yes I'm using Net::LDAP in my back-perl to access a back-hdb server and it works, but I always use the same hardcorded $bindDN and $password (for example : $binddn = cn=admin,dc=my-domain and $password = secret)
But I'd like to use the same bindDN and the same password as the one that has been used to bind to the back-perl backend
Le 15/05/2013 17:14, Brian Reichert a écrit : > On Wed, May 15, 2013 at 03:42:44PM +0100, Benin Technologies wrote:
thanks, but I'm surprised, I don't see the bindDN and password in
the >> parameter list of the perl subs
This has nothing to to with OpenLDAP.
From perl, you fird get an LDAP object:
my $ldap = Net::LDAP->new($uri->as_string); then bind: my $mesg = $ldap->bind($bindDN, password=> $passwd); then search: $mesg = $ldap->search( @search_args ); once the bind has completed, nothing retains that information; it >
was only needed to bind.
I have no idea what the architecture of your project is, but you'd
be better off asking on one of the perl lists to work this stuff out. >
Am Wed, 15 May 2013 17:56:59 +0100 schrieb Benin Technologies benintechnologies@yahoo.fr:
yes I'm using Net::LDAP in my back-perl to access a back-hdb server and it works, but I always use the same hardcorded $bindDN and $password (for example : $binddn = cn=admin,dc=my-domain and $password = secret)
But I'd like to use the same bindDN and the same password as the one that has been used to bind to the back-perl backend
Le 15/05/2013 17:14, Brian Reichert a écrit : > On Wed, May 15, 2013 at 03:42:44PM +0100, Benin Technologies wrote:
thanks, but I'm surprised, I don't see the bindDN and password in
the >> parameter list of the perl subs
This has nothing to to with OpenLDAP.
From perl, you fird get an LDAP object:
my $ldap = Net::LDAP->new($uri->as_string); then bind: my $mesg = $ldap->bind($bindDN, password=> $passwd); then search: $mesg = $ldap->search( @search_args ); once the bind has completed, nothing retains that information; it >
was only needed to bind.
I have no idea what the architecture of your project is, but you'd
be better off asking on one of the perl lists to work this stuff out. >
What about something like
my binddn = $ARGV[0]; my bindpw = $ARGV[1];
-Dieter
well, I must be missing something, because you are the second one to tell me that the binddn and bindpw are the two first parameters of the perl functions, but it doesn't seem to be the case.
like I said in one of my previous posts, I printed out the parameters of my search() function (in the SampleLDAP.pm file provided by openldap), like that :
sub search { print "@_"; .....
I get : 1st parameter : SampleLDAP=HASH(0x8657f80) 2nd : the base DN 3rd : the search scope 4th : deref and so on... (filter, attributes...)
but no sign of the bindDN and password
Le 15/05/2013 20:38, Dieter Klünter a écrit :
Am Wed, 15 May 2013 17:56:59 +0100 schrieb Benin Technologiesbenintechnologies@yahoo.fr:
yes I'm using Net::LDAP in my back-perl to access a back-hdb server and it works, but I always use the same hardcorded $bindDN and $password (for example : $binddn = cn=admin,dc=my-domain and $password = secret)
But I'd like to use the same bindDN and the same password as the one that has been used to bind to the back-perl backend
Le 15/05/2013 17:14, Brian Reichert a écrit :> On Wed, May 15, 2013 at 03:42:44PM +0100, Benin Technologies wrote:
thanks, but I'm surprised, I don't see the bindDN and password in
the>> parameter list of the perl subs
This has nothing to to with OpenLDAP.
From perl, you fird get an LDAP object:
my $ldap = Net::LDAP->new($uri->as_string); then bind: my $mesg = $ldap->bind($bindDN, password=> $passwd); then search: $mesg = $ldap->search( @search_args ); once the bind has completed, nothing retains that information; it>
was only needed to bind.
I have no idea what the architecture of your project is, but you'd
be better off asking on one of the perl lists to work this stuff out.>
What about something like
my binddn = $ARGV[0]; my bindpw = $ARGV[1];
-Dieter
--On Wednesday, May 15, 2013 9:34 PM +0100 Benin Technologies benintechnologies@yahoo.fr wrote:
well, I must be missing something, because you are the second one to tell me that the binddn and bindpw are the two first parameters of the perl functions, but it doesn't seem to be the case.
It is the first 2 arguments to the bind function, not search.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
there is no bind function in SampleLDAP.pm
It is the first 2 arguments to the bind function, not search.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration
--On Wednesday, May 15, 2013 10:37 PM +0100 Benin Technologies benintechnologies@yahoo.fr wrote:
there is no bind function in SampleLDAP.pm
Guess why it is called "sample".
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
well...I guess it means I have still a few things to learn before I become a back-perl guru...
I suppose search(), add(), modify() and so probably all call a bind() function, but where is this function located ? SampleLDAP.pm is the only perl script provided in /servers/slapd/back-perl
Le 15/05/2013 22:39, Quanah Gibson-Mount a écrit :
--On Wednesday, May 15, 2013 10:37 PM +0100 Benin Technologies benintechnologies@yahoo.fr wrote:
there is no bind function in SampleLDAP.pm
Guess why it is called "sample".
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration
--On Wednesday, May 15, 2013 11:09 PM +0100 Benin Technologies benintechnologies@yahoo.fr wrote:
well...I guess it means I have still a few things to learn before I become a back-perl guru...
I suppose search(), add(), modify() and so probably all call a bind() function, but where is this function located ? SampleLDAP.pm is the only perl script provided in /servers/slapd/back-perl
I would note that back-perl, as-is, is missing numerous critical features, is entirely experimental, and you are likely better served finding an alternate solution to whatever problem you are trying to solve, or be willing to invest a significant amount of time fixing it up. You may want to read http://www.openldap.org/lists/openldap-devel/200706/msg00025.html
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
ok I looked at it, I'm confused, it says (2007) :
The current Perl backend is practically unusable because of the following reasons: (...) the backend has no idea of connections so requests can not be associated to a specific bind
The reworked backend works as follows: (...) connections are correctly tracked with individual objects
do you mean that the reworked back-perl backend isn't used yet ? and that with the current backend I'm unable to fetch the bindDN/password in my script ?
Le 15/05/2013 23:11, Quanah Gibson-Mount a écrit :
I would note that back-perl, as-is, is missing numerous critical features, is entirely experimental, and you are likely better served finding an alternate solution to whatever problem you are trying to solve, or be willing to invest a significant amount of time fixing it up. You may want to read http://www.openldap.org/lists/openldap-devel/200706/msg00025.html
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration
--On Wednesday, May 15, 2013 11:54 PM +0100 Benin Technologies benintechnologies@yahoo.fr wrote:
do you mean that the reworked back-perl backend isn't used yet ? and that with the current backend I'm unable to fetch the bindDN/password in my script ?
The work discussed in that email was never committed. So all of the flaws listed there exist to this day. There is a git repo somewhere with the unfinished work if you want to attempt to finish it up and contribute it.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
ok, now everything is clear, bindDN and passwd cannot be retrieved in the perl script
thanks for the help
Le 15/05/2013 23:59, Quanah Gibson-Mount a écrit :
--On Wednesday, May 15, 2013 11:54 PM +0100 Benin Technologies benintechnologies@yahoo.fr wrote:
do you mean that the reworked back-perl backend isn't used yet ? and that with the current backend I'm unable to fetch the bindDN/password in my script ?
The work discussed in that email was never committed. So all of the flaws listed there exist to this day. There is a git repo somewhere with the unfinished work if you want to attempt to finish it up and contribute it.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration
On 05/15/2013 10:34 PM, Benin Technologies wrote:
well, I must be missing something, because you are the second one to tell me that the binddn and bindpw are the two first parameters of the perl functions, but it doesn't seem to be the case.
binddn and bindpw are the first two parameters of the perl function called for binds.
like I said in one of my previous posts, I printed out the parameters of my search() function (in the SampleLDAP.pm file provided by openldap), like that :
those are the parameters passed to the perl function called for search. You won't find the parameters for bind in a search call. Your perl scripts need to store the bind parameters somewhere if you intend to use them also during searches, assuming you really need them; usually, one does not need the binddn and the password when performing searches.
p.
sub search { print "@_"; .....
I get : 1st parameter : SampleLDAP=HASH(0x8657f80) 2nd : the base DN 3rd : the search scope 4th : deref and so on... (filter, attributes...)
but no sign of the bindDN and password
Le 15/05/2013 20:38, Dieter Klünter a écrit :
Am Wed, 15 May 2013 17:56:59 +0100 schrieb Benin Technologiesbenintechnologies@yahoo.fr:
yes I'm using Net::LDAP in my back-perl to access a back-hdb server and it works, but I always use the same hardcorded $bindDN and $password (for example : $binddn = cn=admin,dc=my-domain and $password = secret)
But I'd like to use the same bindDN and the same password as the one that has been used to bind to the back-perl backend
Le 15/05/2013 17:14, Brian Reichert a écrit :> On Wed, May 15, 2013 at 03:42:44PM +0100, Benin Technologies wrote:
thanks, but I'm surprised, I don't see the bindDN and password in
the>> parameter list of the perl subs
This has nothing to to with OpenLDAP.
From perl, you fird get an LDAP object:
my $ldap = Net::LDAP->new($uri->as_string); then bind: my $mesg = $ldap->bind($bindDN, password=> $passwd); then search: $mesg = $ldap->search( @search_args ); once the bind has completed, nothing retains that information; it>
was only needed to bind.
I have no idea what the architecture of your project is, but you'd
be better off asking on one of the perl lists to work this stuff out.>
What about something like
my binddn = $ARGV[0]; my bindpw = $ARGV[1];
-Dieter
On 2013-05-15 23:20, Pierangelo Masarati wrote:
Your perl scripts need to store the bind parameters somewhere if you intend to use them also during searches, assuming you really need them; usually, one does not need the binddn and the password when performing searches.
Specifically, its Bind function would to stash them in a {connection ID: bind params} hash. Other ops would look that up. A connection_destory handler and rebind would remove them.
But first he must hack back-perl, which does not now provide the connection ID or a connection_destroy handler.
But connection_destroy gets called for all connections, including those which never used back-perl. To avoid invoking Perl for conns which do not need it: The Perl Bind function can call a new back-perl function, which sets a flag which makes back-perl's connection_destroy handler call the Perl connection_destroy function.
Hallvard Breien Furuseth wrote:
On 2013-05-15 23:20, Pierangelo Masarati wrote:
Your perl scripts need to store the bind parameters somewhere if you intend to use them also during searches, assuming you really need them; usually, one does not need the binddn and the password when performing searches.
Specifically, its Bind function would to stash them in a {connection ID: bind params} hash. Other ops would look that up. A connection_destory handler and rebind would remove them.
But first he must hack back-perl, which does not now provide the connection ID or a connection_destroy handler.
This sound to me that back-sock is a much better approach.
From slapd-sock(5):
extensions binddn | peername | ssf | connid
Ciao, Michael.
ok I'll have a look into it according to what I read on the web, I believe back-sock and back-perl have both the same functionalities , but back-perl is rather for prototyping, whereas back-sock can be used in production, so back-sock may indeed be a better approach thanks for the info
Le 16/05/2013 15:24, Michael Ströder a écrit : This sound to me that back-sock is a much better approach. From slapd-sock(5): extensions binddn | peername | ssf | connid Ciao, Michael.
yes but...where is this perl function called for binds ??? it isn't in SampleLDAP.pm...
Le 15/05/2013 22:20, Pierangelo Masarati a écrit :
binddn and bindpw are the first two parameters of the perl function called for binds.
openldap-technical@openldap.org
-
Benin Technologies -
Dieter Klünter -
Hallvard Breien Furuseth -
Michael Ströder -
Pierangelo Masarati -
Quanah Gibson-Mount