perl-ldap-dev

Net::LDAP Performance?

[<fh...@ts...>]

I have a module that currently performs LDAP operations by forking
iPlanet/Netscape Directory server commands through the use of backticks. We
have noticed in situations when retrieving all entries from the LDAP server
that this is fairly slow (15 to 20 seconds). In order to try and remedy
this situation, I have now tried to various implementations using "native"
LDAP communications such as Net::LDAP and Mozilla's PerLDAP. What I found
surprised me to some extent. I believed that our greatest bottle neck was
the fork call to the server command, and in single userid searches , both
native methods to calling the LDAP information were faster. Net::LDAP
outperformed PerLDAP. In the case of multiple entries though, the native
methods were slower in both Net::LDAP and Mozilla. While mod_perl is not an
option for me at this time. Are there other ways to optimize searches which
could improve performance?

Fred Hirsch
Toronto Stock Exchange

[Fwd] Authen::SASL problems

[Graham B. <gb...@po...>]

----- Forwarded message from Adam Saltsman <asa...@us...> -----

Date: Mon, 18 Jun 2001 12:10:55 -0700
To: gb...@po...
From: Adam Saltsman <asa...@us...>
Subject: Authen::SASL problems

Hi Graham, my name's Adam, and i was wondering if
you had a spare minute - if not, thats cool, but
its probably a pretty simple problem i've got
here.  I've tried multiple times now get the
Authen::SASL module to work, and all to no avail;
i've checked and double-checked that running
straight off the command line the username i'm
testing works with the CRAM-MD5 method - no
problems there.  Unfortunately, when i try to bind
using Authen::SASL, i get an error 80 - that is,
my 'die' message gives me a 'failed with 80'.  I'm
pretty new to this stuff, so i can well imagine
i'm missing something blatantly obvious...in any
case, here's my sample program, i would really
appreciate it if you could help me out (like i
said, though, if you can't thats totally fine, i
can imagine you stay pretty busy) - thanks again!

#!/usr/bin/perl                                    

use Net::LDAP qw(:all);
use Net::LDAP::Util qw(ldap_error_name
                       ldap_error_text);
use Authen::SASL;

$pass = "secret";
$DN = "uid=asaltsma";

my $ldap = new Net::LDAP('www.myserver.com');

$sasl = Authen::SASL->new('CRAM-MD5', password =>
$pass);

my $mesg = $ldap->bind( $DN, sasl => $sasl,
version => 3);

die ("failed to bind with ",$mesg->code(),"\n") if
$mesg->code();

$ldap>unbind( $DN );


Thanks again,
Adam Saltsman


----- End forwarded message -----

Re: tests of async operations

[Graham B. <gb...@po...>]

  $mesg = $ldap->bind( ... );
  @controls = $mesg->controls;

will get you a list of control that were in the return message. If you just
want a specific control then you can do

  my($ctrl) = $mesg->control( "2.16.840.1.113730.3.4.5" );

See the Net::LDAP::Message and the Net::LDAP::Control
documentation

Graham

On Sat, Jun 16, 2001 at 10:47:09PM +0200, eric German wrote:
> thank a lot for answer ;
> in fact i want access to this :
> 
> 5.  Password Expiration and Expiration Warning
> 
> New attributes, passwordExp,  passwordMaxAge,  and  passwordWarning  are
> defined  to  specify whether the password will expire, when the password
> expires and when a warning message will be sent to  the  client  respec-
> tively.  The  actual  expiration time for a password will be stored in a
> new attribute, passwordExpirationTime attribute in the user entry.
> 
> After bind operation succeed  with  authentication,  the  server  should
> check  for password expiration.  If the password expiration policy is on
> and the account's password is  expired,  the  server  should  send  bin-
> dResponse  with  the  resultCode: LDAP_INVALID_CREDENTIALS along with an
> error message to inform the client that the password  has  expired.   If
> the  password  is going to expire sooner than the password warning dura-
> tion,  the  server  should  send  bindResponse with   the   resultCode:
> LDAP_SUCCESS,  and  should  include the password expiring control in the
> controls field of the bindResponse message:
> 
>     controlType:  2.16.840.1.113730.3.4.5,
> 
>     controlValue: an octet string to indicate the time in seconds until
>     the password expires.
> 
>     criticality:  false
> 
> I want fetch the controlvalue .
> i m writing a perl module with definition, management  of extra-attribute
> for password .
> but  i loose my "latin"  in the concept of control
> 
> thank
> eric german
> 
> 
> 
> ----- Original Message -----
> From: Graham Barr <gb...@po...>
> To: eric German <eri...@wa...>
> Cc: <per...@li...>
> Sent: Saturday, June 16, 2001 8:00 AM
> Subject: Re: tests of async operations
> 
> 
> > Yes your loop does seem right, but there are no docs for async mode
> > because it is not really complete.
> >
> > But async mode will not get you any more information from the
> > server, I don't know why you think it will.
> >
> > The code below is *exactly* what Net::LDAP will do in normal mode.
> >
> > Graham.
> >
> > On Sat, Jun 16, 2001 at 07:05:44AM +0200, eric German wrote:
> > > Hi , I want to make  request with async mode : my code is now like this:
> > >
> > > #!/usr/bin/perl  -w
> > > use Net::LDAP;
> > > my $ldap = Net::LDAP->new('10.75.6.34',
> > >                            version =>3,
> > >            async =>1,);
> > > my $code = $ldap->bind(dn =>
> > > 'uid=michel.xxxxx-cp,ou=personnes,ou=dgcp,ou=mefi,o=gouv,c=fr' ,
> > > password =>'0' ,
> > >          );
> > >  $selector =IO::Select->new($ldap->socket);
> > > while ($selector ->can_read($timeout)) {
> > >   $ldap->_recvresp();
> > > last if ($code->done());
> > > }
> > > print "stop" ;
> > >
> > > the goal of the  job is to fetch the supply info send by Directory
> Server at
> > > the time of binding . A code whi tell :  your password will expire in n
> days
> > > etc..
> > >
> > > first , is  my loop seem correct for async operation   ?
> > >  where can find some doc or exemple about async op with net::ldap
> > > thank a lot
> > > eric german
> > > france
> > >
> > >
> > >
> > >
> 
> 

Re: tests of async operations

[eric G. <eri...@wa...>]

thank a lot for answer ;
in fact i want access to this :

5.  Password Expiration and Expiration Warning

New attributes, passwordExp,  passwordMaxAge,  and  passwordWarning  are
defined  to  specify whether the password will expire, when the password
expires and when a warning message will be sent to  the  client  respec-
tively.  The  actual  expiration time for a password will be stored in a
new attribute, passwordExpirationTime attribute in the user entry.

After bind operation succeed  with  authentication,  the  server  should
check  for password expiration.  If the password expiration policy is on
and the account's password is  expired,  the  server  should  send  bin-
dResponse  with  the  resultCode: LDAP_INVALID_CREDENTIALS along with an
error message to inform the client that the password  has  expired.   If
the  password  is going to expire sooner than the password warning dura-
tion,  the  server  should  send  bindResponse with   the   resultCode:
LDAP_SUCCESS,  and  should  include the password expiring control in the
controls field of the bindResponse message:

    controlType:  2.16.840.1.113730.3.4.5,

    controlValue: an octet string to indicate the time in seconds until
    the password expires.

    criticality:  false

I want fetch the controlvalue .
i m writing a perl module with definition, management  of extra-attribute
for password .
but  i loose my "latin"  in the concept of control

thank
eric german



----- Original Message -----
From: Graham Barr <gb...@po...>
To: eric German <eri...@wa...>
Cc: <per...@li...>
Sent: Saturday, June 16, 2001 8:00 AM
Subject: Re: tests of async operations


> Yes your loop does seem right, but there are no docs for async mode
> because it is not really complete.
>
> But async mode will not get you any more information from the
> server, I don't know why you think it will.
>
> The code below is *exactly* what Net::LDAP will do in normal mode.
>
> Graham.
>
> On Sat, Jun 16, 2001 at 07:05:44AM +0200, eric German wrote:
> > Hi , I want to make  request with async mode : my code is now like this:
> >
> > #!/usr/bin/perl  -w
> > use Net::LDAP;
> > my $ldap = Net::LDAP->new('10.75.6.34',
> >                            version =>3,
> >            async =>1,);
> > my $code = $ldap->bind(dn =>
> > 'uid=michel.xxxxx-cp,ou=personnes,ou=dgcp,ou=mefi,o=gouv,c=fr' ,
> > password =>'0' ,
> >          );
> >  $selector =IO::Select->new($ldap->socket);
> > while ($selector ->can_read($timeout)) {
> >   $ldap->_recvresp();
> > last if ($code->done());
> > }
> > print "stop" ;
> >
> > the goal of the  job is to fetch the supply info send by Directory
Server at
> > the time of binding . A code whi tell :  your password will expire in n
days
> > etc..
> >
> > first , is  my loop seem correct for async operation   ?
> >  where can find some doc or exemple about async op with net::ldap
> > thank a lot
> > eric german
> > france
> >
> >
> >
> >

Re: tests of async operations

[Graham B. <gb...@po...>]

Yes your loop does seem right, but there are no docs for async mode
because it is not really complete.

But async mode will not get you any more information from the
server, I don't know why you think it will.

The code below is *exactly* what Net::LDAP will do in normal mode.

Graham.

On Sat, Jun 16, 2001 at 07:05:44AM +0200, eric German wrote:
> Hi , I want to make  request with async mode : my code is now like this:
> 
> #!/usr/bin/perl  -w
> use Net::LDAP;
> my $ldap = Net::LDAP->new('10.75.6.34',
>                            version =>3,
>            async =>1,);
> my $code = $ldap->bind(dn =>
> 'uid=michel.xxxxx-cp,ou=personnes,ou=dgcp,ou=mefi,o=gouv,c=fr' ,
> password =>'0' ,
>          );
>  $selector =IO::Select->new($ldap->socket);
> while ($selector ->can_read($timeout)) {
>   $ldap->_recvresp();
> last if ($code->done());
> }
> print "stop" ;
> 
> the goal of the  job is to fetch the supply info send by Directory Server at
> the time of binding . A code whi tell :  your password will expire in n days
> etc..
> 
> first , is  my loop seem correct for async operation   ?
>  where can find some doc or exemple about async op with net::ldap
> thank a lot
> eric german
> france
> 
> 
> 
> 

tests of async operations

[eric G. <eri...@wa...>]

Hi , I want to make  request with async mode : my code is now like this:

#!/usr/bin/perl  -w
use Net::LDAP;
my $ldap = Net::LDAP->new('10.75.6.34',
                           version =>3,
           async =>1,);
my $code = $ldap->bind(dn =>
'uid=michel.xxxxx-cp,ou=personnes,ou=dgcp,ou=mefi,o=gouv,c=fr' ,
password =>'0' ,
         );
 $selector =IO::Select->new($ldap->socket);
while ($selector ->can_read($timeout)) {
  $ldap->_recvresp();
last if ($code->done());
}
print "stop" ;

the goal of the  job is to fetch the supply info send by Directory Server at
the time of binding . A code whi tell :  your password will expire in n days
etc..

first , is  my loop seem correct for async operation   ?
 where can find some doc or exemple about async op with net::ldap
thank a lot
eric german
france

Re: help nedd about async operation again

[eric G. <eri...@wa...>]

in my test , i try this
$recher->$ldap->search( ......) in sync mode , in display of $recher i see
all data.

the same thing with 'async' , i see only the begin of answer  of slapd .
I make  : $recher->sync
after this operation $recher is undef.  I found  in archive a message about
async-request ,I ll try .

thank


----- Original Message -----
From: eric German <eri...@wa...>
To: <per...@li...>
Sent: Thursday, June 14, 2001 7:21 PM
Subject: help nedd about async operation


> hi , I use Directory Serveur whi provide a "shadow" account like.
> - length of password
> - date of expiration etc..
>
> when use this :
> my $ldap= Net::LDAP->new ('10.75.6.34',port=>389);
> my $oper=$ldap->bind(dn => $dn ,
>   password=>$ancien );
>
> my $code = $oper->code;
>
> if  ($code == 49) {#bad password ...;;
>
> all work fine , BUT  i want to have more explaination on the reason of
fail
> .
>
> In Netscape doc , i read :
> for have  more info about the fail :
> use the version 3 of LDAP and the async operation
> and read all ldap message send by server
> also I add in my bind :
> version =>3,
> async =>1,
>
> rigth , but no how fetch the next message of LDAP ?
> i have try :
> $ldap->message  (wrong)
> $ldap->entries (wrong)
> ????
>
>
> thank a lot
> eric german
> france
>
>
>
>
>

Re: Search for specific attributes.

[Graham B. <gb...@po...>]

Straight from the Net::LDAP documentation

=item attrs

A reference to a list of attributes to be returned for each entry that
matches the search filter.

If not specified, then the server will return the attributes that are
specified as accessible by default given your bind credentials.

Certain additional attributes such as "createtimestamp" and other
operational attributes may also be available for the asking:

  $ldap->search( ... , attrs => ['createtimestamp'] , ... );

To retreive the default attributes and additional ones, use '*'.

  $ldap->search( ... , attrs => ['*', 'createtimestamp'] , ... );


On Thu, Jun 14, 2001 at 03:38:16PM -0400, Richard Lytle wrote:
> Hi,
> 
> I'm new to Perl LDAP and I've only learned a few things so far, but
> here's what I am trying to do:  I want to search for entry's that have a
> certain value in one of their attributes and I am able to do this, I
> want to request only certain attributes and I don't know how, I need to
> know the form of the information when it's returned to me so that I can,
> for example, read it into a hash, then use one element, like the "uid",
> to perform a series of updates.  I hope I've stated this clearly, I
> don't know how to limit my search to particular attributes, and I don't
> know what the form of the values are in when they're returned.  Any help
> for a newbie would be greatly appreciated.
> 
> Thanks in advance,
> Rich
> 

Search for specific attributes.

[Richard L. <rl...@me...>]

Hi,

I'm new to Perl LDAP and I've only learned a few things so far, but
here's what I am trying to do:  I want to search for entry's that have a
certain value in one of their attributes and I am able to do this, I
want to request only certain attributes and I don't know how, I need to
know the form of the information when it's returned to me so that I can,
for example, read it into a hash, then use one element, like the "uid",
to perform a series of updates.  I hope I've stated this clearly, I
don't know how to limit my search to particular attributes, and I don't
know what the form of the values are in when they're returned.  Any help
for a newbie would be greatly appreciated.

Thanks in advance,
Rich

help nedd about async operation

[eric G. <eri...@wa...>]

hi , I use Directory Serveur whi provide a "shadow" account like.
- length of password
- date of expiration etc..

when use this :
my $ldap= Net::LDAP->new ('10.75.6.34',port=>389);
my $oper=$ldap->bind(dn => $dn ,
  password=>$ancien );

my $code = $oper->code;

if  ($code == 49) {#bad password ...;;

all work fine , BUT  i want to have more explaination on the reason of fail
.

In Netscape doc , i read :
for have  more info about the fail :
use the version 3 of LDAP and the async operation
and read all ldap message send by server
also I add in my bind :
version =>3,
async =>1,

rigth , but no how fetch the next message of LDAP ?
i have try :
$ldap->message  (wrong)
$ldap->entries (wrong)
????


thank a lot
eric german
france

[Fwd] multiple hosts

[Graham B. <gb...@po...>]

----- Forwarded message from Eric Lackey <er...@is...> -----

Date: Tue, 12 Jun 2001 19:45:00 -0500
To: "'gb...@po...'" <gb...@po...>
From: Eric Lackey <er...@is...>
Subject: multiple hosts
X-Mailer: Internet Mail Service (5.5.2653.19)

Hello Graham,

Thanks for writing the perl-ldap code.  It works very well for me, although
I do have a request.  There doesn't seem to be the ability to send it
multiple host and have it do failover.  It also looks as though there is no
support within the IO-Socket-SSL module, so that might be where the
limitation is coming from.  If so, please let me know.  

Thanks,

Eric Lackey
ISDN-Net Operations
er...@is...


----- End forwarded message -----

using openldap like proxy-ldap with Net::LDAP

[eric G. <eri...@wa...>]

Hi, I m working about a proxy-ldap . For this , I'm using the shell  backend
in openldap . My scripts are in Perl with Net::LDAP .
this proxy-ldap manages  :
-bind and unbind
-search (with ou without callback: perlmonth n°11 by mr Willcox)
- compare
- debug request for other operation (modify)
it can talk with sereval ldap , a regexp choose the good server :
eg : bind with uid=prenom.nom-cp do the resquest on slapd who manages "-cp"
suffix.
The  proxy-ldap is speeeder than refferal in big organization .
TODO
-amenage openldap webmin module for administrate the proxy
-work about VLV
-manage the sessions

best regard

eric german
chef de projet
ministere des finances

v3 testing

[Graham B. <gb...@po...>]

Today I modified the test suite so that it will now work with
OpenLDAP1 and OpenLDAP2. The intent was to add some tests for the
controls we have implemented. But OpenLDAP2 only supports one
control.

Does anyone know of an avaliable server that I can write tests
against.

Idealy I would like a server I can run on the local machine (FreeBSD)
but I would settle for a publically avaliable server that I could
write some reasonable test against.

Graham.

Re: Additional VLV Problem

[Chris R. <chr...@me...>]

Graham Barr <gb...@po...> wrote:
> On Fri, Jun 08, 2001 at 08:11:17AM +0100, Chris Ridd wrote:
>> "David A. Pinkowitz" <dpi...@un...> wrote:
>> > At 06:33 PM 6/7/01 +0100, Graham Barr wrote:
>> >> Your server did not return a VLV_RESPONSE control
>> >> 
>> >> It should have passed back a control which holds info about
>> >> where the entries returned are in the list.
>> > 
>> > Is this typically a server configuration issue or would it just be that
>> > the server does not support these controls?  Could I have done
>> > something wrong prior to making my search? It seems odd that the
>> > server could recognize the VLV control and return the correct data,
>> > but not generate the VLV_RESPONSE.  Thanks again for all your help.
>> 
>> The server is free to ignore any controls that are not marked as
>> 'critical'. You may want to create it this way and see what happens:
> 
> A VLV control is critical by default, unless specified. So this should
> not make a difference.
> 
> Graham.

I just looked at VLV.pm and you're right.

Cheers,

Chris

Re: Additional VLV Problem

[Graham B. <gb...@po...>]

On Fri, Jun 08, 2001 at 08:11:17AM +0100, Chris Ridd wrote:
> "David A. Pinkowitz" <dpi...@un...> wrote:
> > At 06:33 PM 6/7/01 +0100, Graham Barr wrote:
> >> Your server did not return a VLV_RESPONSE control
> >> 
> >> It should have passed back a control which holds info about
> >> where the entries returned are in the list.
> > 
> > Is this typically a server configuration issue or would it just be that
> > the server does not support these controls?  Could I have done something
> > wrong prior to making my search? It seems odd that the server could
> > recognize the VLV control and return the correct data, but not generate
> > the VLV_RESPONSE.  Thanks again for all your help.
> 
> The server is free to ignore any controls that are not marked as
> 'critical'. You may want to create it this way and see what happens:

A VLV control is critical by default, unless specified. So this should
not make a difference.

Graham.

> 
> $vlv = Net::LDAP::Control::VLV->new(
>            before => 0,    # No entries before target entry
>            after => 1,     # number of entries after target entry
>            content => 0,   #If set to 0, list size is unknown
>            offset => 1,    # Target entry is the first
>            critical => 1   # Return an error if VLV is not permitted
> );
> 
> Cheers,
> 
> Chris

Re: Additional VLV Problem

[Chris R. <chr...@me...>]

"David A. Pinkowitz" <dpi...@un...> wrote:
> At 06:33 PM 6/7/01 +0100, Graham Barr wrote:
>> Your server did not return a VLV_RESPONSE control
>> 
>> It should have passed back a control which holds info about
>> where the entries returned are in the list.
> 
> Is this typically a server configuration issue or would it just be that
> the server does not support these controls?  Could I have done something
> wrong prior to making my search? It seems odd that the server could
> recognize the VLV control and return the correct data, but not generate
> the VLV_RESPONSE.  Thanks again for all your help.

The server is free to ignore any controls that are not marked as
'critical'. You may want to create it this way and see what happens:

$vlv = Net::LDAP::Control::VLV->new(
           before => 0,    # No entries before target entry
           after => 1,     # number of entries after target entry
           content => 0,   #If set to 0, list size is unknown
           offset => 1,    # Target entry is the first
           critical => 1   # Return an error if VLV is not permitted
);

Cheers,

Chris

Re: Second schema problem.

[Kurt D. Z. <Ku...@Op...>]

At 07:42 PM 6/7/2001, Clif Harden wrote:
>This may or may not be a problem, depends on your point of
>view I guess, but I do not think it is right.
>
>When we parse the objectClasses may or must attribute definitions 
>it appears that we are including these attribute names in the
>in the list with the true attributeType definitions.  This is okay
>as long as there are true attributeType definitions to match the
>may and must attributes.  
>
>However this is not always the case, depending on the schema(s) 
>that are being used.  My netscape DS has many "may contain" attributes
>that do not have matching attributeType definitions.
>(I found this out trouble shooting this problem.) 
>Trying to extract data for these "bogus" attributeType(s) causes a minor
>problem, there is no data for them. 
>
>IMHO, when we ask for the attributes we should get only the  
>true attributeType definitions that are in the schema. 

Clients should be prepared for a number of schema oddities.
In addition to the above, you find that not all LDAPsyntaxes
or matchingRules mentioned in attributeType descriptions
are published (ala OpenLDAP 2.0).  A client should assume
that if something is not published that it's not supported.

Kurt

Second schema problem.

[Clif H. <ch...@po...>]

This may or may not be a problem, depends on your point of
view I guess, but I do not think it is right.

When we parse the objectClasses may or must attribute definitions 
it appears that we are including these attribute names in the
in the list with the true attributeType definitions.  This is okay
as long as there are true attributeType definitions to match the
may and must attributes.  

However this is not always the case, depending on the schema(s) 
that are being used.  My netscape DS has many "may contain" attributes
that do not have matching attributeType definitions.
(I found this out trouble shooting this problem.) 
Trying to extract data for these "bogus" attributeType(s) causes a minor
problem, there is no data for them. 

IMHO, when we ask for the attributes we should get only the  
true attributeType definitions that are in the schema. 

Regards,

Clif Harden          ch...@po...

Re: Additional VLV Problem

[David A. P. <dpi...@un...>]

At 09:55 PM 6/7/01 +0100, you wrote:
>On Thu, Jun 07, 2001 at 04:34:07PM -0400, David A. Pinkowitz wrote:
> > As a followup to my last post, I am using Netscape Directory Server 4.  In
> > addition, I have tried a similar search on Active Directory.  Does
> > something special have to be done to the server to get VLV support?  Is
>
>Do you bind with version => 3 ?

I changed that and it worked.  Thanks for your help.


--
David A. Pinkowitz
UniPress Software, Inc.
dpi...@un...
(732) 287-2100 ext. 943

Re: Schema problem in .23

[Clif H. <cl...@di...>]

> 
> If you can dump the ldif for the entry, I will try to track it here
> 
> Graham.
> 
> On Thu, Jun 07, 2001 at 02:12:09PM -0500, Clif Harden wrote:
> > 
> > Graham,
> > 
> > I got a chance to look into the schema problem(s).
> > 
> > I think we have induced a "problem" into the .23 code.
> > 
> > I have a system that is still at .22 and it appears to be decoding
> > the objectclass information correctly, on a system at .23 there several
> > objectclasses do not decode correctly.  It varies on whether I hit my
> > x.500 server or my netscape servers.
> > 
> > I have installed your latest schema patch and it appears to have
> > the same problem.  I did not detect any new or additional problems.
> > 
> > I will send more information as I can find it.
> > 
> > Regards,
> > 
> > Clif Harden           INTERNET:  c-h...@ti...


Graham,

First problem I have found is that we are not 
parsing attribute SYNTAX lenghts correctly.

If an attribute has a length it is display properly,
if the attributer does not have a length a ) is 
given as it's lenght.

Example;

attributeTypes: ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' EQUALITY caseI
gnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYN
TAX 1.3.6.1.4.1.1466.115.121.1.15{256} USAGE directoryOperation )

This will parse the length, 1.3.6.1.4.1.1466.115.121.1.15{256}, correctly .
This if from my x.500 directory.

attributeTypes: ( 1.3.6.1.4.1.42.2.27.5.1.1 NAME 'SolarisProjectID' DESC 'User D
efined Attribute' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )

This will parse the length, 1.3.6.1.4.1.1466.115.121.1.27, incorrectly as
it will display a ) for length.  This if from my netscape ldap directory.


There is another problem, but I need to dig somemore before I 
attempt to describe it.


Regards,

Clif Harden           INTERNET:  c-h...@ti...

Re: Additional VLV Problem

[Graham B. <gb...@po...>]

On Thu, Jun 07, 2001 at 04:34:07PM -0400, David A. Pinkowitz wrote:
> As a followup to my last post, I am using Netscape Directory Server 4.  In 
> addition, I have tried a similar search on Active Directory.  Does 
> something special have to be done to the server to get VLV support?  Is 

Do you bind with version => 3 ?

> there a list somewhere of servers that do and don't have VLV support?

The rootDSE should list all the supported controls. you can get this
with $ldap->root_dse

> I am trying to implement LDAP capability in an application which may be 
> used by customers with any number of different LDAP servers and 
> configurations.  In its original form, my application was limited by the 
> server limits set for a search, returning a maximum perhaps of 1000 or 2000 
> entries.  I was trying to overcome this limit by using VLV.  Is there 
> enough compatibility among various servers to even implement this right now?

Hm, well the VLV spec is still in draft form. So I am not sure you can
expect to have a wide range of servers supporting it, but I may be wrong.

> Thanks again for all the help that has been given thus far.  I've been 
> lurking on this list for awhile as well as searching its archives and it 
> has been really helpful.

Graham.

Re: Additional VLV Problem

[David A. P. <dpi...@un...>]

As a followup to my last post, I am using Netscape Directory Server 4.  In 
addition, I have tried a similar search on Active Directory.  Does 
something special have to be done to the server to get VLV support?  Is 
there a list somewhere of servers that do and don't have VLV support?

I am trying to implement LDAP capability in an application which may be 
used by customers with any number of different LDAP servers and 
configurations.  In its original form, my application was limited by the 
server limits set for a search, returning a maximum perhaps of 1000 or 2000 
entries.  I was trying to overcome this limit by using VLV.  Is there 
enough compatibility among various servers to even implement this right now?

Thanks again for all the help that has been given thus far.  I've been 
lurking on this list for awhile as well as searching its archives and it 
has been really helpful.



--
David A. Pinkowitz
UniPress Software, Inc.
dpi...@un...
(732) 287-2100 ext. 943

Schema problem in .23

[Clif H. <cl...@di...>]

Graham,

I got a chance to look into the schema problem(s).

I think we have induced a "problem" into the .23 code.

I have a system that is still at .22 and it appears to be decoding
the objectclass information correctly, on a system at .23 there several
objectclasses do not decode correctly.  It varies on whether I hit my
x.500 server or my netscape servers.

I have installed your latest schema patch and it appears to have
the same problem.  I did not detect any new or additional problems.

I will send more information as I can find it.

Regards,

Clif Harden           INTERNET:  c-h...@ti...
Texas Instruments                
Directory Services
6500 Chase Oaks Blvd, M/S 8412  
Plano, TX 75023        
                         Voice:  972-575-0855
                           FAX:  972-575-2418

Re: Additional VLV Problem

[David A. P. <dpi...@un...>]

At 06:33 PM 6/7/01 +0100, Graham Barr wrote:
>Your server did not return a VLV_RESPONSE control
>
>It should have passed back a control which holds info about
>where the entries returned are in the list.

Is this typically a server configuration issue or would it just be that the 
server does not support these controls?  Could I have done something wrong 
prior to making my search? It seems odd that the server could recognize the 
VLV control and return the correct data, but not generate the 
VLV_RESPONSE.  Thanks again for all your help.



--
David A. Pinkowitz
UniPress Software, Inc.
dpi...@un...
(732) 287-2100 ext. 943

Re: Additional VLV Problem

[Graham B. <gb...@po...>]

On Thu, Jun 07, 2001 at 01:15:54PM -0400, David A. Pinkowitz wrote:
> At 04:50 PM 6/7/01 +0100, Graham Barr wrote:
> >Can you send the output from adding $ldap->debug(15)
> >
> >Thanks,
> >Graham.

> Net::LDAP=HASH(0xc3064) received:
> 
> 30 0C 02 01 02 65 07 0A 01 00 04 00 04 00 __ __ 0....e........
> 
> 0000 30   12: SEQUENCE {
> 0002 02    1:   INTEGER = 2
> 0005 65    7:   [APPLICATION 5] {
> 0007 0A    1:     ENUM = 0
> 000A 04    0:     STRING = ''
> 000C 04    0:     STRING = ''
> 000E        :   }
> 000E        : }
> Can't call method "context" on an undefined value at 
> /usr/local/lib/perl5/site_p
> erl/5.005/Net/LDAP/Control/VLV.pm line 107.

Your server did not return a VLV_RESPONSE control

It should have passed back a control which holds info about
where the entries returned are in the list.

Graham.