perl-ldap-dev

Re: Search Filter problem

[Kurt D. Z. <Ku...@Op...>]

At 05:44 PM 2/22/01 -0800, Jeffrey P. Carter wrote:
>I'm trying to write an or'd search filter for a list
>of uid values something like:
>
>"(|(uid=x)(uid=y)(uid=z))"
>
>This works perfectly with the openldap tools against
>the Netscape 4.12 directory but I get a 'Bad filter'
>error with Net::LDAP.  It seems to me that this filter
>is valid but clearly it's not.

The above filter is valid.  OR and AND operators act
upon non-empty sets of filters.

Re: Search Filter problem

[Jeffrey P. C. <jpc...@ya...>]

That was it.  Thanks alot.

jpc

--- David Bussenschutt
<D.B...@ma...> wrote:
> It's just a guess, but does the polish notation
> syntax support the '|' (or)
> operator with more than two arguments?... or do you
> have to do it like....
> 
> "(|(|(uid=x)(uid=y))(uid=7))"
> 
> David.
> 
> 
> 
> At 05:44 PM 2/22/01 -0800, you wrote:
> >I'm trying to write an or'd search filter for a
> list
> >of uid values something like:
> >
> >"(|(uid=x)(uid=y)(uid=z))"
> >
> >This works perfectly with the openldap tools
> against
> >the Netscape 4.12 directory but I get a 'Bad
> filter'
> >error with Net::LDAP.  It seems to me that this
> filter
> >is valid but clearly it's not.  Any ideas as to
> what's
> >wrong here?
> >
> >Thanks.
> >
> >jpcarter
> >
> >__________________________________________________
> >Do You Yahoo!?
> >Yahoo! Auctions - Buy the things you want at great
> prices!
> http://auctions.yahoo.com/
> >
> >
> 
>
--------------------------------------------------------------------
> David Bussenschutt          Email:
> D.B...@ma...
> Senior Computing Support Officer & Systems
> Administrator/Programmer
> Location: Griffith University. Information
> Technology Services
>           Brisbane Qld. Aust.  (TEN bldg. rm 1.33)
> Ph: (07)38757079
>
--------------------------------------------------------------------


__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

Re: moddn problem

[Bing D. <Bi...@ci...>]

I checked both online ducumentation about ldapmodify and RFC.  Did not
see anything wrong with my ldif.

Ok, here is how the entries looked like before ldapmodify was executed.
 Name part was omitted.
 
=========================
uid=c24b18d4bb4afdf052330678af9a601d, ou=Mailusers, dc=tamu, dc=edu
objectClass=top
objectClass=person
objectClass=organizationalPerson
objectClass=inetOrgPerson
objectClass=tamuPerson
objectClass=tamuEmployee
cn=<omitted>
sn=<omitted>
uid=c24b18d4bb4afdf052330678af9a601d

uid=c24b18d4bb4afdf052330678af9a601d, ou=People, dc=tamu, dc=edu
objectClass=top
objectClass=person
objectClass=organizationalPerson
objectClass=inetOrgPerson
objectClass=tamuPerson
objectClass=tamuEmployee
cn=<omitted>
sn=<omitted>
uid=c24b18d4bb4afdf052330678af9a601d
=========================

Ldif:

==================
dn:uid=c24b18d4bb4afdf052330678af9a601d,ou=People,dc=tamu,dc=edu
changetype: modrdn
newrdn: uid=20f5a60eacf9ce9e0c3eff5489c5f975
deleteoldrdn: 1

dn:uid=c24b18d4bb4afdf052330678af9a601d,ou=Mailusers,dc=tamu,dc=edu
changetype: modrdn
newrdn: uid=20f5a60eacf9ce9e0c3eff5489c5f975
deleteoldrdn: 1
===================

Command executed:

============
% /opt/Isode/bin/ldapmodify -h morpheus -D "cn=dsa
manager,cn=dsa,dc=tamu,dc=edu" -w "<omitted>" -f modrdn.input -v -d 15
1>modrdn.output 2>&1
=============

Ldapmodify output:

===============
ldap_init
ldap_bind_s
ldap_simple_bind_s
ldap_simple_bind
ldap_send_initial_request
open_ldap_connection
ldap_connect_to_host: morpheus:389
sd 4 connected to: 255.255.255.255
ldap_delayed_open successful, ld_host is (null)
ldap_send_server_request
ber_flush: 58 bytes to sd 4
         0  8 02 01 01  `  3 02 01 02 04  $  c  n  =  d
         s  a 20  m  a  n  a  g  e  r  ,  c  n  =  d  s
         a  ,  d  c  =  t  a  m  u  ,  d  c  =  e  d  u
        80 08  <password omitted>
ldap_result
wait4msg (infinite timeout)
** Connections:
* host: morpheus  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Fri Feb 23 10:47:32 2001

** Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
do_ldap_select
read1msg
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf 0x1002a0b8, ptr 0x1002a0b8, end 0x1002a0c4
          current len 12, contents:
        02 01 01  a 07 0a 01 00 04 00 04 00
got result msgid 1, original id 1
new result:  res_errno: 0, res_error: <>, res_matched: <>
read1msg:  0 new referrals
request 1 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_result2error
ldap_msgfree
ldap_modrdn
ldap_send_initial_request
ldap_send_server_request
ber_flush: 111 bytes to sd 4
         0  m 02 01 02  l  h 04  =  u  i  d  =  c  2  4
b  1  8  d  4  b  b  4  a  f  d  f  0  5  2  3
         3  0  6  7  8  a  f  9  a  6  0  1  d  ,  o  u
         =  P  e  o  p  l  e  ,  d  c  =  t  a  m  u  ,
         d  c  =  e  d  u 04  $  u  i  d  =  2  0  f  5
         a  6  0  e  a  c  f  9  c  e  9  e  0  c  3  e
         f  f  5  4  8  9  c  5  f  9  7  5 01 01 ff
ldap_result
wait4msg (infinite timeout)
** Connections:
* host: morpheus  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Fri Feb 23 10:47:32 2001

** Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
do_ldap_select
read1msg
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf 0x1002a0b8, ptr 0x1002a0b8, end 0x1002a0c4
          current len 12, contents:
        02 01 02  m 07 0a 01 00 04 00 04 00
got result msgid 2, original id 2
new result:  res_errno: 0, res_error: <>, res_matched: <>
read1msg:  0 new referrals
request 2 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 2, msgid 2)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_result2error
ldap_msgfree
new RDN: uid=20f5a60eacf9ce9e0c3eff5489c5f975 (do not keep existing
values)
modifying rdn of entry
uid=c24b18d4bb4afdf052330678af9a601d,ou=People,dc=tamu,dc
=edu
modrdn completed
ldap_modrdn
ldap_send_initial_request
ldap_send_server_request
ber_flush: 114 bytes to sd 4
         0  p 02 01 03  l  k 04  @  u  i  d  =  c  2  4
         b  1  8  d  4  b  b  4  a  f  d  f  0  5  2  3
         3  0  6  7  8  a  f  9  a  6  0  1  d  ,  o  u
         =  M  a  i  l  u  s  e  r  s  ,  d  c  =  t  a
         m  u  ,  d  c  =  e  d  u 04  $  u  i  d  =  2
         0  f  5  a  6  0  e  a  c  f  9  c  e  9  e  0
c  3  e  f  f  5  4  8  9  c  5  f  9  7  5 01
        01 ff
ldap_result
wait4msg (infinite timeout)
** Connections:
* host: morpheus  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Fri Feb 23 10:47:32 2001

** Outstanding Requests:
 * msgid 3,  origid 3, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
do_ldap_select
read1msg
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf 0x1002a0b8, ptr 0x1002a0b8, end 0x1002a0c4
          current len 12, contents:
        02 01 03  m 07 0a 01 13 04 00 04 00
got result msgid 3, original id 3
ldap_chase_referrals
new result:  res_errno: 19, res_error: <>, res_matched: <>
read1msg:  0 new referrals
request 3 done
res_errno: 19, res_error: <>, res_matched: <>
ldap_free_request (origid 3, msgid 3)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_result2error
ldap_msgfree
ldap_perror
ldap_modrdn: Constraint violation
ldap_unbind
ldap_free_connection
ldap_send_unbind
ber_flush: 7 bytes to sd 4
         0 05 02 01 04  B 00
ldap_free_connection: actually freed

new RDN: uid=20f5a60eacf9ce9e0c3eff5489c5f975 (do not keep existing
values)
modifying rdn of entry
uid=c24b18d4bb4afdf052330678af9a601d,ou=Mailusers,dc=tamu
,dc=edu
===========

Here is how the entries looked like after ldapmodify was executed:

============
uid=c24b18d4bb4afdf052330678af9a601d, ou=Mailusers, dc=tamu, dc=edu
objectClass=top
objectClass=person
objectClass=organizationalPerson
objectClass=inetOrgPerson
objectClass=tamuPerson
objectClass=tamuEmployee
cn=<omitted>
sn=<omitted>
uid=c24b18d4bb4afdf052330678af9a601d

uid=20f5a60eacf9ce9e0c3eff5489c5f975, ou=People, dc=tamu, dc=edu
objectClass=top
objectClass=person
objectClass=organizationalPerson
objectClass=inetOrgPerson
objectClass=tamuPerson
objectClass=tamuEmployee
cn=<omitted>
sn=<omitted>
uid=20f5a60eacf9ce9e0c3eff5489c5f975
============ 

Thanks,

Bing

Bing Du <bi...@ta..., 979-845-9577>
Texas A&M University, CIS, Operating Systems, Unix

>>> Chris Ridd <chr...@me...> 02/23/01 09:33AM >>>
Bing Du <Bi...@ci...> wrote:
>  have the following two lines in the ldif.  Ldapmodify command can
> modify the first entry without any problem.  But gives 'constraint
> violation' on the second one.  Do I have to split them into two
ldif's?
> 
> ====
> dn: uid=111,ou=dept-1,dc=tamu,dc=edu
> changetype: modrdn
> newrdn: uid=222
> deleteoldrdn: 1
> 
> dn: uid=111,ou=dept-2,dc=tamu,dc=edu
> changetype: modrdn
> newrdn: uid=222
> deleteoldrdn: 1
> =====
> 
> Any ideas?
> 
> Thanks,
> 
> Bing

You shouldn't need two LDIF files, because the two entries have
different
parents. Can you send us the output of the modify operation after you
set
debug => 15?

Cheers,

Chris

Re: moddn problem

[Chris R. <chr...@me...>]

Bing Du <Bi...@ci...> wrote:
>  have the following two lines in the ldif.  Ldapmodify command can
> modify the first entry without any problem.  But gives 'constraint
> violation' on the second one.  Do I have to split them into two ldif's?
> 
> ====
> dn: uid=111,ou=dept-1,dc=tamu,dc=edu
> changetype: modrdn
> newrdn: uid=222
> deleteoldrdn: 1
> 
> dn: uid=111,ou=dept-2,dc=tamu,dc=edu
> changetype: modrdn
> newrdn: uid=222
> deleteoldrdn: 1
> =====
> 
> Any ideas?
> 
> Thanks,
> 
> Bing

You shouldn't need two LDIF files, because the two entries have different
parents. Can you send us the output of the modify operation after you set
debug => 15?

Cheers,

Chris

Re: moddn problem

[Bing D. <Bi...@ci...>]

I have the following two lines in the ldif.  Ldapmodify command can
modify the first entry without any problem.  But gives 'constraint
violation' on the second one.  Do I have to split them into two ldif's?

====
dn: uid=111,ou=dept-1,dc=tamu,dc=edu
changetype: modrdn
newrdn: uid=222
deleteoldrdn: 1

dn: uid=111,ou=dept-2,dc=tamu,dc=edu
changetype: modrdn
newrdn: uid=222
deleteoldrdn: 1
=====

Any ideas?

Thanks,

Bing

Bing Du <bi...@ta..., 979-845-9577>
Texas A&M University, CIS, Operating Systems, Unix

>>> Andrew Tristan <atr...@ac...> 02/22/01 10:36PM >>>
Actually I solved the problem just as I was getting ready to send
this.  On the off chance that this will help someone else, here it is.

> I *know* I had this working at some point (at least, I thought I
had).
> I'm getting "LDAP_NO_SUCH_ATTRIBUTE" when I call moddn() like so,
>    my $moddnResult = $ldap->moddn(
>                                   $ldapDN,
>                                   newrdn => "cid=$ldifCID",
>                                   deleteoldrdn => '1',
>                                   newsuperior => "$personDN",
>                                   );
>
> I get the same result whether the first arg is a dn or an entry
> object. This is with v0.22, perl 5.005something, and openldap
> 1.2.something.  There were problems with moddn a while ago, I know,
> but I'm almost positive that I had this working at some point after
> that.  I'm sure I'm doing something obviously wrong, any takers?
>

It's always so obvious in retrospect (though I didn't provide enough
info above to solve it): I was calling modify() to manually set the
cid
attribute (our rdn) before I called moddn().  And then it all makes
sense...
A


-- 
and...@uc...          Unix Systems Group, UC Riverside

Re: Search Filter problem

[David B. <D.B...@ma...>]

It's just a guess, but does the polish notation syntax support the '|' (or)
operator with more than two arguments?... or do you have to do it like....

"(|(|(uid=x)(uid=y))(uid=7))"

David.



At 05:44 PM 2/22/01 -0800, you wrote:
>I'm trying to write an or'd search filter for a list
>of uid values something like:
>
>"(|(uid=x)(uid=y)(uid=z))"
>
>This works perfectly with the openldap tools against
>the Netscape 4.12 directory but I get a 'Bad filter'
>error with Net::LDAP.  It seems to me that this filter
>is valid but clearly it's not.  Any ideas as to what's
>wrong here?
>
>Thanks.
>
>jpcarter
>
>__________________________________________________
>Do You Yahoo!?
>Yahoo! Auctions - Buy the things you want at great prices!
http://auctions.yahoo.com/
>
>

--------------------------------------------------------------------
David Bussenschutt          Email: D.B...@ma...
Senior Computing Support Officer & Systems Administrator/Programmer
Location: Griffith University. Information Technology Services
          Brisbane Qld. Aust.  (TEN bldg. rm 1.33) Ph: (07)38757079
--------------------------------------------------------------------

moddn problem

[Andrew T. <atr...@ac...>]

Actually I solved the problem just as I was getting ready to send
this.  On the off chance that this will help someone else, here it is.

> I *know* I had this working at some point (at least, I thought I had).
> I'm getting "LDAP_NO_SUCH_ATTRIBUTE" when I call moddn() like so,
>    my $moddnResult = $ldap->moddn(
>                                   $ldapDN,
>                                   newrdn => "cid=$ldifCID",
>                                   deleteoldrdn => '1',
>                                   newsuperior => "$personDN",
>                                   );
>
> I get the same result whether the first arg is a dn or an entry
> object. This is with v0.22, perl 5.005something, and openldap
> 1.2.something.  There were problems with moddn a while ago, I know,
> but I'm almost positive that I had this working at some point after
> that.  I'm sure I'm doing something obviously wrong, any takers?
>

It's always so obvious in retrospect (though I didn't provide enough
info above to solve it): I was calling modify() to manually set the cid
attribute (our rdn) before I called moddn().  And then it all makes
sense...
A


-- 
and...@uc...          Unix Systems Group, UC Riverside

Search Filter problem

[Jeffrey P. C. <jpc...@ya...>]

I'm trying to write an or'd search filter for a list
of uid values something like:

"(|(uid=x)(uid=y)(uid=z))"

This works perfectly with the openldap tools against
the Netscape 4.12 directory but I get a 'Bad filter'
error with Net::LDAP.  It seems to me that this filter
is valid but clearly it's not.  Any ideas as to what's
wrong here?

Thanks.

jpcarter

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices! http://auctions.yahoo.com/

Re: Net::LDAP::LDIF

[Roel v. M. <ro...@al...>]

Gael LE NERRIEC wrote:

> nslidata::
> CgkJCSBNb2RpZmljYXRpb25zIGR1IGZpY2hpZXIgZGUgY29va2llcy4uLmNlc3QgdG9
> 1dCBjZXN0IGp1c3RlIGNvbW1lIGNhIA==
> 
> nslidata is not readable...
> What can I do?

Your problem has nothing to do with your perl code.
The attribute definition defines the nsLIData as a binary type.

attribute nsLIData 2.16.840.1.113730.3.1.402 bin 

Regards,

rolek

--
1A First Alternative ro...@al...    www.alt001.com
Linvision BV         ro...@li... (www|devel).linvision.com
--

Net::LDAP::LDIF

[Gael LE N. <gle...@if...>]

hello,

I need help about LDIF
I'm not able to read one argument of my search

$result = $ldap->search( base => $dn , 																					scope =>
"sub",
	 		filter => " nsLIElementType=cookies ", 		
			);
Net::LDAP::LDIF->new( "perlLDAP" , "w" )->write($result->entries);

and, when I display the result:

dn: dn...
nslielementtype: cookies
owner: owner...
objectclass: nsLIProfileElement
objectclass: top
nsliversion: 1
nslidata::
CgkJCSBNb2RpZmljYXRpb25zIGR1IGZpY2hpZXIgZGUgY29va2llcy4uLmNlc3QgdG9
1dCBjZXN0IGp1c3RlIGNvbW1lIGNhIA==

nslidata is not readable...
What can I do?


ps: an other question... can I use an LDIF file like : (and how if I
can?)

dn:
nslielementtype=cookies,nsliprofilename=athomas,ou=roaming,dc=ifremer,dc=fr
changetype: modify
replace: nslidata
nslidata:  modif ldif des cookies...or a file??

Thanks
Gael Le Nerriec

900 pair -22 AWG ,PE89 cable for sale !!!

[<pm...@oo...>]

This message is being sent only to those who have requested our offers and to those who wish to receive them.

If you have received this in error or no longer wish to receive our offers, please click here pm...@oo... and mark REMOVE  in message header subject.
Also be sure to include any other name or names you wish to be removed in a separate email with a different message header .

We  wish to immediately honor all removal requests. If we have missed your request in time past ,please notify us again.

Please note that this is not SPAM. You've sent me an offer, answered one of my ads or postings lately , or you visited a site that was involved in the product I am offering .

To be removed from my private mailing list follow the instructions as mentioned or just hit the reply button and put REMOVE in the subject line and hit send .I would be happy to remove your name from any future mailings.


Dear Sir or Madam,
                I have immediately available 5,171 feet of 900 Pair 22AWG PE89 cable for sale . I am offering it at a "Giveaway Price" of $10.50 per foot !This is a "take all" deal only . Considering that the market price on this cable is somewhere between $12.00 and $13.00 per foot ,the savings are tremendous.If you were paying $12.50 you would save $10,000.00 on this one purchase ! This product is on ten reels and located in the USA ,all reels are wood lagged .Please call immediateley if you have any interest in this product as this is all I have availaable and it will be gone quickly .If specifications are available ,please request them at this email address .

Thank you,
Paul J. Milea jr 
Wing N' A Prayer Excess Property
3504 James Street
Syracuse,New York ,USA 13206

cell (315) 374-1560
fax (315) 463-4337
pm...@oo...

Re: [Fwd] perl ldap question

[nicolas f. <nf...@ic...>]

thanks for your answer, but the goal is to allow the user to change its password.
And I don't want to write any admin password in my script.
Nicolas Figaro

Al Lilianstrom wrote:

> I do this with the following;
>
> $mesg = $ldap->modify ("$userDn",
>         replace => { 'userpassword' => $ePassword});
>
> I bind with the DN of someone who is allowed write access to the
> directory not the user as the page this is from allows our helpdesk to
> change our IMAP user passwords.
>
> If anyone wants the complete code I'll make it available.
>
>         al
> --
> Al Lilianstrom
> lil...@fn...
>
> Graham Barr wrote:
> >
> > ----- Forwarded message from nicolas figaro <nf...@ic...> -----
> >
> > Date: Mon, 19 Feb 2001 15:53:50 +0100
> > To: gb...@po...
> > From: nicolas figaro <nf...@ic...>
> > Subject: perl ldap question
> > X-Mailer: Mozilla 4.76 [en] (WinNT; U)
> >
> > hello graham and many thanks for the perl ldap module.
> >
> > here is my question,
> >
> > I'd like to change the password on a netscape directory server
> > ldapsearch works perfectly, but I can't modify the userPassword
> > attribute.
> >
> > the goal is to build an html page to change the password
> > user name
> > old password
> > new password
> > confirm new password
> >
> > the code looks like
> >
> > ldapconnect
> > bind
> > search uid=user name
> > bind DN=result of search
> > ldapmodify (replace "userpassword=new password")
> >
> > the ldapmodify doesn't modify anything.
> >
> > any idea ???
> >
> > nicolas figaro
> > informatique cdc
> > 56 rue de lille
> > 75007 paris
> >
> > ----- End forwarded message -----

Re: [Fwd] perl ldap question

[Al L. <al....@fn...>]

I do this with the following;

$mesg = $ldap->modify ("$userDn",
	replace => { 'userpassword' => $ePassword});

I bind with the DN of someone who is allowed write access to the
directory not the user as the page this is from allows our helpdesk to
change our IMAP user passwords.

If anyone wants the complete code I'll make it available.

	al
-- 
Al Lilianstrom
lil...@fn...

Graham Barr wrote:
> 
> ----- Forwarded message from nicolas figaro <nf...@ic...> -----
> 
> Date: Mon, 19 Feb 2001 15:53:50 +0100
> To: gb...@po...
> From: nicolas figaro <nf...@ic...>
> Subject: perl ldap question
> X-Mailer: Mozilla 4.76 [en] (WinNT; U)
> 
> hello graham and many thanks for the perl ldap module.
> 
> here is my question,
> 
> I'd like to change the password on a netscape directory server
> ldapsearch works perfectly, but I can't modify the userPassword
> attribute.
> 
> the goal is to build an html page to change the password
> user name
> old password
> new password
> confirm new password
> 
> the code looks like
> 
> ldapconnect
> bind
> search uid=user name
> bind DN=result of search
> ldapmodify (replace "userpassword=new password")
> 
> the ldapmodify doesn't modify anything.
> 
> any idea ???
> 
> nicolas figaro
> informatique cdc
> 56 rue de lille
> 75007 paris
> 
> ----- End forwarded message -----

[Fwd] perl ldap question

[Graham B. <gb...@po...>]

----- Forwarded message from nicolas figaro <nf...@ic...> -----

Date: Mon, 19 Feb 2001 15:53:50 +0100
To: gb...@po...
From: nicolas figaro <nf...@ic...>
Subject: perl ldap question 
X-Mailer: Mozilla 4.76 [en] (WinNT; U)

hello graham and many thanks for the perl ldap module.

here is my question,

I'd like to change the password on a netscape directory server
ldapsearch works perfectly, but I can't modify the userPassword
attribute.

the goal is to build an html page to change the password
user name
old password
new password
confirm new password

the code looks like

ldapconnect
bind
search uid=user name
bind DN=result of search
ldapmodify (replace "userpassword=new password")

the ldapmodify doesn't modify anything.

any idea ???

nicolas figaro
informatique cdc
56 rue de lille
75007 paris





----- End forwarded message -----

Re: Minor bugfix to Net/LDAP/LDIF.pm

[Kartik S. <sub...@co...>]

Graham Barr wrote:
> 
> Sorry for not getting back. This patch has been applied to CVS on
> sourceforge.

Thanks Graham. I should've checked CVS, then I would have seen that you
applied it back on the 12th :-)

	-Kartik

Re: Minor bugfix to Net/LDAP/LDIF.pm

[Graham B. <gb...@po...>]

Sorry for not getting back. This patch has been applied to CVS on
sourceforge.

Graham.

On Sat, Feb 17, 2001 at 11:29:19AM -0500, Kartik Subbarao wrote:
> Kartik Subbarao wrote:
> > Attached is a patch to Net/LDAP/LDIF.pm that fixes a minor oversight
> > in _read_one_cmd(). Base-64 encoded values weren't properly being
> > read, as weren't attributes with ';' or '-'.
> [...]
> 
> I posted this patch on February 6 and haven't gotten a response. I went
> ahead and submitted a patch through ths sourceforge page just in case.
> In any event, can someone acknowledge this message and clue me in on the
> right way to submit patches?
> 
> Thanks,
> 
> 	-Kartik
> 
> 

Re: Minor bugfix to Net/LDAP/LDIF.pm

[Kartik S. <sub...@co...>]

Kartik Subbarao wrote:
> Attached is a patch to Net/LDAP/LDIF.pm that fixes a minor oversight
> in _read_one_cmd(). Base-64 encoded values weren't properly being
> read, as weren't attributes with ';' or '-'.
[...]

I posted this patch on February 6 and haven't gotten a response. I went
ahead and submitted a patch through ths sourceforge page just in case.
In any event, can someone acknowledge this message and clue me in on the
right way to submit patches?

Thanks,

	-Kartik

RE: newbie looking for binding help

[Michaud Tim-A. <AT...@mo...>]

Jim-

OH thank you so very much! I am much more enlightened to the omnipowerful ways of LDAP now that i can bind.

Cheers!
Timothy Michaud

-----Original Message-----
From: Jim Harle
To: Michaud Tim-ATM095
Cc: 'per...@li...'
Sent: 2/15/01 1:24 PM
Subject: Re: newbie looking for binding help

Tim, you must bind to a DN (and password), not cn or uid.  Typically,
scripts will do an anonymous bind, do a search with afilter something
like (uid=$uid), get the dn back via ->dn, then use that with the
password for the authenticated bind.
  --Jim Harle

Michaud Tim-ATM095 wrote:

> Hello, I've been researching this for a while, but am unable to
perform a bind. I'm sorry to post what is probably a simple question,
but after days of looking at slim documentation i'm in need of help. If
anyone has links to good beginners perl - ldap documentation, i'd be
happy to hear them.
>
> When i connect to the LDAP server, bind annonomously, and do a search
i am able to retrieve data fine. But when i tried to bind and
authenticate, i began getting an error 32 message. Can you only bind
using the cn and password? or can you use other attributes, like what i
used here- 'uid' ?
>
> Here is my code-
>
> #!/usr/local/bin/perl
> use strict;
> use Net::LDAP;
> my $host = 'ids.mot.com'; #name of the LDAP host
> my $uid = shift;
> my $pw = shift;
> my $ldap = new Net::LDAP($host);
> #authenticate to the LDAP server as the directory super-user
> my $mesg = $ldap->bind('uid=$uid', password=> $pw);
> die ("failed to bind with ",$mesg->code(),"\n") if $mesg->code();
>
> When i enter what i believe to be correct info, i get an error 32, if
i just leave the l/p info blank, i get an error 48. Is there
documentation on these error codes somewhere?
>
> Sorry and Thanks in advance,
> Timothy Michaud

Re: newbie looking for binding help

[Jim H. <ha...@us...>]

Tim, you must bind to a DN (and password), not cn or uid.  Typically, scripts will do an anonymous bind, do a search with afilter something like (uid=$uid), get the dn back via ->dn, then use that with the password for the authenticated bind.
  --Jim Harle

Michaud Tim-ATM095 wrote:

> Hello, I've been researching this for a while, but am unable to perform a bind. I'm sorry to post what is probably a simple question, but after days of looking at slim documentation i'm in need of help. If anyone has links to good beginners perl - ldap documentation, i'd be happy to hear them.
>
> When i connect to the LDAP server, bind annonomously, and do a search i am able to retrieve data fine. But when i tried to bind and authenticate, i began getting an error 32 message. Can you only bind using the cn and password? or can you use other attributes, like what i used here- 'uid' ?
>
> Here is my code-
>
> #!/usr/local/bin/perl
> use strict;
> use Net::LDAP;
> my $host = 'ids.mot.com'; #name of the LDAP host
> my $uid = shift;
> my $pw = shift;
> my $ldap = new Net::LDAP($host);
> #authenticate to the LDAP server as the directory super-user
> my $mesg = $ldap->bind('uid=$uid', password=> $pw);
> die ("failed to bind with ",$mesg->code(),"\n") if $mesg->code();
>
> When i enter what i believe to be correct info, i get an error 32, if i just leave the l/p info blank, i get an error 48. Is there documentation on these error codes somewhere?
>
> Sorry and Thanks in advance,
> Timothy Michaud

Re: GSSAPI/Kerberos binds with Net::LDAP

[Graham B. <gb...@po...>]

Interestingly Authen::SASL was originally designed to be a cut down
implementation of cyrus, but in perl. cyrus itself is just a framework,
which is what Authen::SASL is supposed to be. The sub-classes are where
the real work is done.

My current thought was to get the Authen::SASL framework much closer
to cyrus anyway.

Graham.

On Thu, Feb 15, 2001 at 07:00:59PM +0000, Simon Wilkinson wrote:
> On Thu, 15 Feb 2001, you wrote:
> 
> > The Net::LDAP distribution is completely perl, so I would not want to
> > add and XS to it. But I would consider making changes so that it could
> > be used but distribued separately.
> 
> Okay, understood. I thought you probably wouldn't want to change that. What
> I've got at the moment is a package that adds Authen::SASL::Cyrus and 
> Authen::SASL::GSSAPI. The Cyrus package is designed to eventually be a 
> general purpose interface to Cyrus SASL, the GSSAPI one specifically does 
> GSSAPI. So, I hope these packages could live seperately. (I just need to get 
> distributing things via PAUSE sorted out)
> 
> > As for Authen::SASL, I am in the process of giving this an overhaul,
> > but again I want it to remain mainly perl only. But I would be happy
> > to talk to you about it.
> 
> Sure. I don't think that it should change from being perl-only. However, the 
> methods that it makes available to its sub classes mean that some things need 
> to be passed in multiple times, and other methods have to be overloaded.
> What I'd like to see is a suitably defined class that it can be used with 
> entire perl authentication modules, or with ones based on C code (in 
> particular, on Cyrus SASL). However, I was very impressed by just how easy it 
> was to get this all working, once I'd got some perl bindings for Cyrus-SASL 
> going.
> 
> I've uploaded my current package to http://www.sxw.org.uk/computing/software/
> to allow others to have a look at  it. Bits of it are still very primitive, 
> but it "works for me". I've tested it to get Kerberos v5 authenticated 
> connections between Net::LDAP and OpenLDAP v2.
> 
> Cheers,
> 
> Simon.
> 
> -- 
> Simon Wilkinson            <si...@sx...>          http://www.sxw.org.uk
> "But apart from that, Mrs Lincoln, how did you enjoy the play?"
> 

Re: GSSAPI/Kerberos binds with Net::LDAP

[Simon W. <sx...@sx...>]

On Thu, 15 Feb 2001, you wrote:

> The Net::LDAP distribution is completely perl, so I would not want to
> add and XS to it. But I would consider making changes so that it could
> be used but distribued separately.

Okay, understood. I thought you probably wouldn't want to change that. What
I've got at the moment is a package that adds Authen::SASL::Cyrus and 
Authen::SASL::GSSAPI. The Cyrus package is designed to eventually be a 
general purpose interface to Cyrus SASL, the GSSAPI one specifically does 
GSSAPI. So, I hope these packages could live seperately. (I just need to get 
distributing things via PAUSE sorted out)

> As for Authen::SASL, I am in the process of giving this an overhaul,
> but again I want it to remain mainly perl only. But I would be happy
> to talk to you about it.

Sure. I don't think that it should change from being perl-only. However, the 
methods that it makes available to its sub classes mean that some things need 
to be passed in multiple times, and other methods have to be overloaded.
What I'd like to see is a suitably defined class that it can be used with 
entire perl authentication modules, or with ones based on C code (in 
particular, on Cyrus SASL). However, I was very impressed by just how easy it 
was to get this all working, once I'd got some perl bindings for Cyrus-SASL 
going.

I've uploaded my current package to http://www.sxw.org.uk/computing/software/
to allow others to have a look at  it. Bits of it are still very primitive, 
but it "works for me". I've tested it to get Kerberos v5 authenticated 
connections between Net::LDAP and OpenLDAP v2.

Cheers,

Simon.

-- 
Simon Wilkinson            <si...@sx...>          http://www.sxw.org.uk
"But apart from that, Mrs Lincoln, how did you enjoy the play?"

Re: GSSAPI/Kerberos binds with Net::LDAP

[Graham B. <gb...@po...>]

The Net::LDAP distribution is completely perl, so I would not want to
add and XS to it. But I would consider making changes so that it could
be used but distribued separately.

As for Authen::SASL, I am in the process of giving this an overhaul,
but again I want it to remain mainly perl only. But I would be happy
to talk to you about it.

I was planning to move Authen::SASL out of the Net::LDAP dist and into
its own anyway.

Graham.

On Thu, Feb 15, 2001 at 05:24:43PM +0000, Simon Wilkinson wrote:
> I've got a small piece of XStub shim which I've implemented to allow GSSAPI 
> SASL binds to be performed from Net::LDAP. Would you be interested in having 
> this intergrated into the Net::LDAP distribution, and if not, who (Graham?) 
> do I need to speak to about carving out a chunk of the Authen::SASL namespace 
> for it.
> 
> I'd also like, as a slightly longer term project, to do some work on the 
> Authen::SASL infrastructure, so that it can better support connection 
> encryption rather than just authentication, and so that the 
> challenge/response mechanism is better defined.
> 
> Cheers,
> 
> Simon.
> 
> -- 
> Simon Wilkinson            <si...@sx...>          http://www.sxw.org.uk
> "For every complex problem, there is a solution that is simple, neat, and
> wrong." -- H. L. Mencken
> 
> 
> 

newbie looking for binding help

[Michaud Tim-A. <AT...@mo...>]

Hello, I've been researching this for a while, but am unable to perform a bind. I'm sorry to post what is probably a simple question, but after days of looking at slim documentation i'm in need of help. If anyone has links to good beginners perl - ldap documentation, i'd be happy to hear them.

When i connect to the LDAP server, bind annonomously, and do a search i am able to retrieve data fine. But when i tried to bind and authenticate, i began getting an error 32 message. Can you only bind using the cn and password? or can you use other attributes, like what i used here- 'uid' ?

Here is my code-

#!/usr/local/bin/perl
use strict;
use Net::LDAP;
my $host = 'ids.mot.com'; #name of the LDAP host
my $uid = shift;
my $pw = shift;
my $ldap = new Net::LDAP($host);
#authenticate to the LDAP server as the directory super-user
my $mesg = $ldap->bind('uid=$uid', password=> $pw);
die ("failed to bind with ",$mesg->code(),"\n") if $mesg->code();

When i enter what i believe to be correct info, i get an error 32, if i just leave the l/p info blank, i get an error 48. Is there documentation on these error codes somewhere?

Sorry and Thanks in advance,
Timothy Michaud

GSSAPI/Kerberos binds with Net::LDAP

[Simon W. <sx...@sx...>]

I've got a small piece of XStub shim which I've implemented to allow GSSAPI 
SASL binds to be performed from Net::LDAP. Would you be interested in having 
this intergrated into the Net::LDAP distribution, and if not, who (Graham?) 
do I need to speak to about carving out a chunk of the Authen::SASL namespace 
for it.

I'd also like, as a slightly longer term project, to do some work on the 
Authen::SASL infrastructure, so that it can better support connection 
encryption rather than just authentication, and so that the 
challenge/response mechanism is better defined.

Cheers,

Simon.

-- 
Simon Wilkinson            <si...@sx...>          http://www.sxw.org.uk
"For every complex problem, there is a solution that is simple, neat, and
wrong." -- H. L. Mencken

(Fwd) (no subject)

[<ma...@mj...>]

------- Forwarded message follows -------
Date sent:      	Thu, 15 Feb 2001 07:13:10 -0600
From:           	femi <oye...@uh...>
To:             	ma...@mj...
Subject:        	(no subject)

Hello,

It is possible to use Net:LDAP to connect to Windows Active 
Directory
? Do you have a sample script ?

Thanks




------- End of forwarded message -------
Mark Wilcox
ma...@mj...
Got LDAP?