I'm still thinking that you have an error earlier on. What version of
ActivePerl are you using?
The SetSecurityDescriptor will fail with just such an error if something
fails, gets set improperly or out of sequence.
Strip your code down to your version of the following code (order matters).
And then put some error-checking in.
<code>
$ace->LetProperty('Trustee',whatever);
$ace->LetProperty('AccessMask',whatever);
$ace->LetProperty('AceType', whatever);
</code>
See if that reveals any other errors.
Steven
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Sunday, July 21, 2002 8:17 AM
To: Steven Manross; [EMAIL PROTECTED]
Subject: RE: "Invalid class string" when performing SetSecurityDescriptor
I had no such luck with the LetProperty on the $aceo-> calls, however, it
did change an error to success for the "$sdo->{DiscretionaryAcl} = $daclo;"
line.
End result still the same. Invalid class string.
Thanks,
Mike
>-- Original Message --
>From: Steven Manross <[EMAIL PROTECTED]>
>To: "'[EMAIL PROTECTED]'"
> <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED]
>Subject: RE: "Invalid class string" when performing
>SetSecurityDescriptor
>Date: Sat, 20 Jul 2002 16:54:45 -0700
>
>
>If you were to have error-checking at all of your:
>
>$aceo->{Whatever}=something;
>
>Calls, you'd probably find that one or all of them were giving you an
>error of "Member Not Found".
>
>The documented solution to this problem is to change these type of
>calls to LetProperty calls.
>
>Namely:
>
>$aceo->LetProperty('Whatever',something);
>
>Search the Archives for LetProperty and you'll see what I mean.
>
>Steven
>
>-----Original Message-----
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED]]
>Sent: Friday, July 19, 2002 4:40 PM
>To: [EMAIL PROTECTED]
>Subject: "Invalid class string" when performing SetSecurityDescriptor
>
>
>I am trying to write a program to add an ace to the acl for several
>thousand users in AD. I have been successful at creating users but I am
>stuck at
the
>asterisk"ed" line near the end of the provided code. I have the
>adssecurity.dll file registered. I have been able, with some other
>code, to retrieve an entire ACL and all of its contents to dump to the
>screen.
>
>Could anyone shed some light for me. I have tried LetProperty also to
>assign the reference to the Discretionary Acl - still works and the
>error continues with the setsecuritydiscriptor - any help is greatly
>appreciated!!!
>
>Error message:
>Win32::OLE(0.1403) error 0x800401f3: "Invalid class string"
> in METHOD/PROPERTYGET "SetSecurityDescriptor"
>
>Code:
>
>use Win32;
>use Win32::OLE;
>
>$NO_CHANGE_PASSWORD = '{ab721a53-1e2f-11d0-9819-00aa0040529b}';
>
>$aceo = Win32::OLE->CreateObject("AccessControlEntry");
>$uo =
>Win32::OLE->GetObject("LDAP://CN=blah,CN=Users,DC=cgwindows,DC=cgc,DC=m
>arico
>pa,DC=edu");
>$security = Win32::OLE->CreateObject("ADsSecurity");
>$sdo =
>$security->GetSecurityDescriptor("LDAP://CN=blah,CN=Users,DC=cgwindows,DC=c
g
>c,DC=maricopa,DC=edu");
>$daclo = $sdo->{DiscretionaryAcl};
>
>$aceo->{AceFlags}=0x0;
>$aceo->{AceType}=0x06;
>$aceo->{Flags}=0x01;
>$aceo->{InheritedObjectType}='';
>$aceo->{ObjectType}=$NO_CHANGE_PASSWORD;
>$aceo->{Trustee}='Everyone';
>
>$daclo->AddAce($aceo);
>$sdo->{DiscretionaryAcl} = $daclo;
>
>$security->SetSecurityDescriptor($sdo); #*****************this line
>gives the error $error = Win32::OLE->LastError(); print $error;
>
>$uo->SetInfo;
>
>exit;
>
>
>Systems Programmer
>
>Only those who have the patience to do simple things perfectly ever
>acquire the skill to do difficult things easily.
>
>Author Unknown
>
>_______________________________________________
>Perl-Win32-Admin mailing list [EMAIL PROTECTED]
>To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
Systems Programmer
Only those who have the patience to do simple things perfectly ever acquire
the skill to do difficult things easily.
Author Unknown
_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
