must therefore take full responsibility=
 for
virus checking. Coheris and its subsidiaries reserve the right to monit=
or
all email communications through their networks.
****************************************************************
Ce message et toutes les pieces jointes sont confidentiels et etablis a=

l'intention exclusive de ses destinataires. Toute utilisation ou diffus=
ion
non autorisee est interdite. Tout message electronique est susceptible
d'alteration. Coheris et ses filiales declinent toute responsabilite au=

titre de ce message s'il a ete altere, deforme ou falsifie. Coheris
s'efforce d'=E9viter la dissemination de virus par l'intermediaire de c=
e
message, sans toutefois pouvoir le garantir. Coheris se reserve le droi=
t de
controler et de visualiser les messages circulant sur son reseau, dans =
le
respect de la l=E9gislation applicable.
****************************************************************=

Re: Modifying DN - semi OT

[Al L. <al....@fn...>]

Chris,

Thanks for the explanation. It appears the Active Directory does a
rename/move as the created timestamp is the same. 

	thanks again, al

Chris Ridd wrote:
> 
> Al Lilianstrom <al....@fn...> wrote:
> > Hi,
> >
> > I've been trying to understand what happens when modifying a DN as we
> > work through a Active Directory deployment and permissions issues. I'll
> > be using Perl-LDAP as the interface to this operation but I'm a bit
> > confused.
> >
> > Say I have a DN like this;
> >
> > dn: CN=lilstrom,OU=Cloned_Users,OU=CD,DC=fermi,DC=win,DC=fnal
> >
> > and I modify it so that it is
> >
> > dn: CN=lilstrom,OU=CSI,OU=CD,DC=fermi,DC=win,DC=fnal
> >
> > What exactly happens on the server? Is the DN just modified or is a new
> > one created using the attributes of the old one which is then deleted or
> > ?
> >
> > I've been reading the docs, RFC's, and the modules and I didn't find the
> > answer.
> >
> >       tia, al
> > --
> >
> > Al Lilianstrom
> > CD/OSS/CSI
> > Al....@fn...
> >
> 
> Think of a DN as a bit like a pathname to a file on your computer. Note
> that the location of a file on your computer is not a property of the file
> itself; similarly an entry's DN is not an attribute of an entry (*).
> 
> So, "modifying a DN" of an entry in the directory is actually renaming the
> entry. There is a special operation in LDAP to do this, called ModifyDN.
> 
> Perl-ldap supports ModifyDN.
> 
> Exactly what the server does with this is up to the server. If you do a
> modifydn and get an OK response back, then you can assume that the entry is
> just 'moved' to the new place. It is the *same* entry, so the
> createTimestamp should be the same as before you moved it.
> 
> Cheers,
> 
> Chris
> 
> * Some Microsoft directory servers believe that entries do have a 'dn'
> attribute. That's just Microsoft doing non-standard things, which you
> should attempt to ignore :-)

-- 
Al Lilianstrom
al....@fn...
CD/OSS/CSI

FW: proxy ldap

[Beauchamp, P. <phi...@em...>]

package ProxyMessage;
# file: ProxyMessage.pm
$VERSION =1.00;
#use Net::LDAP;
use strict;
use Net::LDAP::Filter;
use Net::LDAP::Util qw ( ldap_error_name ldap_error_text);
sub new 
{
my ($caller,$message)=@_;
my $object=ref($caller);
my $classe= $object||$caller;
my $self =bless {},$classe;
unless ($message) {
# rien a mettre retourne undef pour tout
$self->{'est_message'}=0;
return $self;
}
my ($method,@cler);
my %hmessage =%$message;
  if ($hmessage{'protocolOp'}) {
 my %reponse = %{$hmessage{protocolOp}};
 @cler =keys %reponse; } else {
 @cler = keys %hmessage; }
 foreach my $item (@cler) {
 if ($item=~ /Res/){ $method = $item;last;}
 if ($item=~ /equest/){ $method = $item;last;}
 if ($item=~  /Done$/){ $method = $item;last;}
 }
  
 
$self->{'method'}=$method;
$self->{'messageID'} = $hmessage{messageID} ;
$self->{'resultCode'} =$hmessage{protocolOp}{$method}{resultCode};
$self->{'error_name'}= ldap_error_name($self->{resultCode});
$self->{'error_text'}= ldap_error_text($self->{resultCode});
$self->{'est_message'}=1;

if ($method=~ /^bind/i) {
   $self->{'BindDn'} = $hmessage{$method}->{'name'} ;
 }
if   ($method=~ /searchrequest/i){
    my $filtre= $hmessage{$method}->{filter};
   my $decof = Net::LDAP::Filter::as_string($filtre);
   $self->{'filtre'}= $decof;
  
} 
return $self;
}
sub est_message {
my $self =shift;
return($self->{'est_message'});
}
sub get_method {
my $self =shift;
return($self->{'method'});
}
sub get_num_error {
my $self =shift;
return($self->{'resultCode'});
}
sub get_error {
my $self =shift;
return($self->{'error_name'});
}
sub get_text_error {
my $self =shift;
return($self->{'error_text'});
}
sub get_num_message {
my $self =shift;
return($self->{'messageID'});
}
sub get_bind {
my $self =shift;
return($self->{'BindDn'});
}
sub get_filtre {
my $self =shift;
return($self->{'filtre'});
}


1;

[Fwd] ldap proxy

[Graham B. <gb...@po...>]

----- Forwarded message from "Beauchamp, Philippe" <phi...@em...> -----

Date: Thu, 13 Dec 2001 14:35:38 -0500
To: "'gb...@po...'" <gb...@po...>
From: "Beauchamp, Philippe" <phi...@em...>
Subject: ldap proxy
X-Mailer: Internet Mail Service (5.5.2653.19)

What would be involved in using your LDAP modules to write an LDAP proxy
that listens for LDAPS requests, parses theit content, and then if they
pass, sends them over to the real LDAP server.


>From what I can tell, your module are more geared towards being used to
build clients, and not so much servers.
Please correct me if I've got his wrong, and point me in the right direction
if you can.

Thanks a lot. :)



Phil Beauchamp
Senior Internet Web Developer
Security Solutions
BCE Emergis Inc. 
(613) 563-2818 x2230


----- End forwarded message -----

Re: Modifying DN - semi OT

[Chris R. <chr...@me...>]

Al Lilianstrom <al....@fn...> wrote:
> Hi,
> 
> I've been trying to understand what happens when modifying a DN as we
> work through a Active Directory deployment and permissions issues. I'll
> be using Perl-LDAP as the interface to this operation but I'm a bit
> confused.
> 
> Say I have a DN like this;
> 
> dn: CN=lilstrom,OU=Cloned_Users,OU=CD,DC=fermi,DC=win,DC=fnal
> 
> and I modify it so that it is
> 
> dn: CN=lilstrom,OU=CSI,OU=CD,DC=fermi,DC=win,DC=fnal
> 
> What exactly happens on the server? Is the DN just modified or is a new
> one created using the attributes of the old one which is then deleted or
> ?
> 
> I've been reading the docs, RFC's, and the modules and I didn't find the
> answer.
> 
> 	tia, al
> -- 
> 
> Al Lilianstrom
> CD/OSS/CSI
> Al....@fn...
> 

Think of a DN as a bit like a pathname to a file on your computer. Note
that the location of a file on your computer is not a property of the file
itself; similarly an entry's DN is not an attribute of an entry (*).

So, "modifying a DN" of an entry in the directory is actually renaming the
entry. There is a special operation in LDAP to do this, called ModifyDN.

Perl-ldap supports ModifyDN.

Exactly what the server does with this is up to the server. If you do a
modifydn and get an OK response back, then you can assume that the entry is
just 'moved' to the new place. It is the *same* entry, so the
createTimestamp should be the same as before you moved it.

Cheers,

Chris

* Some Microsoft directory servers believe that entries do have a 'dn'
attribute. That's just Microsoft doing non-standard things, which you
should attempt to ignore :-)

Modifying DN - semi OT

[Al L. <al....@fn...>]

Hi,

I've been trying to understand what happens when modifying a DN as we
work through a Active Directory deployment and permissions issues. I'll
be using Perl-LDAP as the interface to this operation but I'm a bit
confused.

Say I have a DN like this;

dn: CN=lilstrom,OU=Cloned_Users,OU=CD,DC=fermi,DC=win,DC=fnal

and I modify it so that it is

dn: CN=lilstrom,OU=CSI,OU=CD,DC=fermi,DC=win,DC=fnal

What exactly happens on the server? Is the DN just modified or is a new
one created using the attributes of the old one which is then deleted or
?

I've been reading the docs, RFC's, and the modules and I didn't find the
answer.

	tia, al
-- 

Al Lilianstrom
CD/OSS/CSI
Al....@fn...

RE: [Fwd] Net::LDAP

[Kieran S. <kie...@wa...>]

Hi,

Here is a bit of code:
________________________________
use Net::LDAP;
use Net::LDAP qw(:all);
$bind = Net::LDAP->new("fear.csv.warwick.ac.uk",debug => 4) or die "$@";
$mesg = $bind->bind(
        dn       => 'cn=ecuwm,ou=Student,ou=ec,o=Warwick'
);
print "Code:" . $mesg->code  . "\n";
_______________________________

This should print out Code 0, but it gives me Code 82, which is the
LDAP_LOCAL_ERROR
Also, with the debug turned on, I get the following output on the working
machine:
0000 30   47: SEQUENCE {
0002 02    1:   INTEGER = 1
0005 60   42:   [APPLICATION 0] {
0007 02    1:     INTEGER = 2
000A 04   35:     STRING = 'cn=ecuwm,ou=Student,ou=ec,o=Warwick'
002F 80    0:     [CONTEXT 0]
0031        :   }
0031        : }
Net::LDAP=HASH(0x1a7f16c) received:

But I don't get the last line, the "received" line from the other machine.

Just to confirm, they both are using version 0.2401 of Net::LDAP. However,
the working machine uses perl 5.6 and the non-working uses 5.005

One issue is that the ldap server is behind a firewall, which they promise
me my machine can get through, I know I can see the port. But it looks like
it is just not sending the request properly.

Many thanks for any help
Kieran


-----Original Message-----
From: Jim Harle [mailto:ha...@us...]
Sent: 11 December 2001 19:14
To: Graham Barr
Cc: LDAP Mailing List; Kieran Shaw
Subject: Re: [Fwd] Net::LDAP


Please provide more details.  What are yopu doing when you get this
result?  Provide code snippet(s) (minimal) and possibly version of
Net::LDAP and what directory server you are connecting to.
  --Jim Harle

On Tue, 11 Dec 2001, Graham Barr wrote:

> ----- Forwarded message from Kieran Shaw <kie...@wa...> -----
>
> Date: Tue, 11 Dec 2001 16:24:52 -0000
> To: <gb...@po...>
> From: "Kieran Shaw" <kie...@wa...>
> Subject: Net::LDAP
> X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
>
> Hi Graham,
>
> Could I ask you a quick question about your very handy LDAP module.
> I am running some basic code, which runs on a machine with perl 5.6, but
on
> my machine with perl 5.005, it returns the LDAP_LOCAL_ERROR (82) code.
When
> I try a bind. Do I simply need to use a more up to date version, or is
that
> code telling me something specific?
>
> Many thanks
> Kieran Shaw
> University of Warwick
> England
>
>
> ----- End forwarded message -----
>

[Fwd] Net::LDAP vs. Mozilla::LDAP

[Graham B. <gb...@po...>]

----- Forwarded message from "Greg V. Gouzev" <gou...@so...> -----

Date: Tue, 11 Dec 2001 12:08:26 -0800
To: gb...@po...
From: "Greg V. Gouzev" <gou...@so...>
Subject: Net::LDAP vs. Mozilla::LDAP
X-Mailer: Lotus Notes Release 5.0.5  September 22, 2000

Dear Graham,

I enjoy using your Net::LDAP module. Thank you very much! I seem to have
varying outcomes when running the same query on the same server with
Net::LDAP and Mozilla::LDAP. The former gives me error code "4" (Sizelimit
exceeded) and stops at 700 records, while the other module returns all
records (in this example over 1,300). The only difference is connecting
from different hosts to run the queries. Why can this be happening? I've
searched everywhere for an answer before contacting you.

Best regards,
________________________________________________

    Greg Gouzev
    Solar e-Commerce Applications
    gou...@so...
    858.505-8418  [Mo, We, Fr]
    619.544-5518  [Tu, Th]
    619.526-4817  [page]
________________________________________________


----- End forwarded message -----

Re: Equivalent operations between Net::LDAP and Mozilla::LDAP?

[Graham B. <gb...@po...>]

On Tue, Dec 11, 2001 at 01:34:09PM -0600, le...@wr... wrote:
> 
> 
> -- Graham Barr <gb...@po...> on 12/11/01 18:59:20 +0000
> 
> > $result->entry(0)->dn
> 
> For a large number of entries with no attribues, is
> this going to be any faster than keys %{ $msg->as_struct }?

Yes, because $msg->as_struct loops over the list and calls
->dn on each.

as_struct is there only to aid people coming from using Mozilla::LDAP,
it is not very efficient

Graham.

> 
> The current task is to dump an entire database so that the
> users can locate their usernames...
> 
> --
> Steven Lembark                              2930 W. Palmer
> Workhorse Computing                      Chicago, IL 60647
>                                            +1 800 762 1582
> 

Re: Equivalent operations between Net::LDAP and Mozilla::LDAP?

[<le...@wr...>]

-- Graham Barr <gb...@po...> on 12/11/01 18:59:20 +0000

> $result->entry(0)->dn

For a large number of entries with no attribues, is
this going to be any faster than keys %{ $msg->as_struct }?

The current task is to dump an entire database so that the
users can locate their usernames...

--
Steven Lembark                              2930 W. Palmer
Workhorse Computing                      Chicago, IL 60647
                                           +1 800 762 1582

Re: [Fwd] Net::LDAP

[Jim H. <ha...@us...>]

Please provide more details.  What are yopu doing when you get this
result?  Provide code snippet(s) (minimal) and possibly version of
Net::LDAP and what directory server you are connecting to.
  --Jim Harle

On Tue, 11 Dec 2001, Graham Barr wrote:

> ----- Forwarded message from Kieran Shaw <kie...@wa...> -----
>
> Date: Tue, 11 Dec 2001 16:24:52 -0000
> To: <gb...@po...>
> From: "Kieran Shaw" <kie...@wa...>
> Subject: Net::LDAP
> X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
>
> Hi Graham,
>
> Could I ask you a quick question about your very handy LDAP module.
> I am running some basic code, which runs on a machine with perl 5.6, but on
> my machine with perl 5.005, it returns the LDAP_LOCAL_ERROR (82) code. When
> I try a bind. Do I simply need to use a more up to date version, or is that
> code telling me something specific?
>
> Many thanks
> Kieran Shaw
> University of Warwick
> England
>
>
> ----- End forwarded message -----
>

Re: Equivalent operations between Net::LDAP and Mozilla::LDAP?

[Graham B. <gb...@po...>]

On Tue, Dec 11, 2001 at 12:11:15PM -0600, le...@wr... wrote:
> 
> 
> >     if( my $newbase = $result->dn )
> >
> > is clearer.  That said, the following is definitely an issue:
> >     my @bindparmz =
> >                               (
> >                                    base => $newbase,
> >                                    password => $password,
> >                               );
> >     $bindresult = $ldh2->bind( @bindparmz);
> > you should replace 'base' with 'dn'
> 
> Looks like $result->dn returns nothing, though the 
> first key returned in the struct hash seems to be
> a valid dn for the following query...

I think you want $result->entry(0)->dn

So that you get the DN of the first entry returned.

Graham.

Re: Equivalent operations between Net::LDAP and Mozilla::LDAP?

[<le...@wr...>]

>     if( my $newbase = $result->dn )
>
> is clearer.  That said, the following is definitely an issue:
>     my @bindparmz =
>                               (
>                                    base => $newbase,
>                                    password => $password,
>                               );
>     $bindresult = $ldh2->bind( @bindparmz);
> you should replace 'base' with 'dn'

Looks like $result->dn returns nothing, though the 
first key returned in the struct hash seems to be
a valid dn for the following query...

Using the corrrect paramter for the bind certianly helps :-)

thanx

sl

58:             print "\nSearching on:", Dumper \@searchparmz;
59      
60:             if( my $result = $ldh->search(@searchparmz) )
61              {
62:                     croak "Roadkill: search: " . $result->code if
$result->code;
63                      
64:                     my $struct = $result->as_struct; 
65      
66:                     print "\nYields:", Dumper $result->as_struct;

Searching on:
[
  'base',
  'ou=people, o=FOO',
  'scope',
  'one',
  'filter',
  '(uid=jowbloe)',
  'attrs',
  [
    'uid'
  ]
]

main::(test-ldap:66):                   print "\nYields:", Dumper
$result->as_struct;
  DB<2> n

Yields:
{
  'employeenumber=12345, ou=people, o=FOO' => {
    'uid' => [
      'jowbloe'
    ]
  }
}

main::(test-ldap:68):                   if( my $newbase = $result->dn )
main::(test-ldap:69):                   {
  DB<2> x $result->dn
0  ''



--
Steven Lembark                              2930 W. Palmer
Workhorse Computing                      Chicago, IL 60647
                                           +1 800 762 1582

Re: Equivalent operations between Net::LDAP and Mozilla::LDAP?

[Jim H. <ha...@us...>]

2 things:  I'm not sure if this works from your code
    my $struct = $result->as_struct;
    if( my $newbase = ( %$struct )[0] )
If it does, that's fine, but
    if( my $newbase = $result->dn )
is clearer.  That said, the following is definitely an issue:
    my @bindparmz =
                              (
                                   base => $newbase,
                                   password => $password,
                              );
    $bindresult = $ldh2->bind( @bindparmz);
you should replace 'base' with 'dn'

  --Jim Harle

On Tue, 11 Dec 2001, Steven Lembark wrote:

>
> Trying to authenticate user/pass in mod_perl againsed an LDAP server.
> Existing code uses one bind/search to look up the uid, gets back the
> DN from the first query and attempts to perform a bind with domain
> of the returned DN and password = $password. Problem at this point
> is that the second bind always succeeds.
>
> Customer is running a Netscape LDAP server, don't know the version
> (unless there is a simple way to ask).
>
> The code fragment below is supposed to work for them, but I don't
> have access to Nescape's LDAP Developers' Toolkit in order to
> compile perldap-1.4; would prefer to use Net::LDAP if it will work.
>
> Question: Is there any reasonable way to accomplish the steps
> shown below using Net::LDAP rather than Mozilla::LDAP? Or am I
> just screwing up the second bind?
>
> thanx.
> sl
>
> ########################################################################
> # Mozilla::LDAP version
> ########################################################################
>
> # !/usr/bin/perl -w
>
> use Mozilla::LDAP::Conn;
> use Mozilla::LDAP::Utils;
> use Mozilla::LDAP::Entry;
>
> $user="$ARGV[0]";
> $password="$ARGV[1]";
> $GROUPDN   = "ou=groups, o=FOO";
> $BASEDN   = "ou=people, o=FOO";
>
> $conn = new Mozilla::LDAP::Conn(white, 389);      # Anonymous bind
>
> die "Could't connect to LDAP server $host" unless $conn;
>
> $entry = $conn->search("o=FOO", samelevel, "(uid=$user)", 0, (uid));
>
> if (! $entry)
> {
> 	print "No such userid: $user\n";
> 	exit(1);
> }
>
> $dn = $entry->getDN();
>
> $search = "(&(cn=proxy)(uniquemember=$dn))";
>
> $entry = $conn->search($GROUPDN, "samelevel", "$search");
>
> if ($entry)
> {
> 	$ret = $conn->simpleAuth($dn, $password);
> 	if ($ret)
> 	{
> 		{
> 			#print "$user was accepted\n";
> 			$conn->close if $conn;
> 			exit(0);
> 		}
> 	}
> 	else
> 	{
> 		print "$user rejected for Invalid Password\n"; # Authentication Failed
> 		$conn->close if $conn;
> 		exit(1);
> 	}
> }
>
> ########################################################################
> # Net::LDAP version
> ########################################################################
>
> # !/usr/local/bin/perl -w
>
> ########################################################################
> # housekeeping
> ########################################################################
>
> use strict;
>
> $\ = "\n";
> $, = "\n";
> $| = 1;
>
> use Carp;
> use Net::LDAP qw( :all );
> use Net::LDAP::LDIF;
>
> # use to pretty-print the results.
>
> use Data::Dumper;
> 	local $Data::Dumper::Terse    = 1;
> 	local $Data::Dumper::Indent   = 1;
> 	local $Data::Dumper::Deepcopy = 1;
>
> ########################################################################
> # globals
> ########################################################################
>
> my $host = 'ldap.foo.com';
> my $port = getservbyname( 'ldap', 'tcp' ) || 389;
> my $base = q{ou=people, o=FOO};
>
> ########################################################################
> # real work begins here
> ########################################################################
>
> my $ldh = Net::LDAP->new( $host, port => $port )
> 	or croak "Failed LDAP->new";
>
> print "LDH for anonymous bind: ", Dumper $ldh;
>
> my $bindresult = $ldh->bind;
>
> croak "Roadkill: bind: $bindresult->code()"
> 	if $bindresult->code();
>
> for my $username ( qw( jowbloe jondow ) )
> {
> 	my @searchparmz =
> 	(
> 		base	=> $base,
> 		scope	=> 'one',
> 		filter	=> qq{(uid=\L$username)},
> 		attrs	=> [ 'uid' ],
> 	);
>
> 	print "\nSearching on:", Dumper \@searchparmz;
>
> 	if( my $result = $ldh->search(@searchparmz) )
> 	{
> 		croak "Roadkill: search: " . $result->code if $result->code;
>
> 		my $struct = $result->as_struct;
>
> 		print "\nYields:", Dumper $struct;
>
> 		# snag the DN out of the returned query, it'll be the only
> 		# key for this query.
>
> 		if( my $newbase = ( %$struct )[0] )
> 		{
> 			# might not need the second ldh, re-binding may
> 			# work but also might not. need to test this
> 			# after the rest of it works.
>
> 			if( my $ldh2 = Net::LDAP->new( $host, port => $port ) )
> 			{
> 				print "LDH for password bind: ", Dumper $ldh2;
>
> 				# it is unlikely that anyone has picked either of
> 				# these as a password.
> 				#
> 				# it should be impossible to return a successful
> 				# bind with both.
>
> 				for my $password ( qw(foo bar) )
> 				{
> 					# take the base returned from the first query,
> 					# try to bind it with the supplied password.
> 					# this should -- I think? -- only succeed if
> 					# the password is valid.
>
> 					my @bindparmz =
> 					(
> 						base => $newbase,
> 						password => $password,
> 					);
>
> 					print "\nBinding with:", Dumper \@bindparmz;
>
> 					$bindresult = $ldh2->bind( @bindparmz );
>
> 					croak "Roadkill: bind: " . $bindresult->code()
> 						if $bindresult->code();
>
> 					if( my $result = $ldh->search(@searchparmz) )
> 					{
> 						print "Final result: ", Dumper $result->as_struct;
> 					}
> 					else
> 					{
> 						warn "Secondary query failed";
> 					}
> 				}
> 			}
> 			else
> 			{
> 				warn "Failed to allocate second LDAP handle";
> 			}
> 		}
> 		else
> 		{
> 			warn "No employee number found";
> 		}
> 	}
> 	else
> 	{
> 		warn "No Search Result Returned";
> 	}
> }
>
> # keep the shell happy
>
> 0
>
> __END__
>
> --
> Steven Lembark                               2930 W. Palmer
> Workhorse Computing                       Chicago, IL 60647
>                                             +1 800 762 1582
>

[Fwd] Net::LDAP

[Graham B. <gb...@po...>]

----- Forwarded message from Kieran Shaw <kie...@wa...> -----

Date: Tue, 11 Dec 2001 16:24:52 -0000
To: <gb...@po...>
From: "Kieran Shaw" <kie...@wa...>
Subject: Net::LDAP
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)

Hi Graham,

Could I ask you a quick question about your very handy LDAP module.
I am running some basic code, which runs on a machine with perl 5.6, but on
my machine with perl 5.005, it returns the LDAP_LOCAL_ERROR (82) code. When
I try a bind. Do I simply need to use a more up to date version, or is that
code telling me something specific?

Many thanks
Kieran Shaw
University of Warwick
England


----- End forwarded message -----

Equivalent operations between Net::LDAP and Mozilla::LDAP?

[Steven L. <le...@wr...>]

Trying to authenticate user/pass in mod_perl againsed an LDAP server.
Existing code uses one bind/search to look up the uid, gets back the
DN from the first query and attempts to perform a bind with domain
of the returned DN and password = $password. Problem at this point
is that the second bind always succeeds.

Customer is running a Netscape LDAP server, don't know the version
(unless there is a simple way to ask).

The code fragment below is supposed to work for them, but I don't
have access to Nescape's LDAP Developers' Toolkit in order to
compile perldap-1.4; would prefer to use Net::LDAP if it will work.

Question: Is there any reasonable way to accomplish the steps
shown below using Net::LDAP rather than Mozilla::LDAP? Or am I
just screwing up the second bind?

thanx.
sl

########################################################################
# Mozilla::LDAP version
########################################################################

# !/usr/bin/perl -w

use Mozilla::LDAP::Conn;
use Mozilla::LDAP::Utils;
use Mozilla::LDAP::Entry;

$user="$ARGV[0]";
$password="$ARGV[1]";
$GROUPDN   = "ou=groups, o=FOO";
$BASEDN   = "ou=people, o=FOO";

$conn = new Mozilla::LDAP::Conn(white, 389);      # Anonymous bind

die "Could't connect to LDAP server $host" unless $conn;

$entry = $conn->search("o=FOO", samelevel, "(uid=$user)", 0, (uid));

if (! $entry)
{
	print "No such userid: $user\n";
	exit(1);
}

$dn = $entry->getDN();

$search = "(&(cn=proxy)(uniquemember=$dn))";

$entry = $conn->search($GROUPDN, "samelevel", "$search");

if ($entry)
{
	$ret = $conn->simpleAuth($dn, $password);
	if ($ret)
	{
		{
			#print "$user was accepted\n";
			$conn->close if $conn;
			exit(0);
		}
	}
	else
	{
		print "$user rejected for Invalid Password\n"; # Authentication Failed
		$conn->close if $conn;
		exit(1);
	}
}

########################################################################
# Net::LDAP version
########################################################################

# !/usr/local/bin/perl -w

########################################################################
# housekeeping
########################################################################

use strict;

$\ = "\n";
$, = "\n";
$| = 1;

use Carp;
use Net::LDAP qw( :all );
use Net::LDAP::LDIF;

# use to pretty-print the results.

use Data::Dumper;
	local $Data::Dumper::Terse    = 1;
	local $Data::Dumper::Indent   = 1;
	local $Data::Dumper::Deepcopy = 1;

########################################################################
# globals
########################################################################

my $host = 'ldap.foo.com';
my $port = getservbyname( 'ldap', 'tcp' ) || 389;
my $base = q{ou=people, o=FOO};

########################################################################
# real work begins here
########################################################################

my $ldh = Net::LDAP->new( $host, port => $port )
	or croak "Failed LDAP->new";

print "LDH for anonymous bind: ", Dumper $ldh;

my $bindresult = $ldh->bind;

croak "Roadkill: bind: $bindresult->code()"
	if $bindresult->code();

for my $username ( qw( jowbloe jondow ) )
{
	my @searchparmz =
	(
		base	=> $base,
		scope	=> 'one',
		filter	=> qq{(uid=\L$username)},
		attrs	=> [ 'uid' ],
	);

	print "\nSearching on:", Dumper \@searchparmz;

	if( my $result = $ldh->search(@searchparmz) )
	{
		croak "Roadkill: search: " . $result->code if $result->code;
		
		my $struct = $result->as_struct;

		print "\nYields:", Dumper $struct;

		# snag the DN out of the returned query, it'll be the only
		# key for this query.

		if( my $newbase = ( %$struct )[0] )
		{
			# might not need the second ldh, re-binding may
			# work but also might not. need to test this
			# after the rest of it works.

			if( my $ldh2 = Net::LDAP->new( $host, port => $port ) )
			{
				print "LDH for password bind: ", Dumper $ldh2;

				# it is unlikely that anyone has picked either of
				# these as a password.
				#
				# it should be impossible to return a successful
				# bind with both.

				for my $password ( qw(foo bar) )
				{
					# take the base returned from the first query,
					# try to bind it with the supplied password.
					# this should -- I think? -- only succeed if
					# the password is valid.

					my @bindparmz =
					(
						base => $newbase,
						password => $password,
					);

					print "\nBinding with:", Dumper \@bindparmz;

					$bindresult = $ldh2->bind( @bindparmz );

					croak "Roadkill: bind: " . $bindresult->code()
						if $bindresult->code();

					if( my $result = $ldh->search(@searchparmz) )
					{
						print "Final result: ", Dumper $result->as_struct;
					}
					else
					{
						warn "Secondary query failed";
					}
				}
			}
			else
			{
				warn "Failed to allocate second LDAP handle";
			}
		}
		else
		{
			warn "No employee number found";
		}
	}
	else
	{
		warn "No Search Result Returned";
	}
}

# keep the shell happy

0

__END__

--
Steven Lembark                               2930 W. Palmer
Workhorse Computing                       Chicago, IL 60647
                                            +1 800 762 1582

[Fwd] getting bounced on the main list

[Graham B. <gb...@po...>]

----- Forwarded message from Steven Lembark <le...@je...> -----

Date: Mon, 10 Dec 2001 07:24:43 -0600
To: gb...@po...
From: Steven Lembark <le...@je...>
Subject: getting bounced on the main list

Dec 10 07:21:39 getz sendmail[8344]: fBADLWT7008342: to=<per...@li...>, ctladdr=<le...@ge...> (1024/1024), delay=00:00:07, xdelay=00:00:07, mailer=esmtp, pri=35591, relay=mail.sourceforge.net. [216.136.171.198], dsn=5.0.0, stat=Service unavailable
Dec 10 07:21:39 getz sendmail[8344]: fBADLWT7008342: fBADLdT7008344: DSN: Service unavailable

Is there a lynx-accessable spot I can subscrbe? Otherwise I'm completey
cut off behind a firewall.

thanx,
sl

To: per...@li...
From: le...@wr...
Subject: Equivalent operations between Net::LDAP and Mozilla::LDAP?

Trying to authenticate user/pass in mod_perl againsed an LDAP server.
Existing code uses one bind/search to look up the uid, gets back the
DN from the first query and attempts to perform a bind with domain
of the returned DN and password = $password. Problem at this point 
is that the second bind always succeeds. 

Customer is running a Netscape LDAP server, don't know the version
(unless there is a simple way to ask).

The code fragment below is supposed to work for them, but I don't
have access to Nescape's LDAP Developers' Toolkit in order to
compile perldap-1.4; would prefer to use Net::LDAP if it will work.

Question: Is there any reasonable way to accomplish the steps
shown below using Net::LDAP rather than Mozilla::LDAP? Or am I
just screwing up the second bind?

thanx.
sl

########################################################################
# Mozilla::LDAP version
########################################################################

#!/usr/bin/perl -w

use Mozilla::LDAP::Conn;
use Mozilla::LDAP::Utils;
use Mozilla::LDAP::Entry;

$user="$ARGV[0]";
$password="$ARGV[1]";
$GROUPDN   = "ou=groups, o=FOO";
$BASEDN   = "ou=people, o=FOO";

$conn = new Mozilla::LDAP::Conn(white, 389);      # Anonymous bind

die "Could't connect to LDAP server $host" unless $conn;

$entry = $conn->search("o=FOO", samelevel, "(uid=$user)", 0, (uid));

if (! $entry)
{
	print "No such userid: $user\n";
	exit(1);
}

$dn = $entry->getDN();

$search = "(&(cn=proxy)(uniquemember=$dn))";

$entry = $conn->search($GROUPDN, "samelevel", "$search");

if ($entry)
{
	$ret = $conn->simpleAuth($dn, $password);
	if ($ret)
	{
		{
			#print "$user was accepted\n";
			$conn->close if $conn;
			exit(0);
		}
	}
	else
	{
		print "$user rejected for Invalid Password\n"; # Authentication Failed
		$conn->close if $conn;
		exit(1);
	} 
}

########################################################################
# Net::LDAP version
########################################################################

#!/usr/local/bin/perl -w

########################################################################
# housekeeping
########################################################################

use strict;

$\ = "\n";
$, = "\n";
$| = 1;

use Carp;
use Net::LDAP qw( :all );
use Net::LDAP::LDIF;

# use to pretty-print the results.

use Data::Dumper;
	local $Data::Dumper::Terse    = 1;
	local $Data::Dumper::Indent   = 1;
	local $Data::Dumper::Deepcopy = 1;

########################################################################
# globals
########################################################################

my $host = 'ldap.foo.com';
my $port = getservbyname( 'ldap', 'tcp' ) || 389;
my $base = q{ou=people, o=FOO};

########################################################################
# real work begins here
########################################################################

my $ldh = Net::LDAP->new( $host, port => $port )
	or croak "Failed LDAP->new";

print "LDH for anonymous bind: ", Dumper $ldh;

my $bindresult = $ldh->bind;

croak "Roadkill: bind: $bindresult->code()"
	if $bindresult->code();

for my $username ( qw( jowbloe jondow ) )
{
	my @searchparmz =
	(
		base	=> $base,
		scope	=> 'one',                  
		filter	=> qq{(uid=\L$username)},
		attrs	=> [ 'uid' ],
	);

	print "\nSearching on:", Dumper \@searchparmz;

	if( my $result = $ldh->search(@searchparmz) )
	{
		croak "Roadkill: search: " . $result->code if $result->code;
		
		my $struct = $result->as_struct; 

		print "\nYields:", Dumper $struct;

		# snag the DN out of the returned query, it'll be the only
		# key for this query.

		if( my $newbase = ( %$struct )[0] )
		{
			# might not need the second ldh, re-binding may 
			# work but also might not. need to test this
			# after the rest of it works.

			if( my $ldh2 = Net::LDAP->new( $host, port => $port ) )
			{
				print "LDH for password bind: ", Dumper $ldh2;

				# it is unlikely that anyone has picked either of
				# these as a password.
				#
				# it should be impossible to return a successful
				# bind with both.

				for my $password ( qw(foo bar) )
				{
					# take the base returned from the first query, 
					# try to bind it with the supplied password.
					# this should -- I think? -- only succeed if
					# the password is valid.

					my @bindparmz =
					(
						base => $newbase,
						password => $password,
					);

					print "\nBinding with:", Dumper \@bindparmz;

					$bindresult = $ldh2->bind( @bindparmz );

					croak "Roadkill: bind: " . $bindresult->code()
						if $bindresult->code();

					if( my $result = $ldh->search(@searchparmz) )
					{
						print "Final result: ", Dumper $result->as_struct;
					}
					else
					{
						warn "Secondary query failed";
					}
				}
			}
			else
			{
				warn "Failed to allocate second LDAP handle";
			}
		}
		else
		{
			warn "No employee number found";
		}
	}
	else
	{
		warn "No Search Result Returned";
	}
}

# keep the shell happy

0

__END__

----- End forwarded message -----

Re: search filter with 'strange' characters?

[Kjetil T. H. <kje...@li...>]

Karel Bijl <Kar...@cm...> writes:

> After searching for a couple of hours, looking into ldif, asn1 and such I
> completely forgot that in stead of not getting a result, I get a protocol
> error!
> 
> No doubt that this has something to do with the binary meaning of
> the é ....  but then still, what would be necessary to convert this
> character into something else? I've got a feeling that I need to use
> Net::LDAP::LDIF somewhere .... but it's unclear to me how I should
> do that..

No, you need to do

use Unicode::String qw(utf8);
$filter = Unicode::String::latin1 ("sn=Dunné");


Kjetil T.