Re: range-upper/range-lower
--On Montag, 24. November 2003 16:58 +0100 _BA-Zentralamt-Maildienste <[EMAIL PROTECTED]> wrote: Hi *, is it possible to retrieve the range-upper and range-lower attributes for Active Directory attributes with Perl::LDAP? I tried it with the ditcontentrule method, but I only get back name, syntax, single-value, no-user-modification, oid, type and aliases as attributes. Any hint? These fields are not included in the attributeTypes (rfc 22552) attribute of the subschemaSubentry (CN=Aggregate,CN=Schema,CN=Configuration,DC=avinci,DC=de). However, you can get them from special entries which AD keeps for each schema element in the schemaNamingContext ( CN=Schema,CN=Configuration,DC=avinci,DC=de), e.g.: # Surname, Schema, Configuration, avinci, de dn: CN=Surname,CN=Schema,CN=Configuration,DC=avinci,DC=de adminDescription: Surname adminDisplayName: Surname attributeID: 2.5.4.4 attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA== attributeSyntax: 2.5.5.12 cn: Surname instanceType: 4 isMemberOfPartialAttributeSet: TRUE isSingleValued: TRUE lDAPDisplayName: sn mAPIID: 14865 distinguishedName: CN=Surname,CN=Schema,CN=Configuration,DC=avinci,DC=de objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=avinci,DC=de objectClass: top objectClass: attributeSchema objectGUID:: wwskE3aXKU2kXlZqw5hSkg== oMSyntax: 64 rangeLower: 1 rangeUpper: 64 name: Surname schemaIDGUID:: QXqWv+YN0BGihQCqADBJ4g== searchFlags: 5 showInAdvancedViewOnly: TRUE systemFlags: 16 systemOnly: FALSE uSNChanged: 797 uSNCreated: 797 whenChanged: 16301021162108.0Z whenCreated: 16301021162108.0Z
LDAP_PARTIAL_RESULTS handling
Could someone provide for me an example of what $message->error() would
return if the result of a query were LDAP_PARTIAL_RESULTS? I'd like to know
precisely what to look for (i.e. regex) when searching for referral urls.
The code that I'm inheriting (and rewriting) currently has this:
my @urls;
if ( $message->code() == LDAP_PARTIAL_RESULTS ) {
foreach my $line ( split /\n/, $message->error() ) {
next unless ( $line =~ m,(ldap://[^:]+:\d+), );
push @urls, $1;
}
}
But I won't be comfortable with this until I can actually see the actual
output of $message->error().
I see a couple of examples with ldapsearch(1) at
http://www.ldap.verisignlabs.com/ldapsearch.html, but I don't know how
similar the results are between it and the Perl API.
Thanks!
-dan
Re: LDAP_PARTIAL_RESULTS handling
On 12/12/03 10:56 pm, D.Kreft <[EMAIL PROTECTED]> wrote:
> Could someone provide for me an example of what $message->error() would
> return if the result of a query were LDAP_PARTIAL_RESULTS? I'd like to know
> precisely what to look for (i.e. regex) when searching for referral urls.
>
> The code that I'm inheriting (and rewriting) currently has this:
>
> my @urls;
> if ( $message->code() == LDAP_PARTIAL_RESULTS ) {
> foreach my $line ( split /\n/, $message->error() ) {
> next unless ( $line =~ m,(ldap://[^:]+:\d+), );
> push @urls, $1;
> }
> }
>
> But I won't be comfortable with this until I can actually see the actual
> output of $message->error().
That code's dubious for a couple of reasons.
The error method returns the error text returned by the server if there was
any, or one of the short descriptions from Net::LDAP::Constant if not.
You *cannot* rely on the server returning anything in the error text field,
and you should certainly not try to parse it.
The second reason is that the partial results error code is non-standard,
and not part of LDAPv2 or LDAPv3. (This surprised me slightly, but I just
checked the RFCs.)
In LDAPv3 you can call $message->referrals() if $message->code is
LDAP_REFERRAL. That only happens if the *entire* operation cannot be carried
out on the server you sent it to.
The only other case in core LDAPv3 of "referrals" being returned is in the
search operation when some results could be generated locally by the server,
and in addition references returned to other servers. Technically these are
called "continuation references" and not referrals. They could be returned
in any search result pretty much regardless of the result code. Well,
probably just OK, TIMELIMIT_EXCEEDED or SIZELIMIT_EXCEEDED. Potentially they
could be returned from extended operations as well.
To get back continuation references in LDAPv3 just call
$message->references().
> I see a couple of examples with ldapsearch(1) at
> http://www.ldap.verisignlabs.com/ldapsearch.html, but I don't know how
> similar the results are between it and the Perl API.
>
> Thanks!
>
> -dan
>
Cheers,
Chris
