perl-ldap-dev

Possible bug in ->objectclasses()

[Steve N. <ne...@na...>]

I am writing some scripts to make sure that several Netscape Director
Servers are configured the same.  Part of the process is to make sure
that they have the same objectclasses, attributres, matching rules, and
syntaxes.  While writing the object class part I may have encountered a
bug.  There is both an attribute and object class named "locality" in
the netscape directory server:


neruda@farmer:config> sudo grep -i locality slapd.*.conf
slapd.at.conf:attribute l   locality              
localityname             2.5.4.7                    cis     
slapd.oc.conf:objectclass locality

Now if I run this test script below I would expect to see only object
classes printed out put instead 'locality' shows up as an attribute:


#!/usr/bin/perl 
use Net::LDAP;
use Net::LDAP::LDIF;
use Net::LDAP::Schema;

$host1="localhost";
$port1="3389";

my $ldap1 = Net::LDAP->new($host1,dn=>'cn=Directory
Manager',password=>'c00kie$4mango',port=>"$port1")
  || die "couldn't connect to $host1 on port $port1" ;

$ldap1->bind();
$schema1 = $ldap1->schema();
die "Get schema1  failed" unless $schema1;

@objs= $schema1->objectclasses;
foreach $oc (@objs) {
  if ($schema1->is_objectclass($oc)) {
    print "OBJECTCLASS: $oc\n";
    @must = $schema1->must($oc);
    @may = $schema1->may($oc);
  } else {
    print "attribute: $oc" if $schema1->is_attribute($oc);
    print "is_syntax: $oc" if $schema1->is_syntax($oc);
    print "is_matchingrule: $oc" if $schema1->is_matchingrule($oc);
    print "\n\n";
  }
  print
"----------------------------------------------------------------\n"
}

Output:

OBJECTCLASS: TOP
----------------------------------------------------------------
OBJECTCLASS: ALIAS
----------------------------------------------------------------
OBJECTCLASS: COUNTRY
----------------------------------------------------------------
attribute: LOCALITY


Am I doing something wrong here?

Re: Possible bug in ->objectclasses()

[Graham B. <gb...@po...>]

On Tue, May 22, 2001 at 08:35:09PM -0400, Steve Neruda wrote:
> I am writing some scripts to make sure that several Netscape Director
> Servers are configured the same.  Part of the process is to make sure
> that they have the same objectclasses, attributres, matching rules, and
> syntaxes.  While writing the object class part I may have encountered a
> bug.  There is both an attribute and object class named "locality" in
> the netscape directory server:
> 
> 
> neruda@farmer:config> sudo grep -i locality slapd.*.conf
> slapd.at.conf:attribute l   locality              
> localityname             2.5.4.7                    cis     
> slapd.oc.conf:objectclass locality
> 
> Now if I run this test script below I would expect to see only object
> classes printed out put instead 'locality' shows up as an attribute:

> Am I doing something wrong here?

No you are not.

I have just looked at the code and it does make the assumption that
no two items will have the same name. The API for name2oid will
need to be changed so that when requestion something you either
pass the type you are looking for or get a list of all of them.

Graham.
> 
> 

Re: Possible bug in ->objectclasses()

[Graham B. <gb...@po...>]

Please try the attached patch.

This changes the name2oid method to return all oids for a given name.
Also some methods will now return undef if the name passed maps to
more than one oid.

Graham.

On Wed, May 23, 2001 at 08:22:01AM +0100, Graham Barr wrote:
> On Tue, May 22, 2001 at 08:35:09PM -0400, Steve Neruda wrote:
> > I am writing some scripts to make sure that several Netscape Director
> > Servers are configured the same.  Part of the process is to make sure
> > that they have the same objectclasses, attributres, matching rules, and
> > syntaxes.  While writing the object class part I may have encountered a
> > bug.  There is both an attribute and object class named "locality" in
> > the netscape directory server:
> > 
> > 
> > neruda@farmer:config> sudo grep -i locality slapd.*.conf
> > slapd.at.conf:attribute l   locality              
> > localityname             2.5.4.7                    cis     
> > slapd.oc.conf:objectclass locality
> > 
> > Now if I run this test script below I would expect to see only object
> > classes printed out put instead 'locality' shows up as an attribute:
> 
> > Am I doing something wrong here?
> 
> No you are not.
> 
> I have just looked at the code and it does make the assumption that
> no two items will have the same name. The API for name2oid will
> need to be changed so that when requestion something you either
> pass the type you are looking for or get a list of all of them.
> 
> Graham.
> > 
> > 

setting acl's via perl-ldap ?

[Stefan P. <st...@ra...>]

Hello,

is it possible to create acl's via perl-ldap ?

my first try was to create an entry with attribute aci=<any acl>...
but i got an LDAP_INVALID_SYNTAX error..

cheers,
stefan

Re: setting acl's via perl-ldap ?

[Gael LE N. <gle...@if...>]

 hello
it is possible,
this is syntaxe for Netscape directory serveur

my $aci =3D '(target=3D"ldap:///-DN-")(targetattr=3D"-nom attr-")(version=
 3.0;
acl "-nom acl-"; deny(all) userdn =3D "ldap:///self";)' ;

$ldap->modify($dn_modif, add =3D> {'aci' =3D> $aci });


Stefan Poschenrieder a =E9crit :
>=20
> Hello,
>=20
> is it possible to create acl's via perl-ldap ?

--=20
Ga=EBl LE NERRIEC
Stagiaire IFREMER	TMSI/IDM/RIC
____________________________________________
El=E8ve ing=E9nieur IRESTE
Ecole Polytechnique de l'universit=E9 de Nantes
D=E9partement Syst=E8mes Informatiques Logiciels et R=E9seaux

Re: Possible bug in ->objectclasses()

[Clif H. <cl...@di...>]

> 
> 
> 
> Please try the attached patch.
> 
> This changes the name2oid method to return all oids for a given name.
> Also some methods will now return undef if the name passed maps to
> more than one oid.


Returning undef is okay IF you are going to provide a 
error function that explains why the method returned
undef.

Clif




> 
> Graham.
> 
> On Wed, May 23, 2001 at 08:22:01AM +0100, Graham Barr wrote:
> > On Tue, May 22, 2001 at 08:35:09PM -0400, Steve Neruda wrote:
> > > I am writing some scripts to make sure that several Netscape Director
> > > Servers are configured the same.  Part of the process is to make sure
> > > that they have the same objectclasses, attributres, matching rules, and
> > > syntaxes.  While writing the object class part I may have encountered a
> > > bug.  There is both an attribute and object class named "locality" in
> > > the netscape directory server:
> > > 
> > > 
> > > neruda@farmer:config> sudo grep -i locality slapd.*.conf
> > > slapd.at.conf:attribute l   locality              
> > > localityname             2.5.4.7                    cis     
> > > slapd.oc.conf:objectclass locality
> > > 
> > > Now if I run this test script below I would expect to see only object
> > > classes printed out put instead 'locality' shows up as an attribute:
> > 
> > > Am I doing something wrong here?
> > 
> > No you are not.
> > 
> > I have just looked at the code and it does make the assumption that
> > no two items will have the same name. The API for name2oid will
> > need to be changed so that when requestion something you either
> > pass the type you are looking for or get a list of all of them.
> > 
> > Graham.
> > > 
> > > 
> 

Re: Possible bug in ->objectclasses()

[Graham B. <gb...@po...>]

On Wed, May 23, 2001 at 08:03:23AM -0500, Clif Harden wrote:
> > 
> > 
> > 
> > Please try the attached patch.
> > 
> > This changes the name2oid method to return all oids for a given name.
> > Also some methods will now return undef if the name passed maps to
> > more than one oid.
> 
> 
> Returning undef is okay IF you are going to provide a 
> error function that explains why the method returned
> undef.

Yes, error handling is something that needs to be added thought the whole module

Graham.