Menu
▾
▴
perl-ldap-dev
You can subscribe to this list here.
| 2000 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(200) |
Jun
(129) |
Jul
(184) |
Aug
(204) |
Sep
(106) |
Oct
(79) |
Nov
(72) |
Dec
(54) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2001 |
Jan
(83) |
Feb
(123) |
Mar
(84) |
Apr
(184) |
May
(106) |
Jun
(111) |
Jul
(104) |
Aug
(91) |
Sep
(59) |
Oct
(99) |
Nov
(100) |
Dec
(37) |
| 2002 |
Jan
(148) |
Feb
(88) |
Mar
(85) |
Apr
(151) |
May
(80) |
Jun
(110) |
Jul
(85) |
Aug
(43) |
Sep
(64) |
Oct
(89) |
Nov
(59) |
Dec
(42) |
| 2003 |
Jan
(129) |
Feb
(104) |
Mar
(162) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Chris R. <chr...@ma...> - 2003-02-26 21:59:39
|
On 26/2/03 9:49 pm, Todd Rosenberry <Tod...@xi...> wrote:
> Can you elaborate a bit on processing entries as they arrive? For
> example if I have code like this
>
> $msg=$ldap->search(base=>$base, filter=>$filter);
> foreach $entry ($msg->entries) {
> <do something with $entry>
> }
>
> am I automatically working with the entries as they come in or do I need
> to do something else? Feel free to say RTFM if this is clear in the
> documentation.
No, that's waiting for all the results to come back and then doing something
with them.
What Graham's alluding to is that you can set a callback in the search
operation (any operation I guess, though search is most useful) which does
get called once per "packet". It makes the client *look* faster in that it
can start outputting/processing more quickly, and it will also make it use
much less memory.
I'm pretty sure the callback mechanism is documented.
Cheers,
Chris
|
|
From: Eric N. <eri...@di...> - 2003-02-26 21:55:23
|
Lotus Notes it truely a let down when it comes to LDAP. I think you'll
find that any complicated searches you send Notes will results in errors.
Sta...@GI... wrote:
>
>
>Hey,
>
>Sorry about my last message being wrpapped so badly, Notes is a pain. To
>clarify,
>I am am trying to retrieve the names of all the groups on the LDAP server
>with the
>objectClasses I specified below. But one of my groups does not show up in
>searches.
>
>I am able to get the name of the group by doing the following:
>
>$mesg = $ldap->search(base => "$rconfig{'branchdn'}",
> scope => 'sub',
> filter =>
>"(|(member=$userDN)(objectclass=groupOfNames))",
> attrs => ['cn','dn']);
>
>but doing anything like this:
>
>$mesg = $ldap->search(base => "$rconfig{'branchdn'}",
> scope => 'sub',
> filter => "(&(cn=*)(objectclass=groupOfNames))",
> attrs => ['cn']);
>
>While case #1 works fine, I cannot use it since it is in a block of code
>which
>does not deal with users therefore looking for an arbitrary in the group to
>locate it is not a feasible option. The latter always returns 0 results
>causing
>my error code to kick in and end the script as intended. Graham do you
>have any idea about why this would fail to work, or what some workarounds
>might be besides the one I mentioned above?
>
>Best Regards,
>
>Stan
>
>
>
>
> Sta...@GI...
> Sent by: To: per...@li...
> per...@li...ur cc:
> ceforge.net Subject: Problems with groups...
>
>
> 02/26/2003 02:53 PM
>
>
>
>
>
>
>
>
>
>
>Hey,
>
>I've been successfully using Net::LDAP for a while, but recently when
>I started working with groups I began having a problem...
>
>When I'm searching for a group's info I usually have no problem
>doing this:
>
> $mesg = $ldap->search(base => "$rconfig{'branchdn'}",scope =>
>'sub',filter => "(&(cn=*)(objectclass=groupOfUniqueNames))",attrs =>
>['cn']);
>
>And I loop through the results to get the names of all the groups whose
>objectClass
>is groupOfUniqueNames. This works just fine, but when i try this:
>
> $mesg = $ldap->search(base => "$rconfig{'branchdn'}",scope =>
>'sub',filter => "(&(cn=*)(objectclass=groupOfNames))",attrs => ['cn']);
>
>To get the groups whose objectClass is groupOfNames I get no results
>returned.
>The groups are in the same hierarchy as the other groups (same base) I was
>able to search
>out above, any idea why this returns 0 results even though doing it from
>the command-line
>using ldapsearch works?
>
>I'm able to modify the groups whos oC is groupOfNames, so I'm not sure why
>this isn't working. Any help would be greatly appreciated!
>
>Best Regards,
>
>Stan
>
>
>
>-------------------------------------------------------
>This SF.net email is sponsored by: Scholarships for Techies!
>Can't afford IT training? All 2003 ictp students receive scholarships.
>Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
>www.ictp.com/training/sourceforge.asp
>
>
>
>
>
>-------------------------------------------------------
>This SF.net email is sponsored by: Scholarships for Techies!
>Can't afford IT training? All 2003 ictp students receive scholarships.
>Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
>www.ictp.com/training/sourceforge.asp
>
>
|
|
From: Graham B. <gb...@po...> - 2003-02-26 21:55:17
|
On Wed, Feb 26, 2003 at 01:49:00PM -0800, Todd Rosenberry wrote:
>
> Can you elaborate a bit on processing entries as they arrive? For
> example if I have code like this
>
> $msg=$ldap->search(base=>$base, filter=>$filter);
> foreach $entry ($msg->entries) {
> <do something with $entry>
> }
>
> am I automatically working with the entries as they come in or do I need
> to do something else? Feel free to say RTFM if this is clear in the
> documentation.
That code will read all entries first. RTFM, in particular the callbacks
section.
Graham.
>
> - Todd
>
> Graham Barr wrote:
>
> >On Wed, Feb 26, 2003 at 02:04:46PM -0600, Thomas Stripling wrote:
> >
> >
> >>Pardon my ignorance, but I've read comments that Net::LDAP is 100% perl,
> >>
> >>
> >
> >To a certain extent, yes it is. The perl-ldap distribution does not
> >require a C compiler to be installed. You will not need one for
> >any dependancies either, unless you want to use ldaps.
> >
> >
> >
> >>and I'm trying to discern exactly what that means. Do I need to install
> >>the Mozilla ldap c-sdk (for instance) to run Net::LDAP? If not, what are
> >>
> >>
> >
> >No you don't.
> >
> >
> >
> >>the performance implications of not relying on C code?
> >>
> >>
> >
> >There are some, but relatively small. You will spend a lot of time waiting/reading
> >from the network anyway.
> >
> >
> >
> >>I believe that perldap (Mozilla::LDAP) uses a c-based ldap sdk. How does
> >>
> >>
> >
> >Yes it does.
> >
> >
> >
> >>Net::LDAP compare to this in performance? What are some of the advantages
> >>to using Net::LDAP?
> >>
> >>
> >
> >I have not looked the Mozilla::LDAP for a long time. But it was the case that
> >it did not support async searches (even though the c-sdk does). So you have
> >to wait for the whole search result set before you can deal with the results.
> >With Net::LDAP you can process entries as they arrive.
> >
> >Net::LDAP supposrt LDAPv3, I dont think Mozilla::LDAP does, even though the c-sdk
> >does.
> >
> >I may be wrong on both these points. If I am, someone please correct me.
> >
> >As the author of Net::LDAP though I am also probably biased :) But I
> >am sure there are many on this list who have used both modules.
> >
> >Graham.
> >
> >
> >
> >>I'm not a member of this list, so please copy me in all replies.
> >>
> >>Thanks,
> >>Tom
> >>
> >>
> >>
> >>-------------------------------------------------------
> >>This SF.net email is sponsored by: Scholarships for Techies!
> >>Can't afford IT training? All 2003 ictp students receive scholarships.
> >>Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
> >>www.ictp.com/training/sourceforge.asp
> >>
> >>
> >
> >
> >-------------------------------------------------------
> >This SF.net email is sponsored by: Scholarships for Techies!
> >Can't afford IT training? All 2003 ictp students receive scholarships.
> >Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
> >www.ictp.com/training/sourceforge.asp
> >
> >
>
|
|
From: Todd R. <Tod...@xi...> - 2003-02-26 21:49:15
|
Can you elaborate a bit on processing entries as they arrive? For
example if I have code like this
$msg=$ldap->search(base=>$base, filter=>$filter);
foreach $entry ($msg->entries) {
<do something with $entry>
}
am I automatically working with the entries as they come in or do I need
to do something else? Feel free to say RTFM if this is clear in the
documentation.
- Todd
Graham Barr wrote:
>On Wed, Feb 26, 2003 at 02:04:46PM -0600, Thomas Stripling wrote:
>
>
>>Pardon my ignorance, but I've read comments that Net::LDAP is 100% perl,
>>
>>
>
>To a certain extent, yes it is. The perl-ldap distribution does not
>require a C compiler to be installed. You will not need one for
>any dependancies either, unless you want to use ldaps.
>
>
>
>>and I'm trying to discern exactly what that means. Do I need to install
>>the Mozilla ldap c-sdk (for instance) to run Net::LDAP? If not, what are
>>
>>
>
>No you don't.
>
>
>
>>the performance implications of not relying on C code?
>>
>>
>
>There are some, but relatively small. You will spend a lot of time waiting/reading
>from the network anyway.
>
>
>
>>I believe that perldap (Mozilla::LDAP) uses a c-based ldap sdk. How does
>>
>>
>
>Yes it does.
>
>
>
>>Net::LDAP compare to this in performance? What are some of the advantages
>>to using Net::LDAP?
>>
>>
>
>I have not looked the Mozilla::LDAP for a long time. But it was the case that
>it did not support async searches (even though the c-sdk does). So you have
>to wait for the whole search result set before you can deal with the results.
>With Net::LDAP you can process entries as they arrive.
>
>Net::LDAP supposrt LDAPv3, I dont think Mozilla::LDAP does, even though the c-sdk
>does.
>
>I may be wrong on both these points. If I am, someone please correct me.
>
>As the author of Net::LDAP though I am also probably biased :) But I
>am sure there are many on this list who have used both modules.
>
>Graham.
>
>
>
>>I'm not a member of this list, so please copy me in all replies.
>>
>>Thanks,
>>Tom
>>
>>
>>
>>-------------------------------------------------------
>>This SF.net email is sponsored by: Scholarships for Techies!
>>Can't afford IT training? All 2003 ictp students receive scholarships.
>>Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
>>www.ictp.com/training/sourceforge.asp
>>
>>
>
>
>-------------------------------------------------------
>This SF.net email is sponsored by: Scholarships for Techies!
>Can't afford IT training? All 2003 ictp students receive scholarships.
>Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
>www.ictp.com/training/sourceforge.asp
>
>
|
|
From: <Sta...@GI...> - 2003-02-26 20:49:00
|
Hey,
Sorry about my last message being wrpapped so badly, Notes is a pain. To
clarify,
I am am trying to retrieve the names of all the groups on the LDAP server
with the
objectClasses I specified below. But one of my groups does not show up in
searches.
I am able to get the name of the group by doing the following:
$mesg = $ldap->search(base => "$rconfig{'branchdn'}",
scope => 'sub',
filter =>
"(|(member=$userDN)(objectclass=groupOfNames))",
attrs => ['cn','dn']);
but doing anything like this:
$mesg = $ldap->search(base => "$rconfig{'branchdn'}",
scope => 'sub',
filter => "(&(cn=*)(objectclass=groupOfNames))",
attrs => ['cn']);
While case #1 works fine, I cannot use it since it is in a block of code
which
does not deal with users therefore looking for an arbitrary in the group to
locate it is not a feasible option. The latter always returns 0 results
causing
my error code to kick in and end the script as intended. Graham do you
have any idea about why this would fail to work, or what some workarounds
might be besides the one I mentioned above?
Best Regards,
Stan
Sta...@GI...
Sent by: To: per...@li...
per...@li...ur cc:
ceforge.net Subject: Problems with groups...
02/26/2003 02:53 PM
Hey,
I've been successfully using Net::LDAP for a while, but recently when
I started working with groups I began having a problem...
When I'm searching for a group's info I usually have no problem
doing this:
$mesg = $ldap->search(base => "$rconfig{'branchdn'}",scope =>
'sub',filter => "(&(cn=*)(objectclass=groupOfUniqueNames))",attrs =>
['cn']);
And I loop through the results to get the names of all the groups whose
objectClass
is groupOfUniqueNames. This works just fine, but when i try this:
$mesg = $ldap->search(base => "$rconfig{'branchdn'}",scope =>
'sub',filter => "(&(cn=*)(objectclass=groupOfNames))",attrs => ['cn']);
To get the groups whose objectClass is groupOfNames I get no results
returned.
The groups are in the same hierarchy as the other groups (same base) I was
able to search
out above, any idea why this returns 0 results even though doing it from
the command-line
using ldapsearch works?
I'm able to modify the groups whos oC is groupOfNames, so I'm not sure why
this isn't working. Any help would be greatly appreciated!
Best Regards,
Stan
-------------------------------------------------------
This SF.net email is sponsored by: Scholarships for Techies!
Can't afford IT training? All 2003 ictp students receive scholarships.
Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
www.ictp.com/training/sourceforge.asp
|
|
From: Graham B. <gb...@po...> - 2003-02-26 20:38:09
|
On Wed, Feb 26, 2003 at 02:27:24PM -0600, Thomas Stripling wrote: > What if I want to use ldaps? How does that change the requirements? Then you need IO::Socket::SSL and its dependencies, which you will need a C compiler to install Graham. > At 08:15 PM 2/26/2003 +0000, Graham Barr wrote: > >On Wed, Feb 26, 2003 at 02:04:46PM -0600, Thomas Stripling wrote: > > > Pardon my ignorance, but I've read comments that Net::LDAP is 100% perl, > > > >To a certain extent, yes it is. The perl-ldap distribution does not > >require a C compiler to be installed. You will not need one for > >any dependancies either, unless you want to use ldaps. > > > > > and I'm trying to discern exactly what that means. Do I need to install > > > the Mozilla ldap c-sdk (for instance) to run Net::LDAP? If not, what are > > > >No you don't. > > > > > the performance implications of not relying on C code? > > > >There are some, but relatively small. You will spend a lot of time > >waiting/reading > >from the network anyway. > > > > > I believe that perldap (Mozilla::LDAP) uses a c-based ldap sdk. How does > > > >Yes it does. > > > > > Net::LDAP compare to this in performance? What are some of the advantages > > > to using Net::LDAP? > > > >I have not looked the Mozilla::LDAP for a long time. But it was the case that > >it did not support async searches (even though the c-sdk does). So you have > >to wait for the whole search result set before you can deal with the results. > >With Net::LDAP you can process entries as they arrive. > > > >Net::LDAP supposrt LDAPv3, I dont think Mozilla::LDAP does, even though > >the c-sdk > >does. > > > >I may be wrong on both these points. If I am, someone please correct me. > > > >As the author of Net::LDAP though I am also probably biased :) But I > >am sure there are many on this list who have used both modules. > > > >Graham. > > > > > > > > I'm not a member of this list, so please copy me in all replies. > > > > > > Thanks, > > > Tom > > > > > > > > > > > > ------------------------------------------------------- > > > This SF.net email is sponsored by: Scholarships for Techies! > > > Can't afford IT training? All 2003 ictp students receive scholarships. > > > Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. > > > www.ictp.com/training/sourceforge.asp > |
|
From: Thomas S. <tst...@ho...> - 2003-02-26 20:30:42
|
What if I want to use ldaps? How does that change the requirements? At 08:15 PM 2/26/2003 +0000, Graham Barr wrote: >On Wed, Feb 26, 2003 at 02:04:46PM -0600, Thomas Stripling wrote: > > Pardon my ignorance, but I've read comments that Net::LDAP is 100% perl, > >To a certain extent, yes it is. The perl-ldap distribution does not >require a C compiler to be installed. You will not need one for >any dependancies either, unless you want to use ldaps. > > > and I'm trying to discern exactly what that means. Do I need to install > > the Mozilla ldap c-sdk (for instance) to run Net::LDAP? If not, what are > >No you don't. > > > the performance implications of not relying on C code? > >There are some, but relatively small. You will spend a lot of time >waiting/reading >from the network anyway. > > > I believe that perldap (Mozilla::LDAP) uses a c-based ldap sdk. How does > >Yes it does. > > > Net::LDAP compare to this in performance? What are some of the advantages > > to using Net::LDAP? > >I have not looked the Mozilla::LDAP for a long time. But it was the case that >it did not support async searches (even though the c-sdk does). So you have >to wait for the whole search result set before you can deal with the results. >With Net::LDAP you can process entries as they arrive. > >Net::LDAP supposrt LDAPv3, I dont think Mozilla::LDAP does, even though >the c-sdk >does. > >I may be wrong on both these points. If I am, someone please correct me. > >As the author of Net::LDAP though I am also probably biased :) But I >am sure there are many on this list who have used both modules. > >Graham. > > > > > I'm not a member of this list, so please copy me in all replies. > > > > Thanks, > > Tom > > > > > > > > ------------------------------------------------------- > > This SF.net email is sponsored by: Scholarships for Techies! > > Can't afford IT training? All 2003 ictp students receive scholarships. > > Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. > > www.ictp.com/training/sourceforge.asp |
|
From: Graham B. <gb...@po...> - 2003-02-26 20:16:27
|
On Wed, Feb 26, 2003 at 02:04:46PM -0600, Thomas Stripling wrote: > Pardon my ignorance, but I've read comments that Net::LDAP is 100% perl, To a certain extent, yes it is. The perl-ldap distribution does not require a C compiler to be installed. You will not need one for any dependancies either, unless you want to use ldaps. > and I'm trying to discern exactly what that means. Do I need to install > the Mozilla ldap c-sdk (for instance) to run Net::LDAP? If not, what are No you don't. > the performance implications of not relying on C code? There are some, but relatively small. You will spend a lot of time waiting/reading from the network anyway. > I believe that perldap (Mozilla::LDAP) uses a c-based ldap sdk. How does Yes it does. > Net::LDAP compare to this in performance? What are some of the advantages > to using Net::LDAP? I have not looked the Mozilla::LDAP for a long time. But it was the case that it did not support async searches (even though the c-sdk does). So you have to wait for the whole search result set before you can deal with the results. With Net::LDAP you can process entries as they arrive. Net::LDAP supposrt LDAPv3, I dont think Mozilla::LDAP does, even though the c-sdk does. I may be wrong on both these points. If I am, someone please correct me. As the author of Net::LDAP though I am also probably biased :) But I am sure there are many on this list who have used both modules. Graham. > > I'm not a member of this list, so please copy me in all replies. > > Thanks, > Tom > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Scholarships for Techies! > Can't afford IT training? All 2003 ictp students receive scholarships. > Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. > www.ictp.com/training/sourceforge.asp |
|
From: Takis S. <tak...@sa...> - 2003-02-26 20:14:34
|
Hi,
I was doing a bit more research on this, and I can actually get the
query to work if I hard-code my values into the search command.
However, if I use variables ... the search fails. Here is the line with
and without hard-coding:
Hardcoded:
my $search = $ldap->search(base => "o=qlo", scope => "sub",
filter =>
"(&(|(givenname=*takis*)(uid=*skagos*))(objectclass=inetOrgPerson))")
Not Hardcoded:
my $search = $ldap->search(base => "$basedn", scope =>
"$config{searchscope}",
filter => "$filter")
I've checked the values of those variables, and they are correct.
I've also tried using them with and without quotes. I'm really stumped.
Any information/assistance would be appreciated.
Thanks.
--
Takis
--
|o| P. Takis Skagos SaskTel - MIS |o|
|o| w: 306.777.4671 e-mail: tak...@sa... |o|
|o|-----------------------------------------------------------------|o|
|o| Two wrongs don't make a right, but three rights do make a left. |o|
|
|
From: Thomas S. <tst...@ho...> - 2003-02-26 20:06:45
|
Pardon my ignorance, but I've read comments that Net::LDAP is 100% perl, and I'm trying to discern exactly what that means. Do I need to install the Mozilla ldap c-sdk (for instance) to run Net::LDAP? If not, what are the performance implications of not relying on C code? I believe that perldap (Mozilla::LDAP) uses a c-based ldap sdk. How does Net::LDAP compare to this in performance? What are some of the advantages to using Net::LDAP? I'm not a member of this list, so please copy me in all replies. Thanks, Tom |
|
From: <Sta...@GI...> - 2003-02-26 19:53:33
|
Hey,
I've been successfully using Net::LDAP for a while, but recently when
I started working with groups I began having a problem...
When I'm searching for a group's info I usually have no problem
doing this:
$mesg = $ldap->search(base => "$rconfig{'branchdn'}",scope =>
'sub',filter => "(&(cn=*)(objectclass=groupOfUniqueNames))",attrs =>
['cn']);
And I loop through the results to get the names of all the groups whose
objectClass
is groupOfUniqueNames. This works just fine, but when i try this:
$mesg = $ldap->search(base => "$rconfig{'branchdn'}",scope =>
'sub',filter => "(&(cn=*)(objectclass=groupOfNames))",attrs => ['cn']);
To get the groups whose objectClass is groupOfNames I get no results
returned.
The groups are in the same hierarchy as the other groups (same base) I was
able to search
out above, any idea why this returns 0 results even though doing it from
the command-line
using ldapsearch works?
I'm able to modify the groups whos oC is groupOfNames, so I'm not sure why
this isn't working. Any help would be greatly appreciated!
Best Regards,
Stan
|
|
From: Chris R. <chr...@ma...> - 2003-02-26 19:04:28
|
On 26/2/03 6:46 pm, Graham Barr <gb...@po...> wrote:
> ----- Forwarded message from Takis Skagos <tak...@sa...> -----
>
> Date: Wed, 26 Feb 2003 12:36:39 -0600
> To: gb...@po...
> From: Takis Skagos <tak...@sa...>
> Subject: LDAP::NEW question
>
> Hi there,
>
> I really hate to do this bug I have been banging my head against my
> keyboard for the past 2 days.
>
> I am trying to use a Perl module you wrote to open an LDAP
> connection. I am having problems. I can connect to my LDAP but I am
> getting the following error:
>
> [26/Feb/2003:12:24:30 -0600] conn=641 fd=54 slot=54 connection from
> 142.165.148.27 to 192.168.1.218
> [26/Feb/2003:12:24:34 -0600] conn=641 op=0 RESULT err=2 tag=97
> nentries=0 etime=4
> [26/Feb/2003:12:24:34 -0600] conn=641 op=-1 fd=54 closed - B1
>
> Now, "err=2" is a protocol error. "tag=97" indicates that the error
> is the result of a bind.
>
> I am using the following line to establish the bind:
>
> $ldap = Net::LDAP->new("enterprise.qlo.com",port=>"33456",version=>3)
> $ldap->bind($config{ldapuser}, password => $config{ldapsecret})
>
> I have tried omitting the version number and replacing the 3 with a
> 2, but the result is always the same.
>
> If you have any ideas (I'm assuming you'd be really familiar with
> this code), I'd sure appreciate knowing about them.
>
> Thanks for any assistance you can provide.
>
>
Has your LDAP server been configured to allow simple authentication?
Cheers,
Chris
|
|
From: Graham B. <gb...@po...> - 2003-02-26 18:46:34
|
----- Forwarded message from Takis Skagos <tak...@sa...> -----
Date: Wed, 26 Feb 2003 12:36:39 -0600
To: gb...@po...
From: Takis Skagos <tak...@sa...>
Subject: LDAP::NEW question
Hi there,
I really hate to do this bug I have been banging my head against my
keyboard for the past 2 days.
I am trying to use a Perl module you wrote to open an LDAP
connection. I am having problems. I can connect to my LDAP but I am
getting the following error:
[26/Feb/2003:12:24:30 -0600] conn=641 fd=54 slot=54 connection from
142.165.148.27 to 192.168.1.218
[26/Feb/2003:12:24:34 -0600] conn=641 op=0 RESULT err=2 tag=97
nentries=0 etime=4
[26/Feb/2003:12:24:34 -0600] conn=641 op=-1 fd=54 closed - B1
Now, "err=2" is a protocol error. "tag=97" indicates that the error
is the result of a bind.
I am using the following line to establish the bind:
$ldap = Net::LDAP->new("enterprise.qlo.com",port=>"33456",version=>3)
$ldap->bind($config{ldapuser}, password => $config{ldapsecret})
I have tried omitting the version number and replacing the 3 with a
2, but the result is always the same.
If you have any ideas (I'm assuming you'd be really familiar with
this code), I'd sure appreciate knowing about them.
Thanks for any assistance you can provide.
--
Takis
--
|o| P. Takis Skagos SaskTel - MIS |o|
|o| w: 306.777.4671 e-mail: tak...@sa... |o|
|o|-----------------------------------------------------------------|o|
|o| Two wrongs don't make a right, but three rights do make a left. |o|
----- End forwarded message -----
|
|
From: <per...@li...> - 2003-02-26 14:27:49
|
Hi
> > get an error trying to prepare a "SET OF xxxx OPTIONAL".
Here is (i think) a solution.
I added in the parser.y file, for the selem definition
the optional keyword, and added the cOPT definition
to the element.
I've tried, and seems to be working.
(there are two warning whith the perl_byacc
and the test t/05time.t failed (with/without my patch))
The patch
--- ../Convert-ASN1-0.16/parser.y Mon Aug 19 23:51:37 2002
+++ parser.y Wed Feb 26 14:15:01 2003
@@ -131,10 +131,10 @@
| SET
;
-selem : seqset OF class plicit sselem
+selem : seqset OF class plicit sselem optional
{
$5->[cTAG] = $3;
- @{$$ = []}[cTYPE,cCHILD,cLOOP] = ($1, [$5], 1);
+ @{$$ = []}[cTYPE,cCHILD,cLOOP,cOPT] = ($1, [$5], 1, $6);
$$ = explicit($$) if $4;
}
;
Thank you very much
Lenardo A. Helman
Pert Consultores
lh...@pe...
|
|
From: Graham B. <gb...@po...> - 2003-02-25 20:32:07
|
On Tue, Feb 25, 2003 at 05:16:45PM -0300, per...@li... wrote: > Hi > > Excuse me if this isn't the correct list for the > Convert::ASN1 module. Well Convert::ASN1 does not have its own list, so here is as good as any. > I was using the library Convert::ASN1 and > get an error trying to prepare a "SET OF xxxx OPTIONAL". > The problem seems to be only "SET OF xxxx OPTIONAL", because > the same statement works without the "OPTIONAL" keyword. > > Am I doing something wrong? probably not > It's a valid construction? It probably should be. > I found in the grammar file: 'parser.y' > in the line 134 > selem : seqset OF class plicit sselem > > Shouldn't it said something like > selem : seqset OF class plicit sselem optional ? > > I will search if there are any side efects. I cannot think of any side effects. But to compile the parser you will need a version of byacc that can generate perl code. You can get it from http://www.cpan.org/src/misc/perl-byacc1.8.2.tar.gz To rebuild the parser run make run_byacc Graham. |
|
From: <per...@li...> - 2003-02-25 20:16:45
|
Hi
Excuse me if this isn't the correct list for the
Convert::ASN1 module.
I was using the library Convert::ASN1 and
get an error trying to prepare a "SET OF xxxx OPTIONAL".
A little example:
--------------------------------------
#!/usr/local/bin/perl -w
use Convert::ASN1;
my $asn = Convert::ASN1->new;
$asn->prepare( q<
foo ::= SET
{
bar [0] SET OF INTEGER OPTIONAL
}
>) or die "Convert::ASN1 ERROR " . $asn->error . "\n";
print "OK \n";
---------------------------------------
The problem seems to be only "SET OF xxxx OPTIONAL", because
the same statement works without the "OPTIONAL" keyword.
Am I doing something wrong?
It's a valid construction?
I found in the grammar file: 'parser.y'
in the line 134
selem : seqset OF class plicit sselem
Shouldn't it said something like
selem : seqset OF class plicit sselem optional ?
I will search if there are any side efects.
Thanks for your attention
Leonardo A. Helman
Pert Consultores
lh...@pe...
|
|
From: Rich B. <rj...@dr...> - 2003-02-25 17:40:23
|
I've been using Net::LDAP with good success for a few months now, but I've just run into problems with a script I'm working on. I'm trying to compare users in a unix passwd file with LDAP. My cut down code is: #!/usr/bin/perl use warnings; use strict; use Net::LDAP; use constant LDAP_MAIL_REPOSITORY=>"ldap3.irt.drexel.edu"; use constant SKIP_USERS=> qw(root daemon sys bin adm uucp nuucp listen lp audit webcheck backadm account account2); importFile(); sub importFile { my $ldapr=Net::LDAP->new(LDAP_MAIL_REPOSITORY); my $result=$ldapr->bind; $result->code && die $result->error; open PASSWD,"<passwd" or die "Couldn't open passwd file: $!"; while (<PASSWD>) { my ($uid,$junk,$uidno,$gidno,$gecos,$homedir,$shell)=split /:/; next if (grep $_ eq $uid,SKIP_USERS); print "Checking $uid...\n"; my $uid1="semonssp"; print "Different\n" if ($uid ne $uid1); $result=$ldapr->search(base=>"ou=people,dc=drexel,dc=edu,o=internet", filter=>"(uid=$uid)"); if ($result->code) { print "Search error: ". $result->error; } elsif (scalar($result->all_entries) != 1) { print "$uid not in ldap\n"; } else { print "Found $uid\n"; } exit; } } When I run this it hangs on the first ldap search. If I try changing $uid to $uid1 in the search filter it works fine. As far as I can see, perl thinks $uid and $uid1 are identical (as $uid ne $uid1 isn't true). We're using Iplanet Directory Server 4.16sp1. In the access log I just see an anonymous bind (no search) when the script hangs. I've done a little packet sniffing with Ethereal, and I noticed that when the script hangs the search is sent to the ldap server in a "short frame". This isn't the case when things work. Any hints on this would be greatly appreciated. Rich |
|
From: Lars U. <la...@kn...> - 2003-02-25 17:28:01
|
On Tue, Feb 25, 2003 at 04:12:12PM +0000, Graham Barr wrote: > On Tue, Feb 25, 2003 at 12:05:10PM +0100, Lars Uffmann wrote: > > If I cannot exact DER encode the PublicKeyAndChallenge, i cannot verify the > > signature, right? > > > > Of course, openssl's spkac app can verify the SPAKS to, but it challenged me > > to try it `perl only' :-) > > Chris was right that Convert::ASN1 is largely DER, but in some places it > is not. There were plans to control this with a switch, but I don't > think it was ever finished. > > If you know of areas where the encoding is not DER then we can look > into adding the switch to force strict der encoding. AFAIK all the PKCS standards use DER encoding when computing or verify digital signatures. I have no concrete examples where Convert::ASN does not use DER, but a switch to ensure that DER is used would be nice to have. regards, Lars |
|
From: Lars U. <la...@kn...> - 2003-02-25 17:09:02
|
On Tue, Feb 25, 2003 at 04:18:58PM +0000, Chris Ridd wrote: > On 25/2/03 4:12 pm, Graham Barr <gb...@po...> wrote: > > On Tue, Feb 25, 2003 at 12:05:10PM +0100, Lars Uffmann wrote: > >> If I cannot exact DER encode the PublicKeyAndChallenge, i cannot verify the > >> signature, right? > >> > >> Of course, openssl's spkac app can verify the SPAKS to, but it challenged me > >> to try it `perl only' :-) > > > > Chris was right that Convert::ASN1 is largely DER, but in some places it > > is not. There were plans to control this with a switch, but I don't > > think it was ever finished. > > > > If you know of areas where the encoding is not DER then we can look > > into adding the switch to force strict der encoding. > > > > Graham. > > The "DER-encoded" object that Lars sent me off-list was indeed DER-encoded, > so it seems that the encoding wasn't the problem. We think his problem's > somewhere else in his code, possibly in the way he's using Crypt::RSA. Yep, that's correct. It was indeed a problem with Crypt::RSA. The Crypt::RSA::verify Method does not take a "Digest" parameter. The default digest algo in the Crypt::RSA::SS::PKCS1v15 class is SHA1, but the signature was MD5 with RSA encryption... I have to use Crypt::RSA::SS::PKCS1v15 direktly, and pass the Digest parameter to it's constructor. I changed my $rsa = new Crypt::RSA(SS => 'PKCS1v15'); $vf = $rsa->verify(Digest => 'MD5', ...) to my $rsa = new Crypt::RSA::SS::PKCS1v15(Digest => 'MD5'); $vf = $rsa->verify(other parameters) regards and sorry for the confusion, Lars |
|
From: Chris R. <chr...@ma...> - 2003-02-25 16:19:05
|
On 25/2/03 4:12 pm, Graham Barr <gb...@po...> wrote: > On Tue, Feb 25, 2003 at 12:05:10PM +0100, Lars Uffmann wrote: >> If I cannot exact DER encode the PublicKeyAndChallenge, i cannot verify the >> signature, right? >> >> Of course, openssl's spkac app can verify the SPAKS to, but it challenged me >> to try it `perl only' :-) > > Chris was right that Convert::ASN1 is largely DER, but in some places it > is not. There were plans to control this with a switch, but I don't > think it was ever finished. > > If you know of areas where the encoding is not DER then we can look > into adding the switch to force strict der encoding. > > Graham. The "DER-encoded" object that Lars sent me off-list was indeed DER-encoded, so it seems that the encoding wasn't the problem. We think his problem's somewhere else in his code, possibly in the way he's using Crypt::RSA. Cheers, Chris |
|
From: Graham B. <gb...@po...> - 2003-02-25 16:12:43
|
On Tue, Feb 25, 2003 at 12:05:10PM +0100, Lars Uffmann wrote: > If I cannot exact DER encode the PublicKeyAndChallenge, i cannot verify the > signature, right? > > Of course, openssl's spkac app can verify the SPAKS to, but it challenged me > to try it `perl only' :-) Chris was right that Convert::ASN1 is largely DER, but in some places it is not. There were plans to control this with a switch, but I don't think it was ever finished. If you know of areas where the encoding is not DER then we can look into adding the switch to force strict der encoding. Graham. |
|
From: Lars U. <la...@kn...> - 2003-02-25 11:05:16
|
On Tue, Feb 25, 2003 at 10:28:29AM +0000, Chris Ridd wrote: > On 25/2/03 10:08 am, Lars Uffmann <la...@kn...> wrote: > It is BER, but it actually looks pretty close to DER. I can't recall all the > differences between BER and DER; but it encodes using definite length > encoding and booleans are ff/00. The major way it isn't DER is probably in > the encoding of SETs/SET OFs. I ask because i suspect it to be the reason I cannot RSA verify a SPAK: (Signed Public Key an Challenge). See http://wp.netscape.com/eng/security/comm4-keygen.html for the specs and my question to the Crypt::RSA list, http://lists.vipul.net/pipermail/pac/2003-February/000121.html if you are interested. >>> The public key and challenge string are DER encoded as PublicKeyAndChallenge, and then digitally signed with the private key to produce a SignedPublicKeyAndChallenge <<< If I cannot exact DER encode the PublicKeyAndChallenge, i cannot verify the signature, right? Of course, openssl's spkac app can verify the SPAKS to, but it challenged me to try it `perl only' :-) regards, Lars |
|
From: Chris R. <chr...@ma...> - 2003-02-25 10:28:37
|
On 25/2/03 10:08 am, Lars Uffmann <la...@kn...> wrote: > Hi, > > maybee a stupid question, but i could not find any documentation > regarding this topic: does Convert::ASN1 encode using BER or DER > encoding rules? > Convert::ASN1 manpage mentions an `encoding' parameter, which is > currently not used. > > Lars It is BER, but it actually looks pretty close to DER. I can't recall all the differences between BER and DER; but it encodes using definite length encoding and booleans are ff/00. The major way it isn't DER is probably in the encoding of SETs/SET OFs. Cheers, Chris |
|
From: Lars U. <la...@kn...> - 2003-02-25 10:08:08
|
Hi, maybee a stupid question, but i could not find any documentation regarding this topic: does Convert::ASN1 encode using BER or DER encoding rules? Convert::ASN1 manpage mentions an `encoding' parameter, which is currently not used. Lars |
|
From: <Fra...@ba...> - 2003-02-24 12:58:21
|
Hello,
i have a Problem, i want move an Entry from an LDAP node to an other node.
I want move
mail=Ha...@wu...,ou=node3, ou=node2a,ou=node1,o=Firma,c=de
to
mail=Ha...@wu...,ou=node2b,ou=node1,o=Firma,c=de
i do it so:
[code]
my $DN = 'mail=Ha...@wu...,ou=node3, ou=node2a,ou=node1,o=Firma,c=de';
my $rdn="mail\=Hans\@wur.st";
undef (my %mhConfig);
$mhConfig{'DBase'} = 'ou=node2b,ou=node1,o=Firma,c=de';
my $node=$mhConfig{'DBase'};
$r = $ldap->moddn( $DN,
newsuperior => "$node",
newrdn => "$rdn"
);
[/code]
The Problem is, this methode dont move my entrys. i get back code 68
(Alredy exists)
but the New Entry (mail=Ha...@wu...,ou=node2b,ou=node1,o=Firma,c=de)
dosn't exist!!!
Thatsfore i have testet du rename the rdn so that the rdn changed from
mail=Ha...@wu... to mail=Del...@wu...
and now i get code 0 but the Entry wasn't in the right node. the entry was
only moved in the original node. now i have an entry
mail=Del...@wu...,ou=node3, ou=node2a,ou=node1,o=Firma,c=de and not
mail=Del...@wu...,ou=node2b,ou=node1,o=Firma,c=de
the value newsuperior dosn't used from Net::LDAP.
Now i understand why i get normaly code 68 back.
who is my failur - how can i moved my entry to an other tree???
Please, help me
Frank Lohfeld
_________________________________ |
7902 messages has been excluded from this view by a project administrator.
