fined properly. I was
leaving off the "cn=" at the start. My code has been reduced to this,
which works:
$mesg = $ldap->modify($group_dn,
add => { 'memberUid' => "$username" },
);
Prentice
On 04/05/2012 01:55 PM, Prentice Bisbal wrote:
Dear Net::LDAPers,
I'm using Net:LDAP to add/remove user accounts from LDAP. I've created a
subroutine that adds the user to a group after their account is already
created. I'm trying to add an additional MemberUID attribute to an
existing posixGroup object. Here's my subroutine:
sub ldap_add_gro
On 03/08/2012 03:44 AM, Clément OUDOT wrote:
> Le 7 mars 2012 21:43, Prentice Bisbal a écrit :
>> Okay,
>>
>> I'm sure this error has come up repeatedly on this list, but I've
>> googled and googled, and can't find an answer, probably because "Use o
I have another Active Directory related question.
When I updated a password in AD as an AD aministrator, I get this error:
2085: AtrErr: DSID-031906A5, #1:
0: 2085: DSID-031906A5, problem 1001 (NO_ATTRIBUTE_OR_VAL), data
0, Att 9005a (unicodePwd):len 20
at sns_passwd.pl line 214.
Okay,
I'm sure this error has come up repeatedly on this list, but I've
googled and googled, and can't find an answer, probably because "Use of
unitialized value" comes up for just about every perl error.
I'm an occasional Perl programmer that occasionally used Net::LDAP. I'm
trying to connect to
On 08/17/2011 02:39 PM, Andrej wrote:
> On 13 August 2011 02:30, Mehmet wrote:
>> Is there a way to use methods that require write access (add, delete, etc)
>> without providing a password? I want my script run as a cronjob and I do not
>> want to keep the password in a file or the code itself. In
I think Kerberos authentication will do what you need. This will require
setting up a kerberos server, but that's not too difficult, but if this
is the only think you need it for, it might be overkill.
Prentice
On 08/12/2011 10:30 AM, Mehmet wrote:
> Hi everyone,
>
> Your great replies to my pre
y" with
> wire encryption.
>
> If I don't use encryption, AD rejects all security related changes.
>
> Hope that helps.
>
> --Dan
>
> -Original Message-
> From: Prentice Bisbal [mailto:prent...@ias.edu]
> Sent: Thursday, April 28, 2011 3:07 PM
&
'supersecretpw' -f
> new_users_pw.ldif -H ldaps://dc01.mycompany.com -Z
>
> I typically write perl code to create LDIF files, then use "ldappmodify" with
> wire encryption.
>
> If I don't use encryption, AD rejects all security related changes.
>
>
We recently updated our Active Directory servers to 2008 R2. I had a
perl script that would change a users password in OpenLDAP and Active
Directory at the same time. This was working fine until the update. I
can still change a user's password when I bind as an AD administrator,
but not as a normal
t; $new_passwd);
--
Prentice
Robert Threet wrote:
> I injected the dn but now it complains - objectclass person requires
> surname. Tried them all - they all say that. Grr! Just want to change
> the password without knowing the old password.
>
> On 02/18/2011 10:40 AM, Prentic
Robert,
I have been using Net::LDAP to create accounts one at a time for about a
year now. Based on the error you are seeing, I suspect that you are
forgetting to add the correct objectClass that contains the attribute
you want to store the attribute in.
Searching your code, I don't see you addin
Chris Ridd wrote:
> On 17 Feb 2011, at 21:13, Prentice Bisbal wrote:
>
>> I cut off the last line of the errors, which says this, which might be
>> an additional clue:
>>
>> ntUserDomainId: value #0 invalid per syntax
>
> What does your $ntUserDomainId val
dd function. A subtle mistake that I kept overlooking. I
used the debugger, but was checking it's value as soon as it was
defined, and not where the error was actually occuring. D'oh!
Thanks again for all the quick, helpful response.
Prentice
Prentice Bisbal wrote:
> Okay guys, I n
John Perkins wrote:
> On 02/17/2011 03:04 PM, Prentice Bisbal wrote:
>> Okay guys, I need another pair of eyes to try find an error in my code.
>> Can any of you see anything wrong with this bit of code?
>>
>> $mesg = $entry->add('objectClass'
I cut off the last line of the errors, which says this, which might be
an additional clue:
ntUserDomainId: value #0 invalid per syntax
This makes me think somewhere an array is being used instead of a string.
Prentice Bisbal wrote:
> Okay guys, I need another pair of eyes to try find an er
Robert Threet wrote:
> Just for testing - turn off warnings and strict and see if it runs.
>
> Also - did you see a post from me on this list earlier? I thought you
> got copies of your own posts but I haven't see it nor a response.
>
> On 02/17/2011 03:04 PM, Prentice
Okay guys, I need another pair of eyes to try find an error in my code.
Can any of you see anything wrong with this bit of code?
$mesg = $entry->add('objectClass' => 'ntUser',
'ntUserDomainId' => $ntUserDomainId,
'ntUserHomeDir' => "host.tld\\home\\$ntUserDomain
Graham Barr wrote:
> On Oct 14, 2010, at 13:47 , Prentice Bisbal wrote:
>> Greetings.
>>
>> Can anyone suggest a good way of converting a string from UTF-8 to IA5
>> (ASCII) for the gecos attribute. For example, I have the hypotheical
>> user Ërïç Cärtmân, with a
Greetings.
Can anyone suggest a good way of converting a string from UTF-8 to IA5
(ASCII) for the gecos attribute. For example, I have the hypotheical
user Ërïç Cärtmân, with a lot of accented characters in his name
converting his name to ASCII using this code:
my $gecos = encode('ascii', $cn);
Robert Threet wrote:
> IS there a method of calling SSHA when stuffing passwords into the
> directory?
>
Do you mean to encrypt the passwords with SSHA, or to make sure SSL is
being used when adding passwords?
--
Prentice Bisbal
Linux Software Support Specialist/System Administrator
fy => 'require',
>> capath => '/etc/ssl/certs/',
>> );
>> die $mesg->error if $mesg->is_error;
>>
>> All the certs in the chain are signed with SHA512RSA. Also the CA Cert is
>> 4096 bits and the server certs I am checking
I just noticed this is your code:
#---
# Programmer note:
#
# "$mesg->error" DOESN'T work!!!
I think that's another sign you are doing something wrong. I use
$error = $mesg->error();
and
$error = $mesg->error;
throughout my code. The parentheses are irrelevant. I'm using both
Perl-LDAP 0.33
Piet,
Two things:
1. Write a smaller "toy" program to test the function you having
problems with. This will help you find out if your calling the function
correctly without getting distracted by all the other code and it will
help us read through your code. You're providing way too much code to
u
Chris Ridd wrote:
> On 31 Mar 2010, at 19:25, Prentice Bisbal wrote:
>
>> It's my understanding that using LDAPS->new or $ldap->start_tls with the
>> option
>>
>> verify => 'require'
>>
>> Should verify that the host name
Nevermind - I found the source of the "Invalid DN" error - A typo in my
command. sorry.
Prentice Bisbal wrote:
> In a subsequent section of the same search, I'm trying to do an
> anonymous search. Anonymous binding works (or more accurately, doesn't
> produce an e
In a subsequent section of the same search, I'm trying to do an
anonymous search. Anonymous binding works (or more accurately, doesn't
produce an error code). Hoever, when I do search using the same LDAP
handle, I get an error. I know anonymous searching is allowed, and I can
verify this using ldap
= $ldap->start_tls(verify => 'require',
cafile => $cafile
);
$code = $mesg->code;
if ($code != 0) {
$error = $mesg->error;
print "Could not start TLS\n";
print "$error\n";
$exit_val = '2';
}
}
--
Prentice Bisbal
Linux Software Support Specialist/System Administrator
School of Natural Sciences
Institute for Advanced Study
Princeton, NJ
It's my understanding that using LDAPS->new or $ldap->start_tls with the
option
verify => 'require'
Should verify that the host name should be checked and fail if it's not
an exact match. From my experience with websites, TLS/SSL requires that
if the cert contains the FQDN for the server, the ver
e, because there's only one
> object?
>$page->cookie($cookie);
> };
>
> sub process_entry {
>my $mesg = shift;
>my $entry = shift;
>(warn "end of entry\n", return) unless $entry;
> foreach ( $entry->get_value("member")) {
># process member
> };
> }
> ==
>
>
> Mike
>
--
Prentice Bisbal
Linux Software Support Specialist/System Administrator
School of Natural Sciences
Institute for Advanced Study
Princeton, NJ
quot;;
}
}
And here's the error
Local error at ./sns_chsh.pl line 107.
--
Prentice Bisbal
Linux Software Support Specialist/System Administrator
School of Natural Sciences
Institute for Advanced Study
Princeton, NJ
dap_servers, but
I don't know in advance which server new() will connect to, and it's
possible to have this in ldap.conf:
URI ldap://ldap1.example.com ldaps:://ldap2.exmaple.com
so scheme() looks like the most reliable method.
--
Prentice Bisbal
Linux Software Support Specialist/System Administrator
School of Natural Sciences
Institute for Advanced Study
Princeton, NJ
32 matches
Mail list logo
