the delete() function is for deleting entire entries, not attribute
values.
If you want to delete attribute values you must use the modify
function.
I think it's like:
$ldap->modify($dn,delete => {attribute = value});
normally a password mod is in the form of a replace:
$ldap->modify($dn,replace => {password_attribute = value});
Mark
On 19 Mar 01, at 17:56, Danny Howard wrote:
> Net::LDAP folk!
>
> I am trying to see if I can set Active Directory passwords via LDAP.
> Of course, Microsoft do it their own way, but they document it at
> http://support.microsoft.com/support/kb/articles/Q269/1/90.ASP
>
> It boils down to, you delete your old unicodePwd attribute, including
> your old password as a BER encoded string. Then you add a new
> unicodePwd attribute, with the new password as a BER encoded string.
>
> Cute.
>
> But not for me:
>
> [...]
> my $entry = Net::LDAP::Entry->new();
>
> my $opass_ber = new Convert::BER;
> my $npass_ber = new Convert::BER;
>
> $opass_ber->encode(STRING=>"\"$opass\"",);
> $npass_ber->encode(STRING=>"\"$npass\"",);
>
> $entry->dn("cn=$user,$ldap_base");
> $entry->delete('unicodePwd' => $opass);
> $entry->add('unicodePwd' => $npass);
> my $return = $entry->update( $conn );
>
> if( $return->done ) { die "return: " . $return->error . "\n"; }
>
> 1-17:51 dannyman@noneedto ~> bin/adpasswd bobo zzzzzzzz bo69
> Can't use string ("zzzzzzzz") as an ARRAY ref while "strict refs" in
> use at /usr/local/lib/perl5/site_perl/5.005/Net/LDAP/Entry.pm line
> 179.
>
> I'm not understanding quite how LDAP works at such a low level, my
> GUESS is that the delete() function of Net::LDAP::Entry does not
> support passing a value.
>
> Comparing the delete() and add() subroutines in Entry.pm, it looks
> like the delete() function looks much like add() except that it adds a
> few checks ... what these checks are, I do not grok, but the evil line
> is the last in this paragraph:
>
> if (defined($val) and (!ref($val) or @$val)) {
> my %values;
> @values{@$val} = ();
>
> My curiosity is that, is there a simple way to tell delete() to
> support specifying the value of the attribute to delete, and is this
> what I really want? :)
>
> Thanks,
> -danny
>
>
>
Mark Wilcox
ma...@mj...
Got LDAP?
|
