perl.ldap http://www.nntp.perl.org/group/perl.ldap/ ... Copyright 1998-2014 perl.org Wed, 17 Sep 2014 06:47:36 +0000 ask@perl.org Re: ssl/tls troubles by Natxo Asenjo Hi Daniel,<br/><br/>On Thu, Sep 11, 2014 at 8:57 PM, Daniel Stutz &lt;dstutz@use-strict.net&gt; wrote:<br/><br/>&gt; Did you try the &sbquo;cafile&lsquo; option of start_tls?<br/>&gt; http://search.cpan.org/~marschap/perl-ldap/lib/Net/LDAP.pod#start_tls<br/>&gt;<br/>&gt;<br/>Yes, I tried that as well, but it did not work either. But apparently the<br/>module is smart enough to look into the default paths for openssl and if<br/>the cert is in there, you need nothing else but verify =&gt; &#39;require&#39; when<br/>using the start_tls method. I tried removing the cert from there and the<br/>script croaked inmediately. And wireshark showed that everything was nicely<br/>encrypted.<br/><br/>Thanks!<br/><br/>-- <br/>groet,<br/>natxo<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/09/msg3774.html Thu, 11 Sep 2014 19:10:12 +0000 Re: ssl/tls troubles by Daniel Stutz Did you try the &sbquo;cafile&lsquo; option of start_tls?<br/>http://search.cpan.org/~marschap/perl-ldap/lib/Net/LDAP.pod#start_tls<br/><br/>Regards,<br/>Daniel<br/><br/>Am 11.09.2014 um 17:58 schrieb Natxo Asenjo &lt;natxo.asenjo@gmail.com&gt;:<br/><br/>&gt; hi,<br/>&gt; <br/>&gt; in my host (fedora 20)I have imported the root CA certificate of our corporate AD domain. Using ldapsearch it works, and visiting secure sites signed by that CA are verified.<br/>&gt; <br/>&gt; But I do not exactly know hot to tell my script how to do the same.<br/>&gt; <br/>&gt; This is it:<br/>&gt; <br/>&gt; use Net::LDAP;<br/>&gt; use Data::Dumper;<br/>&gt; <br/>&gt; my $ldap = Net::LDAP-&gt;new( &#39;d01.domain.tldl&#39; ) or die &quot;$@&quot;;<br/>&gt; <br/>&gt; my $mesg = $ldap-&gt;start_tls(<br/>&gt; verify =&gt; &#39;require&#39;,<br/>&gt; capath =&gt; &#39;/etc/ssl/certs/&#39;,<br/>&gt; sslversion =&gt; &#39;tlsv1&#39;,<br/>&gt; );<br/>&gt; <br/>&gt; print Dumper $mesg;<br/>&gt; <br/>&gt; $mesg =$ldap-&gt;bind (<br/>&gt; &quot;user&quot;,<br/>&gt; password =&gt; &#39;pwd&#39;,<br/>&gt; version =&gt; 3,<br/>&gt; ); <br/>&gt; <br/>&gt; my $search = $mesg-&gt;search(<br/>&gt; base =&gt; &quot;dc=domain,dc=tld&quot;,<br/>&gt; scope =&gt; &quot;sub&quot;,<br/>&gt; filter =&gt; &quot;(samaccountname=*)&quot;,<br/>&gt; attr =&gt; [&#39;samaccountname&#39;],<br/>&gt; );<br/>&gt; <br/>&gt; $mesg-&gt;code ;<br/>&gt; <br/>&gt; for my $entry ( $mesg-&gt;entries) {<br/>&gt; print $entry-&gt;get_value( &#39;samaccountname&#39;), &quot;\n&quot;;;<br/>&gt; }<br/>&gt; <br/>&gt; $ldap-&gt;unbind;<br/>&gt; <br/>&gt; $ perl department.pl <br/>&gt; $VAR1 = bless( {<br/>&gt; &#39;responseName&#39; =&gt; &#39;1.3.6.1.4.1.1466.20037&#39;,<br/>&gt; &#39;matchedDN&#39; =&gt; &#39;&#39;,<br/>&gt; &#39;raw&#39; =&gt; undef,<br/>&gt; &#39;mesgid&#39; =&gt; 1,<br/>&gt; &#39;ctrl_hash&#39; =&gt; undef,<br/>&gt; &#39;callback&#39; =&gt; undef,<br/>&gt; &#39;controls&#39; =&gt; undef,<br/>&gt; &#39;resultCode&#39; =&gt; 1,<br/>&gt; &#39;parent&#39; =&gt; bless( {<br/>&gt; &#39;net_ldap_rawsocket&#39; =&gt; bless( \*Symbol::GEN0, &#39;IO::Socket::INET&#39; ),<br/>&gt; &#39;net_ldap_debug&#39; =&gt; 0,<br/>&gt; &#39;net_ldap_mesg&#39; =&gt; {},<br/>&gt; &#39;net_ldap_host&#39; =&gt; &#39;dc01.domain.tld&#39;,<br/>&gt; &#39;net_ldap_port&#39; =&gt; 389,<br/>&gt; &#39;net_ldap_async&#39; =&gt; 0,<br/>&gt; &#39;net_ldap_uri&#39; =&gt; &#39;dc01.domain.tld&#39;,<br/>&gt; &#39;net_ldap_socket&#39; =&gt; $VAR1-&gt;{&#39;parent&#39;}{&#39;net_ldap_rawsocket&#39;},<br/>&gt; &#39;net_ldap_resp&#39; =&gt; {},<br/>&gt; &#39;net_ldap_scheme&#39; =&gt; &#39;ldap&#39;,<br/>&gt; &#39;net_ldap_version&#39; =&gt; 3,<br/>&gt; &#39;net_ldap_refcnt&#39; =&gt; 1<br/>&gt; }, &#39;Net::LDAP&#39; ),<br/>&gt; &#39;errorMessage&#39; =&gt; &#39;SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed&#39;<br/>&gt; }, &#39;Net::LDAP::Extension&#39; );<br/>&gt; Can&#39;t locate object method &quot;search&quot; via package &quot;Net::LDAP::Bind&quot; at department.pl line 43, &lt;DATA&gt; line 751.<br/>&gt; <br/>&gt; <br/>&gt; So it clearly does not trust the certificate. The certificate is in /etc/ssl/certs/ca-bundle.trust.crt.<br/>&gt; <br/>&gt; Any tips greatyl appreciated.<br/>&gt; <br/>&gt; <br/>&gt; --<br/>&gt; Groeten,<br/>&gt; natxo<br/><br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/09/msg3773.html Thu, 11 Sep 2014 18:57:47 +0000 Re: ssl/tls troubles by Natxo Asenjo ok, solved. I removed the capath and it works. It finds the certificate<br/>automatically.<br/><br/>Apologies for the noise.<br/><br/>--<br/>Groeten,<br/>natxo<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/09/msg3772.html Thu, 11 Sep 2014 17:41:15 +0000 ssl/tls troubles by Natxo Asenjo hi,<br/><br/>in my host (fedora 20)I have imported the root CA certificate of our<br/>corporate AD domain. Using ldapsearch it works, and visiting secure sites<br/>signed by that CA are verified.<br/><br/>But I do not exactly know hot to tell my script how to do the same.<br/><br/>This is it:<br/><br/>use Net::LDAP;<br/>use Data::Dumper;<br/><br/>my $ldap = Net::LDAP-&gt;new( &#39;d01.domain.tldl&#39; ) or die &quot;$@&quot;;<br/><br/>my $mesg = $ldap-&gt;start_tls(<br/> verify =&gt; &#39;require&#39;,<br/> capath =&gt; &#39;/etc/ssl/certs/&#39;,<br/> sslversion =&gt; &#39;tlsv1&#39;,<br/>);<br/><br/>print Dumper $mesg;<br/><br/>$mesg =$ldap-&gt;bind (<br/> &quot;user&quot;,<br/> password =&gt; &#39;pwd&#39;,<br/> version =&gt; 3,<br/>);<br/><br/>my $search = $mesg-&gt;search(<br/> base =&gt; &quot;dc=domain,dc=tld&quot;,<br/> scope =&gt; &quot;sub&quot;,<br/> filter =&gt; &quot;(samaccountname=*)&quot;,<br/> attr =&gt; [&#39;samaccountname&#39;],<br/> );<br/><br/>$mesg-&gt;code ;<br/><br/>for my $entry ( $mesg-&gt;entries) {<br/> print $entry-&gt;get_value( &#39;samaccountname&#39;), &quot;\n&quot;;;<br/>}<br/><br/>$ldap-&gt;unbind;<br/><br/>$ perl department.pl<br/>$VAR1 = bless( {<br/> &#39;responseName&#39; =&gt; &#39;1.3.6.1.4.1.1466.20037&#39;,<br/> &#39;matchedDN&#39; =&gt; &#39;&#39;,<br/> &#39;raw&#39; =&gt; undef,<br/> &#39;mesgid&#39; =&gt; 1,<br/> &#39;ctrl_hash&#39; =&gt; undef,<br/> &#39;callback&#39; =&gt; undef,<br/> &#39;controls&#39; =&gt; undef,<br/> &#39;resultCode&#39; =&gt; 1,<br/> &#39;parent&#39; =&gt; bless( {<br/> &#39;net_ldap_rawsocket&#39; =&gt; bless(<br/>\*Symbol::GEN0, &#39;IO::Socket::INET&#39; ),<br/> &#39;net_ldap_debug&#39; =&gt; 0,<br/> &#39;net_ldap_mesg&#39; =&gt; {},<br/> &#39;net_ldap_host&#39; =&gt; &#39;dc01.domain.tld&#39;,<br/> &#39;net_ldap_port&#39; =&gt; 389,<br/> &#39;net_ldap_async&#39; =&gt; 0,<br/> &#39;net_ldap_uri&#39; =&gt; &#39;dc01.domain.tld&#39;,<br/> &#39;net_ldap_socket&#39; =&gt;<br/>$VAR1-&gt;{&#39;parent&#39;}{&#39;net_ldap_rawsocket&#39;},<br/> &#39;net_ldap_resp&#39; =&gt; {},<br/> &#39;net_ldap_scheme&#39; =&gt; &#39;ldap&#39;,<br/> &#39;net_ldap_version&#39; =&gt; 3,<br/> &#39;net_ldap_refcnt&#39; =&gt; 1<br/> }, &#39;Net::LDAP&#39; ),<br/> &#39;errorMessage&#39; =&gt; &#39;SSL connect attempt failed<br/>error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify<br/>failed&#39;<br/> }, &#39;Net::LDAP::Extension&#39; );<br/>Can&#39;t locate object method &quot;search&quot; via package &quot;Net::LDAP::Bind&quot; at<br/>department.pl line 43, &lt;DATA&gt; line 751.<br/><br/><br/>So it clearly does not trust the certificate. The certificate is in<br/>/etc/ssl/certs/ca-bundle.trust.crt.<br/><br/>Any tips greatyl appreciated.<br/><br/><br/>--<br/>Groeten,<br/>natxo<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/09/msg3771.html Thu, 11 Sep 2014 15:58:15 +0000 Re: how often to bind and unbind to ldap by Doug Wegscheid it depends on how often you are doing the searches.<br/><br/>I have one (vendor-written) application that occasionally decides to do a half million queries over 36 hours. It does a separate bind and unbind for each, and as the LDAP system administrator, I really wish it would bind once then do the queries.<br/><br/>I also have applications that make connections and do not use them for hours on end. They tie up resources, and the dead-connection monitor on our load balancer and on the LDAP server tend to kill the connections when not in use that long.<br/><br/>If it&#39;s going less often than between every 15-60s, then I&#39;d set up and tear down for every batch of searches...<br/><br/><br/><br/>On Wednesday, July 23, 2014 4:22 AM, Daniel Castro &lt;evil.dani@gmail.com&gt; wrote:<br/> <br/><br/><br/>Hello Guys,<br/><br/>I wrote a script that runs as a system process. If I do constant searches on the LDAP server how often should I bind and unbind from the server.<br/><br/>Should I do only one and maintain it. But what about if it disconnects due to inactivity during the night. Can I simply bind again on the same object?<br/><br/>Or should I bind, then search, then unbind each time?<br/><br/>Advice?<br/><br/>Thanks,<br/><br/>-- <br/>+-=====---------------------------+<br/>| +---------------------------------+ | This space intentionally blank for notetaking.<br/>| |&nbsp;&nbsp; | Daniel Castro,&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; | <br/>| |&nbsp;&nbsp; | Consultant/Programmer.|<br/>| |&nbsp;&nbsp; | U Andes&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; |<br/>+-------------------------------------+<br/> http://www.nntp.perl.org/group/perl.ldap/2014/07/msg3770.html Wed, 23 Jul 2014 12:11:38 +0000 how often to bind and unbind to ldap by Daniel Castro Hello Guys,<br/><br/>I wrote a script that runs as a system process. If I do constant searches<br/>on the LDAP server how often should I bind and unbind from the server.<br/><br/>Should I do only one and maintain it. But what about if it disconnects due<br/>to inactivity during the night. Can I simply bind again on the same object?<br/><br/>Or should I bind, then search, then unbind each time?<br/><br/>Advice?<br/><br/>Thanks,<br/><br/>-- <br/>+-=====---------------------------+<br/>| +---------------------------------+ | This space intentionally blank for<br/>notetaking.<br/>| | | Daniel Castro, |<br/>| | | Consultant/Programmer.|<br/>| | | U Andes |<br/>+-------------------------------------+<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/07/msg3769.html Wed, 23 Jul 2014 08:17:43 +0000 perl-ldap v0.64 released by Peter Marschall Hi all,<br/><br/>I just released perl-ldap 0.64 to CPAN:<br/> http://search.cpan.org/dist/perl-ldap/<br/> https://metacpan.org/release/perl-ldap<br/><br/>For those of you directly pulling from GitHub, the repository<br/> https://github.com/perl-ldap/perl-ldap/releases<br/>has been updated accordingly.<br/><br/>Please find a short log of all the changes below.<br/><br/>Thanks to<br/>* Thomas Guevin<br/>* Jim Toth <br/>* Jitka Plesnikova<br/>for their bug reports / patches.<br/><br/>Enjoy the new release!<br/>Peter<br/><br/>-- <br/>Peter Marschall<br/>peter@adpm.de<br/><br/><br/>0.64 -- Thu Jun 19 17:48:08 CEST 2014<br/><br/>Bug Fixes:<br/>* LDAP.pm: set SSL_cipher_list correctly<br/>* RT#96203: LDAP.pm: use correct length for syswrite<br/>* LDIF.pm: fix next outside loop in _write_one_entry<br/>* Entry.pod: fix typo<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/06/msg3768.html Thu, 19 Jun 2014 16:09:23 +0000 Re: bug in LDAP 0.63 by Peter Marschall Hi,<br/><br/>On Monday, 16. June 2014 22:26:57 THOMAS GUEVIN wrote:<br/>&gt; Here is the diff of the change from 0.62 to 0.63. There is an extra<br/>&gt; &quot;defined&quot; in the code.<br/>&gt; [...]<br/>&gt; @@ -251,7 +251,8 @@<br/>&gt; }<br/>&gt; <br/>&gt; (<br/>&gt; - SSL_cipher_list =&gt; defined $arg-&gt;{ciphers} ? $arg-&gt;{ciphers} :<br/>&gt; &#39;ALL&#39;, + defined $arg-&gt;{ciphers} ?<br/>&gt; + ( SSL_cipher_list =&gt; defined $arg-&gt;{ciphers}) : (),<br/>&gt; SSL_ca_file =&gt; exists $arg-&gt;{cafile} ? $arg-&gt;{cafile} : &#39;&#39;,<br/>&gt; SSL_ca_path =&gt; exists $arg-&gt;{capath} ? $arg-&gt;{capath} : &#39;&#39;,<br/>&gt; SSL_key_file =&gt; $clientcert ? $clientkey : undef,<br/>&gt; <br/>&gt; <br/>&gt; Please address in 0.64 if possible.<br/><br/>Patched in private repo.<br/>Will be included in 0.64.<br/><br/>Thanks<br/><br/>-- <br/>Peter Marschall<br/>peter@adpm.de<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/06/msg3767.html Tue, 17 Jun 2014 17:37:35 +0000 bug in LDAP 0.63 by THOMAS GUEVIN Here is the diff of the change from 0.62 to 0.63. There is an extra &quot;defined&quot; in the code.<br/><br/>--- /usr/local/share/perl/5.14.2/Net/LDAP.pm 2014-06-11 12:13:09.780074484 +0000<br/>+++ /usr/local/share/perl/5.14.2/Net/LDAP.pm 2014-06-11 12:13:09.780074484 +0000<br/>@@ -35,7 +35,7 @@<br/> ? &#39;IO::Socket::INET6&#39;<br/> : &#39;&#39;;<br/><br/>-our $VERSION = &#39;0.62&#39;;<br/>+our $VERSION = &#39;0.63&#39;;<br/>our @ISA = qw(Tie::StdHash Net::LDAP::Extra);<br/>our $LDAP_VERSION = 3; # default LDAP protocol version<br/><br/>@@ -251,7 +251,8 @@<br/> }<br/><br/> (<br/>- SSL_cipher_list =&gt; defined $arg-&gt;{ciphers} ? $arg-&gt;{ciphers} : &#39;ALL&#39;,<br/>+ defined $arg-&gt;{ciphers} ?<br/>+ ( SSL_cipher_list =&gt; defined $arg-&gt;{ciphers}) : (),<br/> SSL_ca_file =&gt; exists $arg-&gt;{cafile} ? $arg-&gt;{cafile} : &#39;&#39;,<br/> SSL_ca_path =&gt; exists $arg-&gt;{capath} ? $arg-&gt;{capath} : &#39;&#39;,<br/> SSL_key_file =&gt; $clientcert ? $clientkey : undef,<br/><br/><br/>Please address in 0.64 if possible.<br/><br/>Thanks,<br/><br/>-Tom G.<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/06/msg3766.html Mon, 16 Jun 2014 23:57:41 +0000 Re: entry->changetype("modify") returns "No attributes to update at ..." by Peter Marschall Hi,<br/><br/>On Monday, 9. June 2014 15:31:55 Chris Franz wrote:<br/>&gt; $cur_entry-&gt;replace(&#39;cn&#39; =&gt; &#39;changedcn&#39;);<br/>&gt; $cur_entry-&gt;changetype(modify);<br/>&gt; $update_mesg = $cur_entry-&gt;update($ldap);<br/>&gt; $update_mesg-&gt;code &amp;&amp; die $update_mesg-&gt;error;<br/>&gt;<br/>&gt; [...]<br/>&gt; <br/>&gt; When I include the &quot;$cur_entry-&gt;changetype(modify);&quot; line, the script<br/>&gt; returns:<br/>&gt; <br/>&gt; No attributes to update at ./ldap-update.pl line 23, &lt;DATA&gt; line 751.<br/><br/>Net::LDAP::Entry&#39;s changetype() method clears all previous changes when called <br/>with an argument.<br/>Solution is simple: set the changetype first.<br/><br/>Best<br/>Peter<br/><br/>-- <br/>Peter Marschall<br/>peter@adpm.de<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/06/msg3765.html Sat, 14 Jun 2014 15:18:22 +0000 Re: entry->changetype("modify") returns"No attributes to update at ..." by Chris Ridd <br/>On 9 Jun 2014, at 23:31, Chris Franz &lt;franz@unicon.net&gt; wrote:<br/><br/>&gt; I imagine this is obvious to some but it isn&#39;t to me. I wrote this simple script to update <br/>&gt; a single attribute of an existing 389 entry. It is shown below:<br/>&gt; <br/>&gt; #!/usr/bin/perl<br/>&gt; <br/>&gt; use Net::LDAP;<br/>&gt; use Net::LDAP::Entry;<br/>&gt; use Net::LDAP::LDIF;<br/>&gt; use Net::LDAP::Message;<br/>&gt; <br/>&gt; $ldap = Net::LDAP-&gt;new(&#39;localhost&#39;) or die &quot;$@&quot;;<br/>&gt; $bind_mesg = $ldap-&gt;bind( &quot;cn=directory manager&quot;, password=&gt;&quot;secret&quot; );<br/>&gt; $bind_mesg-&gt;code &amp;&amp; die $bind_mesg-&gt;error;<br/>&gt; <br/>&gt; $search_mesg = $ldap-&gt;search(base =&gt; &quot;ou=People,dc=crud,dc=edu&quot;,<br/>&gt; filter =&gt; &quot;uid=someuid&quot;);<br/>&gt; <br/>&gt; die &quot;error: &quot;, $mesg-&gt;error()<br/>&gt; if (($search_mesg-&gt;code()) || ($search_mesg-&gt;count !=1));<br/>&gt; <br/>&gt; $cur_entry = $search_mesg-&gt;entry(0);<br/>&gt; <br/>&gt; $cur_entry-&gt;replace(&#39;cn&#39; =&gt; &#39;changedcn&#39;);<br/>&gt; $cur_entry-&gt;changetype(modify);<br/>&gt; $update_mesg = $cur_entry-&gt;update($ldap);<br/>&gt; $update_mesg-&gt;code &amp;&amp; die $update_mesg-&gt;error;<br/>&gt; <br/>&gt; $bind_mesg = $ldap-&gt;unbind;<br/>&gt; <br/>&gt; When I include the &quot;$cur_entry-&gt;changetype(modify);&quot; line, the script returns:<br/>&gt; <br/>&gt; No attributes to update at ./ldap-update.pl line 23, &lt;DATA&gt; line 751.<br/>&gt; <br/>&gt; If I comment that out, the script works swimmingly. I banged my head on this<br/>&gt; for a while. What am I missing?<br/><br/>Break with the perl debugger at line 23 (which line&#39;s that?) and take a look at things.<br/><br/>The other approach is to think laterally. You don&#39;t *need* to read the previous entry contents to do a modify. Get the DN from $cur_entry, and then build a modify with that and your desired change.<br/><br/>Typed in Mail:<br/><br/>$update_mesg = $ldap-&gt;modify($cur_entry-&gt;dn(), replace =&gt; { &#39;cn&#39; =&gt; &#39;changedcn&#39; });<br/><br/>[replaces $cur-&gt;entry-&gt;replace(&#39;cn&#39; =&gt; &#39;changedcn&#39;); and the 2 following lines.]<br/><br/>The other problem that might occur is if your entry uses cn in the RDN, in which case you should do a moddn() instead as technically you&#39;re renaming the entry.<br/><br/>Chris<br/> http://www.nntp.perl.org/group/perl.ldap/2014/06/msg3764.html Wed, 11 Jun 2014 21:19:25 +0000 entry->changetype("modify") returns "No attributes to update at..." by Chris Franz I imagine this is obvious to some but it isn&#39;t to me. I wrote this simple script to update <br/>a single attribute of an existing 389 entry. It is shown below: <br/><br/><br/><br/>#!/usr/bin/perl <br/><br/><br/>use Net::LDAP; <br/>use Net::LDAP::Entry; <br/>use Net::LDAP::LDIF; <br/>use Net::LDAP::Message; <br/><br/><br/>$ldap = Net::LDAP-&gt;new(&#39;localhost&#39;) or die &quot;$@&quot;; <br/>$bind_mesg = $ldap-&gt;bind( &quot;cn=directory manager&quot;, password=&gt;&quot;secret&quot; ); <br/>$bind_mesg-&gt;code &amp;&amp; die $bind_mesg-&gt;error; <br/><br/><br/>$search_mesg = $ldap-&gt;search(base =&gt; &quot;ou=People,dc=crud,dc=edu&quot;, <br/>filter =&gt; &quot;uid=someuid&quot;); <br/><br/><br/>die &quot;error: &quot;, $mesg-&gt;error() <br/>if (($search_mesg-&gt;code()) || ($search_mesg-&gt;count !=1)); <br/><br/><br/>$cur_entry = $search_mesg-&gt;entry(0); <br/><br/><br/>$cur_entry-&gt;replace(&#39;cn&#39; =&gt; &#39;changedcn&#39;); <br/>$cur_entry-&gt;changetype(modify); <br/>$update_mesg = $cur_entry-&gt;update($ldap); <br/>$update_mesg-&gt;code &amp;&amp; die $update_mesg-&gt;error; <br/><br/><br/>$bind_mesg = $ldap-&gt;unbind; <br/><br/>When I include the &quot;$cur_entry-&gt;changetype(modify);&quot; line, the script returns: <br/><br/><br/><br/>No attributes to update at ./ldap-update.pl line 23, &lt;DATA&gt; line 751. <br/><br/><br/>If I comment that out, the script works swimmingly. I banged my head on this <br/>for a while. What am I missing? <br/><br/><br/>Thanks, Chris <br/><br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/06/msg3763.html Wed, 11 Jun 2014 08:11:09 +0000 perl-ldap 0.63 by Peter Marschall Hi all,<br/><br/>it&#39;s time again for a new perl-ldap release.<br/><br/>As usual you can find it on CPAN<br/> http://search.cpan.org/dist/perl-ldap/<br/> https://metacpan.org/release/perl-ldap<br/>and on github<br/> https://github.com/perl-ldap/perl-ldap/releases<br/><br/>Please find a short log of all the changes below.<br/>The most noteworthy ones are IMHO:<br/>* use default cyphers of the underlying SSL library<br/> instead of setting SSL_ciphers to ALL by default<br/>* write controls to LDIF files (more complete RFC support)<br/><br/>Thanks to <br/>* Petr P&Atilde;&shy;sa&Aring;&#153; &lt;ppisar@redhat.com&gt;<br/>* Hanno Hecker<br/>for their contributions<br/><br/>Best<br/>Peter<br/><br/>-- <br/>Peter Marschall<br/>peter@adpm.de<br/><br/>0.63 -- Sun Jun 1 12:42:59 CEST 2014<br/><br/>Enhancements:<br/>* Entry.pm: accept options for update() in the LDIF case<br/>* LDIF.pm:<br/> - implement writing controls<br/> - refactor _write_entry<br/> - check for decoding errors in LWP-based URLs<br/><br/>Bug Fixes:<br/>* RT#95001: Do not set SSL_ciphers to ALL by default<br/>* Entry.pm: delete(): return $self if called w/o args<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/06/msg3762.html Sun, 01 Jun 2014 11:32:07 +0000 Re: Net::LDAP fails with latest ActiveState Perl, can be worked round by renoving INET6.pm by Peter Marschall Hi,<br/><br/>On Wednesday, 2. April 2014 18:38:43 k.brown@mail.bbk.ac.uk wrote:<br/>&gt; Similar error to that described by Glen Tanner a few weeks ago.<br/>&gt; <br/>&gt; Recently installed a new PC with updated version of Perl::<br/>&gt; <br/>&gt; D:\temp&gt;perl -v<br/>&gt; This is perl 5, version 16, subversion 3 (v5.16.3) built for<br/>&gt; MSWin32-x64-multi-thread<br/>&gt; [...]<br/>&gt; Binary build 1603 [296746] provided by ActiveState<br/>&gt; http://www.ActiveState.com Built Mar 13 2013 13:31:10<br/>&gt; <br/>&gt; [....]<br/>&gt; <br/>&gt; Following some hints on other mailing lists referring to Strawberry<br/>&gt; Perl rather than ActiveState, I renamed<br/>&gt; C:\Perl64\site\lib\IO\Socket\INET6.pm and it worked.<br/>&gt; <br/>&gt; So somewhere there is a bug.<br/><br/>I concur, but I am pretty sure the error is not in perl-ldap.<br/>perl-ldap is just one of the victims of a break between some<br/>versions of ActiveState / Strawberry Perl / IO::Socket::INET6.<br/><br/>What versions of <br/>* perl-ldap<br/>* IO::Socket::INET6 <br/>are you using?<br/><br/>Instead of removing IPv6 support (this is what happens<br/>if you rename/remove IO::Socket::INET6), you may try<br/>the following:<br/>* install IO::Socket::IP<br/>* install latest perl-ldap<br/><br/>Recent perl-ldap versions prefer IO::Socket::IP over IO::Socket::INET6<br/>when the former one is installed.<br/>If IO::Socket::IP does not suffer the problems that recent versions<br/>of IO::Socket::INET6 seem to have in Windows, then everything should<br/>work as before including IPv6 support.<br/><br/>Best<br/>PEter<br/><br/>-- <br/>Peter Marschall<br/>peter@adpm.de<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/04/msg3761.html Fri, 18 Apr 2014 11:54:47 +0000 RE: how to install or how to find NET::LDAP in unix server by Brian Gaber At command prompt run:<br/><br/>perl -MCPAN -e shell<br/><br/>Then at the cpan&gt; prompt run<br/><br/>install Net::LDAP<br/><br/>If you have never used cpan then there will be an initial setup routine that runs.<br/><br/>From: devendar.reddy.kotla@accenture.com [mailto:devendar.reddy.kotla@accenture.com]<br/>Sent: Tuesday, April 08, 2014 6:21 AM<br/>To: perl-ldap@perl.org<br/>Subject: how to install or how to find NET::LDAP in unix server<br/><br/>Hi,<br/><br/>I am getting &quot;Can&#39;t locate Net/LDAP.pm in @INC&quot; error while running perl script . how to intall perl or how to fix this issue in my unix server. Plesse help how to install NET::LDAP on my unix server .<br/><br/>Any other information is really appreciated.<br/><br/>Thanks and regards,<br/>Devendar<br/><br/>________________________________<br/><br/>This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.<br/>______________________________________________________________________________________<br/><br/>www.accenture.com&lt;http://www.accenture.com&gt;<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/04/msg3760.html Thu, 10 Apr 2014 16:36:10 +0000 Re: how to install or how to find NET::LDAP in unix server by Natxo Asenjo On Tue, Apr 8, 2014 at 12:20 PM, &lt;devendar.reddy.kotla@accenture.com&gt; wrote:<br/><br/>&gt; Hi,<br/>&gt;<br/>&gt;<br/>&gt;<br/>&gt; I am getting &ldquo;Can&#39;t locate Net/LDAP.pm in @INC&rdquo; error while running perl<br/>&gt; script . how to intall perl or how to fix this issue in my unix server.<br/>&gt; Plesse help how to install NET::LDAP on my unix server .<br/>&gt;<br/>&gt;<br/>&gt;<br/>what kind of unix? If it&#39;s some kind of linux, then it usually is availble<br/>using your package manager. Otherwise you can install it using cpanm (see<br/>http://search.cpan.org/dist/App-cpanminus/lib/App/cpanminus.pm) or the<br/>traditional cpan shell or just downloading the module from cpan and<br/>installing it from sources yourself.<br/><br/>-- <br/>regards,<br/>natxo<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/04/msg3759.html Thu, 10 Apr 2014 16:35:14 +0000 how to install or how to find NET::LDAP in unix server by devendar.reddy.kotla Hi,<br/><br/>I am getting &quot;Can&#39;t locate Net/LDAP.pm in @INC&quot; error while running perl script . how to intall perl or how to fix this issue in my unix server. Plesse help how to install NET::LDAP on my unix server .<br/><br/>Any other information is really appreciated.<br/><br/>Thanks and regards,<br/>Devendar<br/><br/>________________________________<br/><br/>This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.<br/>______________________________________________________________________________________<br/><br/>www.accenture.com<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/04/msg3758.html Thu, 10 Apr 2014 15:42:12 +0000 perl-ldap 0.62 is out by Peter Marschall Hi,<br/><br/>perl-ldap 0.62 is out!<br/><br/>Get it from CPAN or GitHub:<br/> http://search.cpan.org/dist/perl-ldap/<br/> https://metacpan.org/release/perl-ldap<br/> https://github.com/perl-ldap/perl-ldap<br/><br/>The changes are relatively minor, mostly to keep CPAN testers happy ;-)<br/><br/>Enjoy<br/>Peter<br/><br/>0.62 -- Sun Apr 6 11:25:05 CEST 2014<br/><br/>Enhancements:<br/>Util.pm: remove superfluous space from POD<br/>FAQ.pm: update perl-ldap &amp; Perl version numbers<br/><br/>Bug Fixes:<br/>RT#94357: t/08time.t: skip tests on too old Perl versions<br/>RT#94341: FAQ.pm: fix incorrect instruction<br/>jpegDisplay.pl: overhaul to make it work again<br/><br/><br/>-- <br/>Peter Marschall<br/>peter@adpm.de<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/04/msg3757.html Sun, 06 Apr 2014 09:54:11 +0000 Net::LDAP fails with latest ActiveState Perl, can be worked round byrenoving INET6.pm by k.brown@mail.bbk.ac.uk Similar error to that described by Glen Tanner a few weeks ago.<br/><br/>Recently installed a new PC with updated version of Perl::<br/><br/>D:\temp&gt;perl -v<br/>This is perl 5, version 16, subversion 3 (v5.16.3) built for<br/>MSWin32-x64-multi-thread<br/>[...]<br/>Binary build 1603 [296746] provided by ActiveState http://www.ActiveState.com<br/>Built Mar 13 2013 13:31:10<br/><br/>A Perl Net::LDAP application that binds to Active Directory failed<br/>with error messages like these:<br/> Return code: 82<br/> Error code: Bad file descriptor<br/> Error name: LDAP_LOCAL_ERROR<br/> Error text: An error occurred in C&lt;Net::LDAP&gt;<br/><br/>The error can be reproduced with this code:<br/><br/>#===============<br/>use Net::LDAP;<br/>use strict;<br/>my $filter = &quot;cn=$target\x2a&quot;;<br/>my $ldap = Net::LDAP-&gt;new ($lhost, onerror =&gt; &quot;die&quot;);<br/>my $bindmesg = $ldap-&gt;bind($luser,password=&gt;$lpass);<br/>my $searchresult = $ldap-&gt;search( base=&gt;$lbase, filter=&gt;$filter, attrs=&gt;[&quot;dn&quot;]);<br/>#===============<br/><br/>Which on older Perls finds the DNs of all AD users with names starting<br/>with string $target, but fails on current version of Perl.<br/>($lbase = Root path of AD directory, $lhost = AD directory server<br/>hostname, $luser = DN of known user, $lpass = that users password)<br/><br/><br/>Following some hints on other mailing lists referring to Strawberry<br/>Perl rather than ActiveState, I renamed<br/>C:\Perl64\site\lib\IO\Socket\INET6.pm and it worked.<br/><br/>So somewhere there is a bug.<br/><br/>-- <br/>Ken Brown<br/> http://www.nntp.perl.org/group/perl.ldap/2014/04/msg3756.html Wed, 02 Apr 2014 17:38:51 +0000 New perl-ldap release 0.61 by Peter Marschall Hi folks,<br/><br/>A few minutes I released perl-ldap 0.61 to CPAN.<br/>Get it from the usual places (after replication to you region ;-):<br/> http://search.cpan.org/dist/perl-ldap/<br/> https://metacpan.org/release/perl-ldap<br/><br/>For those of you directly pulling from GitHub, the repository<br/> https://github.com/perl-ldap/perl-ldap<br/>has been updated accordingly.<br/><br/>These are the changes:<br/><br/>0.61 -- Sat Mar 29 17:21:45 CET 2014<br/><br/>Enhancements:<br/>* {LDAP,LDIF}.pod: update documentation of raw =&gt; REGEX<br/>* support LWP-supproted URLs when reading LDIFs (incl. tests)<br/>* add test for Net::LDAP::Util&#39;s time functions<br/>* tests: set default OpenLDAP DB type to mdb<br/><br/>Bug Fixes:<br/>* RT#94047: Control.pm: add missing word in POD<br/>* RT#93945: Util.pm: make sure $dec is defined<br/>* LDIF.pm: when reading LDIFs, allow control values to be absent<br/>* Control/ProxyAuth.pm: fix initialization using value =&gt; ...<br/>* Util.pm: fix corner cases in time conversion functions<br/><br/>Best<br/>Peter<br/><br/>-- <br/>Peter Marschall<br/>peter@adpm.de<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/03/msg3755.html Sat, 29 Mar 2014 17:13:34 +0000 LDAP bind failure 82 by Glenn Tanner http://www.nntp.perl.org/group/perl.ldap/2014/03/msg3754.html Tue, 18 Mar 2014 00:47:26 +0000 Get perl-ldap 0.60 while it's hot by Peter Marschall Hi,<br/><br/>I just released perl-ldap 0.60 to CPAN:<br/> http://search.cpan.org/dist/perl-ldap/<br/><br/>This release fixes some issues on Windows with recent versions of <br/>Strawberry Perl.<br/><br/>The detailed changes included are listed at the end of this email.<br/><br/>For those of you directly pulling from GitHub, the repository<br/> https://github.com/perl-ldap/perl-ldap<br/>has been updated too.<br/><br/>Have fun<br/>Peter<br/><br/>0.60 -- Sat Mar 8 14:00:02 CET 2014<br/><br/>Enhancements:<br/>* IO::Socket::IP support<br/> - if installed in version 0.20 or higher, prefer it over IO::Socket::INET*<br/> - use IO::Socket::INET* as fallback if it isn&#39;t installed<br/> - this solves RT#93122, which IMHO is not really a bug of perl-ldap<br/>* remove trailing whitespace in contrib/*<br/><br/>-- <br/>Peter Marschall<br/>peter@adpm.de<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/03/msg3753.html Sat, 08 Mar 2014 13:34:49 +0000 Re: IO::Socket::IP for perl-ldap? by Paul "LeoNerd" Evans On Wed, 05 Mar 2014 11:31:29 +0100<br/>Peter Marschall &lt;peter@adpm.de&gt; wrote:<br/><br/>&gt; Oops, now you got me.<br/>&gt; I did not check doings tests, but relied on the manual pages of<br/>&gt; IO::Socket::IP only.<br/>&gt; <br/>&gt; Maybe I got confused by those two facts<br/>&gt; * In older versions, of IO::Socket::IP, it mentioned the Timeout<br/>&gt; option in the list of incompatibilities with IO::Socket::INET*.<br/>&gt; (This changed in versions &gt; 0.25 (<br/>&gt; * In recent version of the man page this warning has gone, but<br/>&gt; unfortunately Timeout is not mentioned in the list of supported<br/>&gt; options either.<br/>&gt; <br/>&gt; Paul,<br/>&gt; from the mail above, I get it that Timeout is working in<br/>&gt; IO::Socket::IP. Can you confirm?<br/>&gt; Additionally, may I ask you to add Timeout to the documentation?<br/><br/>Ah yes; this is actually down to a misunderstanding on my part.<br/><br/>Originally I had presumed that IO::Socket::IP would have to implement<br/>the &quot;Timeout&quot; option, because IO::Socket::INET lists it in its<br/>documentation. However, on reading the source code I discovered<br/>that ::INET doesn&#39;t implement it; the code to actually implement that<br/>option appears entirely within IO::Socket itself, which ::INET<br/>inherits from. Because ::IP is also a subclass of plain IO::Socket, it<br/>automatically inherits the Timeout option.<br/><br/>Ideally core&#39;s documentation should be changed to document Timeout in<br/>IO::Socket rather than IO::Socket::INET, which would also solve this<br/>issue.<br/><br/>But long story short: IO::Socket::IP supports the Timeout option in the<br/>same way that IO::Socket::INET documents for itself.<br/><br/>-- <br/>Paul &quot;LeoNerd&quot; Evans<br/><br/>leonerd@leonerd.org.uk<br/>ICQ# 4135350 | Registered Linux# 179460<br/>http://www.leonerd.org.uk/<br/> http://www.nntp.perl.org/group/perl.ldap/2014/03/msg3752.html Thu, 06 Mar 2014 03:37:21 +0000 Re: IO::Socket::IP for perl-ldap? by Peter Marschall Hi,<br/><br/>On Wednesday, 5. March 2014 11:32:52 Paul LeoNerd Evans wrote:<br/>&gt; On Wed, 05 Mar 2014 11:31:29 +0100 Peter Marschall &lt;peter@adpm.de&gt; wrote:<br/>&gt; &gt; Paul,<br/>&gt; &gt; from the mail above, I get it that Timeout is working in<br/>&gt; &gt; IO::Socket::IP. Can you confirm?<br/>&gt; &gt; Additionally, may I ask you to add Timeout to the documentation?<br/>&gt; <br/>&gt; Ah yes; this is actually down to a misunderstanding on my part.<br/>I&#39;m glad I am not the only one ;-))<br/><br/>&gt; Originally I had presumed that IO::Socket::IP would have to implement<br/>&gt; the &quot;Timeout&quot; option, because IO::Socket::INET lists it in its<br/>&gt; documentation. However, on reading the source code I discovered<br/>&gt; that ::INET doesn&#39;t implement it; the code to actually implement that<br/>&gt; option appears entirely within IO::Socket itself, which ::INET<br/>&gt; inherits from. Because ::IP is also a subclass of plain IO::Socket, it<br/>&gt; automatically inherits the Timeout option.<br/>Ah, that makes it clear.<br/><br/>&gt; Ideally core&#39;s documentation should be changed to document Timeout in<br/>&gt; IO::Socket rather than IO::Socket::INET, which would also solve this<br/>&gt; issue.<br/>Until that happens, why not adding it to the IO::Socket::IP POD (to have<br/>it more complete)? Please?!<br/><br/>&gt; But long story short: IO::Socket::IP supports the Timeout option in the<br/>&gt; same way that IO::Socket::INET documents for itself.<br/>Thanks for the clarification.<br/><br/>I guess it is time for a new version of perl-ldap with IO::Socket::IP n the <br/>next days.<br/><br/>Thanks<br/>Peter<br/><br/>-- <br/>Peter Marschall<br/>peter@adpm.de<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/03/msg3751.html Wed, 05 Mar 2014 14:44:00 +0000 Re: IO::Socket::IP for perl-ldap? by Peter Marschall Hi,<br/><br/>On Wednesday, 5. March 2014 10:17:12 Michiel Beijen wrote:<br/>&gt; On Tue, Mar 4, 2014 at 7:56 PM, Peter Marschall &lt;peter@adpm.de&gt; wrote:<br/>&gt; &gt; But there&#39;s a downside too:<br/>&gt; &gt; With IO::Socket::IP, the option Timeout to Net::LDAP-&gt;new() will be<br/>&gt; &gt; ignored.<br/>&gt; I asked Paul (cc) about this and he replied &quot;In what sense do you<br/>&gt; believe the &quot;Timeout&quot; option doesn&#39;t work? It works exactly the same<br/>&gt; in IO::Socket::IP as it does in IO::Socket::INET or indeed IO::Socket<br/>&gt; itself.&quot; and I think this is a fair question! There is also no bug in<br/>&gt; the RT for IO::Socket::IP about any issue. What is the exact problem<br/>&gt; you see?<br/><br/>Oops, now you got me.<br/>I did not check doings tests, but relied on the manual pages of IO::Socket::IP <br/>only.<br/><br/>Maybe I got confused by those two facts<br/>* In older versions, of IO::Socket::IP, it mentioned the Timeout option<br/> in the list of incompatibilities with IO::Socket::INET*.<br/> (This changed in versions &gt; 0.25 (<br/>* In recent version of the man page this warning has gone, but unfortunately<br/> Timeout is not mentioned in the list of supported options either.<br/><br/>Paul,<br/>from the mail above, I get it that Timeout is working in IO::Socket::IP.<br/>Can you confirm?<br/>Additionally, may I ask you to add Timeout to the documentation?<br/><br/><br/>Thanks in advance (and also to Michiel for the correction)<br/>Peter<br/>-- <br/>Peter Marschall<br/>peter@adpm.de<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/03/msg3750.html Wed, 05 Mar 2014 10:31:41 +0000 Re: IO::Socket::IP for perl-ldap? by Michiel Beijen Hi Peter,<br/><br/>On Tue, Mar 4, 2014 at 7:56 PM, Peter Marschall &lt;peter@adpm.de&gt; wrote:<br/>&gt;<br/>&gt; with IO::Socket::IP becoming more and more widespread (it is said to become a<br/>&gt; part of the standard modules shipped with Perl 5.20), I am wondering i should<br/>&gt; switch perl-ldap over to it too?<br/>&gt;<br/>&gt; My idea is to prefer IO::Socket::IP over IO::Socket::INET6 if the former one<br/>&gt; is installed, but fall back to the latter if it isn&#39;t.<br/><br/>A very good idea!<br/><br/>&gt; But there&#39;s a downside too:<br/>&gt; With IO::Socket::IP, the option Timeout to Net::LDAP-&gt;new() will be ignored.<br/><br/>I asked Paul (cc) about this and he replied &quot;In what sense do you<br/>believe the &quot;Timeout&quot; option doesn&#39;t work? It works exactly the same<br/>in IO::Socket::IP as it does in IO::Socket::INET or indeed IO::Socket<br/>itself.&quot; and I think this is a fair question! There is also no bug in<br/>the RT for IO::Socket::IP about any issue. What is the exact problem<br/>you see?<br/>--<br/>Mike<br/> http://www.nntp.perl.org/group/perl.ldap/2014/03/msg3749.html Wed, 05 Mar 2014 09:17:41 +0000 Re: IO::Socket::IP for perl-ldap? by Gary Greene On Mar 4, 2014, at 12:50 PM, Danny Thomas &lt;d.thomas@its.uq.edu.au&gt; wrote:<br/>&gt; <br/>&gt; On 05/03/2014, at 5:42 AM, Gary Greene wrote:<br/>&gt; <br/>&gt;&gt; Are the devs for IO::Socket::IP open to adding a patch to make timeout work?<br/>&gt; to make it into core it must cause minimal problems<br/>&gt; to existing code, so any such cases are treated seriously, e.g.<br/>&gt; http://www.nntp.perl.org/group/perl.perl5.porters/2014/02/msg213008.html<br/>&gt; <br/>&gt; http://search.cpan.org/~pevans/IO-Socket-IP-0.29/lib/IO/Socket/IP.pm#IO::Socket::INET_INCOMPATIBILITES<br/>&gt; currently only lists Multihomed, e.g. this cropped up with Mojolicious.<br/>&gt; <br/><br/>I was thinking that the timeout could be wrapped in the Net::LDAP code, and add a new sub routine to IO::Socket::IP that would honour the added timeout value. This way existent code doesn&rsquo;t get affected, and the change is purely internal to the implementation.....<br/><br/>Gary L. Greene, Jr.<br/>================================================================================<br/>Volunteer Developer for the AltimatOS and KDE F/OSS projects.<br/>Please refrain from sending me closed office formats.<br/>================================================================================<br/><br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/03/msg3748.html Tue, 04 Mar 2014 23:14:17 +0000 Re: IO::Socket::IP for perl-ldap? by Danny Thomas <br/>On 05/03/2014, at 5:42 AM, Gary Greene wrote:<br/><br/>&gt; Are the devs for IO::Socket::IP open to adding a patch to make timeout work?<br/>to make it into core it must cause minimal problems<br/>to existing code, so any such cases are treated seriously, e.g.<br/> http://www.nntp.perl.org/group/perl.perl5.porters/2014/02/msg213008.html<br/><br/>http://search.cpan.org/~pevans/IO-Socket-IP-0.29/lib/IO/Socket/IP.pm#IO::Socket::INET_INCOMPATIBILITES<br/>currently only lists Multihomed, e.g. this cropped up with Mojolicious.<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/03/msg3747.html Tue, 04 Mar 2014 20:50:18 +0000 Re: IO::Socket::IP for perl-ldap? by Gary Greene On Mar 4, 2014, at 10:56 AM, Peter Marschall &lt;peter@adpm.de&gt; wrote:<br/>&gt; Hi,<br/>&gt; <br/>&gt; with IO::Socket::IP becoming more and more widespread (it is said to become a <br/>&gt; part of the standard modules shipped with Perl 5.20), I am wondering i should <br/>&gt; switch perl-ldap over to it too?<br/>&gt; <br/>&gt; My idea is to prefer IO::Socket::IP over IO::Socket::INET6 if the former one <br/>&gt; is installed, but fall back to the latter if it isn&#39;t.<br/>&gt; <br/>&gt; But there&#39;s a downside too:<br/>&gt; With IO::Socket::IP, the option Timeout to Net::LDAP-&gt;new() will be ignored.<br/>&gt; <br/>&gt; If it wasn&#39;t for this change, I would already have switched, as some recent <br/>&gt; versions of Strawberry Perl for Windows broke perl-ldap with IO::Socket::INET6<br/>&gt; <br/>&gt; What&#39;s your opinion?<br/><br/>Are the devs for IO::Socket::IP open to adding a patch to make timeout work?<br/><br/>&mdash;<br/>Gary L. Greene, Jr.<br/>================================================================================<br/>Volunteer Developer for the AltimatOS and KDE F/OSS projects.<br/>Please refrain from sending me closed office formats.<br/>================================================================================<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/03/msg3746.html Tue, 04 Mar 2014 19:42:03 +0000 IO::Socket::IP for perl-ldap? by Peter Marschall Hi,<br/><br/>with IO::Socket::IP becoming more and more widespread (it is said to become a <br/>part of the standard modules shipped with Perl 5.20), I am wondering i should <br/>switch perl-ldap over to it too?<br/><br/>My idea is to prefer IO::Socket::IP over IO::Socket::INET6 if the former one <br/>is installed, but fall back to the latter if it isn&#39;t.<br/><br/>But there&#39;s a downside too:<br/>With IO::Socket::IP, the option Timeout to Net::LDAP-&gt;new() will be ignored.<br/><br/>If it wasn&#39;t for this change, I would already have switched, as some recent <br/>versions of Strawberry Perl for Windows broke perl-ldap with IO::Socket::INET6<br/><br/>What&#39;s your opinion?<br/><br/>Best<br/>PEter<br/><br/>-- <br/>Peter Marschall<br/>peter@adpm.de<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/03/msg3745.html Tue, 04 Mar 2014 18:56:28 +0000 perl-ldap 0.59 is out by Peter Marschall Hi all,<br/><br/>Hi all,<br/><br/>I just released perl-ldap 0.59 to CPAN:<br/> http://search.cpan.org/dist/perl-ldap/<br/>It contains the usual enhancements and fixes; see below.<br/><br/>For those of you directly pulling from GitHub, the repository<br/> https://github.com/perl-ldap/perl-ldap<br/>has been updated accordingly.<br/><br/>Have fun<br/>Peter<br/><br/>0.59 -- Tue Mar 4 16:21:15 CET 2014<br/><br/>Bug Fixes:<br/>* Handle SASL security layers correctly on rebind<br/> Thanks Ben Morrow &lt;ben@morrow.me.uk&gt;<br/>* Control/Paged.pm: fix typo in POD sample code<br/><br/>Enhancements:<br/>* t/60cancel.t: add explanation about potential cause of failure<br/>* LDAP.pm: accessor method sasl for Authen::SASL object<br/>* LDAP.pm: adapt socket() to support SASL layers<br/>* Message.pod: consolidate dcwocumentation of control()<br/>* Control.pm: documentation update<br/>* LDAP.pod: add note about IO::Socket::IP and Timeout<br/>* LDIF.pm: overhaul<br/> - set error when write fails<br/> - simplify _read_entry<br/> - simplify _write_entry<br/> - coding style harmonization<br/> - error checks when reading changetype: delete<br/> - make _error() return undef/empty list, adapt callers<br/> - refactor handling DNs when reading<br/> - new method _read_attribute_value()<br/><br/>-- <br/>Peter Marschall<br/>peter@adpm.de<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/03/msg3744.html Tue, 04 Mar 2014 18:48:23 +0000 Re: Convert::ASN1 error by Robert Lowe Jerome,<br/><br/>Thanks for the suggestion! I&#39;ll try a few things and report back!!!<br/><br/>-Robert<br/><br/><br/><br/>On Tue, Jan 7, 2014 at 11:58 AM, Jerome Cartagena &lt;<br/>jerome.cartagena@gmail.com&gt; wrote:<br/><br/>&gt; Hey Robert,<br/>&gt;<br/>&gt; This is clunky, but have you tried declaring an array variable with<br/>&gt; maxPwdAge and passing in the reference to the array within the search?<br/>&gt;<br/>&gt; ex<br/>&gt;<br/>&gt; my @attrlist = qw(maxPwdAge);<br/>&gt; my $mesg = $ldap-&gt;search( base =&gt; $ROOTDN,<br/>&gt; attrs =&gt; \@attrlist,<br/>&gt;<br/>&gt; scope =&gt; &#39;base&#39;,<br/>&gt; filter =&gt; &quot;distinguishedName=$ROOTDN&quot;<br/>&gt; );<br/>&gt;<br/>&gt; -Jerome<br/>&gt;<br/>&gt;<br/>&gt;<br/>&gt; On Thu, Jan 2, 2014 at 4:58 PM, Robert Lowe &lt;robert.h.lowe@gmail.com&gt;wrote:<br/>&gt;<br/>&gt;&gt; Forwarding per Graham&#39;s suggestion... any insight would be greatly<br/>&gt;&gt; appreciated!!!<br/>&gt;&gt;<br/>&gt;&gt; -Robert<br/>&gt;&gt;<br/>&gt;&gt; ---------- Forwarded message ----------<br/>&gt;&gt; From: Graham Barr &lt;gbarr@cpan.org&gt;<br/>&gt;&gt; Date: Thu, Jan 2, 2014 at 3:42 PM<br/>&gt;&gt; Subject: Re: Convert::ASN1 error<br/>&gt;&gt; To: Robert Lowe &lt;robert.h.lowe@gmail.com&gt;<br/>&gt;&gt;<br/>&gt;&gt;<br/>&gt;&gt; Everything looks right to me, but I have not worked with Net::LDAP for<br/>&gt;&gt; sometime myself. there is a list ldap@perl.org that may be able to help,<br/>&gt;&gt; Convert::ASN1 has not changed in a long time so if this is the cause of a<br/>&gt;&gt; code change it is likely to be in Net::LDAP<br/>&gt;&gt;<br/>&gt;&gt;<br/>&gt;&gt; On Dec 31, 2013, at 14:49 , Robert Lowe &lt;robert.h.lowe@gmail.com&gt; wrote:<br/>&gt;&gt;<br/>&gt;&gt; Hi,<br/>&gt;&gt;<br/>&gt;&gt; I&#39;m using Net::LDAP (see code snippet below, which worked for several<br/>&gt;&gt; years), which calls Convert::ASN1 somewhere and in turn generates the<br/>&gt;&gt; following error:<br/>&gt;&gt;<br/>&gt;&gt; Can not use string (&quot;maxPwdAge&quot;) as an ARRAY ref while &quot;strict refs&quot; in<br/>&gt;&gt; use at / usr/share/perl5/vendor_perl/Convert/ASN1/_encode.pm line 269.<br/>&gt;&gt;<br/>&gt;&gt; My fault? Or somewhere else? If you&#39;d like I can send you the entire<br/>&gt;&gt; script, but if this is a known issue, I thought you&#39;d know right.<br/>&gt;&gt;<br/>&gt;&gt; --<br/>&gt;&gt;<br/>&gt;&gt; # Retrieve the maxPwdAge field<br/>&gt;&gt; my $mesg = $ldap-&gt;search( base =&gt; $ROOTDN,<br/>&gt;&gt; attrs =&gt; [ &#39;maxPwdAge&#39; ],<br/>&gt;&gt; scope =&gt; &#39;base&#39;,<br/>&gt;&gt; filter =&gt; &quot;distinguishedName=$ROOTDN&quot;<br/>&gt;&gt; );<br/>&gt;&gt;<br/>&gt;&gt; # Die if there was an error<br/>&gt;&gt; $mesg-&gt;code &amp;&amp; die $mesg-&gt;error;<br/>&gt;&gt;<br/>&gt;&gt; # Get the first entry<br/>&gt;&gt; my $entry = $mesg-&gt;entry(0);<br/>&gt;&gt;<br/>&gt;&gt; # Get the maxPwdAge attribute -- it is maximum age of a password in<br/>&gt;&gt; # 10 millionths of a second before expiration.<br/>&gt;&gt; # For some reason, this value is negative.<br/>&gt;&gt; my $maxPwdAge = $entry-&gt;get_value( &#39;maxPwdAge&#39; );<br/>&gt;&gt;<br/>&gt;&gt; -Robert<br/>&gt;&gt;<br/>&gt;&gt;<br/>&gt;&gt;<br/>&gt;&gt;<br/>&gt;<br/>&gt;<br/>&gt; --<br/>&gt;<br/>&gt; ~Jerome<br/>&gt;<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/01/msg3743.html Wed, 08 Jan 2014 00:29:42 +0000 Re: Convert::ASN1 error by Jerome Cartagena Hey Robert,<br/><br/>This is clunky, but have you tried declaring an array variable with<br/>maxPwdAge and passing in the reference to the array within the search?<br/><br/>ex<br/><br/>my @attrlist = qw(maxPwdAge);<br/>my $mesg = $ldap-&gt;search( base =&gt; $ROOTDN,<br/> attrs =&gt; \@attrlist,<br/> scope =&gt; &#39;base&#39;,<br/> filter =&gt; &quot;distinguishedName=$ROOTDN&quot;<br/> );<br/><br/>-Jerome<br/><br/><br/><br/>On Thu, Jan 2, 2014 at 4:58 PM, Robert Lowe &lt;robert.h.lowe@gmail.com&gt; wrote:<br/><br/>&gt; Forwarding per Graham&#39;s suggestion... any insight would be greatly<br/>&gt; appreciated!!!<br/>&gt;<br/>&gt; -Robert<br/>&gt;<br/>&gt; ---------- Forwarded message ----------<br/>&gt; From: Graham Barr &lt;gbarr@cpan.org&gt;<br/>&gt; Date: Thu, Jan 2, 2014 at 3:42 PM<br/>&gt; Subject: Re: Convert::ASN1 error<br/>&gt; To: Robert Lowe &lt;robert.h.lowe@gmail.com&gt;<br/>&gt;<br/>&gt;<br/>&gt; Everything looks right to me, but I have not worked with Net::LDAP for<br/>&gt; sometime myself. there is a list ldap@perl.org that may be able to help,<br/>&gt; Convert::ASN1 has not changed in a long time so if this is the cause of a<br/>&gt; code change it is likely to be in Net::LDAP<br/>&gt;<br/>&gt;<br/>&gt; On Dec 31, 2013, at 14:49 , Robert Lowe &lt;robert.h.lowe@gmail.com&gt; wrote:<br/>&gt;<br/>&gt; Hi,<br/>&gt;<br/>&gt; I&#39;m using Net::LDAP (see code snippet below, which worked for several<br/>&gt; years), which calls Convert::ASN1 somewhere and in turn generates the<br/>&gt; following error:<br/>&gt;<br/>&gt; Can not use string (&quot;maxPwdAge&quot;) as an ARRAY ref while &quot;strict refs&quot; in<br/>&gt; use at / usr/share/perl5/vendor_perl/Convert/ASN1/_encode.pm line 269.<br/>&gt;<br/>&gt; My fault? Or somewhere else? If you&#39;d like I can send you the entire<br/>&gt; script, but if this is a known issue, I thought you&#39;d know right.<br/>&gt;<br/>&gt; --<br/>&gt;<br/>&gt; # Retrieve the maxPwdAge field<br/>&gt; my $mesg = $ldap-&gt;search( base =&gt; $ROOTDN,<br/>&gt; attrs =&gt; [ &#39;maxPwdAge&#39; ],<br/>&gt; scope =&gt; &#39;base&#39;,<br/>&gt; filter =&gt; &quot;distinguishedName=$ROOTDN&quot;<br/>&gt; );<br/>&gt;<br/>&gt; # Die if there was an error<br/>&gt; $mesg-&gt;code &amp;&amp; die $mesg-&gt;error;<br/>&gt;<br/>&gt; # Get the first entry<br/>&gt; my $entry = $mesg-&gt;entry(0);<br/>&gt;<br/>&gt; # Get the maxPwdAge attribute -- it is maximum age of a password in<br/>&gt; # 10 millionths of a second before expiration.<br/>&gt; # For some reason, this value is negative.<br/>&gt; my $maxPwdAge = $entry-&gt;get_value( &#39;maxPwdAge&#39; );<br/>&gt;<br/>&gt; -Robert<br/>&gt;<br/>&gt;<br/>&gt;<br/>&gt;<br/><br/><br/>-- <br/><br/>~Jerome<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/01/msg3742.html Tue, 07 Jan 2014 16:58:29 +0000 Re: Convert::ASN1 error by Robert Lowe Bump... any ideas?? Or should I be asking elsewhere?<br/><br/>-Robert<br/><br/>On Thu, Jan 2, 2014 at 7:58 PM, Robert Lowe wrote:<br/><br/>&gt; Forwarding per Graham&#39;s suggestion... any insight would be greatly<br/>&gt; appreciated!!!<br/>&gt;<br/>&gt; -Robert<br/>&gt;<br/>&gt; ---------- Forwarded message ----------<br/>&gt; From: Graham Barr<br/>&gt; Date: Thu, Jan 2, 2014 at 3:42 PM<br/>&gt; Subject: Re: Convert::ASN1 error<br/>&gt; To: Robert Lowe<br/>&gt;<br/>&gt;<br/>&gt; Everything looks right to me, but I have not worked with Net::LDAP for<br/>&gt; sometime myself. there is a list ldap@perl.org that may be able to help,<br/>&gt; Convert::ASN1 has not changed in a long time so if this is the cause of a<br/>&gt; code change it is likely to be in Net::LDAP<br/>&gt;<br/>&gt;<br/>&gt; On Dec 31, 2013, at 14:49 , Robert Lowe wrote:<br/>&gt;<br/>&gt; Hi,<br/>&gt;<br/>&gt; I&#39;m using Net::LDAP (see code snippet below, which worked for several<br/>&gt; years), which calls Convert::ASN1 somewhere and in turn generates the<br/>&gt; following error:<br/>&gt;<br/>&gt; Can not use string (&quot;maxPwdAge&quot;) as an ARRAY ref while &quot;strict refs&quot; in<br/>&gt; use at / usr/share/perl5/vendor_perl/Convert/ASN1/_encode.pm line 269.<br/>&gt;<br/>&gt; My fault? Or somewhere else? If you&#39;d like I can send you the entire<br/>&gt; script, but if this is a known issue, I thought you&#39;d know right.<br/>&gt;<br/>&gt; --<br/>&gt;<br/>&gt; # Retrieve the maxPwdAge field<br/>&gt; my $mesg = $ldap-&gt;search( base =&gt; $ROOTDN,<br/>&gt; attrs =&gt; [ &#39;maxPwdAge&#39; ],<br/>&gt; scope =&gt; &#39;base&#39;,<br/>&gt; filter =&gt; &quot;distinguishedName=$ROOTDN&quot;<br/>&gt; );<br/>&gt;<br/>&gt; # Die if there was an error<br/>&gt; $mesg-&gt;code &amp;&amp; die $mesg-&gt;error;<br/>&gt;<br/>&gt; # Get the first entry<br/>&gt; my $entry = $mesg-&gt;entry(0);<br/>&gt;<br/>&gt; # Get the maxPwdAge attribute -- it is maximum age of a password in<br/>&gt; # 10 millionths of a second before expiration.<br/>&gt; # For some reason, this value is negative.<br/>&gt; my $maxPwdAge = $entry-&gt;get_value( &#39;maxPwdAge&#39; );<br/>&gt;<br/>&gt; -Robert<br/>&gt;<br/>&gt;<br/>&gt;<br/>&gt;<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/01/msg3741.html Tue, 07 Jan 2014 01:28:14 +0000 Fwd: Convert::ASN1 error by Robert Lowe Forwarding per Graham&#39;s suggestion... any insight would be greatly<br/>appreciated!!!<br/><br/>-Robert<br/><br/>---------- Forwarded message ----------<br/>From: Graham Barr &lt;gbarr@cpan.org&gt;<br/>Date: Thu, Jan 2, 2014 at 3:42 PM<br/>Subject: Re: Convert::ASN1 error<br/>To: Robert Lowe &lt;robert.h.lowe@gmail.com&gt;<br/><br/><br/>Everything looks right to me, but I have not worked with Net::LDAP for<br/>sometime myself. there is a list ldap@perl.org that may be able to help,<br/>Convert::ASN1 has not changed in a long time so if this is the cause of a<br/>code change it is likely to be in Net::LDAP<br/><br/><br/>On Dec 31, 2013, at 14:49 , Robert Lowe &lt;robert.h.lowe@gmail.com&gt; wrote:<br/><br/>Hi,<br/><br/>I&#39;m using Net::LDAP (see code snippet below, which worked for several<br/>years), which calls Convert::ASN1 somewhere and in turn generates the<br/>following error:<br/><br/>Can not use string (&quot;maxPwdAge&quot;) as an ARRAY ref while &quot;strict refs&quot; in use at<br/>/ usr/share/perl5/vendor_perl/Convert/ASN1/_encode.pm line 269.<br/><br/>My fault? Or somewhere else? If you&#39;d like I can send you the entire<br/>script, but if this is a known issue, I thought you&#39;d know right.<br/><br/>--<br/><br/># Retrieve the maxPwdAge field<br/>my $mesg = $ldap-&gt;search( base =&gt; $ROOTDN,<br/> attrs =&gt; [ &#39;maxPwdAge&#39; ],<br/> scope =&gt; &#39;base&#39;,<br/> filter =&gt; &quot;distinguishedName=$ROOTDN&quot;<br/> );<br/><br/># Die if there was an error<br/>$mesg-&gt;code &amp;&amp; die $mesg-&gt;error;<br/><br/># Get the first entry<br/>my $entry = $mesg-&gt;entry(0);<br/><br/># Get the maxPwdAge attribute -- it is maximum age of a password in<br/># 10 millionths of a second before expiration.<br/># For some reason, this value is negative.<br/>my $maxPwdAge = $entry-&gt;get_value( &#39;maxPwdAge&#39; );<br/><br/>-Robert<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2014/01/msg3740.html Fri, 03 Jan 2014 00:58:30 +0000 Released perl-ldap 0.58 by Peter Marschall Hi all,<br/><br/>after a hiatus due to real life, I just release perl-ldap 0.58 to CPAN:<br/> http://search.cpan.org/dist/perl-ldap/<br/>The changes included are listed at the end of this email.<br/><br/>For those of you directly pulling from GitHub, the repository<br/> https://github.com/perl-ldap/perl-ldap<br/>has been updated accordingly.<br/><br/>Enjoy<br/>Peter<br/><br/>0.58 -- Mon Dec 23 17:35:53 CET 2013<br/><br/>Bug Fixes:<br/>* RT#91210: Paged.pm: fix example code<br/>* RT#90459: LDAP.pm: make LDAPS work after LDAP+start_tls<br/>* RT#91177: AD.pm: fix change_ADpassword()<br/>* RT#88792: Constant.pm: add LDAP_CONTROL_SORTRESPONSE<br/><br/>Enhancements:<br/>* Filter.pod: remove misleading text<br/>* typo fixes<br/>* RT#91156: add META.json<br/>* DSML.pm, Protocol/ldap.pm: use MIME::Base64::decode()<br/>* make MIME::Base64 mandatory<br/>* README: update optional modules, slight reorganization<br/>* Entry.pod: update documentation of N:L:E-&gt;update<br/>* Makefile.PL: require Text::Soundex for tests<br/><br/><br/>-- <br/>Peter Marschall<br/>peter@adpm.de<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2013/12/msg3739.html Mon, 23 Dec 2013 18:01:43 +0000 Net::LDAP::Control::Paged unexpected behavior using multiple pagedsearches against AD [SEC=UNCLASSIFIED] by Keith Morrell <br/> http://www.nntp.perl.org/group/perl.ldap/2013/11/msg3738.html Sat, 30 Nov 2013 23:14:32 +0000 Net::LDAP, IPv6 and Windows by Michiel Beijen Hi,<br/><br/>I know there has been some debate in the past over Net::LDAP and IPv6.<br/><br/>The problem I have is that Net::LDAP uses IO::Socket::INET6 for it&#39;s<br/>IPv6 handling which depends on Socket6. Socket6 has last been updated<br/>in 2008 and does not compile on Windows - see<br/>https://rt.cpan.org/Ticket/Display.html?id=75211<br/><br/>Of course I do understand this is not per se to blame on Net::LDAP,<br/>but it means essentially that you can&#39;t use Net::LDAP to connect from<br/>Windows to LDAP servers via IPv6.<br/><br/>I&#39;d like to propose to use IO::Socket::IP<br/>(https://metacpan.org/release/IO-Socket-IP) which is &quot;A drop-in<br/>replacement for IO::Socket::INET supporting both IPv4 and IPv6&quot; - it<br/>will allow to simplify Net::LDAPs code possibly, and improve the IPv6<br/>situation for Windows people.<br/><br/>Of course this should not per se need to pose an extra dependency on<br/>Net::LDAP; in a similar way as today IO::Socket::INET6 is only loaded<br/>if it is present, we could do the same with IO::Socket::IP, and fall<br/>back to IPv4-only IO::Socket::INET.<br/><br/>Please let me know any concerns or suggestions you might have to the above.<br/><br/>--<br/>Mike<br/> http://www.nntp.perl.org/group/perl.ldap/2013/11/msg3737.html Fri, 22 Nov 2013 09:44:48 +0000 Re: searching hostname section of nisNetgroupTriple by Christopher Bongaarts Since you can probably assume that the triples will have all three <br/>fields, you can probably get away with the simpler filter:<br/><br/> (nisNetgroupTriple=$host,*)<br/><br/>especially if you can ensure $host does not contain any commas.<br/><br/>One possibility for your problem is your directory server doesn&#39;t index <br/>single character substrings (so the comma alone will never match).<br/><br/>On 10/30/2013 12:41 AM, Patrick W. wrote:<br/>&gt; Hi,<br/>&gt;<br/>&gt; I am having a bit of problem with ldap search on nisNetgroupTriple attribute.<br/>&gt;<br/>&gt; Getting the list of user netgroups a user ($uid in this example) belongs to work:<br/>&gt;<br/>&gt; my $res = $ldap-&gt;search( base =&gt; $netgrpbasedn, filter =&gt; &quot;(nisNetgroupTriple=*,$uid,*)&quot;, attrs =&gt; [&#39;dn&#39;, &#39;cn&#39;]);<br/>&gt;<br/>&gt;<br/>&gt; But search returns nothing if I do the following, to get a list of host netgroups that a host is belongs to:<br/>&gt;<br/>&gt; my $res = $ldap-&gt;search( base =&gt; $netgrpbasedn, filter =&gt; &quot;(nisNetgroupTriple=$host,*,*)&quot;, attrs =&gt; [&#39;dn&#39;, &#39;cn&#39;]);<br/>&gt;<br/>&gt; The $host will be in the form of fqdn hostname (ie. server.acme.com)<br/>&gt;<br/>&gt; I have tried setting $filter like these also:<br/>&gt;<br/>&gt; $filter = &quot;(nisNetgroupTriple=\($host,*,*\))&quot;<br/>&gt; $filter = &quot;(nisNetgroupTriple=$host,-,-)&quot;<br/>&gt;<br/>&gt; Any pointer will be appreciated.<br/>&gt;<br/>&gt; Patrick<br/><br/><br/>-- <br/>%% Christopher A. Bongaarts %% cab@umn.edu %%<br/>%% OIT - Identity Management %% http://umn.edu/~cab %%<br/>%% University of Minnesota %% +1 (612) 625-1809 %%<br/><br/> http://www.nntp.perl.org/group/perl.ldap/2013/10/msg3736.html Wed, 30 Oct 2013 15:40:43 +0000 searching hostname section of nisNetgroupTriple by Patrick W. Hi,<br/><br/>I am having a bit of problem with ldap search on nisNetgroupTriple attribute.<br/><br/>Getting the list of user netgroups a user ($uid in this example) belongs to work:<br/><br/>my $res = $ldap-&gt;search( base =&gt; $netgrpbasedn, filter =&gt; &quot;(nisNetgroupTriple=*,$uid,*)&quot;, attrs =&gt; [&#39;dn&#39;, &#39;cn&#39;]);<br/><br/><br/>But search returns nothing if I do the following, to get a list of host netgroups that a host is belongs to:<br/><br/>my $res = $ldap-&gt;search( base =&gt; $netgrpbasedn, filter =&gt; &quot;(nisNetgroupTriple=$host,*,*)&quot;, attrs =&gt; [&#39;dn&#39;, &#39;cn&#39;]);<br/><br/>The $host will be in the form of fqdn hostname (ie. server.acme.com)<br/><br/>I have tried setting $filter like these also:<br/><br/>$filter = &quot;(nisNetgroupTriple=\($host,*,*\))&quot;<br/>$filter = &quot;(nisNetgroupTriple=$host,-,-)&quot;<br/><br/>Any pointer will be appreciated.<br/><br/>Patrick<br/> http://www.nntp.perl.org/group/perl.ldap/2013/10/msg3735.html Wed, 30 Oct 2013 06:35:51 +0000