Re: How To Set AD Password

#x27;re not seeing an error, but normally the userPassword needs special encoding (UTF16 and quotation marks) and has other rules associated with it (only settable on an SSL connection, e.g.) - search the list archives/web for the details. %% Christopher A. Bongaarts %% c...@tc.umn.edu %% %%

Re: Multiple hosts in an array reference

//freelancer.lab.zimbra.com:389 Why this prints a string instead of the ARRAY(xxx) I can't figure out. %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %% %% Internet Services %% http://umn.edu/~cab %% %% University of Minnesota %% +1 (612) 625-1809%%

Re: Help with Active Directory interaction

arch. Try adding, between these lines: > $mesg = $ldap->search(filter=>"(OU=SubOU,OU=myOU)", > base=>"dc=ad,dc=myorg,dc=edu"); die $mesg->error() if $mesg->code(); > @entries = $mesg->entries; to make it actually give you more information abou

Re: Net::LDAP->new, lists and arrays

, 'ldap-fallback...'); my $ldap = Net::LDAP->new([EMAIL PROTECTED]) or die... The backslash in front of @servers makes a reference to the list. %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %% %% Internet Services %% http://umn.edu/~cab %% %% University of Minnesota %% +1 (612) 625-1809%%

Re: Help With Net::LDAP

'] , ... ); The key is that you must request operational attributes specifically by name. If you can't see them even if you ask by name, the object you're binding as might not have access to those attributes. %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %% %% Internet Services %% http://umn.edu/~cab %% %% University of Minnesota %% +1 (612) 625-1809%%

Re: How to connect to ldap with domain name only

ect the original poster will need to find a Windows-specific module or function to find information about AD (hostname, ports, root DN) in order to access it via LDAP. Once you have that information, Net::LDAP is a great way to access it... %% Christopher A. Bongaarts %% [EMAIL PROTECTED]

Re: Net::LDAPS new connection

e some module in 5.8.5, which causes the problem > - but which module? Any hint? Check your versions of Net::SSLeay and IO::Socket::SSL. I think newer versions of one of those modules handles multiple connections better. %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %% %% Internet

Re: ActiveDirectory LDAP Change password

he delete is deleting the first password in the stack, as long as > there is actually a password after the delete. > > Any ideas? Are you sure you're not seeing the effects of replication latency? %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %% %% Internet Services %% http://umn.edu/~cab %% %% University of Minnesota %% +1 (612) 625-1809%%

Re: Effecting changes read from an LDIF

()) > { >$mesg = $ldap->modify($entry); ## THE ACTION LINE >$mesg->code && die $mesg->error; > } You're using the wrong method... try this instead: $mesg = $entry->update($ldap); %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %

Re: Net::LDAP -> Active Directory password change attribute failure

e; we only used Net::LDAP with admin rights. > Did you really mean "userPassword" as opposed to "unicodePwd" ? I misspoke (brain autocorrected to the standard attribute;), unicodePwd is the right one for AD. %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %% %% In

Re: Net::LDAP -> Active Directory password change attribute failure

g > "replace" without being an admin). What else could it be ? AD requires that you use replace, not delete/add, for userPassword. It's Just The Way It Is. %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %% %% Internet Services %% http://umn.edu/~cab %% %% University of Minnesota %% +1 (612) 625-1809%%

Re: Sorry to bother you on Net::LDAP

ap_host will simply return the string that you passed in for the host. The question was how determine, if you pass in more than one host in that string, *which* one was actually used for the connection. %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %% %% Internet Services %%

Re: Sorry to bother you on Net::LDAP

eak in future versions: you can get at the IO::Socket object after new() using $ldap->{net_ldap_socket}, then use IO::Socket's methods to get PeerHost/PeerAddr. %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %% %% Internet Services %% http://umn.edu/~cab %% %% University of Minnesota %% +1 (612) 625-1809%%

Re: Creating entries in Active Directory

In the immortal words of Chris Heath: > Also, what are some good online resources for the AD/perl combination? The archives of this mailing list ;) %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %% %% Internet Services %% http://umn.edu/~cab %% %% University of Minnes

Re: Problem using comma in Common Name

that use AD expect to see a name as the leaf RDN (search for people result list, for example, will return that instead of the cn attribute from the entry). %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %% %% Internet Services %% http://umn.edu/~cab %% %% University of Minnesota %% +1 (612) 625-1809%%

Re: Search case sensitivity

like cn, searches are not case-sensitive (unless you've (foolishly?) configured your LDAP server differently). Other attributes may have more complicated matching rules. %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %% %% Internet Services %% http://umn.edu/~cab %% %

Re: Accessing AD

e standard LDAP bind works just fine; just bind as a user with sufficient rights to perform the operations you need. %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %% %% Internet Services %% http://umn.edu/~cab %% %% University of Minnesota %% +1 (612) 625-1809%%

Re: trying to add a mailing list to the directory

ses, so you can only specify one or the other. top is implicitly inherited by all other objectClasses, so it may be as simple as removing top from the objectClass value list. (2) Failing that, the error suggests that you are not setting an attribute that the mjDistributionList objectClass requires. Check your schema to see if you're missing anything. I note that the mj_* attributes do not follow the usual LDAP/X.500 conventions for attribute naming, so that seems a bit odd, but not necessarily broken. %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %% %% Internet Services %% http://umn.edu/~cab %% %% University of Minnesota %% +1 (612) 625-1809%%

Re: Read LDIF from Perl variable

em > if not necessary. If you have perl >= 5.8.0 and built with PerlIO, you can "open" a scalar to get a filehandle using the three-arg format of open with a reference: open(FH, '<', \$ldif_data); Then just pass FH to your Net::LDAP::LDIF::new call. %% Chris

Re: decode error

so generates those strings, but we don't use perl-ldap to get at them); converting to PEM is simply: use MIME::Base64; if ($user_cert =~ s/^{ASN}// && $user_cert =~ /^[0-9a-fA-F]*$/) { $user_cert = "-BEGIN CERTIFICATE-\n" . encode_base64(pack("

Re: LDAP data inheritance question

he required > attribute do a "one" search on the parent dn with a filter like > (someBooleanAttribute=*). If that returns no results, search for the > next parent and so-on. > > Graham. %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %% %% Internet Services %% http://umn.edu/~cab %% %% University of Minnesota %% +1 (612) 625-1809%%

Re: Unable to find 5.8.4 directories in @INC

ch for information on the English words "the" or "of": too frequently *used* to get reasonable searches on the definitions. %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %% %% Internet Services %% http://umn.edu/~cab %% %% University of Minnesota %% +1 (612) 625-1809%%

Re: Net::LDAP

servbyname('ldaps', 'tcp'); } } else { ¬e("SRV RR lookup failed: " . $res->errorstring); } return; } %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %% %% Internet Services %% http://umn.edu/~cab %% %% University of Minnesota %% +1 (612) 625-1809%%

Re: comparing & updating an LDAP entry

, in which case attempting to replace non-existent attributes will fail. %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %% %% Internet Services %% http://umn.edu/~cab %% %% University of Minnesota %% +1 (612) 625-1809%%

Re: Problems with creating a user password

he docs, this is probably > a valid candidate for an entry in the FAQ or Examples. Does anyone fancy > writing something? Feel free to use any of my previous posts on the subject... %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %% %% Internet Services %% http://umn.edu/~

Re: Problems with creating a user password

atting in order to be accepted by the server (search the list archives; I've posted code to do this a few times...) %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %% %% Internet Services %% http://umn.edu/~cab %% %% University of Minnesota %% +1 (612) 625-1809%%

Re: Authenticating?

irectory since 1992, and it has served us well (although the newfangled LDAP apps have a tendency to want to scribble on attributes they don't own ;) %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %% %% Internet Services %% http://umn.edu/~cab %% %% University of Minnesota %% +1 (612) 625-1809%%

Re: Ref : Querying Win2k AD via Net::LDAP from Freebsd 4.9

r -W options, and -L is documented as "print in LDIF format" which can be accomplished on the perl side with Net::LDAP::LDIF. %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %% %% Internet Services %% http://umn.edu/~cab %% %% University of Minnesota %% +1 (612) 625-1809%%

Re: Using Net::LDAPS

and > see. It won't; you should get a WILL_NOT_PERFORM or something like that. Are you sure AD has been set up for SSL? %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %% %% Internet Services %% http://umn.edu/~cab %% %% University of Minnesota %% +1 (612) 625-1809%%

Re: Password change in LDAP

$newpassword = pack "v*", unpack "C*", qq("$password"); (It must be enclosed in literal double quotes, then put in UTF-16(?) form.) %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %% %% Internet Services %% http://umn.edu/~cab %% %% University of Minnesota %% +1 (612) 625-1809%%

Re: password encoding for AD LDAP

hanges; $i += 2) { my ($oldop, $oldargs) = @{$changes}[$i, $i+1]; my ($oldattr, $oldvals) = @$oldargs; if ($oldattr eq $attr) { $changes->[$i] = $op; $oldargs->[1] = [EMAIL PROTECTED]; last; } } } cut %% Christopher A. Bongaarts %% [EMAIL PROTECT

Re: [Fwd: howto perl-ldap AD authentication with SASL/GSSAPI mech anism?]

AD in this way. Unfortunately, this method sends the user's password over > the network in plaintext, which is not secure enough for my needs. So enable SSL and use Net::LDAPS over port 636. %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %% %% Internet Services

Re: Documentation Suggestion for Net::LDAP::LDIF

see that it has been deprecated "in favor of write_entry"; it now does exactly what you have above. %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %% %% Internet Services %% http://umn.edu/~cab %% %% University of Minnesota %% +1 (612) 625-1809%%

Re: Active Directory, a bit off-topic

updates you MUST use SSL and you have to format the password in a particular way). We generate LDIF update files from the backend DB that feeds our X.500 directory so we can send portions to selected AD sites. %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %% %% Internet Services

Re: help me on a filter LDAP syntax

include the time, so use a time of 0 on either the day you're > interested in (eg 2003062800Z) or the day after (eg 2003062900Z), > depending on what you mean by an expiration time of 28th June :-) Or, to find all times on a given day, how about pwdexpire > 2003062800Z

Re: Perl-LDAP Active Directory Password Woes

); } Note that it has to be in double quotes as well. I don't think you're allowed to "delete" then "add"; I think you have to "replace". %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %% %% Internet Services %% http://umn.edu/~cab %% %% University of Minnesota %% +1 (612) 625-1809%%