cam penner

Hi.

I'm very new to the perl scene, but have technical
knowledge in other programming languages/environments.

What I'm trying to do is establish a connection to a remote
LDAP server in a secure manner.

I've successfully connected to non-secure public LDAP
servers, but the server I need to connect to now requires a
secure link.

Here's the script I'm using - you may recognize large parts
of it as cut and paste from on-line examples. Right now,
I'm getting an error on the start_tls call, but I suspect
the error goes farther back - right to the new call. I
don't know how to check that though.

Here is the output:
-----
New ldap connection
new result -Net::LDAP=HASH(0x834c400)
start_tls result -1
Return code: 1 Message: LDAP_OPERATIONS_ERROR :Server
encountered an internal error
MessageID: 1 DN: SEARCH result - 81

And here is the script:
------
use Net::LDAP qw(:all);

use Net::LDAP::Util qw(ldap_error_name
ldap_error_text) ; # use for
Error handling
# BEGIN {
# Turn off all warnings etc whilst initializing
# IO::Socket::SSL and Net::SSLeay.
# local $^W = 0;
# no strict;
# require Net::SSLeay;
# The /dev/urandom is a device on Linux that
returns
# random data.
# Net::SSLeay::randomize('/dev/urandom');
# require Net::LDAPS;
# }


sub LDAPsearch
{
my ($ldap,$searchString,$attrs,$base) = @_ ;
# if they don't pass a base... set it for them
if (!$base ) { $base = "o=myorg"; }
# if they don't pass an array of attributes...
# set up something for them
if (!$attrs ) { $attrs = ['cn','mail' ]; }
my $result = $ldap->search (
base => "$base",
scope => "sub",
filter => "$searchString",
attrs => $attrs
);
}
sub LDAPerror
{
my ($from,$mesg) = @_;
print "Return code: ",$mesg->code ;
print "\tMessage: ", ldap_error_name($mesg->code);
print " :", ldap_error_text($mesg->code);
print "MessageID: ",$mesg->mesg_id;
print "\tDN: ",$mesg->dn;
#---
# Programmer note:
#
# "$mesg->error" DOESN'T work!!!
#
#print "\tMessage: ", $mesg->error;
#-----
}

print "New ldap connection \n";
$ldap = new Net::LDAP('my.ldaps.server',
port => '636',
version => '3') or
die "$@";
print "new result -", $ldap;
print "\n";

$res = $ldap->start_tls(verify => 'none') or die "$@";

print "start_tls result -", $res->is_error;
print "\n";
if($res->is_error){
LDAPerror("start_tls",$res)
}

$result = LDAPsearch($ldap,"uid=myuid",\@Attrs);
print "SEARCH result - ",$result;
print "\n";

if($result == 0){
#------------
#
# handle each of the results independently
# ... i.e. using the walk through method
#
my @entries = $result->entries;


my $entr ;
foreach $entr ( @entries )
{
print "DN: ",$entr->dn,"\n";
#my @attrs = sort $entr->attributes;


my $attr;
foreach $attr ( sort $entr->attributes ){
#skip binary we can't handle
next if ( $attr =~ /;binary$/ );
print " $attr : ",$entr->get_value
($attr),"\n";
}


#print "@attrs\n";
print "#-------------------------------\n";
}


#
# end of walk through method
#------------


#------------
#
# Accessing the data as if in a structure
# i.e. Using the "as_struct" method
#
my $href = $result->as_struct;

# get an array of the DN names
my @arrayOfDNs = keys %$href ; # use DN
hashes

# process each DN using it as a key
foreach (@arrayOfDNs) {
print $_,"\n";
my $valref = $$href{$_};

# get an array of the attribute names
# passed for this one DN.
my @arrayOfAttrs = sort keys %$valref; #use Attr
hashes

my $attrName;
foreach $attrName (@arrayOfAttrs) {
# skip any binary data: yuck!
next if ( $attrName =~ /;binary$/ );
# get the attribute value (pointer) using the
# attribute name as the hash
my $attrVal = @$valref{$attrName} ;
print "\t $attrName: @$attrVal \n";
}
print "#-------------------------------\n";
# End of that DN
}
#
# end of as_struct method
#
#--------
}
$ldap->unbind;


exit(0);

--
Cam

cam penner

In article <MPG.1a107ed9da04dc0e989959@News.CIS.DFN.DE>,
Cam.Penner.news1ATpleasedontspamgoldmedalsystems.c om@hotmai
l.com says...

I should probably have mentioned that I'm using the
following modules:

perl-ldap-0.30
IO-Socket-SSL-0.95
Net_SSLeay-1.25

on a RedHat Linux 7.3 server. The remote end is some sort
of Novell LDAP server.

--
Cam