Re: ldapsearch equivalent with Net::LDAP
--- Dennis Putnam <[EMAIL PROTECTED]> wrote: > Thanks for the reply. I'm not an LDAP expert either > but this issue is more of a Perl Net::LDAP user than > an LDAP expert per se. Unfortunately there are no > real world working script examples readily > available. The samples that are, show the syntax > but not the context, making them pretty much > useless to the novice. I can't claim to be an expert, but I have worked a good deal at LDAP both in general and from Perl. Right you are about there being few examples available (for values of "few" =~ m/none/). The only LDAP docs I could manage to find when I was a novice were all about how nifty the theory of the architecture is, maybe one document about installing the server, and absolutely no word on how to set up clients or otherwise actually use it. I've been meaning to publish the code I wrote for my last project to get at least one example out there, but haven't had the time just yet. (Not that posting it to my blog would get it out into the aether for others to readily find...) The script you gave looks basically correct, though you really should check whether the binding succeeded. And yes, Net::LDAP::new sets $@ not $!. Re not being able to get errors back, the things Net::LDAP returns are "response objects", these themselves contain any error messages for what went wrong, accessible via method calls. This code snippet from the aforementioned project should help you out. The bits in all caps are global 'constants' naturally. # wren ng thornton <[EMAIL PROTECTED]>, 2006, Licenced under the same terms as Perl # # Function to bind to LDAP server with TLS, run a function, then disconnect # # Takes a function as our first argument. That function recieves a Net::LDAP #object as its first arg, an error reporting function as the second, and #then any extra arguments passed to us. # # Returns 0 on success, -1 on connect failure, and the LDAP error code otherwise sub connect_to_ldap (&@) { my ($sub, @user_args) = @_; sub check_ldap_error { my ($msg, $result) = @_; my $code = $result->code(); print STDERR "$0: LDAP Error: $msg: ", $result->error(), "\n" if $code; return $code; } # Connect to the server my $ldap = Net::LDAP->new(@LDAP_NEW_ARGS); unless (defined $ldap) { print STDERR "$0: Server Error: Couldn't connect to server: [EMAIL PROTECTED]"; return -1; } # Convert to TLS my $exit = check_ldap_error("Couldn't convert to TLS" => $ldap->start_tls(@LDAP_TLS_ARGS) ); return $exit if $exit; # Bind / Authenticate $exit = check_ldap_error("Couldn't bind to server" => $ldap->bind(@LDAP_BIND_ARGS) ); return $exit if $exit; # Run the user's code $exit = &{$sub}($ldap, \&check_ldap_error, @user_args); # Don't exit just yet, must unbind first # Unbind (don't clobber user's return if they had one) $exit ||= check_ldap_error("Couldn't unbind from server" => $ldap->unbind() ); return $exit if $exit; return 0; } __END__ Oh, and the filter error you got is because you need to pass in a filter of what to search for under the base. If you want everything under the base then you should use a liberal filter like "(cn=*)" though generally you never want everything and the server may hang up on you if you ask for it. I'm quite surprised that your ldapsearch allows you to get away without specifying a filter, every version I'm familiar with will spew errors if you don't pass one. Live well, ~wren Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
Re: ldapsearch equivalent with Net::LDAP
My previous (albeit limited) attempts to debug dlap calls in perl have been facilitated by: 1) pulling down a copy of the ldif file. 2) phpldapbrowser.php Not all ldif files are made the same... custom fields and non-standard field content can sometimes make it look like your code is wrong when, in fact, it's doing exactly what you thought it should. YMMV. --Shelly (on US Mountain time) On Nov 27, 2007, at 6:55 AM, Dennis Putnam wrote: I should have guessed. No one in their right mind would be up this early. :-) I tried Dumper and sure enough there was something in 'errorMessage' (I wonder why it didn't give me an error return?). It said "Bad Filter" so now I have something to work with. Thanks. On Nov 27, 2007, at 7:46 AM, Jeremiah Foster wrote: Heh, I am in Stockholm, Central European Time. :) -Original Message- From: Dennis Putnam [mailto:[EMAIL PROTECTED] Sent: den 27 november 2007 13:42 To: macosx@perl.org Cc: Jeremiah Foster Subject: Re: ldapsearch equivalent with Net::LDAP Thanks again. I see you are an early riser too. No, I am not familiar with that (I'm not a Perl expert either). I'll look it up and see what it can give me. On Nov 27, 2007, at 7:17 AM, Jeremiah Foster wrote: Did you try using Data::Dumper? It is a built-in module and is incredibly useful. You can use it to dump out the contents of $mesg for example. -Original Message- From: Dennis Putnam [mailto:[EMAIL PROTECTED] Sent: den 27 november 2007 13:16 To: macosx@perl.org Cc: Jeremiah Foster Subject: Re: ldapsearch equivalent with Net::LDAP Thanks for the reply. I'm not an LDAP expert either but this issue is more of a Perl Net::LDAP user than an LDAP expert per se. Unfortunately there are no real world working script examples readily available. The samples that are, show the syntax but not the context, making them pretty much useless to the novice. The script is not 'die'ing so it never really gets to that point. Whether I use '$!' or '$@' won't matter until I actually get an error condition. It appears that everything is working except the search returns zero entries. Since 'ldapsearch' works it is clearly not a server problem. That leaves only the way I am trying to use Net::LDAP. There does not appear to be any way to cause Net::LDAP to generate informational messages about the dialog that occurs between it and the LDAP server. I don't see any way to debug this. On Nov 27, 2007, at 3:20 AM, Jeremiah Foster wrote: -Original Message- From: Jeremiah Foster Sent: den 27 november 2007 09:20 To: 'Dennis Putnam' Subject: RE: ldapsearch equivalent with Net::LDAP I am trying to do the equivalent of this search: ldapsearch -x -LLL -b "dc=ldaphost,dc=mydomain,dc=com" uid Caveat Emptor: I am no LDAP genius. Here is one of the many variations I tried: use strict; use Net::LDAP; my $ldap=Net::LDAP->new("ldaphost.mydomain.com") or die "$@"; Try replacing $@ with $!. You are using $@ which is the eval error message, but I don't see where you are using eval. $! will tell you what went wrong since it is the sys/libcall error message. my $mesg=$ldap->bind(); if ($#ARGV<0) { $mesg=$ldap->search( base=>"dc=ldaphost,dc=mydomain,dc=com", attrs=>["uid"] ); print $mesg->entries(),"\n"; } else { } $ldap->unbind(); I am just starting so my code is incomplete but it should be enough to get something. However, I get nothing, not even an error. Can someone see what I am doing wrong? TIA. See what your code spits out now and diagnose from there. Hopefully that is a start. Jeremiah <><><><><><><><><><><><><><><><><><><><><><><><><><><><> Correspondence from Shelly Spearing • [EMAIL PROTECTED] Team Leader HPC-1 Scientific Software Engineering Group Los Alamos National Laboratory MS B295, Los Alamos, NM 87545 03-132-345505 664 0667 •FAX: 505 665 5402 <><><><><><><><><><><><><><><><><><><><><><><><><><><><>
Re: ldapsearch equivalent with Net::LDAP
I should have guessed. No one in their right mind would be up this early. :-) I tried Dumper and sure enough there was something in 'errorMessage' (I wonder why it didn't give me an error return?). It said "Bad Filter" so now I have something to work with. Thanks. On Nov 27, 2007, at 7:46 AM, Jeremiah Foster wrote: Heh, I am in Stockholm, Central European Time. :) -Original Message- From: Dennis Putnam [mailto:[EMAIL PROTECTED] Sent: den 27 november 2007 13:42 To: macosx@perl.org Cc: Jeremiah Foster Subject: Re: ldapsearch equivalent with Net::LDAP Thanks again. I see you are an early riser too. No, I am not familiar with that (I'm not a Perl expert either). I'll look it up and see what it can give me. On Nov 27, 2007, at 7:17 AM, Jeremiah Foster wrote: Did you try using Data::Dumper? It is a built-in module and is incredibly useful. You can use it to dump out the contents of $mesg for example. -Original Message- From: Dennis Putnam [mailto:[EMAIL PROTECTED] Sent: den 27 november 2007 13:16 To: macosx@perl.org Cc: Jeremiah Foster Subject: Re: ldapsearch equivalent with Net::LDAP Thanks for the reply. I'm not an LDAP expert either but this issue is more of a Perl Net::LDAP user than an LDAP expert per se. Unfortunately there are no real world working script examples readily available. The samples that are, show the syntax but not the context, making them pretty much useless to the novice. The script is not 'die'ing so it never really gets to that point. Whether I use '$!' or '$@' won't matter until I actually get an error condition. It appears that everything is working except the search returns zero entries. Since 'ldapsearch' works it is clearly not a server problem. That leaves only the way I am trying to use Net::LDAP. There does not appear to be any way to cause Net::LDAP to generate informational messages about the dialog that occurs between it and the LDAP server. I don't see any way to debug this. On Nov 27, 2007, at 3:20 AM, Jeremiah Foster wrote: -Original Message- From: Jeremiah Foster Sent: den 27 november 2007 09:20 To: 'Dennis Putnam' Subject: RE: ldapsearch equivalent with Net::LDAP I am trying to do the equivalent of this search: ldapsearch -x -LLL -b "dc=ldaphost,dc=mydomain,dc=com" uid Caveat Emptor: I am no LDAP genius. Here is one of the many variations I tried: use strict; use Net::LDAP; my $ldap=Net::LDAP->new("ldaphost.mydomain.com") or die "$@"; Try replacing $@ with $!. You are using $@ which is the eval error message, but I don't see where you are using eval. $! will tell you what went wrong since it is the sys/libcall error message. my $mesg=$ldap->bind(); if ($#ARGV<0) { $mesg=$ldap->search( base=>"dc=ldaphost,dc=mydomain,dc=com", attrs=>["uid"] ); print $mesg->entries(),"\n"; } else { } $ldap->unbind(); I am just starting so my code is incomplete but it should be enough to get something. However, I get nothing, not even an error. Can someone see what I am doing wrong? TIA. See what your code spits out now and diagnose from there. Hopefully that is a start. Jeremiah
Re: ldapsearch equivalent with Net::LDAP
Thanks again. I see you are an early riser too. No, I am not familiar with that (I'm not a Perl expert either). I'll look it up and see what it can give me. On Nov 27, 2007, at 7:17 AM, Jeremiah Foster wrote: Did you try using Data::Dumper? It is a built-in module and is incredibly useful. You can use it to dump out the contents of $mesg for example. -Original Message- From: Dennis Putnam [mailto:[EMAIL PROTECTED] Sent: den 27 november 2007 13:16 To: macosx@perl.org Cc: Jeremiah Foster Subject: Re: ldapsearch equivalent with Net::LDAP Thanks for the reply. I'm not an LDAP expert either but this issue is more of a Perl Net::LDAP user than an LDAP expert per se. Unfortunately there are no real world working script examples readily available. The samples that are, show the syntax but not the context, making them pretty much useless to the novice. The script is not 'die'ing so it never really gets to that point. Whether I use '$!' or '$@' won't matter until I actually get an error condition. It appears that everything is working except the search returns zero entries. Since 'ldapsearch' works it is clearly not a server problem. That leaves only the way I am trying to use Net::LDAP. There does not appear to be any way to cause Net::LDAP to generate informational messages about the dialog that occurs between it and the LDAP server. I don't see any way to debug this. On Nov 27, 2007, at 3:20 AM, Jeremiah Foster wrote: -Original Message- From: Jeremiah Foster Sent: den 27 november 2007 09:20 To: 'Dennis Putnam' Subject: RE: ldapsearch equivalent with Net::LDAP I am trying to do the equivalent of this search: ldapsearch -x -LLL -b "dc=ldaphost,dc=mydomain,dc=com" uid Caveat Emptor: I am no LDAP genius. Here is one of the many variations I tried: use strict; use Net::LDAP; my $ldap=Net::LDAP->new("ldaphost.mydomain.com") or die "$@"; Try replacing $@ with $!. You are using $@ which is the eval error message, but I don't see where you are using eval. $! will tell you what went wrong since it is the sys/libcall error message. my $mesg=$ldap->bind(); if ($#ARGV<0) { $mesg=$ldap->search( base=>"dc=ldaphost,dc=mydomain,dc=com", attrs=>["uid"] ); print $mesg->entries(),"\n"; } else { } $ldap->unbind(); I am just starting so my code is incomplete but it should be enough to get something. However, I get nothing, not even an error. Can someone see what I am doing wrong? TIA. See what your code spits out now and diagnose from there. Hopefully that is a start. Jeremiah
Re: ldapsearch equivalent with Net::LDAP
Thanks for the reply. I'm not an LDAP expert either but this issue is more of a Perl Net::LDAP user than an LDAP expert per se. Unfortunately there are no real world working script examples readily available. The samples that are, show the syntax but not the context, making them pretty much useless to the novice. The script is not 'die'ing so it never really gets to that point. Whether I use '$!' or '$@' won't matter until I actually get an error condition. It appears that everything is working except the search returns zero entries. Since 'ldapsearch' works it is clearly not a server problem. That leaves only the way I am trying to use Net::LDAP. There does not appear to be any way to cause Net::LDAP to generate informational messages about the dialog that occurs between it and the LDAP server. I don't see any way to debug this. On Nov 27, 2007, at 3:20 AM, Jeremiah Foster wrote: -Original Message- From: Jeremiah Foster Sent: den 27 november 2007 09:20 To: 'Dennis Putnam' Subject: RE: ldapsearch equivalent with Net::LDAP I am trying to do the equivalent of this search: ldapsearch -x -LLL -b "dc=ldaphost,dc=mydomain,dc=com" uid Caveat Emptor: I am no LDAP genius. Here is one of the many variations I tried: use strict; use Net::LDAP; my $ldap=Net::LDAP->new("ldaphost.mydomain.com") or die "$@"; Try replacing $@ with $!. You are using $@ which is the eval error message, but I don't see where you are using eval. $! will tell you what went wrong since it is the sys/libcall error message. my $mesg=$ldap->bind(); if ($#ARGV<0) { $mesg=$ldap->search( base=>"dc=ldaphost,dc=mydomain,dc=com", attrs=>["uid"] ); print $mesg->entries(),"\n"; } else { } $ldap->unbind(); I am just starting so my code is incomplete but it should be enough to get something. However, I get nothing, not even an error. Can someone see what I am doing wrong? TIA. See what your code spits out now and diagnose from there. Hopefully that is a start. Jeremiah
FW: ldapsearch equivalent with Net::LDAP
-Original Message- From: Jeremiah Foster Sent: den 27 november 2007 09:20 To: 'Dennis Putnam' Subject: RE: ldapsearch equivalent with Net::LDAP > I am trying to do the equivalent of this search: > > ldapsearch -x -LLL -b "dc=ldaphost,dc=mydomain,dc=com" uid Caveat Emptor: I am no LDAP genius. > Here is one of the many variations I tried: > > use strict; > use Net::LDAP; > > my $ldap=Net::LDAP->new("ldaphost.mydomain.com") or die "$@"; Try replacing $@ with $!. You are using $@ which is the eval error message, but I don't see where you are using eval. $! will tell you what went wrong since it is the sys/libcall error message. > my $mesg=$ldap->bind(); > > if ($#ARGV<0) { > $mesg=$ldap->search( > base=>"dc=ldaphost,dc=mydomain,dc=com", > attrs=>["uid"] > ); > print $mesg->entries(),"\n"; > } > else { > } > $ldap->unbind(); > > > I am just starting so my code is incomplete but it should be enough to > get something. However, I get nothing, not even an error. Can someone > see what I am doing wrong? TIA. See what your code spits out now and diagnose from there. Hopefully that is a start. Jeremiah