perl-ldap-dev

Re: Net::LDAP::Filter question

[<ti...@uc...>]

No, the dn of the user is not available.  The dn in the cert is not the 
dn of user in the directory. In this case, I HAVE to use the cert in 
the filter, it is the only thing guaranteed to be unique that I have 
access to at this point.

Since the userceritificate entry is indexed in the directory, a search 
works just fine, as long as the 5 characters ('*','(',')','\', and 'nul') 
mentioned in RFC 2254 are converted beforehand, as detailed in 
the RFC.

I was just wondering if there was a method in Net::LDAP::Filter to 
do this, I take it the answer is no.  (Note, remember to convert the 
'\' first!)

RE: Net::LDAP::Filter question

[<Nor...@av...>]

Hi Peter,

> Hi,
>=20
> On Thursday 24 October 2002 14:51, Graham Barr wrote:
> > > I was just wondering if there was a method in Net::LDAP::Filter to
> > > do this, I take it the answer is no.  (Note, remember to=20
> convert the
> > > '\' first!)
> >
> > There is no method to do the escaping, but one might be=20
> useful to add.
>=20
> I was having the same problem a few moths ago, so I wrote
> a module for my private use and use in my company.
>=20
> It provides 4 functions
> * quoteFilterValue(@)
> * unquoteFilterValue(@)
> * quoteDNValue(@)
> * unquoteDNValue(@)
>=20
> The functions with weilter in their names operate on strings
> that are going to be pattern parts of LDAP filters,=20
> while the functions with DN in their name operate
> on strings that are to become RDN values.

These functions for DNs are already part of Net::LDAP::Utils. E.g. =
canonical_dn can be used to construct a correctly encoded DN from RDN =
values.

Mit freundlichen Gr=FC=DFen / Best Regards

Norbert Klasen
Avinci - The Know-How Company
http://www.avinci.biz

Re: Net::LDAP::Filter question

[Peter M. <pet...@ma...>]

Hi Norbert,

you are right If you feed canonical_dn() the DN as a array ref (as descri=
bed=20
in the man page), but sometimes it is useful to have the (de-)quoting=20
functions as standalone routines

Maybe Graham will reorg his code a bit to have similar function as separa=
te=20
routines ;-))

Yours / Sch=F6nes Wochenende
Peter

On Friday 25 October 2002 16:19, you wrote:
> > I was having the same problem a few moths ago, so I wrote
> > a module for my private use and use in my company.
> >
> > It provides 4 functions
> > * quoteFilterValue(@)
> > * unquoteFilterValue(@)
> > * quoteDNValue(@)
> > * unquoteDNValue(@)
> >
> > The functions with weilter in their names operate on strings
> > that are going to be pattern parts of LDAP filters,
> > while the functions with DN in their name operate
> > on strings that are to become RDN values.
>
> These functions for DNs are already part of Net::LDAP::Utils. E.g.
> canonical_dn can be used to construct a correctly encoded DN from RDN
> values.
>
> Mit freundlichen Gr=FC=DFen / Best Regards
>
> Norbert Klasen
> Avinci - The Know-How Company
> http://www.avinci.biz

--=20
Peter Marschall     |   eMail: pet...@ma...
Scheffelstra=DFe 15   |          pet...@is...
97072 W=FCrzburg      |   Tel:   0931/14721
PGP:  D7 FF 20 FE E6 6B 31 74  D1 10 88 E0 3C FE 28 35

Re: Net::LDAP::Filter question

[Graham B. <gb...@po...>]

On Tue, Oct 22, 2002 at 02:20:35PM -0400, ti...@uc... wrote:
> No, the dn of the user is not available.  The dn in the cert is not the 
> dn of user in the directory. In this case, I HAVE to use the cert in 
> the filter, it is the only thing guaranteed to be unique that I have 
> access to at this point.
> 
> Since the userceritificate entry is indexed in the directory, a search 
> works just fine, as long as the 5 characters ('*','(',')','\', and 'nul') 
> mentioned in RFC 2254 are converted beforehand, as detailed in 
> the RFC.
> 
> I was just wondering if there was a method in Net::LDAP::Filter to 
> do this, I take it the answer is no.  (Note, remember to convert the 
> '\' first!)

There is no method to do the escaping, but one might be useful to add.

It also used to be possible to build a filter without going via the
string form, but that got dropped when we moved from Convert::BER
to Convert::ASN1. As nobody screamed I assumed nobody was using it.

Graham.

Re: Net::LDAP::Filter question

[Peter M. <pet...@ma...>]

Hi,

On Thursday 24 October 2002 14:51, Graham Barr wrote:
> > I was just wondering if there was a method in Net::LDAP::Filter to
> > do this, I take it the answer is no.  (Note, remember to convert the
> > '\' first!)
>
> There is no method to do the escaping, but one might be useful to add.

I was having the same problem a few moths ago, so I wrote
a module for my private use and use in my company.

It provides 4 functions
* quoteFilterValue(@)
* unquoteFilterValue(@)
* quoteDNValue(@)
* unquoteDNValue(@)

The functions with weilter in their names operate on strings
that are going to be pattern parts of LDAP filters,=20
while the functions with DN in their name operate
on strings that are to become RDN values.

I do not exactly know if theay are correct, but in our company
we use them regularly.

Maybe they can become a part of a future Net::LDAP::Util ;-))
(the first version of Net::LDAP::extraTools contained routines=20
to split DN, but now that these are in Net::LDAP::Util, I cut them out.
Maybe I can gt rid of this extraTools module ;-)

Yours
Peter
--=20
Peter Marschall     |   eMail: pet...@ma...
Scheffelstra=DFe 15   |          pet...@is...
97072 W=FCrzburg      |   Tel:   0931/14721
PGP:  D7 FF 20 FE E6 6B 31 74  D1 10 88 E0 3C FE 28 35