perl-ldap-dev

AuthNetLDAP + AuthUserFile?

[Eamon D. <ea...@fa...>]

Am I completely off my rocker or did I not once have a Location
protected so that I could auth against a htpasswd file if the LDAP
auth failed? I can't find a single trace of my old httpd.conf, but
I /swear/ I had it working at some point. Has anyone else done
this?

<Location />
AuthName "Internal"
AuthType Basic
AuthUserFile conf/htpasswd.list

PerlAuthenHandler Apache::AuthNetLDAP
PerlSetVar LDAPServer xxx.xxx.xxx.xxx
PerlSetVar LDAPPort 389
PerlSetVar BaseDN "ou=xxxxx,ou=xxxxx,o=xxxxx"
PerlSetVar UIDAttr cn

order deny,allow
deny from all
allow from 10.
allow from 127.0.0.1
require user guest_pass
require valid-user
satisfy any
</Location>

That results in:

[Fri Apr  6 17:24:51 2001] [error] access to /internal/ failed for
216.17.138.248, reason: user guest_pass: user entry not found for filter:
cn=xxxxx

and a 401 error. Am I out of my mind?

______________________________
Eamon Daly
FastWeb, Inc.
847 568 6410

RE: LDIF.pm and schemaUpdateNow

[Robbie A. <ra...@ci...>]

> -----Original Message-----
> From: Chris Ridd [mailto:chr...@me...]
> Sent: Friday, April 06, 2001 8:58 AM
> To: Robbie Allen
> Cc: per...@li...
> Subject: Re: LDIF.pm and schemaUpdateNow
> 
> 
> Robbie Allen <ra...@ci...> wrote:
> > Active Directory's schema cache may be updated by setting the
> > operational attribute 'schemaUpdateNow' to 1.  This is 
> typically done in
> > LDIF files that modify the schema in which a reference 
> needs to be made
> > to a class or attribute that was created in the same LDIF 
> file.  If the
> > schema cache isn't updated, the server may reject the change.
> > 
> > More information is available here:
> > http://msdn.microsoft.com/library/psdk/adsi/glschemex_378l.htm
> > 
> > It looks like this in an LDIF file:
> > 
> > dn:
> > changetype: modify
> > add: schemaUpdateNow
> > schemaUpdateNow: 1
> > -
> 
> That's OK, because I think that your change record is 
> affecting the root DSE, which has a DN of "".

That's correct.


> > Turns out that Net::LDAP::LDIF doesn't like this very much. 
>  It expects something after the dn.  The following change would fix 
> this issue, but
> > I was curious if it might break something else.  The entry object
> > created will not have a distinguishedname attribute, but 
> everything else seems to work fine.
> 
> A minor quibble: the "dn" line does not indicate an attribute called
> distinguishedName, but actually the DN of the entry being 
> modified. (The DN of an entry is not held in an attribute of the
entry.)

Actually it is in Active Directory.  It is called distinguishedName.


> > LDIF.pm
> > 73c73
> > <   return unless @ldif > 1 && $ldif[0] =~ s/^dn:(:?) //;
> > ---
> >>   return unless @ldif > 1 && $ldif[0] =~ s/^dn:(:?)( ?)//;
> > 
> > Robbie Allen
> > 
> 
> A slightly better change would be:
> 
>     return unless @ldif > 1 && $ldif[0] =~ s/^dn:(:?) *//;
> 
> because the LDIF ABNF says the dn line is this:
> 
> dn-spec = "dn:" (FILL distinguishedName /
>                  ":" FILL base64-distinguishedName)
> 
> FILL    = *SPACE
> 

That's fine.  What does it take to get this change incorporated into
LDIF.pm?

Robbie Allen

LDAP updates to Exchange 5.5 supported?

[Ken D. <ken...@sy...>]

It is my understanding that MS Exchange 5.5 LDAP services now supports LDAP read,write and modifies.

Anyone know where I can get more information on this. I have tried MS's website but I can seem
to find specifics on the LDAP service for 5.5. Most of the info refers to Active directory. 
Someone have a shortcut URL for me?

My immediate question is whether 5.5 supports a command line full export to LDIF?


Thanks,

Ken 
----------------------------------------------------------------------------------------------
Any views expressed in this message are those of the individual 
sender, and is not in any way associated with Syntegra.
----------------------------------------------------------------------------------------------

Re: LDIF.pm and schemaUpdateNow

[Chris R. <chr...@me...>]

Robbie Allen <ra...@ci...> wrote:
> Active Directory's schema cache may be updated by setting the
> operational attribute 'schemaUpdateNow' to 1.  This is typically done in
> LDIF files that modify the schema in which a reference needs to be made
> to a class or attribute that was created in the same LDIF file.  If the
> schema cache isn't updated, the server may reject the change.
> 
> More information is available here:
> http://msdn.microsoft.com/library/psdk/adsi/glschemex_378l.htm
> 
> It looks like this in an LDIF file:
> 
> dn:
> changetype: modify
> add: schemaUpdateNow
> schemaUpdateNow: 1
> -

That's OK, because I think that your change record is affecting the root
DSE, which has a DN of "".

> Turns out that Net::LDAP::LDIF doesn't like this very much.  It expects
> something after the dn.  The following change would fix this issue, but
> I was curious if it might break something else.  The entry object
> created will not have a distinguishedname attribute, but everything else
> seems to work fine.

A minor quibble: the "dn" line does not indicate an attribute called
distinguishedName, but actually the DN of the entry being modified. (The DN
of an entry is not held in an attribute of the entry.)

> LDIF.pm
> 73c73
> <   return unless @ldif > 1 && $ldif[0] =~ s/^dn:(:?) //;
> ---
>>   return unless @ldif > 1 && $ldif[0] =~ s/^dn:(:?)( ?)//;
> 
> Robbie Allen
> 

A slightly better change would be:

    return unless @ldif > 1 && $ldif[0] =~ s/^dn:(:?) *//;

because the LDIF ABNF says the dn line is this:

dn-spec = "dn:" (FILL distinguishedName /
                 ":" FILL base64-distinguishedName)

FILL    = *SPACE

Cheers,

Chris

Re: Error Codes resulting from searches

[Graham B. <gb...@po...>]

On Fri, Apr 06, 2001 at 08:17:36AM +0100, Ian Taite wrote:
> I'm still having trouble trying to get output from my LDAP MS Exchange
> script.
> I'm getting error 11 and error 87 when I do searches and no data.
> How do I translate the error code to a description? It might help me make
> more progress:

See Net::LDAP::Util for ldap_error_name, ldap_error_text and ldap_error_desc

Graham.

Error Codes resulting from searches

[Ian T. <it...@na...>]

I'm still having trouble trying to get output from my LDAP MS Exchange
script.
I'm getting error 11 and error 87 when I do searches and no data.
How do I translate the error code to a description? It might help me make
more progress:

use Net::LDAP;
use Net::LDAP::LDIF;

$server="172.16.1.15"; # IP ADDRESS OF EXCHSH01 Exchange box
$port=389;

$c = Net::LDAP->new($server, port=>$port, diag=>1) or die "Unable to connect
to server $server: $@\n";

# Anonymous bind
$c->bind() or die "Unable to bind: $@\n";

$basedn="o=NavTrak Limited";
$scope="sub";
$filter="(objectclass=organizationalperson)";

#$searchobj = $c->search(base=>$basedn,scope=>$scope,filter=>$filter);
$searchobj = $c->search(base=>$basedn,scope=>$scope);

die "Bad search, errorcode #".$searchobj->code()." $!" if
$searchobj->code();

foreach $entry ($searchobj->all_entries){
	$entry->dump;
};

# Disconnect from the LDAP server
$c->unbind();


****************************************************************************
Note
****************************************************************************

The information in this Email message, and any files transmitted with it,
are confidential and intended only for use of the individual or entity named
as recipient. If the reader of this message is not the intended recipient
you are hereby notified that any dissemination, processing, distribution or
copy of this material is strictly prohibited. If you have received this
Email in error, please immediately notify our network manager on the
telephone number below and delete the message. Your co-operation is
appreciated.

Any personal opinions expressed in this message are those of the sender and
should not be taken as representing the views of ITIS Holdings.

****************************************************************************
Contact Details

 ITIS Holdings
 The Warrant House
 1 The High Street
 Altrincham
 WA14 1PZ

 Telephone - (44) 161 929 5788

LDIF.pm and schemaUpdateNow

[Robbie A. <ra...@ci...>]

Active Directory's schema cache may be updated by setting the
operational attribute 'schemaUpdateNow' to 1.  This is typically done in
LDIF files that modify the schema in which a reference needs to be made
to a class or attribute that was created in the same LDIF file.  If the
schema cache isn't updated, the server may reject the change.

More information is available here:
http://msdn.microsoft.com/library/psdk/adsi/glschemex_378l.htm

It looks like this in an LDIF file:

dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-

Turns out that Net::LDAP::LDIF doesn't like this very much.  It expects
something after the dn.  The following change would fix this issue, but
I was curious if it might break something else.  The entry object
created will not have a distinguishedname attribute, but everything else
seems to work fine.

LDIF.pm
73c73
<   return unless @ldif > 1 && $ldif[0] =~ s/^dn:(:?) //;
---
>   return unless @ldif > 1 && $ldif[0] =~ s/^dn:(:?)( ?)//;

Robbie Allen

Re: [Fwd] Net::LDAP api talking to Netscape Directory server

[Ron H. <th...@cc...>]

	Source of the problem has been found (I think)...

	ldif file has the following definition

	dn: cn=Directory Manager, o=McGill, c=CA
        cn: Directory Manager
        objectclass: top
        objectclass: groupofuniquenames
        uniquemember: cn=<<<<SOME STUFF>>>

	Where some stuff points to a record no longer in the
	LDAP database <OH>

	This is further confounded by the aci

	aci: (target="ldap:///o=McGill, c = CA") (targetattr = "*")
             (version 3.0; acl "allow all Admin group"; allow(all) 
             groupdn="ldap:cn=Directory Manager,o=McGill,c=CA";)


	Which if I understand it correctly means that only people in the
	admin group and do root dn things and that the admin group (as
	defined by Directory Manager) needs to have a valid user in it

	Either that of make Directory Manager a simple account.


	Am I close?

	r

RE: [Fwd] Perl-LDAP on Win32 targetting Exchange 5.5

[Gordon J. <gor...@cp...>]

The scope in your search should be either 'one' or 'sub'; 'base' will only
read read your searchbase entry.

  -- gj

> -----Original Message-----
> From: per...@li...
> [mailto:per...@li...]On Behalf Of Graham
> Barr
> Sent: Thursday, April 05, 2001 8:43 am
> To: LDAP Mailing List
> Cc: Ian Taite
> Subject: [Fwd] Perl-LDAP on Win32 targetting Exchange 5.5
>
>
> ----- Forwarded message from Ian Taite <it...@na...> -----
>
> Date: Thu, 5 Apr 2001 12:55:34 +0100
> To: "'gb...@po...'" <gb...@po...>
> From: Ian Taite <it...@na...>
> Subject: Perl-LDAP on Win32 targetting Exchange 5.5
> X-Mailer: Internet Mail Service (5.5.2653.19)
>
> Try as I might, I cannot get my script to work - I just cannot find enough
> good examples to get a grip of how to get this done.
>
> What I want to do is read the global address list to produce a phone
> directory comprising users first name, last name, title, email address,
> phone number and mobile number.
>
> My script is incomplete, but produces no errors and no results.
>
> Do you know where I can get an example of what I want to do? I
> can only find
> examples based on ADSI or that create mailboxes, and I dont seem
> to be able
> to grasp it from those examples.
>
> My feeble script is below.
> Many thanks,
> Ian.
>
> use Net::LDAP;
> use Net::LDAP::LDIF;
>
> $server="172.16.1.15"; # IP ADDRESS OF EXCHSH01 Exchange box
> $port=389;
>
> $c = Net::LDAP->new($server, port=>$port, diag=>1) or die "Unable
> to connect
> to server $server: $@\n";
>
> # Anonymous bind
> $c->bind() or die "Unable to bind: $@\n";
>
> $basedn="cn=Recipients,ou=Altrincham,o=NavTrak Limited,c=GB";
> $scope="base";
> $filter="(objectClass=organizationalPerson)";
>
> $searchobj =
> $c->search(base=>$basedn,scope=>$scope,filter=>$filter,0,"mail");
>
> die "Bad search, errorcode #".$searchobj->code() if $searchobj->code();
>
>
> 	$ldif = new Net::LDAP::LDIF("-");
> 	$ldif->write($searchobj->entries());
> 	$ldif->done();
>
> # Disconnect from the LDAP server
> $c->unbind();
>
>
>
>
> ******************************************************************
> **********
> Note
> ******************************************************************
> **********
>
> The information in this Email message, and any files transmitted with it,
> are confidential and intended only for use of the individual or
> entity named
> as recipient. If the reader of this message is not the intended recipient
> you are hereby notified that any dissemination, processing,
> distribution or
> copy of this material is strictly prohibited. If you have received this
> Email in error, please immediately notify our network manager on the
> telephone number below and delete the message. Your co-operation is
> appreciated.
>
> Any personal opinions expressed in this message are those of the
> sender and
> should not be taken as representing the views of ITIS Holdings.
>
> ******************************************************************
> **********
> Contact Details
>
>  ITIS Holdings
>  The Warrant House
>  1 The High Street
>  Altrincham
>  WA14 1PZ
>
>  Telephone - (44) 161 929 5788
>
>
> ----- End forwarded message -----
>

[Fwd] Perl-LDAP on Win32 targetting Exchange 5.5

[Graham B. <gb...@po...>]

----- Forwarded message from Ian Taite <it...@na...> -----

Date: Thu, 5 Apr 2001 12:55:34 +0100 
To: "'gb...@po...'" <gb...@po...>
From: Ian Taite <it...@na...>
Subject: Perl-LDAP on Win32 targetting Exchange 5.5
X-Mailer: Internet Mail Service (5.5.2653.19)

Try as I might, I cannot get my script to work - I just cannot find enough
good examples to get a grip of how to get this done.

What I want to do is read the global address list to produce a phone
directory comprising users first name, last name, title, email address,
phone number and mobile number.

My script is incomplete, but produces no errors and no results.

Do you know where I can get an example of what I want to do? I can only find
examples based on ADSI or that create mailboxes, and I dont seem to be able
to grasp it from those examples.

My feeble script is below.
Many thanks,
Ian.

use Net::LDAP;
use Net::LDAP::LDIF;

$server="172.16.1.15"; # IP ADDRESS OF EXCHSH01 Exchange box
$port=389;

$c = Net::LDAP->new($server, port=>$port, diag=>1) or die "Unable to connect
to server $server: $@\n";

# Anonymous bind
$c->bind() or die "Unable to bind: $@\n";

$basedn="cn=Recipients,ou=Altrincham,o=NavTrak Limited,c=GB";
$scope="base";
$filter="(objectClass=organizationalPerson)";

$searchobj =
$c->search(base=>$basedn,scope=>$scope,filter=>$filter,0,"mail");

die "Bad search, errorcode #".$searchobj->code() if $searchobj->code();


	$ldif = new Net::LDAP::LDIF("-");
	$ldif->write($searchobj->entries());
	$ldif->done();

# Disconnect from the LDAP server
$c->unbind();




****************************************************************************
Note
****************************************************************************

The information in this Email message, and any files transmitted with it,
are confidential and intended only for use of the individual or entity named
as recipient. If the reader of this message is not the intended recipient
you are hereby notified that any dissemination, processing, distribution or
copy of this material is strictly prohibited. If you have received this
Email in error, please immediately notify our network manager on the
telephone number below and delete the message. Your co-operation is
appreciated.

Any personal opinions expressed in this message are those of the sender and
should not be taken as representing the views of ITIS Holdings.

****************************************************************************
Contact Details

 ITIS Holdings
 The Warrant House
 1 The High Street
 Altrincham
 WA14 1PZ

 Telephone - (44) 161 929 5788


----- End forwarded message -----

CGI PERL-LDAP on Win2K IIS

[<go...@ss...>]

Hi LDAP members,

I wrote a CGI script in PERL with LDAP calls to make query to Windows 2000
Active Directory.  I had some success trying it out on a Linux running
Apache web server.  The PERL version was 5.00401.

When I ported the PERL script to a Windows 2000 platform, I encountered
problem.  The Windows 2000 ran IIS version 5, Active PERL 5.6.0620.  The
problem was the CGI PERL script would fail (return undef) on first LDAP call
Net::LDAP->new

This problem was only observed if the PERL script was run as a CGI script -
activated from a client browser by specifying a URL.  If the PERL script was
run from Windows 2000 command line, everything worked fine.

Any idea or experience sharing will be highly appreciated.

With Regards,
Goy

RE: Changing password via Net::LDAPS and Perl

[Chris R. <chr...@me...>]

"Edgington, Jeffrey" <je...@um...> wrote:
> Ok.. that produced the following error... 
> 
> pulsar(18)>perl password.pl
> failed: 53 00002077: SvcErr: DSID-031D0A84, problem 5003
> (WILL_NOT_PERFORM), data 0  at password.pl line 38.

The result code 53 means 'unwilling to perform', which is a general kind of
way for the server to pout and refuse to do what you wanted.

I think your problem is that you're passing the actual BER object
(interpolated into a string) to the LDAP server, instead of the encoded
value. You need to get at the encoded value using $pwd->buffer.

$pwd = new Convert::BER;
$pwd->encode(
       STRING=>"hello",
) or die;
[...]
         replace => [ unicodePwd => "$pwd"]

You should replace the replace :-) with this:

         replace => [ unicodePwd => $pwd->buffer ]

Cheers,

Chris

Re: Writing to the LDAP database

[Simon W. <sx...@sx...>]

On Wednesday 04 April 2001 17:22, Dean Benson wrote:
> Ok newbie alert ... I've changed the IP and accounts/passwd to protect the
> innocent :) What am I doing wrong? 

This is a perl error, not a Net::LDAP one.

> Bad name after Benson' at ldap-convert.pl line 19.
>                          'sn    => 'Benson',

You're missing a closing quote after 'sn' in this line.

Cheers,

Simon.

-- 
Simon Wilkinson            <si...@sx...>          http://www.sxw.org.uk
"You're not quite evil enough. You're semi-evil. You're quasi-evil. You're
the margarine of evil. You're the Diet Coke of evil, just one calorie, not 
evil enough." - Dr Evil

RE: Writing to the LDAP database

[Behruz R. <beh...@cp...>]

Dean,
You forgot to put SN between Quote sign   'sn'=> xxxxxx
Behruz

-----Original Message-----
From: per...@li...
[mailto:per...@li...]On Behalf Of Dean
Benson
Sent: Wednesday, April 04, 2001 9:22 AM
To: per...@li...
Subject: Writing to the LDAP database


Ok newbie alert ... I've changed the IP and accounts/passwd to protect the
innocent :) What am I doing wrong?  The process binds to the ldap server and
I know that the root dn is right because I can connect with the same on
kldap and modify the database ... I used the example straight out of the
perl module doc

The following code returns the error:

Bad name after Benson' at ldap-convert.pl line 19.

<Code>

use Net::LDAP;
use Net::LDAP::Entry;

$ldap = Net::LDAP->new('foo.com') or die "$@";

$ldap->bind (   # bind to a directory with dn and password
              dn       => 'cn=root, dc=ifxcorp, dc=com',
              password => 'foopasswd'
             );

$result = $ldap->add (
               dn   => 'cn = Dean Benson, dc=ifxcorp, dc=com',
               attr => [ 'cn'   => ['Dean Benson', 'Deaner Benson'],
                         'sn    => 'Benson',
                         'mail' => 'be...@ho...',
                         'objectclass' => ['top', 'person',
                                           'organizationalPerson',
                                           'inetOrgPerson' ],
                       ]
             );


$result->code && warn "failed to add entry: ", $result->error ;
</Code>

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com

Writing to the LDAP database

[Dean B. <be...@ho...>]

Ok newbie alert ... I've changed the IP and accounts/passwd to protect the 
innocent :) What am I doing wrong?  The process binds to the ldap server and 
I know that the root dn is right because I can connect with the same on 
kldap and modify the database ... I used the example straight out of the 
perl module doc

The following code returns the error:

Bad name after Benson' at ldap-convert.pl line 19.

<Code>

use Net::LDAP;
use Net::LDAP::Entry;

$ldap = Net::LDAP->new('foo.com') or die "$@";

$ldap->bind (   # bind to a directory with dn and password
              dn       => 'cn=root, dc=ifxcorp, dc=com',
              password => 'foopasswd'
             );

$result = $ldap->add (
               dn   => 'cn = Dean Benson, dc=ifxcorp, dc=com',
               attr => [ 'cn'   => ['Dean Benson', 'Deaner Benson'],
                         'sn    => 'Benson',
                         'mail' => 'be...@ho...',
                         'objectclass' => ['top', 'person',
                                           'organizationalPerson',
                                           'inetOrgPerson' ],
                       ]
             );


$result->code && warn "failed to add entry: ", $result->error ;
</Code>

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com

Re: Problems on W2K which don't appear on Linux

[Graham B. <gb...@po...>]

On Wed, Apr 04, 2001 at 03:50:17PM +0000, Olaf Foellinger wrote:
> Hi,
> 
> on W2K I'm using the perk which is contained in the cygwin installation.

Oh, I am glad W2K has some perks :)

> 
> On linux it works well but on W2K it gives me the error
> 
> IO::Socket::INET: Timeout at ./test line 35.
> 
> It's not a problem of the value of the timeout I've set it much higher
> with the same result.

this is likely a problem with IO::Socket. Just try

  my $sock = IO::Socket::INET->new(
               PeerAddr => $host,
               PeerPort => 389,
               Proto    => 'tcp',
               Timeout  => 120
             ) or die "$@: $!";

Graham.

Problems on W2K which don't appear on Linux

[Olaf F. <Ola...@bl...>]

Hi,

on W2K I'm using the perk which is contained in the cygwin installation.
I've successfully installed Net::LDAP from CPAN. When I try it with the
following script

-------------------------------------------------------------------------=
-------------
#!/usr/bin/perl -w

use strict;

use constant DEBUG =3D> 0;
use constant ONLY_PERL =3D> 0;

use Net::LDAP;


my $ldap_server =3D "ldap.fra.sesa.de";
my $search_base =3D "dc=3Dsesa,dc=3Dde";
my @fields =3D qw(cn mail sn fn uid);
# list of the fields that will be used for composing the answer
my $expected_answers =3D "cn fn sn mail business_group telephonenumber";
#8<------8<------8<------8<------8<--------->8------>8------>8------>8---=
--->8
my $ldap_server_nick;
my @results;

print "DEBUG: ldap_server=3D$ldap_server search_base=3D$search_base\n" if
(DEBUG);

$/ =3D '';        # Paragraph mode for input.

foreach my $askfor ( @ARGV )
{

# enable this if you want to include wildcard in your search with some
# huge
# ldap databases you might want to avoid it
#  my $query =3D join '', map { "($_=3D$askfor*)" } @fields;
  my $query =3D join '', map { "($_=3D$askfor)" } @fields;
  $query =3D "(|" . $query . ")";

    my $ldap =3D Net::LDAP->new($ldap_server, DN =3D> "", Password =3D> "=
",
Port =3D> 389, Debug =3D> 3,) or die $@;
    $ldap->bind;
    my $mesg =3D $ldap->search( base =3D> $search_base, filter =3D> $quer=
y )
or die $@
;
    $mesg->code && die $mesg->error;
    my @entries =3D $mesg->entries;
    map { $_->dump } $mesg->all_entries if (DEBUG);
    my $entry;
    foreach $entry (@entries)
    {
      print "DEBUG processing $entry->dn\n" if (DEBUG);
# only keep the first email address, telephonenumber and businessgroup
      my $email =3D $entry->get_value('mail');
      my $phone =3D $entry->get_value('telephonenumber');
      my $sector =3D $entry->get_value('business_group');
      my $cn =3D $entry->get_value('cn');
      my @name =3D ($entry->get_value('fn'), $entry->get_value('sn'));
push @results, "<$email>\t@name\t\n";
# this one works mostly for everyody
#      push @results, "<$email>\t@name\n";
    }
    $ldap->unbind;
}

print "LDAP query: found ", scalar(@results), "\n", @results;
exit 1 if ! @results;
-------------------------------------------------------------------------=
-------

On linux it works well but on W2K it gives me the error

IO::Socket::INET: Timeout at ./test line 35.

It's not a problem of the value of the timeout I've set it much higher
with the same result.



Greetings Olaf

--
Olaf F=F6llinger
S.E.S.A. AG GS Berlin
mail: Ola...@se...
fon:  +49-30-390722291

How to avoid connecting to LDAP at each Perl CGI-CALL

[Behruz R. <beh...@cp...>]

Hi,

I would like to know if there is way to avoid Binding to LDAP at each time I
Call a Perl CGI script?
Right now, I have to bind every time I call a script.

I would like to keep my ldap instance created at the first begining time and
keep using it.
Sorry if the question seems stupid to some of you, but i am a novice in Perl
and CGI programming.

Thanks all of you for your help.

Behruz.

Re: How do you know when you've lost connection?

[Ron H. <th...@cc...>]

On Wed, 4 Apr 2001, Eric Nichols wrote:

> Everything is running smoothly with Perl-LDAP.  After working with
> Netscape's perldap I've found this stuff to be much easier to work with.
> 
> I do have one quick question.  I've got pretty poor connections here and
> have often lost my LDAP connections.  Is there anyway for Perl-LDAP to tell
> me if the connection is down?

	Only way I know is to poke it.

	There is an LDAP_UNAVAILABLE error code
	so you can poke it trap the error try a rebind and
	then fail gracefully if the server does not respond.

	That would be error 52.

	HTH


Who:    Ron Hall   - + 1 514 398 3718  (th...@tr...) 
What:   iUnix-Guy, Web-slogger, wizard, casual hero & part-time bartender
When:   Some out-of-the-way corner of Time&Space where they serve coffee  
Where:  Same as above only I'm more grounded
Why:    After all is said and done, why not?
Wote:   "We who are about to fry, saute you!"

How do you know when you've lost connection?

[Eric N. <eni...@cp...>]

Everything is running smoothly with Perl-LDAP.  After working with
Netscape's perldap I've found this stuff to be much easier to work with.

I do have one quick question.  I've got pretty poor connections here and
have often lost my LDAP connections.  Is there anyway for Perl-LDAP to tell
me if the connection is down?

Historically what I've seen is that on my next ldap search after a
disconnection I get an LDAP_LOCAL_ERROR
Thanks
Eric

Re: [Fwd] Net::LDAP api talking to Netscape Directory server

[Ron H. <th...@cc...>]

> Try this instead
> $result = $ldap->bind('cn=Directory Manager, o=McGill, c=CA', 
> password => '......');
> 
> or even this
> $result = $ldap->bind('cn=Directory Manager', password => '....');
> 
> normally the Netscape directory manager is just cn=Directory 
> Manager unless you specifically modified it.


	slapd.conf file on NT box says the rootdn is Directory Manager
	so I am confused.

	r

Re: [Fwd] Net::LDAP api talking to Netscape Directory server

[Ron H. <th...@cc...>]

> > 
> > 	The configuration tool provided by Netscape was happy to do it for
> > 	me.....
> Question.  For a bind, isn't the password sent in plaintext?  That's how
> IBM and OpenLDAP servers work.  The server does the encoding and compares it
> with the stored password.  If so then the password should not be encoded.

	That was my thought also but the slapd.conf file has a
	SHA encrypted password in rootpw attribute.

	Who knew.

	r

Re: [Fwd] Net::LDAP api talking to Netscape Directory server

[<ma...@mj...>]

On 3 Apr 01, at 15:03, Ron Hall wrote:

> > > 
> > Did you actually encode it with SHA-1 before putting it into the
> > slapd.conf file?
> 
>  The configuration tool provided by Netscape was happy to do it for
>  me.....
Doh! stupid question, sorry.
> 
> 
> > Normally it's the other way around for me :). I've used Netscape
> > since alpha-1 DS 1.0 and never had this type of problem.
> > 
> > I think the password is encoded incorrectly. 
> 
>  How would I know :)
sounds ok.
> 
> > 
> > 48 is 48=Inappropriate authentication
> > 
> > Can you send me or the list a copy of the code you're 
> > using.
> > 
> 
>  The code is awfully generic
> 
> #!/opt/bin/perl
> 
> use Net::LDAP;
> 
> $ldap = Net::LDAP->new('directory.mcgill.ca') or die "$@";
> $result = $ldap->bind (
>         dn => 'cn=Directory Manager, o=McGill, c=CA',
>         password => '--------'
>         );
Try this instead
$result = $ldap->bind('cn=Directory Manager, o=McGill, c=CA', 
password => '......');

or even this
$result = $ldap->bind('cn=Directory Manager', password => '....');

normally the Netscape directory manager is just cn=Directory 
Manager unless you specifically modified it.

Mark
> 
> $result->code && warn "failed to bind due to  ", $result->code;
> 
> > Also which version of the Netscape Directory server?
> 
>  3.1
> 
> 
> 
> 


Mark Wilcox
ma...@mj...
Got LDAP?

Re: [Fwd] Net::LDAP api talking to Netscape Directory server

[Feisal M. <fe...@uw...>]

On Tue, 3 Apr 2001 15:03:52 -0400 (EDT)
Ron Hall <th...@cc...> wrote:

> > > 
> > Did you actually encode it with SHA-1 before putting it into the 
> > slapd.conf file?
> 
> 	The configuration tool provided by Netscape was happy to do it for
> 	me.....
Question.  For a bind, isn't the password sent in plaintext?  That's how
IBM and OpenLDAP servers work.  The server does the encoding and compares it
with the stored password.  If so then the password should not be encoded.

-Feisal

Re: [Fwd] Net::LDAP api talking to Netscape Directory server

[Ron H. <th...@cc...>]

> > 
> Did you actually encode it with SHA-1 before putting it into the 
> slapd.conf file?

	The configuration tool provided by Netscape was happy to do it for
	me.....


> Normally it's the other way around for me :). I've used Netscape 
> since alpha-1 DS 1.0 and never had this type of problem.
> 
> I think the password is encoded incorrectly. 

	How would I know :)

> 
> 48 is 48=Inappropriate authentication
> 
> Can you send me or the list a copy of the code you're 
> using.
> 

	The code is awfully generic

#!/opt/bin/perl

use Net::LDAP;

$ldap = Net::LDAP->new('directory.mcgill.ca') or die "$@";
$result = $ldap->bind (
        dn => 'cn=Directory Manager, o=McGill, c=CA',
        password => '--------'
        );

$result->code && warn "failed to bind due to  ", $result->code;

> Also which version of the Netscape Directory server?

	3.1