From: Jurgen B. <ju...@bo...> - 2000-09-08 06:03:33
Attachments:
rename.pl
|
So I wrote simple little program to change the dn of an entry (attached), and first it fails as follows: $ perl rename.pl uid=jbotz,ou=people,o=eazel password \ uid=tuser,ou=people,o=eazel uid=tuser1,ou=people,o=eazel Can't call method "modify" on an undefined value at /usr/lib/perl5/site_perl/5.005/Net/LDAP/Entry.pm line 200 This seems to be because I call $entry->update without any args, but the manual sez: CLIENT is only optional if the Net::LDAP::Entry object was created by a search on a directory server. In which case, if omitted, the update will be sent back to the same server. Well, whatever, maybe this doesn't hold for changed dn's so, I give it an explicit $entry->update($ldap). Now I get: $ perl rename.pl uid=jbotz,ou=people,o=eazel password \ uid=tuser,ou=people,o=eazel uid=tuser1,ou=people,o=eazel Can't use an undefined value as an ARRAY reference at /usr/lib/perl5/site_perl/5.005/Net/LDAP.pm line 313. This seems to be because Net::LDAP->modify doesn't know its change type. Adding an explicit $entry->changetype('modify') to my script gets me further, but shouldn't the fact that I changed the dn have tipped it off? Anyway, now my program runs all the way through and produces the following error: Error: LDAP_PROTOCOL_ERROR -- Unrecognized version number or incorrect PDU structure Right now I'm pretty clueless what this could mean. All I'm trying to do at the moment is change the RDN! (On a Netscape 4.11 server, and the OpenLDAP ldapmodrdn(1) program works fine.) - Jurgen |
From: Graham B. <gb...@po...> - 2000-09-08 09:29:10
|
On Thu, Sep 07, 2000 at 11:03:29PM -0700, Jurgen Botz wrote: > So I wrote simple little program to change the dn of an entry > (attached), and first it fails as follows: > > $ perl rename.pl uid=jbotz,ou=people,o=eazel password \ > uid=tuser,ou=people,o=eazel uid=tuser1,ou=people,o=eazel > > Can't call method "modify" on an undefined value at > /usr/lib/perl5/site_perl/5.005/Net/LDAP/Entry.pm line 200 > > This seems to be because I call $entry->update without any args, > but the manual sez: > CLIENT is only optional if the Net::LDAP::Entry object was created > by a search on a directory server. In which case, if omitted, the > update will be sent back to the same server. Ah, this needs to be removed from the docs. It may have just been an original intention. > Well, whatever, maybe this doesn't hold for changed dn's so, I give > it an explicit $entry->update($ldap). Now I get: yes that is right. > $ perl rename.pl uid=jbotz,ou=people,o=eazel password \ > uid=tuser,ou=people,o=eazel uid=tuser1,ou=people,o=eazel > > Can't use an undefined value as an ARRAY reference at > /usr/lib/perl5/site_perl/5.005/Net/LDAP.pm line 313. > > This seems to be because Net::LDAP->modify doesn't know its change > type. Adding an explicit $entry->changetype('modify') to my script > gets me further, but shouldn't the fact that I changed the dn have > tipped it off? No, this should be trapped. You cannot change a dn in this way, you can only change attributes. So ->update should of done nothing but return an error. > Anyway, now my program runs all the way through and produces the > following error: > > Error: LDAP_PROTOCOL_ERROR -- Unrecognized version number or incorrect > PDU structure > > Right now I'm pretty clueless what this could mean. All I'm trying > to do at the moment is change the RDN! (On a Netscape 4.11 server, > and the OpenLDAP ldapmodrdn(1) program works fine.) Well try using $ldap->moddn( $entry->dn, newrdn => $newrdn ); Graham. |
From: Mark W. <mew...@un...> - 2000-09-08 13:41:27
|
You can't use a standard modify to just change the DN of the entry. You must do a modrdn (can't remember if that's in the current api or not, check the docs). If you want to use modify to change the dn of an entry, you must copy all of the attributes from the old entry into an Entry object, set the new dn and then add that object to the server. Mark On Thu, 7 Sep 2000, Jurgen Botz wrote: > So I wrote simple little program to change the dn of an entry > (attached), and first it fails as follows: > > $ perl rename.pl uid=jbotz,ou=people,o=eazel password \ > uid=tuser,ou=people,o=eazel uid=tuser1,ou=people,o=eazel > > Can't call method "modify" on an undefined value at > /usr/lib/perl5/site_perl/5.005/Net/LDAP/Entry.pm line 200 > > This seems to be because I call $entry->update without any args, > but the manual sez: > CLIENT is only optional if the Net::LDAP::Entry object was created > by a search on a directory server. In which case, if omitted, the > update will be sent back to the same server. > > Well, whatever, maybe this doesn't hold for changed dn's so, I give > it an explicit $entry->update($ldap). Now I get: > > $ perl rename.pl uid=jbotz,ou=people,o=eazel password \ > uid=tuser,ou=people,o=eazel uid=tuser1,ou=people,o=eazel > > Can't use an undefined value as an ARRAY reference at > /usr/lib/perl5/site_perl/5.005/Net/LDAP.pm line 313. > > This seems to be because Net::LDAP->modify doesn't know its change > type. Adding an explicit $entry->changetype('modify') to my script > gets me further, but shouldn't the fact that I changed the dn have > tipped it off? > > Anyway, now my program runs all the way through and produces the > following error: > > Error: LDAP_PROTOCOL_ERROR -- Unrecognized version number or incorrect > PDU structure > > Right now I'm pretty clueless what this could mean. All I'm trying > to do at the moment is change the RDN! (On a Netscape 4.11 server, > and the OpenLDAP ldapmodrdn(1) program works fine.) > > - Jurgen > > > |
From: Jim H. <ha...@us...> - 2000-09-19 15:20:46
|
I'm attempting to move an entry to another container via copy and delete since my server (Novell NDS eDirectory) apparently won't allow a moddn to a different one. I am using perl-ldap-0.19 and perl 5.005_03 on one Solaris system and perl-ldap-0.22 on another. Strange things are happening with both versions. In executing the code below, which is a callback from a search, it prints the "attempting to add" message for both things found in the search, but never prints either "Add fail" or "attempting to delete", which seems like an impossibility. It goes into some sort of catatonic state after printing the 2 "attempting to add" messages. It also neither adds nor deletes. Any ideas of what I should try? Here is the code I am using: sub process_entry { # execute this once for each entry found in searchldap my $uid; my ( $search, $entry ) = @_ ; return unless $search; return unless $entry; $dn = $entry->dn; # get the dn for this one; #set the dn for the corresponding disabled place my $newdn = $dn; $dn =~ /^\w+\=(\w+)/; # the first thing in the dn is what we want $uid = $1; # the uid $newdn =~ s/o\s*\=\s*usna/ou\=usna\,o\=disabled/i; my $newentry = Net::LDAP::Entry->new; $newentry = $entry; $newentry->dn($newdn); print "attempting to add entry ",$newentry->dn,"\n" if $testing; $mesg = $ldap->add($newentry); if ($mesg->code) { print "Add fail for $newdn\n ", Net::LDAP::Util::ldap_error_name($mesg->code), "\n" if $testing; print ERROR "Add fail for $newdn\n ", Net::LDAP::Util::ldap_error_name($mesg->code), "\n"; } else { print "attempting to delete $dn\n" if $testing; $mesg = $ldap->delete($dn); #delete old entry print LOG "moved to $newdn\n"; if ($mesg->code) { print "Delete fail for $dn\n ", Net::LDAP::Util::ldap_error_name($mesg->code), "\n" if $testing; print ERROR "Delete fail for $dn\n ", Net::LDAP::Util::ldap_error_name($mesg->code), "\n"; } else { if ($testing) { print "would have sent deluser for $uid\n"; } else { system "senddeluser $uid"; } } } $search->pop_entry; } --Jim Harle |
From: spencer <sp...@co...> - 2000-09-20 09:03:12
|
Hi, Does anyonne know if perl-ldap has any function call which allows for manipulation of Access Control of directory tree? I don't remember seeing this topic being discussed before. Please kindly point out. Many thanks. spencer |
From: Chris R. <chr...@me...> - 2000-09-20 10:22:56
|
spencer <sp...@co...> wrote: > Hi, > Does anyonne know if perl-ldap has any function call which allows for > manipulation of Access Control of directory tree? I don't remember seeing > this topic being discussed before. Please kindly point out. > > Many thanks. > > spencer > Specification of access controls is not defined by any LDAP RFCs, so each server will handle them in an effectively proprietary way. Many servers store access controls in attributes of entries in the directory, so you can use the existing Net::LDAP methods (eg modify) to change access controls. The syntax used by access controls is also not well defined. RFC 2252 assigns an OID to a syntax called ACIitem, which is how you define access controls in an X.500 directory server. No string form of this syntax is defined (ie you can only use ;binary to manipulate the values) and it is not likely to be the same as the LDAP-specific access control syntax which is being approximately defined in an Internet Draft. So you can probably already do it with Net::LDAP, but you are pretty much on your own regarding the form of the values holding the access controls. Cheers, Chris |
From: Mark W. <mew...@un...> - 2000-09-20 13:42:44
|
It depends upon the LDAP server. For example the IPlanet directory server the access controls are stored as attributes in the directory. Many other servers require you to update the server access controls are stored outside of the directory. Mark On Wed, 20 Sep 2000, spencer wrote: > Hi, > Does anyonne know if perl-ldap has any function call which allows for > manipulation of Access Control of directory tree? I don't remember seeing > this topic being discussed before. Please kindly point out. > > Many thanks. > > spencer > > |
From: Jim H. <ha...@us...> - 2000-09-20 12:44:52
|
I haven't yet gotten any nibbles on this. I will add some clarification and a line of code. The 3 lines : print "attempting to add entry ",$newentry->dn,"\n" if $testing; $mesg = $ldap->add($newentry); print "returned ", $mesg->code,"\n"; result in "attempting to add" being printed twice with no "returned'. If I run with perl -d and put breakpoints at the two prints above, the second one is never caught and after the second, it loops so tightly that I can't even use Ctl-C to get out. Any ideas? --Jim Harle On Tue, 19 Sep 2000, Jim Harle wrote: > I'm attempting to move an entry to another container via copy and delete > since my server (Novell NDS eDirectory) apparently won't allow a moddn to > a different one. I am using perl-ldap-0.19 and perl 5.005_03 on one > Solaris system and perl-ldap-0.22 on another. Strange things are happening > with both versions. In executing the code below, which is a callback from > a search, it prints the "attempting to add" message for both things found > in the search, but never prints either "Add fail" or "attempting to > delete", which seems like an impossibility. It goes into some sort of > catatonic state after printing the 2 "attempting to add" messages. It > also neither adds nor deletes. > > Any ideas of what I should try? > > Here is the code I am using: > > sub process_entry { > # execute this once for each entry found in searchldap > my $uid; > my ( $search, $entry ) = @_ ; > return unless $search; > return unless $entry; > $dn = $entry->dn; # get the dn for this one; > #set the dn for the corresponding disabled place > my $newdn = $dn; > $dn =~ /^\w+\=(\w+)/; # the first thing in the dn is what we > want > $uid = $1; # the uid > $newdn =~ s/o\s*\=\s*usna/ou\=usna\,o\=disabled/i; > my $newentry = Net::LDAP::Entry->new; > $newentry = $entry; > $newentry->dn($newdn); > print "attempting to add entry ",$newentry->dn,"\n" if $testing; > $mesg = $ldap->add($newentry); > if ($mesg->code) { > print "Add fail for $newdn\n ", > Net::LDAP::Util::ldap_error_name($mesg->code), "\n" if > $testing; > print ERROR "Add fail for $newdn\n ", > Net::LDAP::Util::ldap_error_name($mesg->code), "\n"; > } else { > print "attempting to delete $dn\n" if $testing; > $mesg = $ldap->delete($dn); #delete old entry > print LOG "moved to $newdn\n"; > if ($mesg->code) { > print "Delete fail for $dn\n ", > Net::LDAP::Util::ldap_error_name($mesg->code), "\n" if > $testing; > print ERROR "Delete fail for $dn\n ", > Net::LDAP::Util::ldap_error_name($mesg->code), "\n"; > } else { > if ($testing) { > print "would have sent deluser for $uid\n"; > } else { > system "senddeluser $uid"; > } > } > } > $search->pop_entry; > } > > > --Jim Harle > > > |
From: Graham B. <gb...@po...> - 2000-09-20 13:58:19
|
Well cannot duplicate it. I have just tried $mesg = $ldap->search(base => $BASEDN, filter => '(&(sn=jensen)(cn=Barbara*))', callback => sub { return unless $_[1]; my $newentry = $_[1]; my $dn = $newentry->dn; $dn =~ s/=/=xx/; $newentry->dn($dn); print "attempting to add entry ",$newentry->dn,"\n"; $mesg = $ldap->add($newentry); print "returned ", $mesg->code,"\n"; }); And the first time I got $ perl -Ilib dummy attempting to add entry cn=xxBarbara Jensen, ou=Information Technology Division, ou=People, o=University of Michigan, c=US returned 0 The next time I got perl -Ilib dummy attempting to add entry cn=xxBarbara Jensen, ou=Information Technology Division, ou=People, o=University of Michigan, c=US attempting to add entry cn=xxxxBarbara Jensen, ou=Information Technology Division, ou=People, o=University of Michigan, c=US returned 0 returned 68 Now the order of the output may seem strange, but it is correct. Graham. On Wed, Sep 20, 2000 at 08:44:41AM -0400, Jim Harle wrote: > I haven't yet gotten any nibbles on this. I will add some clarification > and a line of code. The 3 lines : > print "attempting to add entry ",$newentry->dn,"\n" if $testing; > $mesg = $ldap->add($newentry); > print "returned ", $mesg->code,"\n"; > result in "attempting to add" being printed twice with no "returned'. If > I run with perl -d and put breakpoints at the two prints above, the second > one is never caught and after the second, it loops so tightly that I can't > even use Ctl-C to get out. Any ideas? > > --Jim Harle > > > On Tue, 19 Sep 2000, Jim Harle wrote: > > > I'm attempting to move an entry to another container via copy and delete > > since my server (Novell NDS eDirectory) apparently won't allow a moddn to > > a different one. I am using perl-ldap-0.19 and perl 5.005_03 on one > > Solaris system and perl-ldap-0.22 on another. Strange things are happening > > with both versions. In executing the code below, which is a callback from > > a search, it prints the "attempting to add" message for both things found > > in the search, but never prints either "Add fail" or "attempting to > > delete", which seems like an impossibility. It goes into some sort of > > catatonic state after printing the 2 "attempting to add" messages. It > > also neither adds nor deletes. > > > > Any ideas of what I should try? > > > > Here is the code I am using: > > > > sub process_entry { > > # execute this once for each entry found in searchldap > > my $uid; > > my ( $search, $entry ) = @_ ; > > return unless $search; > > return unless $entry; > > $dn = $entry->dn; # get the dn for this one; > > #set the dn for the corresponding disabled place > > my $newdn = $dn; > > $dn =~ /^\w+\=(\w+)/; # the first thing in the dn is what we > > want > > $uid = $1; # the uid > > $newdn =~ s/o\s*\=\s*usna/ou\=usna\,o\=disabled/i; > > my $newentry = Net::LDAP::Entry->new; > > $newentry = $entry; > > $newentry->dn($newdn); > > print "attempting to add entry ",$newentry->dn,"\n" if $testing; > > $mesg = $ldap->add($newentry); > > if ($mesg->code) { > > print "Add fail for $newdn\n ", > > Net::LDAP::Util::ldap_error_name($mesg->code), "\n" if > > $testing; > > print ERROR "Add fail for $newdn\n ", > > Net::LDAP::Util::ldap_error_name($mesg->code), "\n"; > > } else { > > print "attempting to delete $dn\n" if $testing; > > $mesg = $ldap->delete($dn); #delete old entry > > print LOG "moved to $newdn\n"; > > if ($mesg->code) { > > print "Delete fail for $dn\n ", > > Net::LDAP::Util::ldap_error_name($mesg->code), "\n" if > > $testing; > > print ERROR "Delete fail for $dn\n ", > > Net::LDAP::Util::ldap_error_name($mesg->code), "\n"; > > } else { > > if ($testing) { > > print "would have sent deluser for $uid\n"; > > } else { > > system "senddeluser $uid"; > > } > > } > > } > > $search->pop_entry; > > } > > > > > > --Jim Harle > > > > > > > > |
From: Mark W. <mew...@un...> - 2000-09-20 13:51:35
|
Have you sent Graham a dump of debug(3)? Mark On Wed, 20 Sep 2000, Jim Harle wrote: > I haven't yet gotten any nibbles on this. I will add some clarification > and a line of code. The 3 lines : > print "attempting to add entry ",$newentry->dn,"\n" if $testing; > $mesg = $ldap->add($newentry); > print "returned ", $mesg->code,"\n"; > result in "attempting to add" being printed twice with no "returned'. If > I run with perl -d and put breakpoints at the two prints above, the second > one is never caught and after the second, it loops so tightly that I can't > even use Ctl-C to get out. Any ideas? > > --Jim Harle > > > On Tue, 19 Sep 2000, Jim Harle wrote: > > > I'm attempting to move an entry to another container via copy and delete > > since my server (Novell NDS eDirectory) apparently won't allow a moddn to > > a different one. I am using perl-ldap-0.19 and perl 5.005_03 on one > > Solaris system and perl-ldap-0.22 on another. Strange things are happening > > with both versions. In executing the code below, which is a callback from > > a search, it prints the "attempting to add" message for both things found > > in the search, but never prints either "Add fail" or "attempting to > > delete", which seems like an impossibility. It goes into some sort of > > catatonic state after printing the 2 "attempting to add" messages. It > > also neither adds nor deletes. > > > > Any ideas of what I should try? > > > > Here is the code I am using: > > > > sub process_entry { > > # execute this once for each entry found in searchldap > > my $uid; > > my ( $search, $entry ) = @_ ; > > return unless $search; > > return unless $entry; > > $dn = $entry->dn; # get the dn for this one; > > #set the dn for the corresponding disabled place > > my $newdn = $dn; > > $dn =~ /^\w+\=(\w+)/; # the first thing in the dn is what we > > want > > $uid = $1; # the uid > > $newdn =~ s/o\s*\=\s*usna/ou\=usna\,o\=disabled/i; > > my $newentry = Net::LDAP::Entry->new; > > $newentry = $entry; > > $newentry->dn($newdn); > > print "attempting to add entry ",$newentry->dn,"\n" if $testing; > > $mesg = $ldap->add($newentry); > > if ($mesg->code) { > > print "Add fail for $newdn\n ", > > Net::LDAP::Util::ldap_error_name($mesg->code), "\n" if > > $testing; > > print ERROR "Add fail for $newdn\n ", > > Net::LDAP::Util::ldap_error_name($mesg->code), "\n"; > > } else { > > print "attempting to delete $dn\n" if $testing; > > $mesg = $ldap->delete($dn); #delete old entry > > print LOG "moved to $newdn\n"; > > if ($mesg->code) { > > print "Delete fail for $dn\n ", > > Net::LDAP::Util::ldap_error_name($mesg->code), "\n" if > > $testing; > > print ERROR "Delete fail for $dn\n ", > > Net::LDAP::Util::ldap_error_name($mesg->code), "\n"; > > } else { > > if ($testing) { > > print "would have sent deluser for $uid\n"; > > } else { > > system "senddeluser $uid"; > > } > > } > > } > > $search->pop_entry; > > } > > > > > > --Jim Harle > > > > > > > > > |