Re: ldapsearch equivalent with Net::LDAP
--- Dennis Putnam <[EMAIL PROTECTED]> wrote:
> Thanks for the reply. I'm not an LDAP expert either
> but this issue is more of a Perl Net::LDAP user than
> an LDAP expert per se. Unfortunately there are no
> real world working script examples readily
> available. The samples that are, show the syntax
> but not the context, making them pretty much
> useless to the novice.
I can't claim to be an expert, but I have worked a
good deal at LDAP both in general and from Perl. Right
you are about there being few examples available (for
values of "few" =~ m/none/). The only LDAP docs I
could manage to find when I was a novice were all
about how nifty the theory of the architecture is,
maybe one document about installing the server, and
absolutely no word on how to set up clients or
otherwise actually use it.
I've been meaning to publish the code I wrote for my
last project to get at least one example out there,
but haven't had the time just yet. (Not that posting
it to my blog would get it out into the aether for
others to readily find...) The script you gave looks
basically correct, though you really should check
whether the binding succeeded. And yes, Net::LDAP::new
sets $@ not $!.
Re not being able to get errors back, the things
Net::LDAP returns are "response objects", these
themselves contain any error messages for what went
wrong, accessible via method calls. This code snippet
from the aforementioned project should help you out.
The bits in all caps are global 'constants' naturally.
# wren ng thornton <[EMAIL PROTECTED]>, 2006, Licenced
under the same terms as Perl
#
# Function to bind to LDAP server with TLS, run a
function, then disconnect
#
# Takes a function as our first argument. That
function recieves a Net::LDAP
#object as its first arg, an error reporting
function as the second, and
#then any extra arguments passed to us.
#
# Returns 0 on success, -1 on connect failure, and the
LDAP error code otherwise
sub connect_to_ldap (&@) {
my ($sub, @user_args) = @_;
sub check_ldap_error {
my ($msg, $result) = @_;
my $code = $result->code();
print STDERR "$0: LDAP Error: $msg: ",
$result->error(), "\n"
if $code;
return $code;
}
# Connect to the server
my $ldap = Net::LDAP->new(@LDAP_NEW_ARGS);
unless (defined $ldap) {
print STDERR "$0: Server Error: Couldn't
connect to server: [EMAIL PROTECTED]";
return -1;
}
# Convert to TLS
my $exit = check_ldap_error("Couldn't convert to
TLS" =>
$ldap->start_tls(@LDAP_TLS_ARGS) );
return $exit if $exit;
# Bind / Authenticate
$exit = check_ldap_error("Couldn't bind to server"
=>
$ldap->bind(@LDAP_BIND_ARGS) );
return $exit if $exit;
# Run the user's code
$exit = &{$sub}($ldap, \&check_ldap_error,
@user_args);
# Don't exit just yet, must unbind first
# Unbind (don't clobber user's return if they had
one)
$exit ||= check_ldap_error("Couldn't unbind from
server" =>
$ldap->unbind() );
return $exit if $exit;
return 0;
}
__END__
Oh, and the filter error you got is because you need
to pass in a filter of what to search for under the
base. If you want everything under the base then you
should use a liberal filter like "(cn=*)" though
generally you never want everything and the server may
hang up on you if you ask for it. I'm quite surprised
that your ldapsearch allows you to get away without
specifying a filter, every version I'm familiar with
will spew errors if you don't pass one.
Live well,
~wren
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
Re: ldapsearch equivalent with Net::LDAP
My previous (albeit limited) attempts to debug dlap calls in perl have
been facilitated by:
1) pulling down a copy of the ldif file.
2) phpldapbrowser.php
Not all ldif files are made the same... custom fields and non-standard
field content can sometimes make it look like your code is wrong when,
in fact, it's doing exactly what you thought it should.
YMMV.
--Shelly (on US Mountain time)
On Nov 27, 2007, at 6:55 AM, Dennis Putnam wrote:
I should have guessed. No one in their right mind would be up this
early. :-)
I tried Dumper and sure enough there was something in
'errorMessage' (I wonder why it didn't give me an error return?). It
said "Bad Filter" so now I have something to work with. Thanks.
On Nov 27, 2007, at 7:46 AM, Jeremiah Foster wrote:
Heh, I am in Stockholm, Central European Time. :)
-Original Message-
From: Dennis Putnam [mailto:[EMAIL PROTECTED]
Sent: den 27 november 2007 13:42
To: macosx@perl.org
Cc: Jeremiah Foster
Subject: Re: ldapsearch equivalent with Net::LDAP
Thanks again. I see you are an early riser too. No, I am not
familiar with that (I'm not a Perl expert either). I'll look
it up and see what it can give me.
On Nov 27, 2007, at 7:17 AM, Jeremiah Foster wrote:
Did you try using Data::Dumper? It is a built-in module and is
incredibly useful. You can use it to dump out the contents of $mesg
for example.
-Original Message-
From: Dennis Putnam [mailto:[EMAIL PROTECTED]
Sent: den 27 november 2007 13:16
To: macosx@perl.org
Cc: Jeremiah Foster
Subject: Re: ldapsearch equivalent with Net::LDAP
Thanks for the reply. I'm not an LDAP expert either but
this issue is
more of a Perl Net::LDAP user than an LDAP expert per se.
Unfortunately there are no real world working script
examples readily
available. The samples that are, show the syntax but not
the context,
making them pretty much useless to the novice.
The script is not 'die'ing so it never really gets to that point.
Whether I use '$!' or '$@' won't matter until I actually
get an error
condition. It appears that everything is working except the search
returns zero entries. Since 'ldapsearch'
works it is clearly not a server problem. That leaves only
the way I
am trying to use Net::LDAP. There does not appear to be any way to
cause Net::LDAP to generate informational messages about
the dialog
that occurs between it and the LDAP server. I don't see any way to
debug this.
On Nov 27, 2007, at 3:20 AM, Jeremiah Foster wrote:
-Original Message-
From: Jeremiah Foster
Sent: den 27 november 2007 09:20
To: 'Dennis Putnam'
Subject: RE: ldapsearch equivalent with Net::LDAP
I am trying to do the equivalent of this search:
ldapsearch -x -LLL -b "dc=ldaphost,dc=mydomain,dc=com" uid
Caveat Emptor: I am no LDAP genius.
Here is one of the many variations I tried:
use strict;
use Net::LDAP;
my $ldap=Net::LDAP->new("ldaphost.mydomain.com") or
die "$@";
Try replacing $@ with $!. You are using $@ which is the
eval error
message, but I don't see where you are using eval. $!
will tell you
what went wrong since it is the sys/libcall error message.
my $mesg=$ldap->bind();
if ($#ARGV<0) {
$mesg=$ldap->search(
base=>"dc=ldaphost,dc=mydomain,dc=com",
attrs=>["uid"]
);
print $mesg->entries(),"\n";
}
else {
}
$ldap->unbind();
I am just starting so my code is incomplete but it should
be enough
to
get something. However, I get nothing, not even an error.
Can someone
see what I am doing wrong? TIA.
See what your code spits out now and diagnose from there.
Hopefully
that is a start.
Jeremiah
<><><><><><><><><><><><><><><><><><><><><><><><><><><><>
Correspondence from Shelly Spearing • [EMAIL PROTECTED]
Team Leader
HPC-1 Scientific Software Engineering Group
Los Alamos National Laboratory
MS B295, Los Alamos, NM 87545
03-132-345505 664 0667 •FAX: 505 665 5402
<><><><><><><><><><><><><><><><><><><><><><><><><><><><>
Re: ldapsearch equivalent with Net::LDAP
I should have guessed. No one in their right mind would be up this
early. :-)
I tried Dumper and sure enough there was something in
'errorMessage' (I wonder why it didn't give me an error return?). It
said "Bad Filter" so now I have something to work with. Thanks.
On Nov 27, 2007, at 7:46 AM, Jeremiah Foster wrote:
Heh, I am in Stockholm, Central European Time. :)
-Original Message-
From: Dennis Putnam [mailto:[EMAIL PROTECTED]
Sent: den 27 november 2007 13:42
To: macosx@perl.org
Cc: Jeremiah Foster
Subject: Re: ldapsearch equivalent with Net::LDAP
Thanks again. I see you are an early riser too. No, I am not
familiar with that (I'm not a Perl expert either). I'll look
it up and see what it can give me.
On Nov 27, 2007, at 7:17 AM, Jeremiah Foster wrote:
Did you try using Data::Dumper? It is a built-in module and is
incredibly useful. You can use it to dump out the contents of $mesg
for example.
-Original Message-
From: Dennis Putnam [mailto:[EMAIL PROTECTED]
Sent: den 27 november 2007 13:16
To: macosx@perl.org
Cc: Jeremiah Foster
Subject: Re: ldapsearch equivalent with Net::LDAP
Thanks for the reply. I'm not an LDAP expert either but
this issue is
more of a Perl Net::LDAP user than an LDAP expert per se.
Unfortunately there are no real world working script
examples readily
available. The samples that are, show the syntax but not
the context,
making them pretty much useless to the novice.
The script is not 'die'ing so it never really gets to that point.
Whether I use '$!' or '$@' won't matter until I actually
get an error
condition. It appears that everything is working except the search
returns zero entries. Since 'ldapsearch'
works it is clearly not a server problem. That leaves only
the way I
am trying to use Net::LDAP. There does not appear to be any way to
cause Net::LDAP to generate informational messages about
the dialog
that occurs between it and the LDAP server. I don't see any way to
debug this.
On Nov 27, 2007, at 3:20 AM, Jeremiah Foster wrote:
-Original Message-
From: Jeremiah Foster
Sent: den 27 november 2007 09:20
To: 'Dennis Putnam'
Subject: RE: ldapsearch equivalent with Net::LDAP
I am trying to do the equivalent of this search:
ldapsearch -x -LLL -b "dc=ldaphost,dc=mydomain,dc=com" uid
Caveat Emptor: I am no LDAP genius.
Here is one of the many variations I tried:
use strict;
use Net::LDAP;
my $ldap=Net::LDAP->new("ldaphost.mydomain.com") or
die "$@";
Try replacing $@ with $!. You are using $@ which is the
eval error
message, but I don't see where you are using eval. $!
will tell you
what went wrong since it is the sys/libcall error message.
my $mesg=$ldap->bind();
if ($#ARGV<0) {
$mesg=$ldap->search(
base=>"dc=ldaphost,dc=mydomain,dc=com",
attrs=>["uid"]
);
print $mesg->entries(),"\n";
}
else {
}
$ldap->unbind();
I am just starting so my code is incomplete but it should
be enough
to
get something. However, I get nothing, not even an error.
Can someone
see what I am doing wrong? TIA.
See what your code spits out now and diagnose from there.
Hopefully
that is a start.
Jeremiah
Re: ldapsearch equivalent with Net::LDAP
Thanks again. I see you are an early riser too. No, I am not familiar
with that (I'm not a Perl expert either). I'll look it up and see
what it can give me.
On Nov 27, 2007, at 7:17 AM, Jeremiah Foster wrote:
Did you try using Data::Dumper? It is a built-in module and is
incredibly useful. You can use it to dump out the contents of $mesg
for
example.
-Original Message-
From: Dennis Putnam [mailto:[EMAIL PROTECTED]
Sent: den 27 november 2007 13:16
To: macosx@perl.org
Cc: Jeremiah Foster
Subject: Re: ldapsearch equivalent with Net::LDAP
Thanks for the reply. I'm not an LDAP expert either but this
issue is more of a Perl Net::LDAP user than an LDAP expert per se.
Unfortunately there are no real world working script examples
readily available. The samples that are, show the syntax but
not the context, making them pretty much useless to the novice.
The script is not 'die'ing so it never really gets to that point.
Whether I use '$!' or '$@' won't matter until I actually get
an error condition. It appears that everything is working
except the search returns zero entries. Since 'ldapsearch'
works it is clearly not a server problem. That leaves only
the way I am trying to use Net::LDAP. There does not appear
to be any way to cause Net::LDAP to generate informational
messages about the dialog that occurs between it and the LDAP
server. I don't see any way to debug this.
On Nov 27, 2007, at 3:20 AM, Jeremiah Foster wrote:
-Original Message-
From: Jeremiah Foster
Sent: den 27 november 2007 09:20
To: 'Dennis Putnam'
Subject: RE: ldapsearch equivalent with Net::LDAP
I am trying to do the equivalent of this search:
ldapsearch -x -LLL -b "dc=ldaphost,dc=mydomain,dc=com" uid
Caveat Emptor: I am no LDAP genius.
Here is one of the many variations I tried:
use strict;
use Net::LDAP;
my $ldap=Net::LDAP->new("ldaphost.mydomain.com") or die "$@";
Try replacing $@ with $!. You are using $@ which is the eval error
message, but I don't see where you are using eval. $! will tell you
what went wrong since it is the sys/libcall error message.
my $mesg=$ldap->bind();
if ($#ARGV<0) {
$mesg=$ldap->search(
base=>"dc=ldaphost,dc=mydomain,dc=com",
attrs=>["uid"]
);
print $mesg->entries(),"\n";
}
else {
}
$ldap->unbind();
I am just starting so my code is incomplete but it should
be enough
to
get something. However, I get nothing, not even an error.
Can someone
see what I am doing wrong? TIA.
See what your code spits out now and diagnose from there. Hopefully
that is a start.
Jeremiah
Re: ldapsearch equivalent with Net::LDAP
Thanks for the reply. I'm not an LDAP expert either but this issue is
more of a Perl Net::LDAP user than an LDAP expert per se.
Unfortunately there are no real world working script examples readily
available. The samples that are, show the syntax but not the context,
making them pretty much useless to the novice.
The script is not 'die'ing so it never really gets to that point.
Whether I use '$!' or '$@' won't matter until I actually get an error
condition. It appears that everything is working except the search
returns zero entries. Since 'ldapsearch' works it is clearly not a
server problem. That leaves only the way I am trying to use
Net::LDAP. There does not appear to be any way to cause Net::LDAP to
generate informational messages about the dialog that occurs between
it and the LDAP server. I don't see any way to debug this.
On Nov 27, 2007, at 3:20 AM, Jeremiah Foster wrote:
-Original Message-
From: Jeremiah Foster
Sent: den 27 november 2007 09:20
To: 'Dennis Putnam'
Subject: RE: ldapsearch equivalent with Net::LDAP
I am trying to do the equivalent of this search:
ldapsearch -x -LLL -b "dc=ldaphost,dc=mydomain,dc=com" uid
Caveat Emptor: I am no LDAP genius.
Here is one of the many variations I tried:
use strict;
use Net::LDAP;
my $ldap=Net::LDAP->new("ldaphost.mydomain.com") or die "$@";
Try replacing $@ with $!. You are using $@ which is the eval error
message, but I don't see where you are using eval. $! will tell you
what
went wrong since it is the sys/libcall error message.
my $mesg=$ldap->bind();
if ($#ARGV<0) {
$mesg=$ldap->search(
base=>"dc=ldaphost,dc=mydomain,dc=com",
attrs=>["uid"]
);
print $mesg->entries(),"\n";
}
else {
}
$ldap->unbind();
I am just starting so my code is incomplete but it should be
enough to
get something. However, I get nothing, not even an error. Can someone
see what I am doing wrong? TIA.
See what your code spits out now and diagnose from there. Hopefully
that
is a start.
Jeremiah
FW: ldapsearch equivalent with Net::LDAP
-Original Message-
From: Jeremiah Foster
Sent: den 27 november 2007 09:20
To: 'Dennis Putnam'
Subject: RE: ldapsearch equivalent with Net::LDAP
> I am trying to do the equivalent of this search:
>
> ldapsearch -x -LLL -b "dc=ldaphost,dc=mydomain,dc=com" uid
Caveat Emptor: I am no LDAP genius.
> Here is one of the many variations I tried:
>
> use strict;
> use Net::LDAP;
>
> my $ldap=Net::LDAP->new("ldaphost.mydomain.com") or die "$@";
Try replacing $@ with $!. You are using $@ which is the eval error
message, but I don't see where you are using eval. $! will tell you what
went wrong since it is the sys/libcall error message.
> my $mesg=$ldap->bind();
>
> if ($#ARGV<0) {
> $mesg=$ldap->search(
> base=>"dc=ldaphost,dc=mydomain,dc=com",
> attrs=>["uid"]
> );
> print $mesg->entries(),"\n";
> }
> else {
> }
> $ldap->unbind();
>
>
> I am just starting so my code is incomplete but it should be enough to
> get something. However, I get nothing, not even an error. Can someone
> see what I am doing wrong? TIA.
See what your code spits out now and diagnose from there. Hopefully that
is a start.
Jeremiah
