perl-ldap-dev

Re: one level scope

[Kurt D. Z. <Ku...@Op...>]

At 09:40 PM 3/7/01 -0600, ma...@mj... wrote:
>Ok,
>I have a question on scope. It's been so long since I had to do a 
>one level scope search and I don't have an active LDAP server 
>handy to test it out.
>
>I thought a one level search, searches all entries under a base 
>entry, including their children but not the base entry.
>
>But now I've heard that it only searches one level, that level under 
>the base but not their children.

The latter is correct.  As the name implies, one-level (or
singleLevel) scope returns a single level of a subtree, the
level immediate subordinate to the search base.

If you want to accomplish the former, do a subtree search
and then ignore the entry matching your search base.

one level scope

[<ma...@mj...>]

Ok,
I have a question on scope. It's been so long since I had to do a 
one level scope search and I don't have an active LDAP server 
handy to test it out.

I thought a one level search, searches all entries under a base 
entry, including their children but not the base entry.

But now I've heard that it only searches one level, that level under 
the base but not their children.

ie:
given a tree of:
o=airius.com
   ou=people,o=airius.com
 uid=...,ou=people,o=airius.com
  ...
one level with a search base of o=airius.com, would only search 
the ou=people entries?

thanks,

Mark
 
Mark Wilcox
ma...@mj...
Got LDAP?

[Fwd] perl-ldap. How to find out if LDAP connection already exists

[Graham B. <gb...@po...>]

----- Forwarded message from Samarasimha Reddy  Mokkala <smo...@ly...> -----

Date: Wed, 07 Mar 2001 14:31:25 -0800
To: gb...@po...
From: "Samarasimha Reddy  Mokkala" <smo...@ly...>
Subject: perl-ldap. How to find out if LDAP connection already exists
X-Mailer: MailCity Service

Hi,
   My sam ,i work in CT . I saw your question in http://lists.sourceforge.net/archives//perl-ldap-dev/2000-December/000989.html
 and iam also stuck in the same position . 

   It will very helpful for me if you send the solution, in-case if you have it .


thank you.

-S- 


Get 250 color business cards for FREE! at Lycos Mail
http://mail.lycos.com/freemail/vistaprint_index.html


----- End forwarded message -----

Re: LDIF.pm patch -- print modrdn in write_cmd()

[Graham B. <gb...@po...>]

I don't think the DN should be base64 encoded, it should be encoded
using rules from rfc2253, which should result in a printable string
and avoid the need for base64 encoding

Graham.

On Wed, Mar 07, 2001 at 11:18:12AM -0000, Chris Ridd wrote:
> Kartik Subbarao <sub...@co...> wrote:
> > I have submitted a patch to LDIF.pm via sourceforge. It enables
> > write_cmd() to print modrdn operations properly.
> > 
> >	 -Kartik
> > 
> 
> It doesn't handle newsuperior...
> 
> Shouldn't the code be calling _write_attr instead of _wrap? Calling
> _write_attr will automatically base-64 encode 'unsafe' values. Hm, printing
> the DN should use _write_attr too...
> 
> Does the attached patch work any better?
> 
> Cheers,
> 
> Chris
> Index: ldap/lib/Net/LDAP/LDIF.pm
> ===================================================================
> RCS file: /cvsroot/perl-ldap/ldap/lib/Net/LDAP/LDIF.pm,v
> retrieving revision 1.4
> diff -b -c -r1.4 LDIF.pm
> *** ldap/lib/Net/LDAP/LDIF.pm	2001/02/12 09:27:08	1.4
> --- ldap/lib/Net/LDAP/LDIF.pm	2001/03/07 11:17:09
> ***************
> *** 291,312 ****
>     my $saver = SelectSaver->new($self->{'fh'});
>     
>     foreach $entry (grep { defined } @_) {
> !     my @changes = $entry->changes or next;
>       my $type = $entry->changetype;
>   
>       # Skip entry if there is nothing to write
>       next if $type eq 'modify' and !@changes;
>   
> -     my $dn = "dn: " . $entry->dn;
> - 
>       print "\n" if tell($self->{'fh'});
> !     print _wrap($dn,$wrap),"\n","changetype: ",$type,"\n";
>   
>       if ($type eq 'delete') {
>         next;
>       }
>       elsif ($type eq 'add') {
>         _write_attrs($entry,$wrap);
>         next;
>       }
>   
> --- 291,317 ----
>     my $saver = SelectSaver->new($self->{'fh'});
>     
>     foreach $entry (grep { defined } @_) {
> !     my @changes = $entry->changes;
>       my $type = $entry->changetype;
>   
>       # Skip entry if there is nothing to write
>       next if $type eq 'modify' and !@changes;
>   
>       print "\n" if tell($self->{'fh'});
> !     print _write_attr('dn',$entry->dn,$wrap),"\n","changetype: $type\n";
>   
>       if ($type eq 'delete') {
>         next;
>       }
>       elsif ($type eq 'add') {
>         _write_attrs($entry,$wrap);
> +       next;
> +     }
> +     elsif ($type eq 'modrdn') {
> +       print _write_attr('newrdn',$entry->get_value('newrdn'),$wrap);
> +       print 'deleteoldrdn: ',$entry->get_value('deleteoldrdn')),"\n";
> +       my $ns = $entry->get_value('newsuperior');
> +       print _write_attr('newsuperior',$ns,$wrap) if defined $ns;
>         next;
>       }
>   

Re: typo in doc on cpan

[Chris R. <chr...@me...>]

"EXT-Corcoran, David" <Dav...@PS...> wrote:
> 
> I found this typo (offset by **) in the documentation for perl-ldap:
> 
> A control is a reference to a HASH and should contain the three elements
> below. If any of the controls are blessed then the **methoc** to_asn will
> be called which should return a reference to a HASH containing the three
> elements described below. 
> 
> http://theoryx5.uwinnipeg.ca/CPAN/data/perl-ldap/Net/LDAP.html#CONTROLS

Thanks, I just committed the fix.

Cheers,

Chris

Re: LDIF.pm patch -- print modrdn in write_cmd()

[Chris R. <chr...@me...>]

Kartik Subbarao <sub...@co...> wrote:
> I have submitted a patch to LDIF.pm via sourceforge. It enables
> write_cmd() to print modrdn operations properly.
> 
>	 -Kartik
> 

It doesn't handle newsuperior...

Shouldn't the code be calling _write_attr instead of _wrap? Calling
_write_attr will automatically base-64 encode 'unsafe' values. Hm, printing
the DN should use _write_attr too...

Does the attached patch work any better?

Cheers,

Chris

LDIF.pm patch -- print modrdn in write_cmd()

[Kartik S. <sub...@co...>]

I have submitted a patch to LDIF.pm via sourceforge. It enables
write_cmd() to print modrdn operations properly.

	-Kartik

Re: LDAP and ProFtpd

[Benjamin J. <Ben...@Re...>]

If you are using Linux or Solaris, you can use nss_ldap and pam_ldap from:

http://www.padl.com/nss_ldap.html

These give "complete" LDAP integration at the OS level. The application does
need to support PAM however.

Ben


Shain Miley wrote:

> Hi,
> I am thinking of setting up proftpd to authenticate with our ldap
> server.  I have been testing it out and I am able to authenticate the
> username and password.  The next step is to be able to pull the account
> information (home directory, shell, etc) from the server as well.  I
> have been looking around and it looks like I need to set up the account
> stuff in posix form.  I am not too sure about posix.  Can anyone tell me
> how I should go about doing doing this?  I see that the user objectclass
> is set to top now.  Can users have multiple objectclasses?  Right now
> the users do not have entries for homeDirectory of loginShell...do I
> need to completely redo the entries in the ldap server or can can I
> modify the existing one?  Thanks for any help of URLs that anyone can
> provide me with.
> Shain

Re: [OT] LDAP schema design guides

[Jim H. <ha...@us...>]

Simon,
  We have done a lot of extending of the LDAP schema in Novell NDS.  The
first thing to do is to look for standard attributes that accomplish what
you want to do.  If so use those rather than invent your own.  This list
and/or the genera LDAP list has had several refernces to places where you
can check for these.  I lost all my bookmarks about a month ago, so don't
have them readily available.  We have added "standard" ones that aren't
Novell and our own unique ones.  By the way NDS8.5 has a lot mode standard
ones built in.  If you haven't upgraded to that, do so before you extend
your schema.  Much better to use things the way they do them where
possible.

  If you need to add your own unique things,  the most important step is
to get your own OID arc.  We paid $100 about 18 months ago to do it
through Novell, because it was the easiest option and I was in a super
time-crunch.  There are ways to get one for free if you want to track that
down.  Once you have your OID establish one ore more (auxilliary)
objectClasses for yourself.  We only did one and called it USNAperson.
Technically it should have been usnaPerson, but people around here
really like USNA to be uppercase.  Once you have your objectClass set, you
can add as many attributes as you need to it.  For each one, you need to
figure out its type (e.g. caseIgnoreString of time) and whether it is
single or multi valued.

  --Jim Harle


On Wed, 28 Feb 2001 Sim...@wi... wrote:

>
> This is off topic I know, but as I'll be doing it with Net::LDAP.....
>
>       I have been using Net::LDAP very successfully to query and
> manage a Novell
>       NDS directory but we're now hitting limitations of the existing
> schema
>       (need to store new attributes like employment status). Modifying
> a schema
>       seems very arcane and is beyond my knowledge.
>
>       Can anyone recommend references or tutorials about designing LDAP schemas,
>       best practice and so-on. The few resources I have found seem to be
>       technical guides to setting up server software, not the design of the
>       schema itself.
>
>       Many thanks,
>
>       Simon Wilcox
>       Intranet Development Manager
>       Williams Lea Group
>
>
>
> ______________________________________________________________________
>
>
>    This document should only be read by those persons to whom it is addressed
>    and is not intended to be relied upon by any person without subsequent
>    written confirmation of its contents. Accordingly, our company disclaim all
>    responsibility and accept no liability (including in negligence) for the
>    consequences for any person acting, or refraining from acting, on such
>    information prior to the receipt by those persons of subsequent written
>    confirmation.
>
>    If you have received this E-mail message in error, please notify us
>    immediately by telephone. Please also destroy and delete the message from
>    your computer.
>
>    Any form of reproduction, dissemination, copying, disclosure, modification,
>    distribution and/or publication of this E-mail message is strictly
>    prohibited.
>
>
>
>
>

LDAP and ProFtpd

[Shain M. <sm...@tv...>]

Hi,
I am thinking of setting up proftpd to authenticate with our ldap
server.  I have been testing it out and I am able to authenticate the
username and password.  The next step is to be able to pull the account
information (home directory, shell, etc) from the server as well.  I
have been looking around and it looks like I need to set up the account
stuff in posix form.  I am not too sure about posix.  Can anyone tell me
how I should go about doing doing this?  I see that the user objectclass
is set to top now.  Can users have multiple objectclasses?  Right now
the users do not have entries for homeDirectory of loginShell...do I
need to completely redo the entries in the ldap server or can can I
modify the existing one?  Thanks for any help of URLs that anyone can
provide me with.
Shain

[OT] LDAP schema design guides

[<Sim...@wi...>]

This is off topic I know, but as I'll be doing it with Net::LDAP.....

      I have been using Net::LDAP very successfully to query and manage a Novell
      NDS directory but we're now hitting limitations of the existing schema
      (need to store new attributes like employment status). Modifying a schema
      seems very arcane and is beyond my knowledge.

      Can anyone recommend references or tutorials about designing LDAP schemas,
      best practice and so-on. The few resources I have found seem to be
      technical guides to setting up server software, not the design of the
      schema itself.

      Many thanks,

      Simon Wilcox
      Intranet Development Manager
      Williams Lea Group



______________________________________________________________________


   This document should only be read by those persons to whom it is addressed
   and is not intended to be relied upon by any person without subsequent
   written confirmation of its contents. Accordingly, our company disclaim all
   responsibility and accept no liability (including in negligence) for the
   consequences for any person acting, or refraining from acting, on such
   information prior to the receipt by those persons of subsequent written
   confirmation.

   If you have received this E-mail message in error, please notify us
   immediately by telephone. Please also destroy and delete the message from
   your computer.

   Any form of reproduction, dissemination, copying, disclosure, modification,
   distribution and/or publication of this E-mail message is strictly
   prohibited.

Re: perl-dap using cygwin perl 5.6.1

[Chris R. <chr...@me...>]

Tony Arnold <ton...@ma...> wrote:
> $mesg = $ldap->search(base=>"c=UK",filter=>"(uid=$user)");

Are you sure you mean c=UK, and not c=GB? There is no country with a
country code of 'UK' :-)

http://www.din.de/gremien/nas/nabd/iso3166ma/codlstp1/en_listp1.html

Cheers,

Chris

perl-dap using cygwin perl 5.6.1

[Tony A. <ton...@ma...>]

I've used the perl-ldap module with version 5.6.0 of Perl by Activestate on
Windows 2000 and am now trying it with Perl 5.6.1 under cygwin 1.1.8, but
with not much success. A simple script to search for an attribute on our
ldap server fails with an I/O error as follows:

I/O Error Resource temporarily unavailable
494f3a3a536f636b65743a3a494e45543d474
c4f422830786130323232386329 at ./find.pl line 14, <STDIN> line 1.

The script is as follows:

#!/usr/bin/perl

use Net::LDAP;

$ldap = Net::LDAP->new('ldap.mcc.ac.uk') or die "$@";

$ldap->bind or die "$@";

print("\nGetting username ...\n\n");
print("Username: ");chop ($user=<STDIN>);

print("Searching LDAP for username ...\n");
$mesg = $ldap->search(base=>"c=UK",filter=>"(uid=$user)");
$mesg->code && die $mesg->error;

$y = $mesg->count();
printf "$y entries found.\n";

foreach $entry ($mesg->all_entries) {
  $dn=$entry->dn();
  @mail=$entry->get('mail');
  print("Distinguished name: $dn\nMail address: $mail[0]\n");
}

Anyone with any similar experiences of doing this? All help very much
appreciated.

Regards,
Tony.
--
Tony Arnold, Deputy Head of COS Division,
Manchester Computing, University of Manchester.
Tel: +44 161 275 6093, Fax: +44 870 136 1004, Mob: 0773 330 0039
E-mail: ton...@ma..., Home: http://www.man.ac.uk/Tony.Arnold

typo in doc on cpan

[EXT-Corcoran, D. <Dav...@PS...>]

I found this typo (offset by **) in the documentation for perl-ldap:

A control is a reference to a HASH and should contain the three elements below. If any of the controls are blessed then the **methoc** to_asn will be called which should return a reference to a HASH containing the three elements described below. 

http://theoryx5.uwinnipeg.ca/CPAN/data/perl-ldap/Net/LDAP.html#CONTROLS

--
http://www.taxax.org

--@@
   ~
 DavidC

Problem of the search function

[<eri...@hk...>]

Dear all,

I encounter a problem of using search utility. The following is my program
and configuration.

       0  ldap host A   ip addrss: 172.15.208.11   dc=fin,dc=net
        \
         \
          0  ldap host B ip address 172.15.208.12   dc=abc,dc=fin,dc=net

I have set a referral entry to ldap host B on ldap host A. So, the search
will search the host A and then host B.
But now, I just want to search host A and retreive its entry only. I have
tried the below search option but still fail,
there are:

$entry = $conn->search("dc=fin,dc=net", "", $filter, 0, @attr);
Result: no entry found
$entry = $conn->search("dc=fin,dc=net", "one", $filter, 0, @attr);
Result: no entry found
$entry = $conn->search("dc=fin,dc=net", "base", $filter, 0, @attr);
Result: no entry found         $entry = $conn->search("dc=fin,dc=net",
"sub", $filter, 0, @attr);   Result: no entry found
$entry = $conn->search("", "", $filter, 0, @attr);
It display the whole entry including the referral ldap host B database.

$entry = $conn->search("dc=abc,dc=fin,dc=net", "", $filter, 0, @attr);
It display all the entry of ldap host B database.


Can anyone tell me how to set the search option  just only search the root
ldap server and not go to its referral ldap server.

Thanks a lot!!!!

Regards/Eric



The program is:


use Mozilla::LDAP::Conn;

$conn = new Mozilla::LDAP::Conn ("172.15.206.11", "389", "", "");
die "No LDAP connection" unless $conn;

@attr = ("cn", "sn", "mail");
$filter = "(cn=eric*)";

$base = "dc=finnet-hk,dc=net";
$entry = $conn->search("", "one", $filter, 0, @attr);

$count=0;
if ( ! $entry)
{ print (" handle this event, no entry");
}
else
{      while ($entry)
           {
          $entry ->printLDIF();
          $entry = $conn ->nextEntry();
         }
   }
close(FILE);

______________________________________________________________________

This message is intended only for use of the addressee and may  contain
information that is privileged and confidential. If you are not the intended
recipient, you are hereby notified that any use or dissemination of this
communication is strictly prohibited. If you have received this communication in
error, please notify us immediately by reply and delete this message from your
system.

Re: dynamic schema update

[Kurt D. Z. <Ku...@Op...>]

Given the error message mentions LDAP_MOD_REPLACE,
you might try modify/add-values instead of
modify/replace-values.  Of course, as others have
pointed out, the server might not support any
modification of a subschema entry (or subentry)
via LDAP.  I note that subschema modification is
an elective feature of LDAPv3.

At 03:49 PM 2/26/01 -0600, Justin wrote:
>  This call returns: 0x35 LDAP_MOD_REPLACE is not implemented on schema entry

Re: dynamic schema update

[Justin <da...@io...>]

I knew I forgot something :)

I'm using Netscape Directory Server 4.12 with Perl-ldap 0.22

Justin

> What LDAP server implementation are you using?
> 
> I suppose that it's possible that the server implementation doesn't
> support modifying schema on the fly.
> 
> 	--Tom
> 
> On Mon, 26 Feb 2001, Justin wrote:
> 
> > Greetings!
> >
> > I am now trying to write a modified schema entry back to the directory
> > and am having problems.  Perhaps someone here can see the error of my ways.
> > This is how I'm trying to do it:
> >
> >   Create a Net::LDAP::Entry, $entry
> >   Set the $entry->dn("cn=Schema");
> >   Create a multivalued hash with keys "attributetypes" and "objectclasses"
> >   Call $entry->modify() with "replace" and the reference to the above hash.
> >
> >   This call returns: 0x35 LDAP_MOD_REPLACE is not implemented on schema entry
> >
> >
> > What I'm wondering is:
> >
> >  -Is this error coming from the perl ldap modules?
> >
> >  -Is modify/replace the proper way to programmatically affect the directory
> >   schema?
> >
> >
> > Thanks for your suggestions.
> >  Justin
> >
> 

Re: dynamic schema update

[Clif H. <ch...@po...>]

Justin wrote:

> Greetings!
>
> I am now trying to write a modified schema entry back to the directory
> and am having problems.  Perhaps someone here can see the error of my ways.
> This is how I'm trying to do it:
>
>   Create a Net::LDAP::Entry, $entry
>   Set the $entry->dn("cn=Schema");
>   Create a multivalued hash with keys "attributetypes" and "objectclasses"
>   Call $entry->modify() with "replace" and the reference to the above hash.
>
>   This call returns: 0x35 LDAP_MOD_REPLACE is not implemented on schema entry
>
> What I'm wondering is:
>
>  -Is this error coming from the perl ldap modules?
>
>  -Is modify/replace the proper way to programmatically affect the directory
>   schema?
>
> Thanks for your suggestions.
>  Justin

I believe the error message is telling you the dynamic schema modifications are
not allowed
(implemented) on your server.

Many directory servers do not allow dynamic schema modifications, you have to
modify the
schema control files and then restart the directory server.

It would help to know what company provided the directory server.

Regards,

Clif Harden

Re: dynamic schema update

[Tom J. <tj...@do...>]

What LDAP server implementation are you using?

I suppose that it's possible that the server implementation doesn't
support modifying schema on the fly.

	--Tom

On Mon, 26 Feb 2001, Justin wrote:

> Greetings!
>
> I am now trying to write a modified schema entry back to the directory
> and am having problems.  Perhaps someone here can see the error of my ways.
> This is how I'm trying to do it:
>
>   Create a Net::LDAP::Entry, $entry
>   Set the $entry->dn("cn=Schema");
>   Create a multivalued hash with keys "attributetypes" and "objectclasses"
>   Call $entry->modify() with "replace" and the reference to the above hash.
>
>   This call returns: 0x35 LDAP_MOD_REPLACE is not implemented on schema entry
>
>
> What I'm wondering is:
>
>  -Is this error coming from the perl ldap modules?
>
>  -Is modify/replace the proper way to programmatically affect the directory
>   schema?
>
>
> Thanks for your suggestions.
>  Justin
>

dynamic schema update

[Justin <da...@io...>]

Greetings!

I am now trying to write a modified schema entry back to the directory
and am having problems.  Perhaps someone here can see the error of my ways.
This is how I'm trying to do it:

  Create a Net::LDAP::Entry, $entry
  Set the $entry->dn("cn=Schema");
  Create a multivalued hash with keys "attributetypes" and "objectclasses"
  Call $entry->modify() with "replace" and the reference to the above hash.

  This call returns: 0x35 LDAP_MOD_REPLACE is not implemented on schema entry


What I'm wondering is:

 -Is this error coming from the perl ldap modules?

 -Is modify/replace the proper way to programmatically affect the directory
  schema?


Thanks for your suggestions.
 Justin

Re: moddn problem

[Bing D. <Bi...@ci...>]

Seems we were not talking about the same problem.  I apologize if my
question was not closely Net::LDAP related.  

My ldif containing modrdn entries was not generated by Net::LDAP::LDIF.
 
Given that ldif, the command 'ldapmodify' provided with the
MessagingDirect directory server outputs the error 'Constraint
Violation' when it processes the second entry in the ldif.

Bing
 

Bing Du <bi...@ta..., 979-845-9577>
Texas A&M University, CIS, Operating Systems, Unix

>>> Chris Ridd <chr...@me...> 02/26/01 04:35AM >>>
Bing Du <Bi...@ci...> wrote:
> I checked both online ducumentation about ldapmodify and RFC.  Did
not
> see anything wrong with my ldif.

[...]

> Ldapmodify output:

Ah, you're not debugging the right program here, apologies if I wasn't
clear.

Change your Net::LDAP program so that it prints debugging output:

$ldap = Net::LDAP->new('morpheus', debug => 15);

It may be that the LDIF changerecord code in Net::LDAP::LDIF is not
issuing
the right sort of modify operations to the server, so setting debug =>
15
will tell us exactly what's being sent.

Cheers,

Chris

Re: moddn problem

[Chris R. <chr...@me...>]

Bing Du <Bi...@ci...> wrote:
> I checked both online ducumentation about ldapmodify and RFC.  Did not
> see anything wrong with my ldif.

[...]

> Ldapmodify output:

Ah, you're not debugging the right program here, apologies if I wasn't
clear.

Change your Net::LDAP program so that it prints debugging output:

$ldap = Net::LDAP->new('morpheus', debug => 15);

It may be that the LDIF changerecord code in Net::LDAP::LDIF is not issuing
the right sort of modify operations to the server, so setting debug => 15
will tell us exactly what's being sent.

Cheers,

Chris

Re: Search Filter problem

[Jeffrey P. C. <jpc...@ya...>]

Yes - sorry.

jpcarter

--- "Kurt D. Zeilenga" <Ku...@Op...> wrote:
> At 10:56 AM 2/25/01 -0800, Jeffrey P. Carter wrote:
> >"(|(uid=x)|((uid=y)(uid=z)))".
> 
> That's actually an invalid filter,  I assume you
> meant:
>         (|(uid=x)(|(uid=y)(uid=z)))
> 
> 


__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

Re: Search Filter problem

[Kurt D. Z. <Ku...@Op...>]

At 10:56 AM 2/25/01 -0800, Jeffrey P. Carter wrote:
>"(|(uid=x)|((uid=y)(uid=z)))".

That's actually an invalid filter,  I assume you meant:
        (|(uid=x)(|(uid=y)(uid=z)))

Re: Search Filter problem

[Jeffrey P. C. <jpc...@ya...>]

This fiter works perfectly with the OpenLDAP tools but
in order to make it work with the Net::LDAP modules I
had to formulate the filter as follows:
"(|(uid=x)|((uid=y)(uid=z)))".  Thanks for the
validity confirmation though because I thought I had
it right the first time.

jpcarter

--- "Kurt D. Zeilenga" <Ku...@Op...> wrote:
> At 05:44 PM 2/22/01 -0800, Jeffrey P. Carter wrote:
> >I'm trying to write an or'd search filter for a
> list
> >of uid values something like:
> >
> >"(|(uid=x)(uid=y)(uid=z))"
> >
> >This works perfectly with the openldap tools
> against
> >the Netscape 4.12 directory but I get a 'Bad
> filter'
> >error with Net::LDAP.  It seems to me that this
> filter
> >is valid but clearly it's not.
> 
> The above filter is valid.  OR and AND operators act
> upon non-empty sets of filters.
> 


__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/