perl.ldap http://www.nntp.perl.org/group/perl.ldap/ ... Copyright 1998-2014 perl.org Sat, 20 Dec 2014 21:34:20 +0000 ask@perl.org Re: reset AD user password when account is expired by Justin Alcorn One a password has expired, the only way for a user to reset their own<br/>password is C-A-D from a domain workstation. And no vpn.<br/><br/>-- Sent from my Droid. Please excuse any tpyos and autocorrect errors.<br/>On Nov 21, 2014 4:19 PM, &quot;Natxo Asenjo&quot; &lt;natxo.asenjo@gmail.com&gt; wrote:<br/><br/>&gt; hi,<br/>&gt;<br/>&gt; using code like in the FAQ it is really simple to change the password<br/>&gt; of an AD user.<br/>&gt;<br/>&gt; Unfortunately, once the account is already expired I get this error:<br/>&gt;<br/>&gt; 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext<br/>&gt; error, data 773, v1db1<br/>&gt;<br/>&gt; And according to http://www-01.ibm.com/support/docview.wss?uid=swg21290631<br/>&gt; ,<br/>&gt;<br/>&gt; 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext<br/>&gt; error, data 773, v893<br/>&gt; HEX: 0x773 - user must reset password<br/>&gt; DEC: 1907 - ERROR_PASSWORD_MUST_CHANGE (The user&#39;s password must be<br/>&gt; changed before logging on the first time.)<br/>&gt; LDAP[pwdLastSet: &lt;value of 0 indicates admin-required password<br/>&gt; change&gt;] - MUST_CHANGE_PASSWD<br/>&gt; NOTE: Returns only when presented with valid username and<br/>&gt; password/credential<br/>&gt;<br/>&gt; I am actually binding as the user self (this will be a self-service<br/>&gt; site for our users to reset their passwords). Is it possible to change<br/>&gt; one&#39;s password once the account has expired or do I have to bind as a<br/>&gt; service account and reset the user password like that? I prefer not<br/>&gt; having to hardcode credentials in the application, but if there is no<br/>&gt; other way ..<br/>&gt;<br/>&gt; Thanks!<br/>&gt;<br/>&gt; --<br/>&gt; Groeten,<br/>&gt; natxo<br/>&gt;<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/11/msg3788.html Mon, 24 Nov 2014 01:27:27 +0000 Re: reset AD user password when account is expired by Bruce Johnson <br/>On Nov 21, 2014, at 2:19 PM, Natxo Asenjo &lt;natxo.asenjo@gmail.com&lt;mailto:natxo.asenjo@gmail.com&gt;&gt; wrote:<br/><br/>hi,<br/><br/>using code like in the FAQ it is really simple to change the password<br/>of an AD user.<br/><br/>Unfortunately, once the account is already expired I get this error:<br/><br/>80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext<br/>error, data 773, v1db1<br/><br/>There&#146;s this thread at perlmonks that might help:<br/><br/>&lt;http://www.perlmonks.org/?node_id=751018&gt;<br/><br/>Shorter: You can&#146;t do it with LDAP; you have to do it via Kerberos.<br/><br/>--<br/>Bruce Johnson<br/>University of Arizona<br/>College of Pharmacy<br/>Information Technology Group<br/><br/>Institutions do not have opinions, merely customs<br/><br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/11/msg3787.html Fri, 21 Nov 2014 21:36:41 +0000 reset AD user password when account is expired by Natxo Asenjo hi,<br/><br/>using code like in the FAQ it is really simple to change the password<br/>of an AD user.<br/><br/>Unfortunately, once the account is already expired I get this error:<br/><br/>80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext<br/>error, data 773, v1db1<br/><br/>And according to http://www-01.ibm.com/support/docview.wss?uid=swg21290631,<br/><br/>80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext<br/>error, data 773, v893<br/>HEX: 0x773 - user must reset password<br/>DEC: 1907 - ERROR_PASSWORD_MUST_CHANGE (The user&#39;s password must be<br/>changed before logging on the first time.)<br/>LDAP[pwdLastSet: &lt;value of 0 indicates admin-required password<br/>change&gt;] - MUST_CHANGE_PASSWD<br/>NOTE: Returns only when presented with valid username and password/credential<br/><br/>I am actually binding as the user self (this will be a self-service<br/>site for our users to reset their passwords). Is it possible to change<br/>one&#39;s password once the account has expired or do I have to bind as a<br/>service account and reset the user password like that? I prefer not<br/>having to hardcode credentials in the application, but if there is no<br/>other way ..<br/><br/>Thanks!<br/><br/>--<br/>Groeten,<br/>natxo<br/> http://www.nntp.perl.org/group/perl.ldap/2014/11/msg3786.html Fri, 21 Nov 2014 21:19:10 +0000 ppm install on Activestate perl fails by dave tansek I hope this is the correct way to ask a question. I have been trying for<br/>several days to get LDAP to work in my perl ActiveState 5.8 (32bit) system.<br/>I keep getting an error from the Constant.PM file.<br/><br/>I am given the following messages:<br/>---<br/>&quot;import&quot; is not exported by the Exporter module<br/>Can&#39;t continue after import errors at C:/Perl/site/lib/Net/LDAP/Constant.pm<br/>line 7<br/>BEGIN failed--compilation aborted at C:/Perl/site/lib/Net/LDAP/Constant.pm<br/>line 7.<br/>Compilation failed in require at C:/Perl/site/lib/Net/LDAP/Message.pm line<br/>5.<br/>BEGIN failed--compilation aborted at C:/Perl/site/lib/Net/LDAP/Message.pm<br/>line 5.<br/>Compilation failed in require at C:/Perl/site/lib/Net/LDAP.pm line 11.<br/>BEGIN failed--compilation aborted at C:/Perl/site/lib/Net/LDAP.pm line 11.<br/>Compilation failed in require at ldap-test2.pl line 2.<br/>BEGIN failed--compilation aborted at ldap-test2.pl line 2.<br/>---<br/>If I comment out the Exporter line in Constats.pm, then none of the<br/>constants are brought in, so the program fails.<br/><br/>I tried several different versions of the perl-ldap package with the same<br/>results (ppm wants to install 4.001 always).<br/><br/>Any help would be greatly appreciated!<br/><br/>Thanks,<br/><br/>Dave.<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/10/msg3785.html Wed, 29 Oct 2014 05:38:29 +0000 Re: supportedSaslMechanisms during ADD by Quanah Gibson-Mount --On Thursday, October 16, 2014 12:08 AM +0100 Chris Ridd <br/>&lt;chrisridd@mac.com&gt; wrote:<br/><br/>&gt; Anyway, this is mostly not related to Net::LDAP - you need to talk to the<br/>&gt; OpenLDAP folks to see if they will help you.<br/><br/>OpenLDAP defaults to using SSHA as the password hashing mechanism. If your <br/>system is hashing it in cleartext, then you are:<br/>(a) updating the userPassword value via the rootdn,<br/><br/>or<br/><br/>(b) updating userPassword without correctly using the LDAP Password Modify <br/>Extended Operation<br/><br/>or<br/><br/>(c) modified your slapd configuration to not use SSHA as the default<br/><br/>&gt;From the cn=config man page:<br/><br/> olcPasswordHash: &lt;hash&gt; [&lt;hash&gt;...]<br/> This option configures one or more hashes to be used <br/>in<br/> generation of user passwords stored in the <br/>userPassword<br/> attribute during processing of LDAP Password Modify <br/>Extended<br/> Operations (RFC 3062). The &lt;hash&gt; must be one of {SSHA}, <br/>{SHA},<br/> {SMD5}, {MD5}, {CRYPT}, and {CLEARTEXT}. The default is <br/>{SSHA}.<br/><br/> {SHA} and {SSHA} use the SHA-1 algorithm (FIPS 160-1), <br/>the<br/> latter with a seed.<br/><br/> {MD5} and {SMD5} use the MD5 algorithm (RFC 1321), the <br/>latter<br/> with a seed.<br/><br/> {CRYPT} uses the crypt(3).<br/><br/> {CLEARTEXT} indicates that the new password should be added <br/>to<br/> userPassword as clear text.<br/><br/> Note that this option does not alter the normal <br/>user<br/> applications handling of userPassword during LDAP Add, <br/>Modify,<br/> or other LDAP operations. This setting is only allowed in <br/>the<br/> frontend entry.<br/><br/>--Quanah<br/><br/>--<br/><br/>Quanah Gibson-Mount<br/>Server Architect<br/>Zimbra, Inc.<br/>--------------------<br/>Zimbra :: the leader in open source messaging and collaboration<br/> http://www.nntp.perl.org/group/perl.ldap/2014/10/msg3784.html Fri, 17 Oct 2014 18:54:05 +0000 Re: OpenLDAP Prerequesite in Apache 2.4 to use LDAPRetriesDirective by Quanah Gibson-Mount --On Thursday, October 09, 2014 11:41 AM -0400 Brian Gaber <br/>&lt;Brian.Gaber@ssc-spc.gc.ca&gt; wrote:<br/><br/>&gt;<br/>&gt;<br/>&gt; I have upgraded to Apache 2.4.10 and have added this directive to<br/>&gt; httpd.conf<br/>&gt;<br/>&gt;<br/>&gt;<br/>&gt; LDAPRetries 3<br/><br/>What in the world does this have to do with the Perl LDAP module?<br/><br/>--Quanah<br/><br/><br/>--<br/><br/>Quanah Gibson-Mount<br/>Server Architect<br/>Zimbra, Inc.<br/>--------------------<br/>Zimbra :: the leader in open source messaging and collaboration<br/> http://www.nntp.perl.org/group/perl.ldap/2014/10/msg3783.html Fri, 17 Oct 2014 18:50:25 +0000 Re: supportedSaslMechanisms during ADD by Chris Ridd <br/>On 13 Oct 2014, at 17:12, VANOLE, MICHAEL J &lt;mv5492@att.com&gt; wrote:<br/><br/>&gt; Thanks Dieter,<br/>&gt; <br/>&gt; Our ldap is compiled with sasl, but I don&#39;t think I asked the question correctly.<br/>&gt; <br/>&gt; Sun One must be doing the MD5 (or whatever) encryption locally and applying the userPassword that way. I just have to specify what I want via the supportedSaslMechanisms attribute. Openldap does not like this.<br/><br/>Ah, I think you&#39;re talking about password hashing (see RFC 2307 5.3), *not* SASL. Password hashing is generally incompatible with SASL. It just so happens that you are using MD5 to hash your password, and you found a SASL mechanism also with MD5 in the name...<br/><br/>NB the unsalted version of MD5 is really insecure and you should not use it for passwords. Google for &quot;rainbow tables&quot;.<br/><br/>&gt; 2. This excellent help: http://blog.gauner.org/blog/2010/12/19/handling-salted-passwords-in-perl/ using the ldap_md5 subroutine (I&#39;m sure the others work just as well)<br/>&gt; $userpass = &quot;{MD5}&quot; . pad_base64( Digest::MD5::md5_base64($clearpass) );<br/>&gt; <br/>&gt; Then pass then as shown below. Both work great, though I&#39;m sure there is something to be cautious about.<br/><br/>Yes there is definitely an issue with doing that. The server may not allow the client to pre-encode the password, and it may *require* that you send it the plaintext password in the add/modify operation so that it can do some password validation (quality checking) on the value. That cannot be performed if the client has pre-encoded the password.<br/><br/>Anyway, this is mostly not related to Net::LDAP - you need to talk to the OpenLDAP folks to see if they will help you.<br/><br/>Chris http://www.nntp.perl.org/group/perl.ldap/2014/10/msg3782.html Wed, 15 Oct 2014 22:08:30 +0000 RE: supportedSaslMechanisms during ADD by VANOLE, MICHAEL J Thanks Dieter, <br/> <br/>Our ldap is compiled with sasl, but I don&#39;t think I asked the question correctly. <br/> <br/>Sun One must be doing the MD5 (or whatever) encryption locally and applying the userPassword that way. I just have to specify what I want via the supportedSaslMechanisms attribute. Openldap does not like this. <br/> <br/>[Our] Openldap is defaulting to plaintext, and I wanted to apply a better default - at least MD5, and I wanted to be able to override plaintext during the user add process shown below using net ldap. Doing this I can have different encryptions for different users or user types on the same ldap, though I&#39;m not sure why I would do this. <br/> <br/>I did not find anything I could configure on ldap as a better default so I will encrypt the password and specify the encrypted version during the user add. There are two ways I found I can to do this: <br/> <br/>1. use the slappasswd utility to create the password <br/> $userpass = qx!/usr/local/sbin/slappasswd -s $clearpass -h {MD5}!; <br/> <br/>2. This excellent help: http://blog.gauner.org/blog/2010/12/19/handling-salted-passwords-in-perl/ using the ldap_md5 subroutine (I&#39;m sure the others work just as well) <br/> $userpass = &quot;{MD5}&quot; . pad_base64( Digest::MD5::md5_base64($clearpass) ); <br/> <br/>Then pass then as shown below. Both work great, though I&#39;m sure there is something to be cautious about. <br/> <br/>I guess I was hoping for an answer where my second solution was in some way supported in net ldap. I&#39;m not sure this is possible, or practical. <br/> <br/>Mike <br/> <br/> <br/>-----Original Message----- <br/>From: Dieter Kl&Atilde;&frac14;nter [mailto:dieter@dkluenter.de] <br/>Sent: Sunday, October 12, 2014 2:36 AM <br/>To: perl-ldap@perl.org <br/>Subject: Re: supportedSaslMechanisms during ADD <br/> <br/>Am Thu, 9 Oct 2014 13:51:33 +0000 <br/>schrieb &quot;VANOLE, MICHAEL J&quot; &lt;mv5492@att.com&gt;: <br/> <br/>&gt; Greetings, <br/>&gt; <br/>&gt; This might be more of an ldap question, but I&acirc;&#128;&#153;m going to try this <br/>&gt; list. <br/>&gt; <br/>&gt; I use net ldap to create new users on Sun One Directory v7 (ODSEE), <br/>&gt; and on openldap. <br/>&gt; <br/>&gt; With ODSEE I&acirc;&#128;&#153;m able to specify which sasl mechanism I want a user to <br/>&gt; have like so: <br/>&gt; <br/>&gt; $adduser = $ldap-&gt;add( $user_dn, <br/>&gt; attr =&gt; [ <br/>&gt; &#39;uid&#39; =&gt; $ldap_uid, <br/>&gt; &#39;cn&#39; =&gt; <br/>&gt; &quot;$ldap_last_name $ldap_first_name&quot;, &#39;givenname&#39; <br/>&gt; =&gt; $ldap_first_name, &#39;sn&#39; =&gt; <br/>&gt; $ldap_last_name, &#39;objectclass&#39; =&gt; <br/>&gt; [&#39;top&#39;,&#39;person&#39;,&#39;organizationalPerson&#39;,&#39;inetorgperson&#39;], <br/>&gt; &#39;userpassword&#39; =&gt; $userpass, <br/>&gt; &#39;nsaccountlock&#39; =&gt; &#39;false&#39;, <br/>&gt; &#39;supportedsaslmechanisms&#39; =&gt; <br/>&gt; &#39;cn=default,cn=DIGEST-MD5,cn=identity mapping,cn=config&#39; ]); <br/>&gt; <br/>&gt; With openldap this fails with a message about sasl mechanism can only <br/>&gt; be applied to rootdse. I have several supported mechanisms I can <br/>&gt; choose from. Part of the problem might be I don&acirc;&#128;&#153;t know the &acirc;&#128;&#152;cn&acirc;&#128;&#153; for <br/>&gt; them as I have above, so I tried this: <br/>&gt; <br/>&gt; $adduser = $ldap-&gt;add( $user_dn, <br/>&gt; attr =&gt; [ <br/>&gt; &#39;uid&#39; =&gt; $ldap_uid, <br/>&gt; &#39;cn&#39; =&gt; <br/>&gt; &quot;$ldap_last_name $ldap_first_name&quot;, &#39;givenname&#39; <br/>&gt; =&gt; $ldap_first_name, &#39;sn&#39; =&gt; <br/>&gt; $ldap_last_name, &#39;objectclass&#39; =&gt; <br/>&gt; [&#39;top&#39;,&#39;person&#39;,&#39;organizationalPerson&#39;,&#39;inetorgperson&#39;], <br/>&gt; &#39;userpassword&#39; =&gt; $userpass, <br/>&gt; &#39;supportedsaslmechanisms&#39; =&gt; &#39;DIGEST-MD5&#39; ]); <br/>&gt; <br/>&gt; Should this work with openldap if I had the full hierarchy path the <br/>&gt; the sasl mechanism? What would that be on openldap if so? <br/> <br/>If OpenLDAP has been compiled with cyrus-sasl, sasl mechanism are <br/>declared in $HOME/sasl2/slapd.conf. On Linux this would <br/>be /usr/lib/sasl2/slapd.conf or /etc/sasl2/slapd.conf. Read the <br/>cyrus-sasl docs <br/>http://www.cyrusimap.org/docs/cyrus-sasl/2.1.25/sysadmin.php <br/>and openldap docs <br/>http://www.openldap.org/doc/admin24/sasl.html <br/> <br/>-Dieter <br/> <br/>-- <br/>Dieter Kl&Atilde;&frac14;nter | Systemberatung <br/>http://sys4.de <br/>GPG Key ID: E9ED159B <br/>53&Acirc;&deg;37&#39;09,95&quot;N <br/>10&Acirc;&deg;08&#39;02,42&quot;E <br/> http://www.nntp.perl.org/group/perl.ldap/2014/10/msg3781.html Tue, 14 Oct 2014 05:07:39 +0000 Re: supportedSaslMechanisms during ADD by Dieter Klünter Am Thu, 9 Oct 2014 13:51:33 +0000<br/>schrieb &quot;VANOLE, MICHAEL J&quot; &lt;mv5492@att.com&gt;:<br/><br/>&gt; Greetings,<br/>&gt; <br/>&gt; This might be more of an ldap question, but I&rsquo;m going to try this<br/>&gt; list.<br/>&gt; <br/>&gt; I use net ldap to create new users on Sun One Directory v7 (ODSEE),<br/>&gt; and on openldap.<br/>&gt; <br/>&gt; With ODSEE I&rsquo;m able to specify which sasl mechanism I want a user to<br/>&gt; have like so:<br/>&gt; <br/>&gt; $adduser = $ldap-&gt;add( $user_dn,<br/>&gt; attr =&gt; [<br/>&gt; &#39;uid&#39; =&gt; $ldap_uid,<br/>&gt; &#39;cn&#39; =&gt;<br/>&gt; &quot;$ldap_last_name $ldap_first_name&quot;, &#39;givenname&#39;<br/>&gt; =&gt; $ldap_first_name, &#39;sn&#39; =&gt;<br/>&gt; $ldap_last_name, &#39;objectclass&#39; =&gt;<br/>&gt; [&#39;top&#39;,&#39;person&#39;,&#39;organizationalPerson&#39;,&#39;inetorgperson&#39;],<br/>&gt; &#39;userpassword&#39; =&gt; $userpass,<br/>&gt; &#39;nsaccountlock&#39; =&gt; &#39;false&#39;,<br/>&gt; &#39;supportedsaslmechanisms&#39; =&gt;<br/>&gt; &#39;cn=default,cn=DIGEST-MD5,cn=identity mapping,cn=config&#39; ]);<br/>&gt; <br/>&gt; With openldap this fails with a message about sasl mechanism can only<br/>&gt; be applied to rootdse. I have several supported mechanisms I can<br/>&gt; choose from. Part of the problem might be I don&rsquo;t know the &lsquo;cn&rsquo; for<br/>&gt; them as I have above, so I tried this:<br/>&gt; <br/>&gt; $adduser = $ldap-&gt;add( $user_dn,<br/>&gt; attr =&gt; [<br/>&gt; &#39;uid&#39; =&gt; $ldap_uid,<br/>&gt; &#39;cn&#39; =&gt;<br/>&gt; &quot;$ldap_last_name $ldap_first_name&quot;, &#39;givenname&#39;<br/>&gt; =&gt; $ldap_first_name, &#39;sn&#39; =&gt;<br/>&gt; $ldap_last_name, &#39;objectclass&#39; =&gt;<br/>&gt; [&#39;top&#39;,&#39;person&#39;,&#39;organizationalPerson&#39;,&#39;inetorgperson&#39;],<br/>&gt; &#39;userpassword&#39; =&gt; $userpass,<br/>&gt; &#39;supportedsaslmechanisms&#39; =&gt; &#39;DIGEST-MD5&#39; ]);<br/>&gt; <br/>&gt; Should this work with openldap if I had the full hierarchy path the<br/>&gt; the sasl mechanism? What would that be on openldap if so?<br/><br/>If OpenLDAP has been compiled with cyrus-sasl, sasl mechanism are<br/>declared in $HOME/sasl2/slapd.conf. On Linux this would<br/>be /usr/lib/sasl2/slapd.conf or /etc/sasl2/slapd.conf. Read the<br/>cyrus-sasl docs<br/>http://www.cyrusimap.org/docs/cyrus-sasl/2.1.25/sysadmin.php<br/>and openldap docs<br/>http://www.openldap.org/doc/admin24/sasl.html<br/><br/>-Dieter<br/><br/>-- <br/>Dieter Kl&uuml;nter | Systemberatung<br/>http://sys4.de<br/>GPG Key ID: E9ED159B<br/>53&deg;37&#39;09,95&quot;N<br/>10&deg;08&#39;02,42&quot;E<br/> http://www.nntp.perl.org/group/perl.ldap/2014/10/msg3780.html Sun, 12 Oct 2014 07:36:01 +0000 supportedSaslMechanisms during ADD by VANOLE, MICHAEL J Greetings, <br/> <br/>This might be more of an ldap question, but I&acirc;&#128;&#153;m going to try this list. <br/> <br/>I use net ldap to create new users on Sun One Directory v7 (ODSEE), and on openldap. <br/> <br/>With ODSEE I&acirc;&#128;&#153;m able to specify which sasl mechanism I want a user to have like so: <br/> <br/> $adduser = $ldap-&gt;add( $user_dn, <br/> attr =&gt; [ <br/> &#39;uid&#39; =&gt; $ldap_uid, <br/> &#39;cn&#39; =&gt; &quot;$ldap_last_name $ldap_first_name&quot;, <br/> &#39;givenname&#39; =&gt; $ldap_first_name, <br/> &#39;sn&#39; =&gt; $ldap_last_name, <br/> &#39;objectclass&#39; =&gt; [&#39;top&#39;,&#39;person&#39;,&#39;organizationalPerson&#39;,&#39;inetorgperson&#39;], <br/> &#39;userpassword&#39; =&gt; $userpass, <br/> &#39;nsaccountlock&#39; =&gt; &#39;false&#39;, <br/> &#39;supportedsaslmechanisms&#39; =&gt; &#39;cn=default,cn=DIGEST-MD5,cn=identity mapping,cn=config&#39; <br/> ]); <br/> <br/>With openldap this fails with a message about sasl mechanism can only be applied to rootdse. <br/>I have several supported mechanisms I can choose from. Part of the problem might be I don&acirc;&#128;&#153;t know the &acirc;&#128;&#152;cn&acirc;&#128;&#153; for them as I have above, so I tried this: <br/> <br/> $adduser = $ldap-&gt;add( $user_dn, <br/> attr =&gt; [ <br/> &#39;uid&#39; =&gt; $ldap_uid, <br/> &#39;cn&#39; =&gt; &quot;$ldap_last_name $ldap_first_name&quot;, <br/> &#39;givenname&#39; =&gt; $ldap_first_name, <br/> &#39;sn&#39; =&gt; $ldap_last_name, <br/> &#39;objectclass&#39; =&gt; [&#39;top&#39;,&#39;person&#39;,&#39;organizationalPerson&#39;,&#39;inetorgperson&#39;], <br/> &#39;userpassword&#39; =&gt; $userpass, <br/> &#39;supportedsaslmechanisms&#39; =&gt; &#39;DIGEST-MD5&#39; <br/> ]); <br/> <br/>Should this work with openldap if I had the full hierarchy path the the sasl mechanism? What would that be on openldap if so? <br/> <br/>Many thanks <br/>Mike <br/> <br/> <br/> http://www.nntp.perl.org/group/perl.ldap/2014/10/msg3779.html Sat, 11 Oct 2014 20:36:04 +0000 OpenLDAP Prerequesite in Apache 2.4 to use LDAPRetries Directive by Brian Gaber I have upgraded to Apache 2.4.10 and have added this directive to httpd.conf<br/><br/> LDAPRetries 3<br/><br/>However the browser keeps prompting for username and password.<br/><br/>I have OpenLDAP 2.4.21 installed.<br/><br/>Thanks.<br/><br/>Brian<br/><br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/10/msg3778.html Thu, 09 Oct 2014 14:41:23 +0000 RE: Page control confusion by Dan Cutler Update: <br/> <br/>Changing the page size to 100 seems to solve the situation. <br/>I&acirc;&#128;&#153;m not sure why but I can live with the mystery. <br/> <br/>I&acirc;&#128;&#153;ve got about 2800 objects so 28 queries is just fine. <br/> <br/>Thanks anyway! <br/> <br/>--Dan <br/> <br/>From: Dan Cutler [mailto:dan.cutler@bluehealthintelligence.com] <br/>Sent: Tuesday, October 07, 2014 2:09 PM <br/>To: perl-ldap@perl.org <br/>Subject: Page control confusion <br/> <br/>Hello All! <br/> <br/>So I have a simple search using page control via response cookies. <br/> <br/>But for some strange reason, it just keeps searching as if it&acirc;&#128;&#153;s not seeing its own page cookie. <br/>I was under the impression that: <br/> my ($resp) = $search-&gt;control( LDAP_CONTROL_PAGED ) or last; <br/> <br/>would return the number of results coming back from my paged query. Under a debugger, I see this: <br/> <br/>main::get_from_ldap(./generic_audit.pl:82): <br/>82: my ($resp) = $search-&gt;control( LDAP_CONTROL_PAGED ) or last; <br/> DB&lt;2&gt; n <br/>main::get_from_ldap(./generic_audit.pl:83): <br/>83: $cookie = $resp-&gt;cookie or last; <br/> DB&lt;2&gt; print Dumper $resp <br/>$VAR1 = bless( { <br/> &#39;value&#39; =&gt; &#39;0&iuml;&iquest;&frac12;&iuml;&iquest;&frac12; <br/> <br/> &iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;}&amp;u&iuml;&iquest;&frac12;6&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;`&iuml;&iquest;&frac12;f)&iuml;&iquest;&frac12;Sm&iuml;&iquest;&frac12;r&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&Ograve;&plusmn;&times;&#145;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;ChO&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&#39;i&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;C <br/>&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;c&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;IK&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12; <br/>~$&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12; <br/> &iuml;&iquest;&frac12;!&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;INDEX_00000000&iuml;&iquest;&frac12; <br/> &iuml;&iquest;&frac12; <br/> &iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&#39;, <br/> &#39;type&#39; =&gt; &#39;1.2.840.113556.1.4.319&#39;, <br/> &#39;raw&#39; =&gt; undef <br/> }, &#39;Net::LDAP::Control::Paged&#39; ); <br/> <br/>I&acirc;&#128;&#153;m a bit confused. <br/> <br/>Can someone point out my error here? <br/> <br/>Thanks All! <br/> <br/>--Dan <br/> <br/> <br/>My snippet (mostly lifted from the example): <br/> <br/>use Net::LDAP; <br/>use Net::LDAP::Control::Paged; <br/>use Net::LDAP::Constant qw( LDAP_CONTROL_PAGED ); <br/> <br/>$ldap = AD::ldap_connect(&acirc;&#128;&brvbar;) unless $ldap; <br/>my $page = Net::LDAP::Control::Paged-&gt;new( size =&gt; 900 ); <br/> <br/>sub get_from_ldap { <br/> my $filter = shift; <br/> my @entries; <br/> my $cookie; <br/> my @sargs = ( base =&gt; $base_dn, <br/> scope =&gt; &#39;sub&#39;, <br/> filter =&gt; $filter, <br/> control =&gt; [ $page ] ); <br/> <br/> while(1) { <br/> my $search = $ldap-&gt;search(@sargs); <br/> # todo add check for $search-&gt;code to detect fail <br/> push(@entries,$search-&gt;entries); <br/> <br/> $search-&gt;code and last; <br/> my ($resp) = $search-&gt;control( LDAP_CONTROL_PAGED ) or last; <br/> $cookie = $resp-&gt;cookie or last; <br/> <br/> # reset cookie in paged control <br/> $page-&gt;cookie($cookie); <br/> } <br/> <br/> # clean up if last &acirc;&#128;&#147; probably don&acirc;&#128;&#153;t really have to do this but&acirc;&#128;&brvbar; <br/> if ($cookie) { <br/> $page-&gt;cookie($cookie); <br/> $page-&gt;size(0); <br/> $ldap-&gt;search(@sargs); <br/> } <br/> return (@entries); <br/>} <br/> <br/>my @entries = get_from_ldap(&acirc;&#128;&#152;objectclass=user&acirc;&#128;&#153;); <br/> <br/>&acirc;&#128;&brvbar; <br/> http://www.nntp.perl.org/group/perl.ldap/2014/10/msg3777.html Thu, 09 Oct 2014 13:20:56 +0000 Page control confusion by Dan Cutler Hello All! <br/> <br/>So I have a simple search using page control via response cookies. <br/> <br/>But for some strange reason, it just keeps searching as if it&acirc;&#128;&#153;s not seeing its own page cookie. <br/>I was under the impression that: <br/> my ($resp) = $search-&gt;control( LDAP_CONTROL_PAGED ) or last; <br/> <br/>would return the number of results coming back from my paged query. Under a debugger, I see this: <br/> <br/>main::get_from_ldap(./generic_audit.pl:82): <br/>82: my ($resp) = $search-&gt;control( LDAP_CONTROL_PAGED ) or last; <br/> DB&lt;2&gt; n <br/>main::get_from_ldap(./generic_audit.pl:83): <br/>83: $cookie = $resp-&gt;cookie or last; <br/> DB&lt;2&gt; print Dumper $resp <br/>$VAR1 = bless( { <br/> &#39;value&#39; =&gt; &#39;0&iuml;&iquest;&frac12;&iuml;&iquest;&frac12; <br/> <br/> &iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;}&amp;u&iuml;&iquest;&frac12;6&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;`&iuml;&iquest;&frac12;f)&iuml;&iquest;&frac12;Sm&iuml;&iquest;&frac12;r&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&Ograve;&plusmn;&times;&#145;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;ChO&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&#39;i&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;C <br/>&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;c&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;IK&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12; <br/>~$&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12; <br/> &iuml;&iquest;&frac12;!&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;INDEX_00000000&iuml;&iquest;&frac12; <br/> &iuml;&iquest;&frac12; <br/> &iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&iuml;&iquest;&frac12;&#39;, <br/> &#39;type&#39; =&gt; &#39;1.2.840.113556.1.4.319&#39;, <br/> &#39;raw&#39; =&gt; undef <br/> }, &#39;Net::LDAP::Control::Paged&#39; ); <br/> <br/>I&acirc;&#128;&#153;m a bit confused. <br/> <br/>Can someone point out my error here? <br/> <br/>Thanks All! <br/> <br/>--Dan <br/> <br/> <br/>My snippet (mostly lifted from the example): <br/> <br/>use Net::LDAP; <br/>use Net::LDAP::Control::Paged; <br/>use Net::LDAP::Constant qw( LDAP_CONTROL_PAGED ); <br/> <br/>$ldap = AD::ldap_connect(&acirc;&#128;&brvbar;) unless $ldap; <br/>my $page = Net::LDAP::Control::Paged-&gt;new( size =&gt; 900 ); <br/> <br/>sub get_from_ldap { <br/> my $filter = shift; <br/> my @entries; <br/> my $cookie; <br/> my @sargs = ( base =&gt; $base_dn, <br/> scope =&gt; &#39;sub&#39;, <br/> filter =&gt; $filter, <br/> control =&gt; [ $page ] ); <br/> <br/> while(1) { <br/> my $search = $ldap-&gt;search(@sargs); <br/> # todo add check for $search-&gt;code to detect fail <br/> push(@entries,$search-&gt;entries); <br/> <br/> $search-&gt;code and last; <br/> my ($resp) = $search-&gt;control( LDAP_CONTROL_PAGED ) or last; <br/> $cookie = $resp-&gt;cookie or last; <br/> <br/> # reset cookie in paged control <br/> $page-&gt;cookie($cookie); <br/> } <br/> <br/> # clean up if last &acirc;&#128;&#147; probably don&acirc;&#128;&#153;t really have to do this but&acirc;&#128;&brvbar; <br/> if ($cookie) { <br/> $page-&gt;cookie($cookie); <br/> $page-&gt;size(0); <br/> $ldap-&gt;search(@sargs); <br/> } <br/> return (@entries); <br/>} <br/> <br/>my @entries = get_from_ldap(&acirc;&#128;&#152;objectclass=user&acirc;&#128;&#153;); <br/> <br/>&acirc;&#128;&brvbar; <br/> http://www.nntp.perl.org/group/perl.ldap/2014/10/msg3776.html Wed, 08 Oct 2014 10:00:26 +0000 Re: Bug in Perl LDAP FAQ by Peter Marschall Hi Stefan,<br/><br/>On Wednesday, 1. October 2014 18:47:12 Stefan Recksiegel wrote:<br/>&gt; When querying an AD server for a group with more than 1500<br/>&gt; members, the server does not give back a &quot;member&quot; attribute,<br/>&gt; but instead it gives a ranged member-attribute with the first<br/>&gt; 1500 entries. To get the rest of the members, the server has<br/>&gt; to be queried with a special attribute. All this is correctly<br/>&gt; explained in the FAQ, but the code is wrong in this line:<br/>&gt; <br/>&gt; attrs =&gt; ($index &gt; 0) ? &quot;member;range=$index-*&quot; : &#39;member&#39;<br/>&gt; <br/>&gt; attrs always need to be an array (at least in the recent version<br/>&gt; of perl-ldap that I am using), and when giving attrs as above,<br/>&gt; the server just keeps sending the first 1500 entries and the<br/>&gt; script loops. The line should read<br/>&gt; <br/>&gt; attrs =&gt; [ ($index &gt; 0) ? &quot;member;range=$index-*&quot; : &#39;member&#39; ]<br/><br/>Thanks for reporting the issue.<br/>The fix will be in the next release of perl-ldap.<br/><br/>Best<br/>Peter<br/><br/>-- <br/>Peter Marschall<br/>peter@adpm.de<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/10/msg3775.html Fri, 03 Oct 2014 21:00:24 +0000 Re: ssl/tls troubles by Natxo Asenjo Hi Daniel,<br/><br/>On Thu, Sep 11, 2014 at 8:57 PM, Daniel Stutz &lt;dstutz@use-strict.net&gt; wrote:<br/><br/>&gt; Did you try the &sbquo;cafile&lsquo; option of start_tls?<br/>&gt; http://search.cpan.org/~marschap/perl-ldap/lib/Net/LDAP.pod#start_tls<br/>&gt;<br/>&gt;<br/>Yes, I tried that as well, but it did not work either. But apparently the<br/>module is smart enough to look into the default paths for openssl and if<br/>the cert is in there, you need nothing else but verify =&gt; &#39;require&#39; when<br/>using the start_tls method. I tried removing the cert from there and the<br/>script croaked inmediately. And wireshark showed that everything was nicely<br/>encrypted.<br/><br/>Thanks!<br/><br/>-- <br/>groet,<br/>natxo<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/09/msg3774.html Thu, 11 Sep 2014 19:10:12 +0000 Re: ssl/tls troubles by Daniel Stutz Did you try the &sbquo;cafile&lsquo; option of start_tls?<br/>http://search.cpan.org/~marschap/perl-ldap/lib/Net/LDAP.pod#start_tls<br/><br/>Regards,<br/>Daniel<br/><br/>Am 11.09.2014 um 17:58 schrieb Natxo Asenjo &lt;natxo.asenjo@gmail.com&gt;:<br/><br/>&gt; hi,<br/>&gt; <br/>&gt; in my host (fedora 20)I have imported the root CA certificate of our corporate AD domain. Using ldapsearch it works, and visiting secure sites signed by that CA are verified.<br/>&gt; <br/>&gt; But I do not exactly know hot to tell my script how to do the same.<br/>&gt; <br/>&gt; This is it:<br/>&gt; <br/>&gt; use Net::LDAP;<br/>&gt; use Data::Dumper;<br/>&gt; <br/>&gt; my $ldap = Net::LDAP-&gt;new( &#39;d01.domain.tldl&#39; ) or die &quot;$@&quot;;<br/>&gt; <br/>&gt; my $mesg = $ldap-&gt;start_tls(<br/>&gt; verify =&gt; &#39;require&#39;,<br/>&gt; capath =&gt; &#39;/etc/ssl/certs/&#39;,<br/>&gt; sslversion =&gt; &#39;tlsv1&#39;,<br/>&gt; );<br/>&gt; <br/>&gt; print Dumper $mesg;<br/>&gt; <br/>&gt; $mesg =$ldap-&gt;bind (<br/>&gt; &quot;user&quot;,<br/>&gt; password =&gt; &#39;pwd&#39;,<br/>&gt; version =&gt; 3,<br/>&gt; ); <br/>&gt; <br/>&gt; my $search = $mesg-&gt;search(<br/>&gt; base =&gt; &quot;dc=domain,dc=tld&quot;,<br/>&gt; scope =&gt; &quot;sub&quot;,<br/>&gt; filter =&gt; &quot;(samaccountname=*)&quot;,<br/>&gt; attr =&gt; [&#39;samaccountname&#39;],<br/>&gt; );<br/>&gt; <br/>&gt; $mesg-&gt;code ;<br/>&gt; <br/>&gt; for my $entry ( $mesg-&gt;entries) {<br/>&gt; print $entry-&gt;get_value( &#39;samaccountname&#39;), &quot;\n&quot;;;<br/>&gt; }<br/>&gt; <br/>&gt; $ldap-&gt;unbind;<br/>&gt; <br/>&gt; $ perl department.pl <br/>&gt; $VAR1 = bless( {<br/>&gt; &#39;responseName&#39; =&gt; &#39;1.3.6.1.4.1.1466.20037&#39;,<br/>&gt; &#39;matchedDN&#39; =&gt; &#39;&#39;,<br/>&gt; &#39;raw&#39; =&gt; undef,<br/>&gt; &#39;mesgid&#39; =&gt; 1,<br/>&gt; &#39;ctrl_hash&#39; =&gt; undef,<br/>&gt; &#39;callback&#39; =&gt; undef,<br/>&gt; &#39;controls&#39; =&gt; undef,<br/>&gt; &#39;resultCode&#39; =&gt; 1,<br/>&gt; &#39;parent&#39; =&gt; bless( {<br/>&gt; &#39;net_ldap_rawsocket&#39; =&gt; bless( \*Symbol::GEN0, &#39;IO::Socket::INET&#39; ),<br/>&gt; &#39;net_ldap_debug&#39; =&gt; 0,<br/>&gt; &#39;net_ldap_mesg&#39; =&gt; {},<br/>&gt; &#39;net_ldap_host&#39; =&gt; &#39;dc01.domain.tld&#39;,<br/>&gt; &#39;net_ldap_port&#39; =&gt; 389,<br/>&gt; &#39;net_ldap_async&#39; =&gt; 0,<br/>&gt; &#39;net_ldap_uri&#39; =&gt; &#39;dc01.domain.tld&#39;,<br/>&gt; &#39;net_ldap_socket&#39; =&gt; $VAR1-&gt;{&#39;parent&#39;}{&#39;net_ldap_rawsocket&#39;},<br/>&gt; &#39;net_ldap_resp&#39; =&gt; {},<br/>&gt; &#39;net_ldap_scheme&#39; =&gt; &#39;ldap&#39;,<br/>&gt; &#39;net_ldap_version&#39; =&gt; 3,<br/>&gt; &#39;net_ldap_refcnt&#39; =&gt; 1<br/>&gt; }, &#39;Net::LDAP&#39; ),<br/>&gt; &#39;errorMessage&#39; =&gt; &#39;SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed&#39;<br/>&gt; }, &#39;Net::LDAP::Extension&#39; );<br/>&gt; Can&#39;t locate object method &quot;search&quot; via package &quot;Net::LDAP::Bind&quot; at department.pl line 43, &lt;DATA&gt; line 751.<br/>&gt; <br/>&gt; <br/>&gt; So it clearly does not trust the certificate. The certificate is in /etc/ssl/certs/ca-bundle.trust.crt.<br/>&gt; <br/>&gt; Any tips greatyl appreciated.<br/>&gt; <br/>&gt; <br/>&gt; --<br/>&gt; Groeten,<br/>&gt; natxo<br/><br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/09/msg3773.html Thu, 11 Sep 2014 18:57:47 +0000 Re: ssl/tls troubles by Natxo Asenjo ok, solved. I removed the capath and it works. It finds the certificate<br/>automatically.<br/><br/>Apologies for the noise.<br/><br/>--<br/>Groeten,<br/>natxo<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/09/msg3772.html Thu, 11 Sep 2014 17:41:15 +0000 ssl/tls troubles by Natxo Asenjo hi,<br/><br/>in my host (fedora 20)I have imported the root CA certificate of our<br/>corporate AD domain. Using ldapsearch it works, and visiting secure sites<br/>signed by that CA are verified.<br/><br/>But I do not exactly know hot to tell my script how to do the same.<br/><br/>This is it:<br/><br/>use Net::LDAP;<br/>use Data::Dumper;<br/><br/>my $ldap = Net::LDAP-&gt;new( &#39;d01.domain.tldl&#39; ) or die &quot;$@&quot;;<br/><br/>my $mesg = $ldap-&gt;start_tls(<br/> verify =&gt; &#39;require&#39;,<br/> capath =&gt; &#39;/etc/ssl/certs/&#39;,<br/> sslversion =&gt; &#39;tlsv1&#39;,<br/>);<br/><br/>print Dumper $mesg;<br/><br/>$mesg =$ldap-&gt;bind (<br/> &quot;user&quot;,<br/> password =&gt; &#39;pwd&#39;,<br/> version =&gt; 3,<br/>);<br/><br/>my $search = $mesg-&gt;search(<br/> base =&gt; &quot;dc=domain,dc=tld&quot;,<br/> scope =&gt; &quot;sub&quot;,<br/> filter =&gt; &quot;(samaccountname=*)&quot;,<br/> attr =&gt; [&#39;samaccountname&#39;],<br/> );<br/><br/>$mesg-&gt;code ;<br/><br/>for my $entry ( $mesg-&gt;entries) {<br/> print $entry-&gt;get_value( &#39;samaccountname&#39;), &quot;\n&quot;;;<br/>}<br/><br/>$ldap-&gt;unbind;<br/><br/>$ perl department.pl<br/>$VAR1 = bless( {<br/> &#39;responseName&#39; =&gt; &#39;1.3.6.1.4.1.1466.20037&#39;,<br/> &#39;matchedDN&#39; =&gt; &#39;&#39;,<br/> &#39;raw&#39; =&gt; undef,<br/> &#39;mesgid&#39; =&gt; 1,<br/> &#39;ctrl_hash&#39; =&gt; undef,<br/> &#39;callback&#39; =&gt; undef,<br/> &#39;controls&#39; =&gt; undef,<br/> &#39;resultCode&#39; =&gt; 1,<br/> &#39;parent&#39; =&gt; bless( {<br/> &#39;net_ldap_rawsocket&#39; =&gt; bless(<br/>\*Symbol::GEN0, &#39;IO::Socket::INET&#39; ),<br/> &#39;net_ldap_debug&#39; =&gt; 0,<br/> &#39;net_ldap_mesg&#39; =&gt; {},<br/> &#39;net_ldap_host&#39; =&gt; &#39;dc01.domain.tld&#39;,<br/> &#39;net_ldap_port&#39; =&gt; 389,<br/> &#39;net_ldap_async&#39; =&gt; 0,<br/> &#39;net_ldap_uri&#39; =&gt; &#39;dc01.domain.tld&#39;,<br/> &#39;net_ldap_socket&#39; =&gt;<br/>$VAR1-&gt;{&#39;parent&#39;}{&#39;net_ldap_rawsocket&#39;},<br/> &#39;net_ldap_resp&#39; =&gt; {},<br/> &#39;net_ldap_scheme&#39; =&gt; &#39;ldap&#39;,<br/> &#39;net_ldap_version&#39; =&gt; 3,<br/> &#39;net_ldap_refcnt&#39; =&gt; 1<br/> }, &#39;Net::LDAP&#39; ),<br/> &#39;errorMessage&#39; =&gt; &#39;SSL connect attempt failed<br/>error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify<br/>failed&#39;<br/> }, &#39;Net::LDAP::Extension&#39; );<br/>Can&#39;t locate object method &quot;search&quot; via package &quot;Net::LDAP::Bind&quot; at<br/>department.pl line 43, &lt;DATA&gt; line 751.<br/><br/><br/>So it clearly does not trust the certificate. The certificate is in<br/>/etc/ssl/certs/ca-bundle.trust.crt.<br/><br/>Any tips greatyl appreciated.<br/><br/><br/>--<br/>Groeten,<br/>natxo<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/09/msg3771.html Thu, 11 Sep 2014 15:58:15 +0000 Re: how often to bind and unbind to ldap by Doug Wegscheid it depends on how often you are doing the searches.<br/><br/>I have one (vendor-written) application that occasionally decides to do a half million queries over 36 hours. It does a separate bind and unbind for each, and as the LDAP system administrator, I really wish it would bind once then do the queries.<br/><br/>I also have applications that make connections and do not use them for hours on end. They tie up resources, and the dead-connection monitor on our load balancer and on the LDAP server tend to kill the connections when not in use that long.<br/><br/>If it&#39;s going less often than between every 15-60s, then I&#39;d set up and tear down for every batch of searches...<br/><br/><br/><br/>On Wednesday, July 23, 2014 4:22 AM, Daniel Castro &lt;evil.dani@gmail.com&gt; wrote:<br/> <br/><br/><br/>Hello Guys,<br/><br/>I wrote a script that runs as a system process. If I do constant searches on the LDAP server how often should I bind and unbind from the server.<br/><br/>Should I do only one and maintain it. But what about if it disconnects due to inactivity during the night. Can I simply bind again on the same object?<br/><br/>Or should I bind, then search, then unbind each time?<br/><br/>Advice?<br/><br/>Thanks,<br/><br/>-- <br/>+-=====---------------------------+<br/>| +---------------------------------+ | This space intentionally blank for notetaking.<br/>| |&nbsp;&nbsp; | Daniel Castro,&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; | <br/>| |&nbsp;&nbsp; | Consultant/Programmer.|<br/>| |&nbsp;&nbsp; | U Andes&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; |<br/>+-------------------------------------+<br/> http://www.nntp.perl.org/group/perl.ldap/2014/07/msg3770.html Wed, 23 Jul 2014 12:11:38 +0000 how often to bind and unbind to ldap by Daniel Castro Hello Guys,<br/><br/>I wrote a script that runs as a system process. If I do constant searches<br/>on the LDAP server how often should I bind and unbind from the server.<br/><br/>Should I do only one and maintain it. But what about if it disconnects due<br/>to inactivity during the night. Can I simply bind again on the same object?<br/><br/>Or should I bind, then search, then unbind each time?<br/><br/>Advice?<br/><br/>Thanks,<br/><br/>-- <br/>+-=====---------------------------+<br/>| +---------------------------------+ | This space intentionally blank for<br/>notetaking.<br/>| | | Daniel Castro, |<br/>| | | Consultant/Programmer.|<br/>| | | U Andes |<br/>+-------------------------------------+<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/07/msg3769.html Wed, 23 Jul 2014 08:17:43 +0000 perl-ldap v0.64 released by Peter Marschall Hi all,<br/><br/>I just released perl-ldap 0.64 to CPAN:<br/> http://search.cpan.org/dist/perl-ldap/<br/> https://metacpan.org/release/perl-ldap<br/><br/>For those of you directly pulling from GitHub, the repository<br/> https://github.com/perl-ldap/perl-ldap/releases<br/>has been updated accordingly.<br/><br/>Please find a short log of all the changes below.<br/><br/>Thanks to<br/>* Thomas Guevin<br/>* Jim Toth <br/>* Jitka Plesnikova<br/>for their bug reports / patches.<br/><br/>Enjoy the new release!<br/>Peter<br/><br/>-- <br/>Peter Marschall<br/>peter@adpm.de<br/><br/><br/>0.64 -- Thu Jun 19 17:48:08 CEST 2014<br/><br/>Bug Fixes:<br/>* LDAP.pm: set SSL_cipher_list correctly<br/>* RT#96203: LDAP.pm: use correct length for syswrite<br/>* LDIF.pm: fix next outside loop in _write_one_entry<br/>* Entry.pod: fix typo<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/06/msg3768.html Thu, 19 Jun 2014 16:09:23 +0000 Re: bug in LDAP 0.63 by Peter Marschall Hi,<br/><br/>On Monday, 16. June 2014 22:26:57 THOMAS GUEVIN wrote:<br/>&gt; Here is the diff of the change from 0.62 to 0.63. There is an extra<br/>&gt; &quot;defined&quot; in the code.<br/>&gt; [...]<br/>&gt; @@ -251,7 +251,8 @@<br/>&gt; }<br/>&gt; <br/>&gt; (<br/>&gt; - SSL_cipher_list =&gt; defined $arg-&gt;{ciphers} ? $arg-&gt;{ciphers} :<br/>&gt; &#39;ALL&#39;, + defined $arg-&gt;{ciphers} ?<br/>&gt; + ( SSL_cipher_list =&gt; defined $arg-&gt;{ciphers}) : (),<br/>&gt; SSL_ca_file =&gt; exists $arg-&gt;{cafile} ? $arg-&gt;{cafile} : &#39;&#39;,<br/>&gt; SSL_ca_path =&gt; exists $arg-&gt;{capath} ? $arg-&gt;{capath} : &#39;&#39;,<br/>&gt; SSL_key_file =&gt; $clientcert ? $clientkey : undef,<br/>&gt; <br/>&gt; <br/>&gt; Please address in 0.64 if possible.<br/><br/>Patched in private repo.<br/>Will be included in 0.64.<br/><br/>Thanks<br/><br/>-- <br/>Peter Marschall<br/>peter@adpm.de<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/06/msg3767.html Tue, 17 Jun 2014 17:37:35 +0000 bug in LDAP 0.63 by THOMAS GUEVIN Here is the diff of the change from 0.62 to 0.63. There is an extra &quot;defined&quot; in the code.<br/><br/>--- /usr/local/share/perl/5.14.2/Net/LDAP.pm 2014-06-11 12:13:09.780074484 +0000<br/>+++ /usr/local/share/perl/5.14.2/Net/LDAP.pm 2014-06-11 12:13:09.780074484 +0000<br/>@@ -35,7 +35,7 @@<br/> ? &#39;IO::Socket::INET6&#39;<br/> : &#39;&#39;;<br/><br/>-our $VERSION = &#39;0.62&#39;;<br/>+our $VERSION = &#39;0.63&#39;;<br/>our @ISA = qw(Tie::StdHash Net::LDAP::Extra);<br/>our $LDAP_VERSION = 3; # default LDAP protocol version<br/><br/>@@ -251,7 +251,8 @@<br/> }<br/><br/> (<br/>- SSL_cipher_list =&gt; defined $arg-&gt;{ciphers} ? $arg-&gt;{ciphers} : &#39;ALL&#39;,<br/>+ defined $arg-&gt;{ciphers} ?<br/>+ ( SSL_cipher_list =&gt; defined $arg-&gt;{ciphers}) : (),<br/> SSL_ca_file =&gt; exists $arg-&gt;{cafile} ? $arg-&gt;{cafile} : &#39;&#39;,<br/> SSL_ca_path =&gt; exists $arg-&gt;{capath} ? $arg-&gt;{capath} : &#39;&#39;,<br/> SSL_key_file =&gt; $clientcert ? $clientkey : undef,<br/><br/><br/>Please address in 0.64 if possible.<br/><br/>Thanks,<br/><br/>-Tom G.<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/06/msg3766.html Mon, 16 Jun 2014 23:57:41 +0000 Re: entry->changetype("modify") returns "No attributes to update at ..." by Peter Marschall Hi,<br/><br/>On Monday, 9. June 2014 15:31:55 Chris Franz wrote:<br/>&gt; $cur_entry-&gt;replace(&#39;cn&#39; =&gt; &#39;changedcn&#39;);<br/>&gt; $cur_entry-&gt;changetype(modify);<br/>&gt; $update_mesg = $cur_entry-&gt;update($ldap);<br/>&gt; $update_mesg-&gt;code &amp;&amp; die $update_mesg-&gt;error;<br/>&gt;<br/>&gt; [...]<br/>&gt; <br/>&gt; When I include the &quot;$cur_entry-&gt;changetype(modify);&quot; line, the script<br/>&gt; returns:<br/>&gt; <br/>&gt; No attributes to update at ./ldap-update.pl line 23, &lt;DATA&gt; line 751.<br/><br/>Net::LDAP::Entry&#39;s changetype() method clears all previous changes when called <br/>with an argument.<br/>Solution is simple: set the changetype first.<br/><br/>Best<br/>Peter<br/><br/>-- <br/>Peter Marschall<br/>peter@adpm.de<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/06/msg3765.html Sat, 14 Jun 2014 15:18:22 +0000 Re: entry->changetype("modify") returns"No attributes to update at ..." by Chris Ridd <br/>On 9 Jun 2014, at 23:31, Chris Franz &lt;franz@unicon.net&gt; wrote:<br/><br/>&gt; I imagine this is obvious to some but it isn&#39;t to me. I wrote this simple script to update <br/>&gt; a single attribute of an existing 389 entry. It is shown below:<br/>&gt; <br/>&gt; #!/usr/bin/perl<br/>&gt; <br/>&gt; use Net::LDAP;<br/>&gt; use Net::LDAP::Entry;<br/>&gt; use Net::LDAP::LDIF;<br/>&gt; use Net::LDAP::Message;<br/>&gt; <br/>&gt; $ldap = Net::LDAP-&gt;new(&#39;localhost&#39;) or die &quot;$@&quot;;<br/>&gt; $bind_mesg = $ldap-&gt;bind( &quot;cn=directory manager&quot;, password=&gt;&quot;secret&quot; );<br/>&gt; $bind_mesg-&gt;code &amp;&amp; die $bind_mesg-&gt;error;<br/>&gt; <br/>&gt; $search_mesg = $ldap-&gt;search(base =&gt; &quot;ou=People,dc=crud,dc=edu&quot;,<br/>&gt; filter =&gt; &quot;uid=someuid&quot;);<br/>&gt; <br/>&gt; die &quot;error: &quot;, $mesg-&gt;error()<br/>&gt; if (($search_mesg-&gt;code()) || ($search_mesg-&gt;count !=1));<br/>&gt; <br/>&gt; $cur_entry = $search_mesg-&gt;entry(0);<br/>&gt; <br/>&gt; $cur_entry-&gt;replace(&#39;cn&#39; =&gt; &#39;changedcn&#39;);<br/>&gt; $cur_entry-&gt;changetype(modify);<br/>&gt; $update_mesg = $cur_entry-&gt;update($ldap);<br/>&gt; $update_mesg-&gt;code &amp;&amp; die $update_mesg-&gt;error;<br/>&gt; <br/>&gt; $bind_mesg = $ldap-&gt;unbind;<br/>&gt; <br/>&gt; When I include the &quot;$cur_entry-&gt;changetype(modify);&quot; line, the script returns:<br/>&gt; <br/>&gt; No attributes to update at ./ldap-update.pl line 23, &lt;DATA&gt; line 751.<br/>&gt; <br/>&gt; If I comment that out, the script works swimmingly. I banged my head on this<br/>&gt; for a while. What am I missing?<br/><br/>Break with the perl debugger at line 23 (which line&#39;s that?) and take a look at things.<br/><br/>The other approach is to think laterally. You don&#39;t *need* to read the previous entry contents to do a modify. Get the DN from $cur_entry, and then build a modify with that and your desired change.<br/><br/>Typed in Mail:<br/><br/>$update_mesg = $ldap-&gt;modify($cur_entry-&gt;dn(), replace =&gt; { &#39;cn&#39; =&gt; &#39;changedcn&#39; });<br/><br/>[replaces $cur-&gt;entry-&gt;replace(&#39;cn&#39; =&gt; &#39;changedcn&#39;); and the 2 following lines.]<br/><br/>The other problem that might occur is if your entry uses cn in the RDN, in which case you should do a moddn() instead as technically you&#39;re renaming the entry.<br/><br/>Chris<br/> http://www.nntp.perl.org/group/perl.ldap/2014/06/msg3764.html Wed, 11 Jun 2014 21:19:25 +0000 entry->changetype("modify") returns "No attributes to update at..." by Chris Franz I imagine this is obvious to some but it isn&#39;t to me. I wrote this simple script to update <br/>a single attribute of an existing 389 entry. It is shown below: <br/><br/><br/><br/>#!/usr/bin/perl <br/><br/><br/>use Net::LDAP; <br/>use Net::LDAP::Entry; <br/>use Net::LDAP::LDIF; <br/>use Net::LDAP::Message; <br/><br/><br/>$ldap = Net::LDAP-&gt;new(&#39;localhost&#39;) or die &quot;$@&quot;; <br/>$bind_mesg = $ldap-&gt;bind( &quot;cn=directory manager&quot;, password=&gt;&quot;secret&quot; ); <br/>$bind_mesg-&gt;code &amp;&amp; die $bind_mesg-&gt;error; <br/><br/><br/>$search_mesg = $ldap-&gt;search(base =&gt; &quot;ou=People,dc=crud,dc=edu&quot;, <br/>filter =&gt; &quot;uid=someuid&quot;); <br/><br/><br/>die &quot;error: &quot;, $mesg-&gt;error() <br/>if (($search_mesg-&gt;code()) || ($search_mesg-&gt;count !=1)); <br/><br/><br/>$cur_entry = $search_mesg-&gt;entry(0); <br/><br/><br/>$cur_entry-&gt;replace(&#39;cn&#39; =&gt; &#39;changedcn&#39;); <br/>$cur_entry-&gt;changetype(modify); <br/>$update_mesg = $cur_entry-&gt;update($ldap); <br/>$update_mesg-&gt;code &amp;&amp; die $update_mesg-&gt;error; <br/><br/><br/>$bind_mesg = $ldap-&gt;unbind; <br/><br/>When I include the &quot;$cur_entry-&gt;changetype(modify);&quot; line, the script returns: <br/><br/><br/><br/>No attributes to update at ./ldap-update.pl line 23, &lt;DATA&gt; line 751. <br/><br/><br/>If I comment that out, the script works swimmingly. I banged my head on this <br/>for a while. What am I missing? <br/><br/><br/>Thanks, Chris <br/><br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/06/msg3763.html Wed, 11 Jun 2014 08:11:09 +0000 perl-ldap 0.63 by Peter Marschall Hi all,<br/><br/>it&#39;s time again for a new perl-ldap release.<br/><br/>As usual you can find it on CPAN<br/> http://search.cpan.org/dist/perl-ldap/<br/> https://metacpan.org/release/perl-ldap<br/>and on github<br/> https://github.com/perl-ldap/perl-ldap/releases<br/><br/>Please find a short log of all the changes below.<br/>The most noteworthy ones are IMHO:<br/>* use default cyphers of the underlying SSL library<br/> instead of setting SSL_ciphers to ALL by default<br/>* write controls to LDIF files (more complete RFC support)<br/><br/>Thanks to <br/>* Petr P&Atilde;&shy;sa&Aring;&#153; &lt;ppisar@redhat.com&gt;<br/>* Hanno Hecker<br/>for their contributions<br/><br/>Best<br/>Peter<br/><br/>-- <br/>Peter Marschall<br/>peter@adpm.de<br/><br/>0.63 -- Sun Jun 1 12:42:59 CEST 2014<br/><br/>Enhancements:<br/>* Entry.pm: accept options for update() in the LDIF case<br/>* LDIF.pm:<br/> - implement writing controls<br/> - refactor _write_entry<br/> - check for decoding errors in LWP-based URLs<br/><br/>Bug Fixes:<br/>* RT#95001: Do not set SSL_ciphers to ALL by default<br/>* Entry.pm: delete(): return $self if called w/o args<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/06/msg3762.html Sun, 01 Jun 2014 11:32:07 +0000 Re: Net::LDAP fails with latest ActiveState Perl, can be worked round by renoving INET6.pm by Peter Marschall Hi,<br/><br/>On Wednesday, 2. April 2014 18:38:43 k.brown@mail.bbk.ac.uk wrote:<br/>&gt; Similar error to that described by Glen Tanner a few weeks ago.<br/>&gt; <br/>&gt; Recently installed a new PC with updated version of Perl::<br/>&gt; <br/>&gt; D:\temp&gt;perl -v<br/>&gt; This is perl 5, version 16, subversion 3 (v5.16.3) built for<br/>&gt; MSWin32-x64-multi-thread<br/>&gt; [...]<br/>&gt; Binary build 1603 [296746] provided by ActiveState<br/>&gt; http://www.ActiveState.com Built Mar 13 2013 13:31:10<br/>&gt; <br/>&gt; [....]<br/>&gt; <br/>&gt; Following some hints on other mailing lists referring to Strawberry<br/>&gt; Perl rather than ActiveState, I renamed<br/>&gt; C:\Perl64\site\lib\IO\Socket\INET6.pm and it worked.<br/>&gt; <br/>&gt; So somewhere there is a bug.<br/><br/>I concur, but I am pretty sure the error is not in perl-ldap.<br/>perl-ldap is just one of the victims of a break between some<br/>versions of ActiveState / Strawberry Perl / IO::Socket::INET6.<br/><br/>What versions of <br/>* perl-ldap<br/>* IO::Socket::INET6 <br/>are you using?<br/><br/>Instead of removing IPv6 support (this is what happens<br/>if you rename/remove IO::Socket::INET6), you may try<br/>the following:<br/>* install IO::Socket::IP<br/>* install latest perl-ldap<br/><br/>Recent perl-ldap versions prefer IO::Socket::IP over IO::Socket::INET6<br/>when the former one is installed.<br/>If IO::Socket::IP does not suffer the problems that recent versions<br/>of IO::Socket::INET6 seem to have in Windows, then everything should<br/>work as before including IPv6 support.<br/><br/>Best<br/>PEter<br/><br/>-- <br/>Peter Marschall<br/>peter@adpm.de<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/04/msg3761.html Fri, 18 Apr 2014 11:54:47 +0000 RE: how to install or how to find NET::LDAP in unix server by Brian Gaber At command prompt run:<br/><br/>perl -MCPAN -e shell<br/><br/>Then at the cpan&gt; prompt run<br/><br/>install Net::LDAP<br/><br/>If you have never used cpan then there will be an initial setup routine that runs.<br/><br/>From: devendar.reddy.kotla@accenture.com [mailto:devendar.reddy.kotla@accenture.com]<br/>Sent: Tuesday, April 08, 2014 6:21 AM<br/>To: perl-ldap@perl.org<br/>Subject: how to install or how to find NET::LDAP in unix server<br/><br/>Hi,<br/><br/>I am getting &quot;Can&#39;t locate Net/LDAP.pm in @INC&quot; error while running perl script . how to intall perl or how to fix this issue in my unix server. Plesse help how to install NET::LDAP on my unix server .<br/><br/>Any other information is really appreciated.<br/><br/>Thanks and regards,<br/>Devendar<br/><br/>________________________________<br/><br/>This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.<br/>______________________________________________________________________________________<br/><br/>www.accenture.com&lt;http://www.accenture.com&gt;<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/04/msg3760.html Thu, 10 Apr 2014 16:36:10 +0000 Re: how to install or how to find NET::LDAP in unix server by Natxo Asenjo On Tue, Apr 8, 2014 at 12:20 PM, &lt;devendar.reddy.kotla@accenture.com&gt; wrote:<br/><br/>&gt; Hi,<br/>&gt;<br/>&gt;<br/>&gt;<br/>&gt; I am getting &ldquo;Can&#39;t locate Net/LDAP.pm in @INC&rdquo; error while running perl<br/>&gt; script . how to intall perl or how to fix this issue in my unix server.<br/>&gt; Plesse help how to install NET::LDAP on my unix server .<br/>&gt;<br/>&gt;<br/>&gt;<br/>what kind of unix? If it&#39;s some kind of linux, then it usually is availble<br/>using your package manager. Otherwise you can install it using cpanm (see<br/>http://search.cpan.org/dist/App-cpanminus/lib/App/cpanminus.pm) or the<br/>traditional cpan shell or just downloading the module from cpan and<br/>installing it from sources yourself.<br/><br/>-- <br/>regards,<br/>natxo<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/04/msg3759.html Thu, 10 Apr 2014 16:35:14 +0000 how to install or how to find NET::LDAP in unix server by devendar.reddy.kotla Hi,<br/><br/>I am getting &quot;Can&#39;t locate Net/LDAP.pm in @INC&quot; error while running perl script . how to intall perl or how to fix this issue in my unix server. Plesse help how to install NET::LDAP on my unix server .<br/><br/>Any other information is really appreciated.<br/><br/>Thanks and regards,<br/>Devendar<br/><br/>________________________________<br/><br/>This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.<br/>______________________________________________________________________________________<br/><br/>www.accenture.com<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/04/msg3758.html Thu, 10 Apr 2014 15:42:12 +0000 perl-ldap 0.62 is out by Peter Marschall Hi,<br/><br/>perl-ldap 0.62 is out!<br/><br/>Get it from CPAN or GitHub:<br/> http://search.cpan.org/dist/perl-ldap/<br/> https://metacpan.org/release/perl-ldap<br/> https://github.com/perl-ldap/perl-ldap<br/><br/>The changes are relatively minor, mostly to keep CPAN testers happy ;-)<br/><br/>Enjoy<br/>Peter<br/><br/>0.62 -- Sun Apr 6 11:25:05 CEST 2014<br/><br/>Enhancements:<br/>Util.pm: remove superfluous space from POD<br/>FAQ.pm: update perl-ldap &amp; Perl version numbers<br/><br/>Bug Fixes:<br/>RT#94357: t/08time.t: skip tests on too old Perl versions<br/>RT#94341: FAQ.pm: fix incorrect instruction<br/>jpegDisplay.pl: overhaul to make it work again<br/><br/><br/>-- <br/>Peter Marschall<br/>peter@adpm.de<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/04/msg3757.html Sun, 06 Apr 2014 09:54:11 +0000 Net::LDAP fails with latest ActiveState Perl, can be worked round byrenoving INET6.pm by k.brown@mail.bbk.ac.uk Similar error to that described by Glen Tanner a few weeks ago.<br/><br/>Recently installed a new PC with updated version of Perl::<br/><br/>D:\temp&gt;perl -v<br/>This is perl 5, version 16, subversion 3 (v5.16.3) built for<br/>MSWin32-x64-multi-thread<br/>[...]<br/>Binary build 1603 [296746] provided by ActiveState http://www.ActiveState.com<br/>Built Mar 13 2013 13:31:10<br/><br/>A Perl Net::LDAP application that binds to Active Directory failed<br/>with error messages like these:<br/> Return code: 82<br/> Error code: Bad file descriptor<br/> Error name: LDAP_LOCAL_ERROR<br/> Error text: An error occurred in C&lt;Net::LDAP&gt;<br/><br/>The error can be reproduced with this code:<br/><br/>#===============<br/>use Net::LDAP;<br/>use strict;<br/>my $filter = &quot;cn=$target\x2a&quot;;<br/>my $ldap = Net::LDAP-&gt;new ($lhost, onerror =&gt; &quot;die&quot;);<br/>my $bindmesg = $ldap-&gt;bind($luser,password=&gt;$lpass);<br/>my $searchresult = $ldap-&gt;search( base=&gt;$lbase, filter=&gt;$filter, attrs=&gt;[&quot;dn&quot;]);<br/>#===============<br/><br/>Which on older Perls finds the DNs of all AD users with names starting<br/>with string $target, but fails on current version of Perl.<br/>($lbase = Root path of AD directory, $lhost = AD directory server<br/>hostname, $luser = DN of known user, $lpass = that users password)<br/><br/><br/>Following some hints on other mailing lists referring to Strawberry<br/>Perl rather than ActiveState, I renamed<br/>C:\Perl64\site\lib\IO\Socket\INET6.pm and it worked.<br/><br/>So somewhere there is a bug.<br/><br/>-- <br/>Ken Brown<br/> http://www.nntp.perl.org/group/perl.ldap/2014/04/msg3756.html Wed, 02 Apr 2014 17:38:51 +0000 New perl-ldap release 0.61 by Peter Marschall Hi folks,<br/><br/>A few minutes I released perl-ldap 0.61 to CPAN.<br/>Get it from the usual places (after replication to you region ;-):<br/> http://search.cpan.org/dist/perl-ldap/<br/> https://metacpan.org/release/perl-ldap<br/><br/>For those of you directly pulling from GitHub, the repository<br/> https://github.com/perl-ldap/perl-ldap<br/>has been updated accordingly.<br/><br/>These are the changes:<br/><br/>0.61 -- Sat Mar 29 17:21:45 CET 2014<br/><br/>Enhancements:<br/>* {LDAP,LDIF}.pod: update documentation of raw =&gt; REGEX<br/>* support LWP-supproted URLs when reading LDIFs (incl. tests)<br/>* add test for Net::LDAP::Util&#39;s time functions<br/>* tests: set default OpenLDAP DB type to mdb<br/><br/>Bug Fixes:<br/>* RT#94047: Control.pm: add missing word in POD<br/>* RT#93945: Util.pm: make sure $dec is defined<br/>* LDIF.pm: when reading LDIFs, allow control values to be absent<br/>* Control/ProxyAuth.pm: fix initialization using value =&gt; ...<br/>* Util.pm: fix corner cases in time conversion functions<br/><br/>Best<br/>Peter<br/><br/>-- <br/>Peter Marschall<br/>peter@adpm.de<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/03/msg3755.html Sat, 29 Mar 2014 17:13:34 +0000 LDAP bind failure 82 by Glenn Tanner http://www.nntp.perl.org/group/perl.ldap/2014/03/msg3754.html Tue, 18 Mar 2014 00:47:26 +0000 Get perl-ldap 0.60 while it's hot by Peter Marschall Hi,<br/><br/>I just released perl-ldap 0.60 to CPAN:<br/> http://search.cpan.org/dist/perl-ldap/<br/><br/>This release fixes some issues on Windows with recent versions of <br/>Strawberry Perl.<br/><br/>The detailed changes included are listed at the end of this email.<br/><br/>For those of you directly pulling from GitHub, the repository<br/> https://github.com/perl-ldap/perl-ldap<br/>has been updated too.<br/><br/>Have fun<br/>Peter<br/><br/>0.60 -- Sat Mar 8 14:00:02 CET 2014<br/><br/>Enhancements:<br/>* IO::Socket::IP support<br/> - if installed in version 0.20 or higher, prefer it over IO::Socket::INET*<br/> - use IO::Socket::INET* as fallback if it isn&#39;t installed<br/> - this solves RT#93122, which IMHO is not really a bug of perl-ldap<br/>* remove trailing whitespace in contrib/*<br/><br/>-- <br/>Peter Marschall<br/>peter@adpm.de<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/03/msg3753.html Sat, 08 Mar 2014 13:34:49 +0000 Re: IO::Socket::IP for perl-ldap? by Paul "LeoNerd" Evans On Wed, 05 Mar 2014 11:31:29 +0100<br/>Peter Marschall &lt;peter@adpm.de&gt; wrote:<br/><br/>&gt; Oops, now you got me.<br/>&gt; I did not check doings tests, but relied on the manual pages of<br/>&gt; IO::Socket::IP only.<br/>&gt; <br/>&gt; Maybe I got confused by those two facts<br/>&gt; * In older versions, of IO::Socket::IP, it mentioned the Timeout<br/>&gt; option in the list of incompatibilities with IO::Socket::INET*.<br/>&gt; (This changed in versions &gt; 0.25 (<br/>&gt; * In recent version of the man page this warning has gone, but<br/>&gt; unfortunately Timeout is not mentioned in the list of supported<br/>&gt; options either.<br/>&gt; <br/>&gt; Paul,<br/>&gt; from the mail above, I get it that Timeout is working in<br/>&gt; IO::Socket::IP. Can you confirm?<br/>&gt; Additionally, may I ask you to add Timeout to the documentation?<br/><br/>Ah yes; this is actually down to a misunderstanding on my part.<br/><br/>Originally I had presumed that IO::Socket::IP would have to implement<br/>the &quot;Timeout&quot; option, because IO::Socket::INET lists it in its<br/>documentation. However, on reading the source code I discovered<br/>that ::INET doesn&#39;t implement it; the code to actually implement that<br/>option appears entirely within IO::Socket itself, which ::INET<br/>inherits from. Because ::IP is also a subclass of plain IO::Socket, it<br/>automatically inherits the Timeout option.<br/><br/>Ideally core&#39;s documentation should be changed to document Timeout in<br/>IO::Socket rather than IO::Socket::INET, which would also solve this<br/>issue.<br/><br/>But long story short: IO::Socket::IP supports the Timeout option in the<br/>same way that IO::Socket::INET documents for itself.<br/><br/>-- <br/>Paul &quot;LeoNerd&quot; Evans<br/><br/>leonerd@leonerd.org.uk<br/>ICQ# 4135350 | Registered Linux# 179460<br/>http://www.leonerd.org.uk/<br/> http://www.nntp.perl.org/group/perl.ldap/2014/03/msg3752.html Thu, 06 Mar 2014 03:37:21 +0000 Re: IO::Socket::IP for perl-ldap? by Peter Marschall Hi,<br/><br/>On Wednesday, 5. March 2014 11:32:52 Paul LeoNerd Evans wrote:<br/>&gt; On Wed, 05 Mar 2014 11:31:29 +0100 Peter Marschall &lt;peter@adpm.de&gt; wrote:<br/>&gt; &gt; Paul,<br/>&gt; &gt; from the mail above, I get it that Timeout is working in<br/>&gt; &gt; IO::Socket::IP. Can you confirm?<br/>&gt; &gt; Additionally, may I ask you to add Timeout to the documentation?<br/>&gt; <br/>&gt; Ah yes; this is actually down to a misunderstanding on my part.<br/>I&#39;m glad I am not the only one ;-))<br/><br/>&gt; Originally I had presumed that IO::Socket::IP would have to implement<br/>&gt; the &quot;Timeout&quot; option, because IO::Socket::INET lists it in its<br/>&gt; documentation. However, on reading the source code I discovered<br/>&gt; that ::INET doesn&#39;t implement it; the code to actually implement that<br/>&gt; option appears entirely within IO::Socket itself, which ::INET<br/>&gt; inherits from. Because ::IP is also a subclass of plain IO::Socket, it<br/>&gt; automatically inherits the Timeout option.<br/>Ah, that makes it clear.<br/><br/>&gt; Ideally core&#39;s documentation should be changed to document Timeout in<br/>&gt; IO::Socket rather than IO::Socket::INET, which would also solve this<br/>&gt; issue.<br/>Until that happens, why not adding it to the IO::Socket::IP POD (to have<br/>it more complete)? Please?!<br/><br/>&gt; But long story short: IO::Socket::IP supports the Timeout option in the<br/>&gt; same way that IO::Socket::INET documents for itself.<br/>Thanks for the clarification.<br/><br/>I guess it is time for a new version of perl-ldap with IO::Socket::IP n the <br/>next days.<br/><br/>Thanks<br/>Peter<br/><br/>-- <br/>Peter Marschall<br/>peter@adpm.de<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/03/msg3751.html Wed, 05 Mar 2014 14:44:00 +0000 Re: IO::Socket::IP for perl-ldap? by Peter Marschall Hi,<br/><br/>On Wednesday, 5. March 2014 10:17:12 Michiel Beijen wrote:<br/>&gt; On Tue, Mar 4, 2014 at 7:56 PM, Peter Marschall &lt;peter@adpm.de&gt; wrote:<br/>&gt; &gt; But there&#39;s a downside too:<br/>&gt; &gt; With IO::Socket::IP, the option Timeout to Net::LDAP-&gt;new() will be<br/>&gt; &gt; ignored.<br/>&gt; I asked Paul (cc) about this and he replied &quot;In what sense do you<br/>&gt; believe the &quot;Timeout&quot; option doesn&#39;t work? It works exactly the same<br/>&gt; in IO::Socket::IP as it does in IO::Socket::INET or indeed IO::Socket<br/>&gt; itself.&quot; and I think this is a fair question! There is also no bug in<br/>&gt; the RT for IO::Socket::IP about any issue. What is the exact problem<br/>&gt; you see?<br/><br/>Oops, now you got me.<br/>I did not check doings tests, but relied on the manual pages of IO::Socket::IP <br/>only.<br/><br/>Maybe I got confused by those two facts<br/>* In older versions, of IO::Socket::IP, it mentioned the Timeout option<br/> in the list of incompatibilities with IO::Socket::INET*.<br/> (This changed in versions &gt; 0.25 (<br/>* In recent version of the man page this warning has gone, but unfortunately<br/> Timeout is not mentioned in the list of supported options either.<br/><br/>Paul,<br/>from the mail above, I get it that Timeout is working in IO::Socket::IP.<br/>Can you confirm?<br/>Additionally, may I ask you to add Timeout to the documentation?<br/><br/><br/>Thanks in advance (and also to Michiel for the correction)<br/>Peter<br/>-- <br/>Peter Marschall<br/>peter@adpm.de<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/03/msg3750.html Wed, 05 Mar 2014 10:31:41 +0000 Re: IO::Socket::IP for perl-ldap? by Michiel Beijen Hi Peter,<br/><br/>On Tue, Mar 4, 2014 at 7:56 PM, Peter Marschall &lt;peter@adpm.de&gt; wrote:<br/>&gt;<br/>&gt; with IO::Socket::IP becoming more and more widespread (it is said to become a<br/>&gt; part of the standard modules shipped with Perl 5.20), I am wondering i should<br/>&gt; switch perl-ldap over to it too?<br/>&gt;<br/>&gt; My idea is to prefer IO::Socket::IP over IO::Socket::INET6 if the former one<br/>&gt; is installed, but fall back to the latter if it isn&#39;t.<br/><br/>A very good idea!<br/><br/>&gt; But there&#39;s a downside too:<br/>&gt; With IO::Socket::IP, the option Timeout to Net::LDAP-&gt;new() will be ignored.<br/><br/>I asked Paul (cc) about this and he replied &quot;In what sense do you<br/>believe the &quot;Timeout&quot; option doesn&#39;t work? It works exactly the same<br/>in IO::Socket::IP as it does in IO::Socket::INET or indeed IO::Socket<br/>itself.&quot; and I think this is a fair question! There is also no bug in<br/>the RT for IO::Socket::IP about any issue. What is the exact problem<br/>you see?<br/>--<br/>Mike<br/> http://www.nntp.perl.org/group/perl.ldap/2014/03/msg3749.html Wed, 05 Mar 2014 09:17:41 +0000