perl-ldap-dev

Filter Strings

[Kristina H. <khi...@om...>]

Hello,

I am a fairly new Perl programmer (a few weeks), and am working on
integrating our LDAP directory with another database.  I seem to be
having problems with my filter string in one particular instance.  I'm
thinking that it has to do with the fact that I'm trying to use a
variable in my filter string.  I know that the DBI module has the
ability to bind variables when you execute the SQL statement.  Does the
search method of the LDAP module have something similar I can't figure
out?

Here's the code that seems to be giving me trouble:
my $mesg = $ldap->search(...,filter => 'uid=$item', ...)
die ($mesg->error) if $mesg->code;

#put the attributes in a hash table
my %user;
my $entry = $mesg->entry;
#the following line is the one giving me trouble, saying I can't execute
the
#attributes method on a null value.  I figure this is because it's not
finding any
#entries where uid equals "$item"
foreach my $attr ($entry->attributes){
    $user{$attr} = $entry->get_value($attr);
}

This code works perfectly when I have "...filter=> 'uid=kdhilde'..."

Please respond to me directly, as well as the list, because the message
that I sent to per...@ma... to subscribe to
the list bounced back.

Thank-you very much,
Kristina Hildebrand

Re: Filter Strings

[Jim H. <ha...@us...>]

use " instead of '
  filter => "uid=$item"
single quotes say to take what is between them literally, doubles say to
interpolate values.
  --Jim Harle


On Tue, 26 Mar 2002, Kristina Hildebrand wrote:

> Hello,
>
> I am a fairly new Perl programmer (a few weeks), and am working on
> integrating our LDAP directory with another database.  I seem to be
> having problems with my filter string in one particular instance.  I'm
> thinking that it has to do with the fact that I'm trying to use a
> variable in my filter string.  I know that the DBI module has the
> ability to bind variables when you execute the SQL statement.  Does the
> search method of the LDAP module have something similar I can't figure
> out?
>
> Here's the code that seems to be giving me trouble:
> my $mesg = $ldap->search(...,filter => 'uid=$item', ...)
> die ($mesg->error) if $mesg->code;
>
> #put the attributes in a hash table
> my %user;
> my $entry = $mesg->entry;
> #the following line is the one giving me trouble, saying I can't execute
> the
> #attributes method on a null value.  I figure this is because it's not
> finding any
> #entries where uid equals "$item"
> foreach my $attr ($entry->attributes){
>     $user{$attr} = $entry->get_value($attr);
> }
>
> This code works perfectly when I have "...filter=> 'uid=kdhilde'..."
>
> Please respond to me directly, as well as the list, because the message
> that I sent to per...@ma... to subscribe to
> the list bounced back.
>
> Thank-you very much,
> Kristina Hildebrand
>
>

X.509 Certificates

[Brian S. <bri...@ed...>]

I recall a thread (or two) on how to add X.509 certificates using 
Perl-LDAP.  I'd appreciate it if someone could send me an example or two.

-- 
Regards,

Brian Safford
EDS Digital Enablement - Perimeter Messaging

Re: X.509 Certificates

[Chris R. <chr...@me...>]

Brian Safford <bri...@ed...> wrote:
> I recall a thread (or two) on how to add X.509 certificates using=20
> Perl-LDAP.  I'd appreciate it if someone could send me an example or two.
>=20
> --=20
> Regards,
>=20
> Brian Safford
> EDS Digital Enablement - Perimeter Messaging
>=20
>=20

This is answered by Net::LDAP::FAQ.

-----
Using X.509 certificates.
       How do I store X.509 certificates in the directory?

       The first problem here is that there are many different
       formats to hold certificates in, for example PEM, DER,
       PKCS#7 and PKCS#12. The directory *only* uses the DER for=AD
       mat (more correctly, it only uses the BER format) which is
       a binary format.

       Your first job is to ensure that your certificates are
       therefore in DER/BER format. You could use OpenSSL to
       convert from PEM like this:

         openssl x509 -inform PEM -in cert.pem -outform DER -out cert.der

       Consult the OpenSSL documentation to find out how to per=AD
       form other conversions.

       To add a certificate to the directory, just slurp in the
       DER/BER certificate into a scalar variable, and add it to
       the entry's userCertificate attribute. How you do that
       will depend on which version of LDAP you are using.

       To slurp in the certificate try something like this:

         my $cert;
         {
            local $/ =3D undef; # Slurp mode
            open CERT, "cert.der" or die;
            $cert =3D <CERT>;
            close CERT;
         }
         # The certificate is now in $cert

       For LDAPv2, because most directory vendors ignore the
       string representation of certificates defined in RFC 1778,
       you should add this value to the directory like this:

         $res =3D $ldap->modify("cn=3DMy User, o=3DMy Company,c=3DXY",
                              add =3D> [
                                  'userCertificate' =3D> [ $cert ]
                              ]);
         die "Modify failed (" . ldap_error_name($res->code) . ")\n"
             if $res->code;

       For LDAPv3, you must do this instead:

          $res =3D $ldap->modify("cn=3DMy User, o=3DMy Company, c=3DXY",
                               add =3D> [
                                   'userCertificate;binary' =3D> [ $cert ]
                               ]);
          die "Modify failed (" . ldap_error_name($res->code) . ")\n"
              if $res->code;

       Of course, the entry you are trying to add the certificate
       to must use object classes that permit the userCertificate
       attribute, otherwise the modify will fail with an object
       class violation error. The inetOrgPerson structural object
       class permits userCertificates, as does the strongAuthen=AD
       ticationUser auxiliary object class. Others might also.
-----

Cheers,

Chris

Re: Filter Strings

[Lance U. <la...@ve...>]

> Hello,
>
> I am a fairly new Perl programmer (a few weeks), and am working on
> integrating our LDAP directory with another database.  I seem to be
> having problems with my filter string in one particular instance.  I'm
> thinking that it has to do with the fact that I'm trying to use a
> variable in my filter string.  I know that the DBI module has the
> ability to bind variables when you execute the SQL statement.  Does the
> search method of the LDAP module have something similar I can't figure
> out?
>
> Here's the code that seems to be giving me trouble:
> my $mesg = $ldap->search(...,filter => 'uid=$item', ...)

[snip]
Try using double quotes here because single quotes will not expand the
variable.

-Lance