perl-ldap-dev

RE: Access problem (eDirectory)

[Mark R. <mar...@ma...>]

Hi,

Here's my two cents worth (might not
even be worth that).

Are you allowing cleartext passwords
on eDirectory?  If not, you will only
bind anonymously and will therefore not
have admin's access rights to eDirectory.

Regards,
Mark Rogers

-----Original Message-----
Date: Wed, 5 Jun 2002 02:57:57 -0700 (PDT)
From: Murugan K G <mur...@ya...>
Subject: Access problem
To: per...@li...

Hi  LDAP gurus
     I am trying to develop one perl  module for 
"RefreshLDAPServerRequest"  eDirectory extension
as below. While executing this script , i am getting 
LDAP_INSUFFICIENT_ACCESS  message code and
Insufficient access message error.   Here i logged  in
with admin rights only. After  that also  , i am
getting the same.  Any help  greatly appriciated. 

 Am  i doing anything in the script?.

Regards
K.Murugan



use Convert::ASN1;
use Net::LDAP qw(:all);
use Net::LDAP::Util qw(ldap_error_name       
                          ldap_error_text) ;    # use
for Error handling
require Net::LDAP::Extension;
require Net::LDAP::Message;

$ldap = Net::LDAP->new("xxx.xx.xxx.xxx") or die "$@";
print $ldap->{error};
$asn = Convert::ASN1->new;
$ldap->bind('username',password => 'password') or die
"Not able to bind";
my $mesg = $ldap->message('Net::LDAP::Extension' =>
$arg);
$ldap->start_tls();

$mesg->encode
	( 
	 extendedReq =>{
         requestName =>
"2.16.840.1.113719.1.27.100.9",
	 requestValue => null
        }
        )or die "Not able to encode the extended
values\n";

	$response=$ldap->_sendmesg($mesg) or die "Not able to
send 

message\n";
	$mesg->sync(); 

        if( $mesg->code ne LDAP_SUCCESS)
        {
	   print "LDAP ERROR\n		";
	   print "The response name is ".
$response->{responseName};
	   $ldap->unbind();
        }
        else
        {
	print "The response name is ".
$response->{responseName};
	print "The junk\n".$response->{response};
        $ldap->unbind();
	}

	print "Ldap extension operation result", 

ldap_error_name($mesg->code),"\n";
	print $mesg->error;

	# print $mesg->mesg_id;



=head
$result=Net::LDAP::Extension::response_name($mesg);
$result=Net::LDAP::Extension::response($mesg);
print $result;

$asn = Convert::ASN1->new;
print $asn->decode($response->{response}->{identity}) 
or die "Not able 

to decode the message\n";
# print "The value of the response name is
".$out->{responseName};
=cut

):=

[Murugan K G <mur...@ya...>]

Hi  LDAP gurus,
   The  following script is  not giving any result for
me.  AM  i doing  something wrong here. How can i
assign  LDAPDN ::LDAPString in the perl code?. 

Thanks in advance

Regards
K.Murugan

 
use Convert::ASN1;    
$asn = Convert::ASN1->new;
$asn->prepare(q<
      [APPLICATION 23] SEQUENCE {
      flags INTEGER,
      dn    LDAPDN
    }>);

$pdu = $asn->encode( flags => 0, dn =>
"ou=xx,o=xxxx");

$out = $asn->decode($pdu);
print $out->{flags}," ",$out->{dn},"\n";








__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

Could not decode LDAP extension packet - error

[Murugan K G <mur...@ya...>]

Hi 
   I may be asking very simple question since  i am
very new to LDAP stuff. Thanks for your answers. 
I am getting "Could not decode LDAP extension packet"
error messasge.
 May be i am sending wrong encoded message from the
client as  below.   Any ideas?. 

Any help mostly welcome.

Thanks in advance.

Regards
K.Murugan

my $mesg = $ldap->message('Net::LDAP::Extension' =>
$arg);

$ldap->start_tls();

$asn = Convert::ASN1->new;
$asn->prepare(q<
      [APPLICATION 23] SEQUENCE {
      flags INTEGER,
      dn    LDAPDN
    }>);

$pdu = $asn->encode( flags => 0, dn =>
"ou=test,o=xxxx");

$out = $asn->decode($pdu);
print $out->{flags}," ",$out->{dn},"\n";


$mesg->encode
	( 
       	 extendedReq =>{
         requestName =>
'2.16.840.1.113719.1.27.100.3',
#####################################
	 requestValue => $pdu
#######################################
	 }
        )or die "Not able to encode the extended
values\n";

	$response=$ldap->_sendmesg($mesg) or die "Not  able
to send message\n";
	$mesg->sync(); 

        if( $mesg->code ne LDAP_SUCCESS)
        {
	   	print "LDAP ERROR\n		";
	        print "The response name is ".
$response->{responseName};
	        $ldap->unbind();
        }
        else
        {
		print "The response name is ".
$response->{responseName};
	        $ldap->unbind();	
	}
	print "Ldap extension operation result",      
ldap_error_name($mesg->code),"\n";
	print $mesg->error;



__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

Re: Could not decode LDAP extension packet - error

[Graham B. <gb...@po...>]

On Thu, Jun 06, 2002 at 05:31:08AM -0700, Murugan K G wrote:
> Hi 
>    I may be asking very simple question since  i am
> very new to LDAP stuff. Thanks for your answers. 
> I am getting "Could not decode LDAP extension packet"
> error messasge.
>  May be i am sending wrong encoded message from the
> client as  below.   Any ideas?. 

Perhaps it would help if you described what you are trying todo
and not just ask "what is wrong with this code"

Graham.

> 
> Any help mostly welcome.
> 
> Thanks in advance.
> 
> Regards
> K.Murugan
> 
> my $mesg = $ldap->message('Net::LDAP::Extension' =>
> $arg);
> 
> $ldap->start_tls();
> 
> $asn = Convert::ASN1->new;
> $asn->prepare(q<
>       [APPLICATION 23] SEQUENCE {
>       flags INTEGER,
>       dn    LDAPDN
>     }>);
> 
> $pdu = $asn->encode( flags => 0, dn =>
> "ou=test,o=xxxx");
> 
> $out = $asn->decode($pdu);
> print $out->{flags}," ",$out->{dn},"\n";
> 
> 
> $mesg->encode
> 	( 
>        	 extendedReq =>{
>          requestName =>
> '2.16.840.1.113719.1.27.100.3',
> #####################################
> 	 requestValue => $pdu
> #######################################
> 	 }
>         )or die "Not able to encode the extended
> values\n";
> 
> 	$response=$ldap->_sendmesg($mesg) or die "Not  able
> to send message\n";
> 	$mesg->sync(); 
> 
>         if( $mesg->code ne LDAP_SUCCESS)
>         {
> 	   	print "LDAP ERROR\n		";
> 	        print "The response name is ".
> $response->{responseName};
> 	        $ldap->unbind();
>         }
>         else
>         {
> 		print "The response name is ".
> $response->{responseName};
> 	        $ldap->unbind();	
> 	}
> 	print "Ldap extension operation result",      
> ldap_error_name($mesg->code),"\n";
> 	print $mesg->error;
> 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Yahoo! - Official partner of 2002 FIFA World Cup
> http://fifaworldcup.yahoo.com
> 
> _______________________________________________________________
> 
> Don't miss the 2002 Sprint PCS Application Developer's Conference
> August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
> 

Re: Could not decode LDAP extension packet - error

[Murugan K G <mur...@ya...>]

Hi
   Thanks for your comment. Basically i wanted to 
create a new  partition  using  Net::LDAP::Extension 
in eDirectory
##################################################
The requestValue has the following format:
requestValue ::=
     flags      INTEGER
     dn         LDAPDN
#####################################################
I am getting "could not decode LDAP extension packet"
error message when i used  the following encoding
procedure.  Is it the rights way  to encode the
message for the above mentioned extension?. I am sure
about the OID.

Thanks in advance.

$asn = Convert::ASN1->new;
$asn->prepare(q<
      [APPLICATION 23] SEQUENCE {
      flags INTEGER,
      dn    OCTET STRING
    }>);

$pdu = $asn->encode( flags => 0, dn =>
"ou=test,o=cdac");


$mesg->encode
	( 
       	 extendedReq =>{
         requestName =>
'2.16.840.1.113719.1.27.100.3',
	 requestValue => $pdu
	 }
        )or die "Not able to encode the extended
values\n";



__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

Re: Could not decode LDAP extension packet - error

[Graham B. <gb...@po...>]

You dont need the APPLICATION 23 in your code, try

 $asn = Convert::ASN1->new;
 $asn->prepare(q<
       flags INTEGER,
       dn    OCTET STRING
     >);
 
 $pdu = $asn->encode( flags => 0, dn => "ou=test,o=cdac");
 $ldap->extension(
    name => '2.16.840.1.113719.1.27.100.3',
    value => $pdu
 );

Graham.

On Thu, Jun 06, 2002 at 06:32:34AM -0700, Murugan K G wrote:
> Hi
>    Thanks for your comment. Basically i wanted to 
> create a new  partition  using  Net::LDAP::Extension 
> in eDirectory
> ##################################################
> The requestValue has the following format:
> requestValue ::=
>      flags      INTEGER
>      dn         LDAPDN
> #####################################################
> I am getting "could not decode LDAP extension packet"
> error message when i used  the following encoding
> procedure.  Is it the rights way  to encode the
> message for the above mentioned extension?. I am sure
> about the OID.
> 
> Thanks in advance.
> 
> $asn = Convert::ASN1->new;
> $asn->prepare(q<
>       [APPLICATION 23] SEQUENCE {
>       flags INTEGER,
>       dn    OCTET STRING
>     }>);
> 
> $pdu = $asn->encode( flags => 0, dn =>
> "ou=test,o=cdac");
> 
> 
> $mesg->encode
> 	( 
>        	 extendedReq =>{
>          requestName =>
> '2.16.840.1.113719.1.27.100.3',
> 	 requestValue => $pdu
> 	 }
>         )or die "Not able to encode the extended
> values\n";
> 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Yahoo! - Official partner of 2002 FIFA World Cup
> http://fifaworldcup.yahoo.com

Re: ):=

[Chris R. <chr...@me...>]

Murugan K G <mur...@ya...> wrote:
>       dn    LDAPDN

Try:
	dn    OCTET STRING

Cheers,

Chris