perl-ldap-dev

Can somebody help me to get schemas from ldap server?

[Javier <te...@rd...>]

Hello guys!

Can somebody help me about this:

I'm triying to get the object's schema from LDAP server, but I can't.

I'm working with OpenLdap 2.0.7, I think that this version of LDAP 
server support LDAPv3.
Is it correct?

I do this to get the schema:

$dn="cn=Jane, ou=myDept, o=myorg, c=ES";
$ldap= Net::LDAP->new('192.168.0.44',
                                               debug=>0,
                                                   async=>1,);
$ldap->bind;

$schema = $ldap->schema (dn => $dn);

@attr_person = $schema->attributes( "person" );

$ldap->unbind;

# End of example script

I debug this script and the variable $schema return from $ldap->schema 
is not full!
and Schema.pm's methods , for example $schema->attributes( "person" ) 
don't return anything.

Can somebody tell me step by step how I can get the schema from the server?
I do need configure Openldap for do this?

Thanks for all!! Sorry for my English
Javier

Re: Can somebody help me to get schemas from ldap server?

[John B. <joh...@ne...>]

> I'm working with OpenLdap 2.0.7, I think that this version of LDAP 
> server support LDAPv3.
> Is it correct?

I'm not sure, but I suspect that you are bound using version 2, because...

> I do this to get the schema:
[snip]
> $ldap->bind;

If you don't specify a version to the bind command, Net::LDAP defaults to
v2. (At least it looks that way in the Version 0.22 I have installed).

Can you try:


my $m = $ldap->bind( version => 3 );
die( "Can't bind" ) unless $m->code() == 0;   # or LDAP_SUCCESS :-)


instead? Does this help?

> I debug this script and the variable $schema return from $ldap->schema 
> is not full!
> and Schema.pm's methods , for example $schema->attributes( "person" ) 
> don't return anything.

If the server is returning data [you could see this by using $ldap =
Net::LDAP->new( debug => 1)] there is a reasonably high chance that the
Schema code doesn't understand it since it isn't used much. If binding v3
doesn't help you (or if I got that wrong, and Net::LDAP binds v3 by
default) we should be able to fix this up for you.

Let us know how you get on.

> Can somebody tell me step by step how I can get the schema from the server?
> I do need configure Openldap for do this?

I don't know if OpenLDAP supports this, the above is really just a guess.

regards,

jb

Re: Can somebody help me to get schemas from ldap server?

[Chris R. <chr...@me...>]

Javier <te...@rd...> wrote:
> Hello guys!
> 
> Can somebody help me about this:
> 
> I'm triying to get the object's schema from LDAP server, but I can't.
> 
> I'm working with OpenLdap 2.0.7, I think that this version of LDAP server
> support LDAPv3. Is it correct?

Don't know, sorry.

> I do this to get the schema:
> 
> $dn="cn=Jane, ou=myDept, o=myorg, c=ES";
> $ldap= Net::LDAP->new('192.168.0.44',
>                                                debug=>0,
>                                                    async=>1,);
> $ldap->bind;
> 
> $schema = $ldap->schema (dn => $dn);

OK, that's not the way LDAP does it really. LDAPv3 servers store schema in
special places called subentries in the directory, and places pointers (ie
DNs) to those subentries in the subschemaSubentry attribute in the root DSE.

What $ldap->schema() does is read the root entry, read the
subschemaSubentry attribute from there, and then read the schema from those
subentries.

To shortcut this extra read, and to support servers that don't contain a
subschemaSubentry attribute in the root DSE but do hold schema in the
directory, you can also tell $ldap->schema() to read the subschema from a
certain DN, by saying $ldap->schema(dn => 'where the subschema is')

I think you should probably just remove the dn arguments from the call to
$ldap->schema().

Cheers,

Chris

Re: Can somebody help me to get schemas from ldap server?

[Kurt D. Z. <Ku...@Op...>]

BTW, OpenLDAP 2.x provides an LDAPv3 implementation.
 
At 10:46 AM 11/29/00 +0000, Chris Ridd wrote:
>OK, that's not the way LDAP does it really. LDAPv3 servers store schema in
>special places called subentries in the directory, and places pointers (ie
>DNs) to those subentries in the subschemaSubentry attribute in the root DSE.

Every entry should have a subschemaSubentry attribute whose value
refers to the subschema entry (or subentry) which controls it.

One must be very careful using the subschemaSubentry attribute
in the root DSE due to the fact that there may be multiple
subschema subentries and the root DSE provides no mechanism
for the client to relate which subentry controls which entry
held by the server.  Client developers should avoid using the
subschemaSubentry within the root DSE as this mechanism is likely
to be changed when LDAPv3 goes from Proposed to Draft Standard.


>What $ldap->schema() does is read the root entry, read the
>subschemaSubentry attribute from there, and then read the schema from those
>subentries.
>
>To shortcut this extra read, and to support servers that don't contain a
>subschemaSubentry attribute in the root DSE but do hold schema in the
>directory, you can also tell $ldap->schema() to read the subschema from a
>certain DN, by saying $ldap->schema(dn => 'where the subschema is')
>
>I think you should probably just remove the dn arguments from the call to
>$ldap->schema().
>
>Cheers,
>
>Chris

Re: Can somebody help me to get schemas from ldap server?

[Chris R. <chr...@me...>]

"Kurt D. Zeilenga" <Ku...@Op...> wrote:
> BTW, OpenLDAP 2.x provides an LDAPv3 implementation.
>  
> At 10:46 AM 11/29/00 +0000, Chris Ridd wrote:
>> OK, that's not the way LDAP does it really. LDAPv3 servers store schema
>> in special places called subentries in the directory, and places
>> pointers (ie DNs) to those subentries in the subschemaSubentry attribute
>> in the root DSE.
> 
> Every entry should have a subschemaSubentry attribute whose value
> refers to the subschema entry (or subentry) which controls it.

Whilst that is true (it is actually an operational attribute) I didn't
describe that mechanism because it didn't appear to fit in with what Javier
was doing.

Cheers,

Chris

Re: Can somebody help me to get schemas from ldap server?

[Kurt D. Z. <Ku...@Op...>]

At 05:15 PM 11/29/00 +0000, Chris Ridd wrote:
>"Kurt D. Zeilenga" <Ku...@Op...> wrote:
>> BTW, OpenLDAP 2.x provides an LDAPv3 implementation.
>>  
>> At 10:46 AM 11/29/00 +0000, Chris Ridd wrote:
>>> OK, that's not the way LDAP does it really. LDAPv3 servers store schema
>>> in special places called subentries in the directory, and places
>>> pointers (ie DNs) to those subentries in the subschemaSubentry attribute
>>> in the root DSE.
>> 
>> Every entry should have a subschemaSubentry attribute whose value
>> refers to the subschema entry (or subentry) which controls it.
>
>Whilst that is true (it is actually an operational attribute) I didn't
>describe that mechanism because it didn't appear to fit in with what Javier
>was doing.

I thought Javier was attempting to discover the schema controlling
an entry.

The general method for discover such is to obtain the controlling
schema from the subschema subentry referred to by the entry's
subschemaSubentry attribute.   The Root DSE approach is known to
be seriously flawed and, IMO, should be avoided until the IETF
determines how to fix it.

Kurt

Re: Can somebody help me to get schemas from ldap server?

[Chris R. <chr...@me...>]

"Kurt D. Zeilenga" <Ku...@Op...> wrote:
> At 05:15 PM 11/29/00 +0000, Chris Ridd wrote:
>> "Kurt D. Zeilenga" <Ku...@Op...> wrote:
>>> BTW, OpenLDAP 2.x provides an LDAPv3 implementation.
>>>  
>>> At 10:46 AM 11/29/00 +0000, Chris Ridd wrote:
>>>> OK, that's not the way LDAP does it really. LDAPv3 servers store schema
>>>> in special places called subentries in the directory, and places
>>>> pointers (ie DNs) to those subentries in the subschemaSubentry
>>>> attribute in the root DSE.
>>> 
>>> Every entry should have a subschemaSubentry attribute whose value
>>> refers to the subschema entry (or subentry) which controls it.
>> 
>> Whilst that is true (it is actually an operational attribute) I didn't
>> describe that mechanism because it didn't appear to fit in with what
>> Javier was doing.
> 
> I thought Javier was attempting to discover the schema controlling
> an entry.
> 
> The general method for discover such is to obtain the controlling
> schema from the subschema subentry referred to by the entry's
> subschemaSubentry attribute.   The Root DSE approach is known to
> be seriously flawed and, IMO, should be avoided until the IETF
> determines how to fix it.
> 
> Kurt
> 

That is the far superior approach, as otherwise you'd have to look at all
the values of subschemaSubentry and work out which one is 'nearest' to you.

Following X.500's line here is sensible. (X.500 has operational attributes
on each entry called attributeTypes and objectClasses (etc) which provide
the subschema information directly, without having to do the extra read of
the subschema subentry.)

Cheers,

Chris

Re: Can somebody help me to get schemas from ldap server?

[Clif H. <c-h...@ti...>]

Javier,

Attached is a simple perl script that will get and display
the schema contents of a directory server.

You will need perl-ldap 0.22 and to change a couple of
lines in the code to make it work for you.

You may need to change the first line of the script to 
point to your location of perl.

Change the word "cnb0116358" to the name of your directory
server. It is near the top of the file. 

You may  need to bind to your directory as the directory 
admin in order to get the schema, change the ldap->ldapbind 
line to include you directory admin "cn" and password if 
needed.

You will probably want to pipe the output to a file.

I have not tried this script out on a openldap 2.x system
yet, but it does work on our x.500 and Netscape directory
servers.

Clif Harden           INTERNET:  c-h...@ti...


Javier wrote:
> 
> Hello guys!
> 
> Can somebody help me about this:
> 
> I'm triying to get the object's schema from LDAP server, but I can't.
> 
> I'm working with OpenLdap 2.0.7, I think that this version of LDAP
> server support LDAPv3.
> Is it correct?
> 
> I do this to get the schema:
> 
> $dn="cn=Jane, ou=myDept, o=myorg, c=ES";
> $ldap= Net::LDAP->new('192.168.0.44',
>                                                debug=>0,
>                                                    async=>1,);
> $ldap->bind;
> 
> $schema = $ldap->schema (dn => $dn);
> 
> @attr_person = $schema->attributes( "person" );
> 
> $ldap->unbind;
> 
> # End of example script
> 
> I debug this script and the variable $schema return from $ldap->schema
> is not full!
> and Schema.pm's methods , for example $schema->attributes( "person" )
> don't return anything.
> 
> Can somebody tell me step by step how I can get the schema from the server?
> I do need configure Openldap for do this?
> 
> Thanks for all!! Sorry for my English
> Javier

--