Menu
▾
▴
perl-ldap-dev
|
From: Clif H. <ch...@po...> - 2001-02-05 02:50:59
|
Attached are 4 patch files that hopefully will fix several concerns about the perl-ldap module's ability to pull schema information correctly. These patch files were generated from version .22. I have tested these changes against my Openldap 2.0.7 server, my x.500 servers, and Netscape 4.x server. There were no problems pulling the schema or rootDSE information. I have not had a chance to test this against an Exchange server or Active Directory server. I hopefully will be able to do this in the very near future. I have not tested the functions that decode matchingRuleUse, dITStructureRules, dITContentRules, or nameForms because I do not have access to any servers that have these structures. About the patch files. LDAP.pm.patch -> I modified the schema function to use the correct filters and added the attrs option to retrieve all of the attributes associated with the rootDSE and subschemaSubentry. LDAP.pod.patch -> I added documentation about the schema function and root_dse function. I added examples to show how to use the schema function to retrieve objectClasses and attributes. Once these are understood pulling the other attributes (matchingRules, etc) is easy to do. I added examples to show how to use the root_dse function and how to use the get_value method to retrieve rootDSE attribute information. Schema.pm.patch -> I added code to comprehend the matchingRuleUse, dITStructureRules, dITContentRules, nameForms attributes. Schema.pod.patch -> I added documentation on the functions that determine object type and retrieve attribute data for matchingRuleUse, dITStructureRules, dITContentRules, nameForms attributes. Regards, Clif Harden ch...@po... |
|
From: Chris R. <chr...@me...> - 2001-02-05 15:31:49
|
Clif Harden <ch...@po...> wrote: > + =item schema ( OPTIONS ) > + > + Request that a schema search be performed. This can be used to read > + schema information. > + > + The result is an object of class L<Net::LDAP::Schema|Net::LDAP::Schema>. > + Read this documentation for further information about methods that > + can be preformed with this object. > + > + =over 4 > + > + =item dn > + > + If a DN is supplied, it will become the base object entry from > + which the search for schema information will be conducted. If > + no DN is supplied the base object entry will be determined from > + the rootDSE entry. The changes look OK. I'd like to see it returning cached Schema objects, because these are quite expensive to keep retrieving and parsing. My second change of last week implemented a cache, it was kinda hacky but generally the right sort of approach. I'd suggest one change to the documentation above, to the effect that the DN is the name of a subschema *subentry* containing the schema. ie replace the word entry with subentry. I think that clarifies what it is doing. We still need a mechanism for retrieving subschema given the DN of a plain entry (, which is by far and away the *best* way of getting schema. (Maybe we can add this to Net::LDAP::Entry?) Cheers, Chris |
|
From: Clif H. <cl...@di...> - 2001-02-05 16:19:39
|
> > Clif Harden <ch...@po...> wrote: > > + =item schema ( OPTIONS ) > > + > > + Request that a schema search be performed. This can be used to read > > + schema information. > > + > > + The result is an object of class L<Net::LDAP::Schema|Net::LDAP::Schema>. > > + Read this documentation for further information about methods that > > + can be preformed with this object. > > + > > + =over 4 > > + > > + =item dn > > + > > + If a DN is supplied, it will become the base object entry from > > + which the search for schema information will be conducted. If > > + no DN is supplied the base object entry will be determined from > > + the rootDSE entry. > > The changes look OK. I'd like to see it returning cached Schema objects, > because these are quite expensive to keep retrieving and parsing. My second > change of last week implemented a cache, it was kinda hacky but generally > the right sort of approach. When you do the $schema = $ldap->schema() function call, the $schema object stays around until you destroy it. This is the way I have been doing caching and I still use the schema methods to retrieve information when I need it. I do not have to write any new code. > > I'd suggest one change to the documentation above, to the effect that the > DN is the name of a subschema *subentry* containing the schema. ie replace > the word entry with subentry. I think that clarifies what it is doing. > I will leave this up to Graham to decide. > We still need a mechanism for retrieving subschema given the DN of a plain > entry (, which is by far and away the *best* way of getting schema. (Maybe > we can add this to Net::LDAP::Entry?) > I will leave this function for someone else to contribute. I have been using the objectClass attribute for this function since you can not be sure that a subschemaSubentry attribute will exist for any given entry. Since I use the caching method described above it works great for me. It may or may not work for anyone else. > Cheers, > > Chris > |
|
From: Graham B. <gb...@po...> - 2001-02-05 16:38:36
|
On Mon, Feb 05, 2001 at 10:21:30AM -0600, Clif Harden wrote: > > > > Clif Harden <ch...@po...> wrote: > > > + =item schema ( OPTIONS ) > > > + > > > + Request that a schema search be performed. This can be used to read > > > + schema information. > > > + > > > + The result is an object of class L<Net::LDAP::Schema|Net::LDAP::Schema>. > > > + Read this documentation for further information about methods that > > > + can be preformed with this object. > > > + > > > + =over 4 > > > + > > > + =item dn > > > + > > > + If a DN is supplied, it will become the base object entry from > > > + which the search for schema information will be conducted. If > > > + no DN is supplied the base object entry will be determined from > > > + the rootDSE entry. > > > > The changes look OK. I'd like to see it returning cached Schema objects, > > because these are quite expensive to keep retrieving and parsing. My second > > change of last week implemented a cache, it was kinda hacky but generally > > the right sort of approach. I don't think it is the place of Net::LDAP to do the caching. As you say these can be quite large and for Net::LDAP tp cache them could just be a waste on memory. It should eb up to the user application to cache the object returned. > > I'd suggest one change to the documentation above, to the effect that the > > DN is the name of a subschema *subentry* containing the schema. ie replace > > the word entry with subentry. I think that clarifies what it is doing. > > > > I will leave this up to Graham to decide. Sounds fine to me. > > We still need a mechanism for retrieving subschema given the DN of a plain > > entry (, which is by far and away the *best* way of getting schema. (Maybe > > we can add this to Net::LDAP::Entry?) > > > > I will leave this function for someone else to contribute. Patches welcome. Graham. > > I have been using the objectClass attribute for this function since you > can not be sure that a subschemaSubentry attribute will exist for any > given entry. Since I use the caching method described above it works > great for me. It may or may not work for anyone else. > > > > Cheers, > > > > Chris > > > > |
|
From: Chris R. <chr...@me...> - 2001-02-06 02:13:09
|
Graham Barr <gb...@po...> wrote: > On Mon, Feb 05, 2001 at 10:21:30AM -0600, Clif Harden wrote: >> > >> > Clif Harden <ch...@po...> wrote: >> > > + =item schema ( OPTIONS ) >> > > + >> > > + Request that a schema search be performed. This can be used to >> > > read + schema information. >> > > + >> > > + The result is an object of class >> > > L<Net::LDAP::Schema|Net::LDAP::Schema>. + Read this documentation >> > > for further information about methods that + can be preformed with >> > > this object. >> > > + >> > > + =over 4 >> > > + >> > > + =item dn >> > > + >> > > + If a DN is supplied, it will become the base object entry from >> > > + which the search for schema information will be conducted. If >> > > + no DN is supplied the base object entry will be determined from >> > > + the rootDSE entry. >> > >> > The changes look OK. I'd like to see it returning cached Schema >> > objects, because these are quite expensive to keep retrieving and >> > parsing. My second change of last week implemented a cache, it was >> > kinda hacky but generally the right sort of approach. > > I don't think it is the place of Net::LDAP to do the caching. As you say > these can be quite large and for Net::LDAP tp cache them could just be a > waste on memory. It should eb up to the user application to cache the > object returned. OK, fair argument. I'm not sure how we could implement caching up in the application though, since the read of the subentry is very much hidden inside schema(). But we can address that later on if it becomes necessary. Cheers, Chris |
|
From: Jim H. <ha...@us...> - 2001-02-06 14:31:13
|
Clif, I attempted to test this with Novell NDS8.5. I got the error:
Can't call method "attributes" on an undefined value at findschema line
10, <STDIN> chunk 1.
I first tried it with an anonymous bind and it failed, then I added code
for an authenticated bind and tried it with an account with essentially
all rights and still got the same message. Here is my code:
#!/usr/local/bin/perl
use Net::LDAP;
use Net::LDAP::Schema;
use Term::ReadKey;
$ldap = Net::LDAP->new('directory.usna.edu');
validate();
$schema = $ldap->schema();
@atts = $schema->attributes();
print "first 3 attribites:\n";
for $i (0..2) {print " $atts[$i]\n"};
@usna_atts = $schema->attributes( 'USNAperson');
print "USNA person:\n";
foreach $v (@usna_atts) { print " $v\n"};
@dts = $schema->ditstructurerules();
print "first 3 structure rules:\n";
for $i (0..2) {print " $dts[$i]\n"};
@dtc = $schema->ditcontentrules();
print "first 3 content rules:\n";
for $i (0..2) {print " $dtc[$i]\n"};
print $schema->is_objectclass('newPilotPerson')?'correct':'wrong'," about
npp\n";print "oid for squad ",$schema->is_attribute('USNAsquad'),"\n";
sub validate {
print "your login ";
chomp ( my $login = <>);
print "your passwd ";
ReadMode 'noecho'; my $password = ReadLine 0; chomp $password; ReadMode
'normal';
print "\n";
$ldap->bind ( version=>3) ; #first find dn for this login
my $basedn = "o=usna";
my $filter = "(uid=$login)";
my $mesg = $ldap->search(
base => $basedn,
filter => $filter,
attrs => ["dn"]
);
if ($mesg->code || ($mesg->count() != 1)) {
print "Couldn't find $login, message is \n ",
Net::LDAP::Util::ldap_error_name($mesg->code), "\n";
exit;
}
my $entry = $mesg->entry(0);
my $admindn = $entry->dn;
$mesg = $ldap->bind (dn => $admindn, password => $password, version =>
3) ;
if ($mesg->code) {
print "Couldn't bind to $login, message is \n ",
Net::LDAP::Util::ldap_error_name($mesg->code), "\n";
exit;
}
}
|
|
From: Clif H. <cl...@di...> - 2001-02-06 15:28:52
|
Jim,
The error implies that $schema did not get set by the
$ldap->schema() call.
I am going to assume the script worked before the patch changes.
Can you determine what the rootDSE subschemasubentry attribute
has in it. It would be nice to know its value.
Jim you will probably have to do most of the trouble shooting on
this as I do not have access to a Novell directory server, unless
I can access yours on the internet.
Regards,
Clif Harden INTERNET: c-h...@ti...
>
> Clif, I attempted to test this with Novell NDS8.5. I got the error:
> Can't call method "attributes" on an undefined value at findschema line
> 10, <STDIN> chunk 1.
>
> I first tried it with an anonymous bind and it failed, then I added code
> for an authenticated bind and tried it with an account with essentially
> all rights and still got the same message. Here is my code:
>
> #!/usr/local/bin/perl
>
> use Net::LDAP;
> use Net::LDAP::Schema;
> use Term::ReadKey;
>
> $ldap = Net::LDAP->new('directory.usna.edu');
> validate();
> $schema = $ldap->schema();
> @atts = $schema->attributes();
> print "first 3 attribites:\n";
> for $i (0..2) {print " $atts[$i]\n"};
> @usna_atts = $schema->attributes( 'USNAperson');
> print "USNA person:\n";
> foreach $v (@usna_atts) { print " $v\n"};
> @dts = $schema->ditstructurerules();
> print "first 3 structure rules:\n";
> for $i (0..2) {print " $dts[$i]\n"};
> @dtc = $schema->ditcontentrules();
> print "first 3 content rules:\n";
> for $i (0..2) {print " $dtc[$i]\n"};
> print $schema->is_objectclass('newPilotPerson')?'correct':'wrong'," about
> npp\n";print "oid for squad ",$schema->is_attribute('USNAsquad'),"\n";
>
> sub validate {
> print "your login ";
> chomp ( my $login = <>);
> print "your passwd ";
> ReadMode 'noecho'; my $password = ReadLine 0; chomp $password; ReadMode
> 'normal';
> print "\n";
> $ldap->bind ( version=>3) ; #first find dn for this login
> my $basedn = "o=usna";
> my $filter = "(uid=$login)";
> my $mesg = $ldap->search(
> base => $basedn,
> filter => $filter,
> attrs => ["dn"]
> );
> if ($mesg->code || ($mesg->count() != 1)) {
> print "Couldn't find $login, message is \n ",
> Net::LDAP::Util::ldap_error_name($mesg->code), "\n";
> exit;
> }
> my $entry = $mesg->entry(0);
> my $admindn = $entry->dn;
> $mesg = $ldap->bind (dn => $admindn, password => $password, version =>
> 3) ;
> if ($mesg->code) {
> print "Couldn't bind to $login, message is \n ",
> Net::LDAP::Util::ldap_error_name($mesg->code), "\n";
> exit;
> }
> }
>
>
>
>
>
>
--
|
|
From: Graham B. <gb...@po...> - 2001-02-06 15:45:22
|
changing the constructor to
$ldap = Net::LDAP->new('directory.usna.edu', debug => 15);
may help
Graham.
On Tue, Feb 06, 2001 at 09:30:47AM -0600, Clif Harden wrote:
>
> Jim,
>
> The error implies that $schema did not get set by the
> $ldap->schema() call.
>
> I am going to assume the script worked before the patch changes.
>
> Can you determine what the rootDSE subschemasubentry attribute
> has in it. It would be nice to know its value.
>
> Jim you will probably have to do most of the trouble shooting on
> this as I do not have access to a Novell directory server, unless
> I can access yours on the internet.
>
> Regards,
>
> Clif Harden INTERNET: c-h...@ti...
>
>
>
> >
> > Clif, I attempted to test this with Novell NDS8.5. I got the error:
> > Can't call method "attributes" on an undefined value at findschema line
> > 10, <STDIN> chunk 1.
> >
> > I first tried it with an anonymous bind and it failed, then I added code
> > for an authenticated bind and tried it with an account with essentially
> > all rights and still got the same message. Here is my code:
> >
> > #!/usr/local/bin/perl
> >
> > use Net::LDAP;
> > use Net::LDAP::Schema;
> > use Term::ReadKey;
> >
> > $ldap = Net::LDAP->new('directory.usna.edu');
> > validate();
> > $schema = $ldap->schema();
> > @atts = $schema->attributes();
> > print "first 3 attribites:\n";
> > for $i (0..2) {print " $atts[$i]\n"};
> > @usna_atts = $schema->attributes( 'USNAperson');
> > print "USNA person:\n";
> > foreach $v (@usna_atts) { print " $v\n"};
> > @dts = $schema->ditstructurerules();
> > print "first 3 structure rules:\n";
> > for $i (0..2) {print " $dts[$i]\n"};
> > @dtc = $schema->ditcontentrules();
> > print "first 3 content rules:\n";
> > for $i (0..2) {print " $dtc[$i]\n"};
> > print $schema->is_objectclass('newPilotPerson')?'correct':'wrong'," about
> > npp\n";print "oid for squad ",$schema->is_attribute('USNAsquad'),"\n";
> >
> > sub validate {
> > print "your login ";
> > chomp ( my $login = <>);
> > print "your passwd ";
> > ReadMode 'noecho'; my $password = ReadLine 0; chomp $password; ReadMode
> > 'normal';
> > print "\n";
> > $ldap->bind ( version=>3) ; #first find dn for this login
> > my $basedn = "o=usna";
> > my $filter = "(uid=$login)";
> > my $mesg = $ldap->search(
> > base => $basedn,
> > filter => $filter,
> > attrs => ["dn"]
> > );
> > if ($mesg->code || ($mesg->count() != 1)) {
> > print "Couldn't find $login, message is \n ",
> > Net::LDAP::Util::ldap_error_name($mesg->code), "\n";
> > exit;
> > }
> > my $entry = $mesg->entry(0);
> > my $admindn = $entry->dn;
> > $mesg = $ldap->bind (dn => $admindn, password => $password, version =>
> > 3) ;
> > if ($mesg->code) {
> > print "Couldn't bind to $login, message is \n ",
> > Net::LDAP::Util::ldap_error_name($mesg->code), "\n";
> > exit;
> > }
> > }
> >
> >
> >
> >
> >
> >
>
>
> --
>
>
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X