Menu
▾
▴
perl-ldap-dev
|
From: Graham B. <gb...@po...> - 2001-06-19 06:49:40
|
----- Forwarded message from "R. Reucher" <ren...@cp...> -----
Date: Tue, 19 Jun 2001 08:45:11 +0200
To: gb...@po...
From: "R. Reucher" <ren...@cp...>
Subject: perl-ldap on OS/390 ?!
X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686)
Hello Graham,
I don't know who is the right person to contact (within the project), so
I'm contacting you...
I'm trying to get your Perl LDAP module (0.23) working under OS/390 (the
"UNIX" side), but am having some serious trouble. I suspect it's caused
due to missing EBCDIC <-> ASCII conversion (as OS/390 is a pure EBCDIC
platform). I've written a short perl script to test perl-ldap (taken
from the Net::LDAP man page); it works fine under Linux (i386), but
fails with "No such object" on line 9 under OS/390:
1: #!/usr/local/bin/perl
2: use Net::LDAP;
3: $ldap = Net::LDAP->new('ldapsrv.ourdomain.com') or die "$@";
4: $ldap->bind(dn => 'cn=Directory Manager, o=OurCustomer',
5: password => 'xxxxxxxx');
6: $mesg = $ldap->search(base => "o=OurCustomer",
7: filter => "(uid=*)");
8: $ldap->unbind;
9: $mesg->code && die $mesg->error;
10: foreach $entry ($mesg->all_entries) { $entry->dump; }
Note that I have to use perl 5.005p03, because that's the latest stable
version with EBCDIC support (5.6.x doesn't support it, 5.7.x is beta -
as I need the LDAP support for a serious project for one of our
customers, I decided to use the "stable" version).
I already tried several things to convert the ASCII data to EBCDIC
(using the iconv utility) without success. What do you think: which data
needs to be converted at which point(s) ?
Or is there any experience using perl-ldap under OS/390 already ?
Would perl 5.7.x help in some way ?
Sorry for all these questions, but I definitely need some help here. I'd
appreciate any hints or advises, thanks in advance !
Regards,
Rene
--
R. Reucher voice: +49/621/4803-174
COMPAREX GmbH, VL40 fax: +49/621/4803-141
Mannheimerstr. 105 e-mail: ren...@cp...
D-68535 Edingen-Neckarhausen
----- End forwarded message -----
|
|
From: Chris R. <chr...@me...> - 2001-06-19 08:29:57
|
Graham Barr <gb...@po...> wrote:
> ----- Forwarded message from "R. Reucher" <ren...@cp...> -----
>
> Date: Tue, 19 Jun 2001 08:45:11 +0200
> To: gb...@po...
> From: "R. Reucher" <ren...@cp...>
> Subject: perl-ldap on OS/390 ?!
> X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686)
>
> Hello Graham,
>
> I don't know who is the right person to contact (within the project), so
> I'm contacting you...
>
> I'm trying to get your Perl LDAP module (0.23) working under OS/390 (the
> "UNIX" side), but am having some serious trouble. I suspect it's caused
> due to missing EBCDIC <-> ASCII conversion (as OS/390 is a pure EBCDIC
> platform). I've written a short perl script to test perl-ldap (taken
> from the Net::LDAP man page); it works fine under Linux (i386), but
> fails with "No such object" on line 9 under OS/390:
>
> 1: #!/usr/local/bin/perl
> 2: use Net::LDAP;
> 3: $ldap = Net::LDAP->new('ldapsrv.ourdomain.com') or die "$@";
> 4: $ldap->bind(dn => 'cn=Directory Manager, o=OurCustomer',
> 5: password => 'xxxxxxxx');
> 6: $mesg = $ldap->search(base => "o=OurCustomer",
> 7: filter => "(uid=*)");
> 8: $ldap->unbind;
> 9: $mesg->code && die $mesg->error;
> 10: foreach $entry ($mesg->all_entries) { $entry->dump; }
>
> Note that I have to use perl 5.005p03, because that's the latest stable
> version with EBCDIC support (5.6.x doesn't support it, 5.7.x is beta -
> as I need the LDAP support for a serious project for one of our
> customers, I decided to use the "stable" version).
>
> I already tried several things to convert the ASCII data to EBCDIC
> (using the iconv utility) without success. What do you think: which data
> needs to be converted at which point(s) ?
>
> Or is there any experience using perl-ldap under OS/390 already ?
>
> Would perl 5.7.x help in some way ?
>
> Sorry for all these questions, but I definitely need some help here. I'd
> appreciate any hints or advises, thanks in advance !
>
> Regards,
>
> Rene
> --
> R. Reucher voice: +49/621/4803-174
> COMPAREX GmbH, VL40 fax: +49/621/4803-141
> Mannheimerstr. 105 e-mail: ren...@cp...
> D-68535 Edingen-Neckarhausen
>
>
> ----- End forwarded message -----
>
One point you might need to consider is that many of the underlying string
types used in BER (which is the ISO standard that describes how to encode
the LDAP protocol for network transmission) are fundamentally ASCII-based.
If you mess with that, you've broken LDAP and won't be able to talk to any
LDAP servers :-(
(Graham, Convert::ASN1's 'make test' should test that strings are being
encoded using the correct character sets. Testing "PrintableString" would
be a good start.)
So basically everything that you pass into Net::LDAP objects *must* be
ASCII or UTF-8 (if you are using LDAPv3.)
I really don't know anything at all about perl on the 390, so this might be
a stupid question: what character set is used in the variables in your
program?
If they're EBCDIC, you *need* to ASCII-ify (or UTF-8-ify) them first.
Similarly, you *need* to EBCDIC-ify all values that come back from the LDAP
server, as they are either ASCII-based or UTF-8 (if you are using LDAPv3)
Cheers,
Chris
|
|
From: R. R. <ren...@cp...> - 2001-06-19 08:45:13
|
I subscribed to list meanwhile, no need to CC to me... Chris Ridd wrote: > One point you might need to consider is that many of the underlying string > types used in BER (which is the ISO standard that describes how to encode > the LDAP protocol for network transmission) are fundamentally ASCII-based. > If you mess with that, you've broken LDAP and won't be able to talk to any > LDAP servers :-( Correct, and that's part of the problem already ;-(... > (Graham, Convert::ASN1's 'make test' should test that strings are being > encoded using the correct character sets. Testing "PrintableString" would > be a good start.) > > So basically everything that you pass into Net::LDAP objects *must* be > ASCII or UTF-8 (if you are using LDAPv3.) I know that. The question is, _where_ excatly do I need to convert (back and forth) ? > I really don't know anything at all about perl on the 390, so this might be > a stupid question: what character set is used in the variables in your > program? It's EBCDIC, which (in more "standardized" form) is "IBM-1047" (as opposed to "ISO8859-1", which is ASCII). > If they're EBCDIC, you *need* to ASCII-ify (or UTF-8-ify) them first. > Similarly, you *need* to EBCDIC-ify all values that come back from the LDAP > server, as they are either ASCII-based or UTF-8 (if you are using LDAPv3) That's what I want to do (or tried to do) using "iconv"... Here's what I did to convert: $ascii_data = `echo '$ebcdic_data' | iconv -f IBM-1047 -t ISO8859-1` or $ebcdic_data = `echo '$ascii_data' | iconv -f ISO8859-1 -t IBM-1047` There's also a C API iconv() routine (UNIX98), but that's trickier to use in perl... and it should make no difference, basically. The problem is, I'm searching for the correct portions of code within the Net::LDAP module _where_ I should convert _what_ !?! Anyhow, thanks for the answer ! Hope I'll get more input... Rene -- R. Reucher voice: +49/621/4803-174 COMPAREX GmbH, VL40 fax: +49/621/4803-141 Mannheimerstr. 105 e-mail: ren...@cp... D-68535 Edingen-Neckarhausen |
|
From: Graham B. <gb...@po...> - 2001-06-19 08:55:15
|
On Tue, Jun 19, 2001 at 10:44:47AM +0200, R. Reucher wrote: > Here's what I did to convert: > > $ascii_data = `echo '$ebcdic_data' | iconv -f IBM-1047 -t ISO8859-1` > > or > > $ebcdic_data = `echo '$ascii_data' | iconv -f ISO8859-1 -t IBM-1047` You may want to install Convert::EBCDIC See http://search.cpan.org/search?dist=Convert-EBCDIC > The problem is, I'm searching for the correct portions of code within > the Net::LDAP module _where_ I should convert _what_ !?! I am not sure we can do it all inside Net::LDAP. This is because Net::LDAP does not know what the value of an attribute holds. However there probably places where it can help, for example filter strings and attribute names. But everything else would need to be converted by the application as needed Graham. |
|
From: Chris R. <chr...@me...> - 2001-06-19 09:15:37
|
"R. Reucher" <ren...@cp...> wrote:
> I subscribed to list meanwhile, no need to CC to me...
OK!
> Chris Ridd wrote:
>> One point you might need to consider is that many of the underlying
>> string types used in BER (which is the ISO standard that describes how
>> to encode the LDAP protocol for network transmission) are fundamentally
>> ASCII-based. If you mess with that, you've broken LDAP and won't be able
>> to talk to any LDAP servers :-(
> Correct, and that's part of the problem already ;-(...
>
>> (Graham, Convert::ASN1's 'make test' should test that strings are being
>> encoded using the correct character sets. Testing "PrintableString" would
>> be a good start.)
When happens when you run this code as is, and when you translate the
'cn=Chris Ridd' :-) string into ASCII:
---8<---
use strict;
use Convert::ASN1;
use Convert::ASN1::Debug;
my $asn = Convert::ASN1->new;
$asn->prepare(q<
name PrintableString
>);
my $pdu = $asn->encode(name => 'cn=Chris Ridd');
if ($pdu ne "\x13\x0D\x63\x6E\x3D\x43\x68\x72\x69\x73\x20\x52\x69\x64\x64")
{
print "The value you set for name uses the wrong character set.\n";
}
my $o = $asn->decode($pdu);
Convert::ASN1::asn_hexdump(*STDERR, $pdu);
---8<---
>> So basically everything that you pass into Net::LDAP objects *must* be
>> ASCII or UTF-8 (if you are using LDAPv3.)
> I know that. The question is, _where_ excatly do I need to convert (back
> and forth) ?
I think I said - every value you pass into Net::LDAP from your program and
every value you get out again. Since Net::LDAP doesn't mess around with
values at all, the bytes you pass in should ultimately end up 'on the wire'.
>> I really don't know anything at all about perl on the 390, so this might
>> be a stupid question: what character set is used in the variables in your
>> program?
> It's EBCDIC, which (in more "standardized" form) is "IBM-1047" (as
> opposed to "ISO8859-1", which is ASCII).
ISO 8859-1 is not ASCII. There is an overlap, but ASCII is only a 7-bit
character set and Latin-1 defines 8-bit characters.
But I guess your ISO 8859-1 converter will convert ASCII values correctly,
since ISO 8859-1 is mostly a superset of ASCII.
Is using single-quoted strings different from double-quoted strings?
>> If they're EBCDIC, you *need* to ASCII-ify (or UTF-8-ify) them first.
>> Similarly, you *need* to EBCDIC-ify all values that come back from the
>> LDAP server, as they are either ASCII-based or UTF-8 (if you are using
>> LDAPv3)
> That's what I want to do (or tried to do) using "iconv"...
>
> Here's what I did to convert:
>
> $ascii_data = `echo '$ebcdic_data' | iconv -f IBM-1047 -t ISO8859-1`
>
> or
>
> $ebcdic_data = `echo '$ascii_data' | iconv -f ISO8859-1 -t IBM-1047`
>
> There's also a C API iconv() routine (UNIX98), but that's trickier to
> use in perl... and it should make no difference, basically.
>
> The problem is, I'm searching for the correct portions of code within
> the Net::LDAP module _where_ I should convert _what_ !?!
From your original message to Graham:
> 1: #!/usr/local/bin/perl
> 2: use Net::LDAP;
> 3: $ldap = Net::LDAP->new('ldapsrv.ourdomain.com') or die "$@";
Add debug => 12 after the hostname to get protocol debugging. This may help
us a lot. Maybe debug => 3 is more useful, as it gives us plain hex.
> 4: $ldap->bind(dn => 'cn=Directory Manager, o=OurCustomer',
That dn will need to be converted into ASCII.
> 5: password => 'xxxxxxxx');
That's tricky. The password syntax is OCTET STRING, which means 'just the
bytes, no character set is implied' so whatever the directory server thinks
the bytes are is needed here.
> 6: $mesg = $ldap->search(base => "o=OurCustomer",
That search base needs changing to ASCII.
> 7: filter => "(uid=*)");
That filter needs changing to ASCII.
> 8: $ldap->unbind;
> 9: $mesg->code && die $mesg->error;
> 10: foreach $entry ($mesg->all_entries) { $entry->dump; }
For testing, the dump() method's OK but for real use you'll need to convert
all the values you get back from ASCII into EBCDIC.
> Anyhow, thanks for the answer ! Hope I'll get more input...
>
> Rene
> --
> R. Reucher voice: +49/621/4803-174
> COMPAREX GmbH, VL40 fax: +49/621/4803-141
> Mannheimerstr. 105 e-mail: ren...@cp...
> D-68535 Edingen-Neckarhausen
>
I'm guessing that you will want to use umlauts etc in your directory, in
which case I would strongly recommend using LDAPv3 if possible - you need
to explicitly request this in the bind operation - as then all values are
UTF-8.
You should do that because many LDAP servers handle character sets wrongly
(more importantly, differently) when using LDAPv2, so your code will then
not depend on the possibly non-standard behaviour of a particular LDAP
server.
(So whereever I said ASCII above, I mean UTF-8.)
Cheers,
Chris
|
|
From: R. R. <ren...@cp...> - 2001-06-19 09:32:17
|
Chris Ridd wrote:
> >> So basically everything that you pass into Net::LDAP objects *must* be
> >> ASCII or UTF-8 (if you are using LDAPv3.)
> > I know that. The question is, _where_ excatly do I need to convert (back
> > and forth) ?
>
> I think I said - every value you pass into Net::LDAP from your program and
> every value you get out again. Since Net::LDAP doesn't mess around with
> values at all, the bytes you pass in should ultimately end up 'on the wire'.
Ah... sorry for my "ignorance".
So - when I understand you correctly - all I have to do is to pass
EBCDIC converted strings to every Net::LDAP subroutine (like bind,
search etc.) instead of their ASCII counterparts... correct ?
And the way back is to convert to EBCDIC as soon as I want to _work_
with the results on the 390 system. also correct ?
> >> I really don't know anything at all about perl on the 390, so this might
> >> be a stupid question: what character set is used in the variables in your
> >> program?
> > It's EBCDIC, which (in more "standardized" form) is "IBM-1047" (as
> > opposed to "ISO8859-1", which is ASCII).
>
> ISO 8859-1 is not ASCII. There is an overlap, but ASCII is only a 7-bit
> character set and Latin-1 defines 8-bit characters.
Ok.
> But I guess your ISO 8859-1 converter will convert ASCII values correctly,
> since ISO 8859-1 is mostly a superset of ASCII.
I think so as well.
> >From your original message to Graham:
> > 1: #!/usr/local/bin/perl
> > 2: use Net::LDAP;
> > 3: $ldap = Net::LDAP->new('ldapsrv.ourdomain.com') or die "$@";
>
> Add debug => 12 after the hostname to get protocol debugging. This may help
> us a lot. Maybe debug => 3 is more useful, as it gives us plain hex.
Will do that ! Thanks for the tip...
> > 4: $ldap->bind(dn => 'cn=Directory Manager, o=OurCustomer',
>
> That dn will need to be converted into ASCII.
Yep, I think I understand now...
> > 5: password => 'xxxxxxxx');
>
> That's tricky. The password syntax is OCTET STRING, which means 'just the
> bytes, no character set is implied' so whatever the directory server thinks
> the bytes are is needed here.
Hmmmm... I should perhaps try an anonymous bind at first.
> > 6: $mesg = $ldap->search(base => "o=OurCustomer",
>
> That search base needs changing to ASCII.
> > 7: filter => "(uid=*)");
>
> That filter needs changing to ASCII.
>
> > 8: $ldap->unbind;
> > 9: $mesg->code && die $mesg->error;
> > 10: foreach $entry ($mesg->all_entries) { $entry->dump; }
>
> For testing, the dump() method's OK but for real use you'll need to convert
> all the values you get back from ASCII into EBCDIC.
Yes, of course !
> I'm guessing that you will want to use umlauts etc in your directory, in
> which case I would strongly recommend using LDAPv3 if possible - you need
> to explicitly request this in the bind operation - as then all values are
> UTF-8.
>
> You should do that because many LDAP servers handle character sets wrongly
> (more importantly, differently) when using LDAPv2, so your code will then
> not depend on the possibly non-standard behaviour of a particular LDAP
> server.
>
> (So whereever I said ASCII above, I mean UTF-8.)
Ok, thanks for all the infos !
I'll keep you informed...
Regards,
Rene
--
R. Reucher voice: +49/621/4803-174
COMPAREX GmbH, VL40 fax: +49/621/4803-141
Mannheimerstr. 105 e-mail: ren...@cp...
D-68535 Edingen-Neckarhausen
|
|
From: Chris R. <chr...@me...> - 2001-06-19 09:42:01
|
"R. Reucher" <ren...@cp...> wrote: > Chris Ridd wrote: > >> >> So basically everything that you pass into Net::LDAP objects *must* be >> >> ASCII or UTF-8 (if you are using LDAPv3.) >> > I know that. The question is, _where_ excatly do I need to convert >> > (back and forth) ? >> >> I think I said - every value you pass into Net::LDAP from your program >> and every value you get out again. Since Net::LDAP doesn't mess around >> with values at all, the bytes you pass in should ultimately end up 'on >> the wire'. > Ah... sorry for my "ignorance". > > So - when I understand you correctly - all I have to do is to pass > EBCDIC converted strings to every Net::LDAP subroutine (like bind, > search etc.) instead of their ASCII counterparts... correct ? Yes. > And the way back is to convert to EBCDIC as soon as I want to _work_ > with the results on the 390 system. also correct ? Yes. >> > 5: password => 'xxxxxxxx'); >> >> That's tricky. The password syntax is OCTET STRING, which means 'just the >> bytes, no character set is implied' so whatever the directory server >> thinks the bytes are is needed here. > Hmmmm... I should perhaps try an anonymous bind at first. That's a good idea. The lack of a character set for passwords is a bit of a tricky problem in the standards. I'm not sure what the fix is - avoid using passwords and use something like certificates, I guess. Good luck! Cheers, Chris |
|
From: Graham B. <gb...@po...> - 2001-06-19 08:58:21
|
On Tue, Jun 19, 2001 at 09:29:45AM +0100, Chris Ridd wrote: > (Graham, Convert::ASN1's 'make test' should test that strings are being > encoded using the correct character sets. Testing "PrintableString" would > be a good start.) I am surprised that some of the tests don't already fail, as they assume ASCII already. Graham. |
|
From: R. R. <ren...@cp...> - 2001-06-19 09:03:34
|
Graham Barr wrote: > > On Tue, Jun 19, 2001 at 09:29:45AM +0100, Chris Ridd wrote: > > (Graham, Convert::ASN1's 'make test' should test that strings are being > > encoded using the correct character sets. Testing "PrintableString" would > > be a good start.) > > I am surprised that some of the tests don't already fail, as they assume > ASCII already. Sorry, missed that. They partially fail ;-(... I'll try your other hint (Convert::EBCDIC). But it will only simplify the conversion itself, I still have to find the places where I have to convert. I'll let you know my results. Rene -- R. Reucher voice: +49/621/4803-174 COMPAREX GmbH, VL40 fax: +49/621/4803-141 Mannheimerstr. 105 e-mail: ren...@cp... D-68535 Edingen-Neckarhausen |
|
From: Graham B. <gb...@po...> - 2001-06-19 15:52:41
|
On Tue, Jun 19, 2001 at 11:03:05AM +0200, R. Reucher wrote: > I'll try your other hint (Convert::EBCDIC). But it will only simplify > the conversion itself, I still have to find the places where I have to > convert. I'll let you know my results. I would appreciate that. It's something that would be a good idea to have in the documentation (or FAQ) Graham. |
|
From: Chris R. <chr...@me...> - 2001-06-19 09:22:10
|
Graham Barr <gb...@po...> wrote: > On Tue, Jun 19, 2001 at 09:29:45AM +0100, Chris Ridd wrote: >> (Graham, Convert::ASN1's 'make test' should test that strings are being >> encoded using the correct character sets. Testing "PrintableString" would >> be a good start.) > > I am surprised that some of the tests don't already fail, as they assume > ASCII already. > > Graham. You're right, some do. Cheers, Chris |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X