Home > Archive > LDAP > September 2006 > specifying a control in a search
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
specifying a control in a search
|
|
| Quanah Gibson-Mount 2006-08-29, 7:07 pm |
| Hi,
I'm trying to make Net::LDAP use a specific control while executing a
search. However, if I add the control part to the search parameter, it
actually executes a search on the server.
My code is:
#!/usr/pubsw/bin/perl
use Net::LDAP;
use Net::LDAP::LDIF;
use MIME::Base64;
use Authen::SASL;
$ldap = Net::LDAP->new( 'ldap-dev1.stanford.edu' ) or die "$@";
$sasl = Authen::SASL->new(GSSAPI);
$status = $ldap->bind("", sasl=>$sasl);
$status = $ldap->search(base=>"cn=people,dc=stanford,dc=edu", scope=>"sub",
filter=>"uid=quanah",attrs=>"ou",control=>['type' =>
'1.3.6.1.4.1.4203.666.5.14', 'value'=>TRUE ]);
$status = $ldap->unbind();
If I remove the control bit, the search executes just fine...
Thoughts?
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
| |
| Quanah Gibson-Mount 2006-08-29, 7:07 pm |
|
--On Tuesday, August 29, 2006 3:16 PM -0700 Quanah Gibson-Mount
<quanah@stanford.edu> wrote:
> Hi,
>
> I'm trying to make Net::LDAP use a specific control while executing a
> search. However, if I add the control part to the search parameter, it
> actually executes a search on the server.
Err, if I add the control part to the search, it *doesn't* execute on the
server.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
| |
| Quanah Gibson-Mount 2006-08-29, 7:07 pm |
|
--On Tuesday, August 29, 2006 3:18 PM -0700 Quanah Gibson-Mount
<quanah@stanford.edu> wrote:
>
>
> --On Tuesday, August 29, 2006 3:16 PM -0700 Quanah Gibson-Mount
> <quanah@stanford.edu> wrote:
>
>
> Err, if I add the control part to the search, it *doesn't* execute on the
> server.
This code works somewhat better. I think the documentation in "man
Net::LDAP" is a bit misleading since it doesn't note you need to use
Net::LDAP::Control.
#!/usr/pubsw/bin/perl
use Net::LDAP;
use Net::LDAP::Control;
use MIME::Base64;
use Authen::SASL;
my $ValSortControl=Net::LDAP::Control->new(
type=>"1.3.6.1.4.1.4203.666.5.14",
value=>1
);
$ldap = Net::LDAP->new( 'ldap-dev1.stanford.edu' ) or die "$@";
$sasl = Authen::SASL->new(GSSAPI);
$status = $ldap->bind("", sasl=>$sasl);
$status = $ldap->search(base=>"cn=people,dc=stanford,dc=edu", scope=>"sub",
filter=>"uid=torg",attrs=>"ou",control=>[ $ValSortControl ]);
$status = $ldap->unbind();
Now of course, I'm getting decoding error messages from the server. sigh.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
| |
| Quanah Gibson-Mount 2006-08-29, 7:07 pm |
|
--On Tuesday, August 29, 2006 3:29 PM -0700 Quanah Gibson-Mount
<quanah@stanford.edu> wrote:
>
>
> --On Tuesday, August 29, 2006 3:18 PM -0700 Quanah Gibson-Mount
> <quanah@stanford.edu> wrote:
>
>
> This code works somewhat better. I think the documentation in "man
> Net::LDAP" is a bit misleading since it doesn't note you need to use
> Net::LDAP::Control.
>
># !/usr/pubsw/bin/perl
> use Net::LDAP;
> use Net::LDAP::Control;
> use MIME::Base64;
> use Authen::SASL;
>
> my $ValSortControl=Net::LDAP::Control->new(
> type=>"1.3.6.1.4.1.4203.666.5.14",
> value=>1
> );
>
> $ldap = Net::LDAP->new( 'ldap-dev1.stanford.edu' ) or die "$@";
> $sasl = Authen::SASL->new(GSSAPI);
> $status = $ldap->bind("", sasl=>$sasl);
> $status = $ldap->search(base=>"cn=people,dc=stanford,dc=edu",
> scope=>"sub", filter=>"uid=torg",attrs=>"ou",control=>[ $ValSortControl
> ]);
> $status = $ldap->unbind();
>
>
> Now of course, I'm getting decoding error messages from the server. sigh.
This seems to be because the Net::LDAP::Control is not storing the value
for "value" correctly. It should be an integer 1, or at least a boolean.
TRUE doesn't work any better.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
| |
| Quanah Gibson-Mount 2006-08-30, 7:06 pm |
|
--On Tuesday, August 29, 2006 4:00 PM -0700 Quanah Gibson-Mount
<quanah@stanford.edu> wrote:
>
> This seems to be because the Net::LDAP::Control is not storing the value
> for "value" correctly. It should be an integer 1, or at least a boolean.
> TRUE doesn't work any better.
Okay, the problem seems to be because the value for "value" is not getting
ASN.1 encoded. I see the pre-defined controls have things like:
sub value {
my $self = shift;
$self->{value} = $SortResult->encode($self->{asn});
}
So, how is one supposed to encode the value for non-predefined controls?
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
| |
| Graham Barr 2006-08-30, 7:06 pm |
| On Aug 30, 2006, at 2:57 PM, Quanah Gibson-Mount wrote:
> --On Tuesday, August 29, 2006 4:00 PM -0700 Quanah Gibson-Mount
> <quanah@stanford.edu> wrote:
>
>
>
> Okay, the problem seems to be because the value for "value" is not
> getting ASN.1 encoded. I see the pre-defined controls have things
> like:
>
> sub value {
> my $self = shift;
>
> $self->{value} = $SortResult->encode($self->{asn});
> }
Yes, the value element is usually ASN.1 encoded and every control has
its own encoding, so it is not possible to have the ::Control module
do the right encoding for any given module.
If you look at the other modules you will see they create a
Convert::ASN1 object to perform encode/decode. You need to do the
same for your control.
Or if you do not want to do that and your control is very simple. You
could determine the byte encodings for the possible values and pass
those to the ::Control module.
Graham.
| |
| Quanah Gibson-Mount 2006-08-31, 7:05 pm |
|
--On Wednesday, August 30, 2006 6:44 PM -0500 Graham Barr <gbarr@pobox.com>
wrote:
> Yes, the value element is usually ASN.1 encoded and every control has
> its own encoding, so it is not possible to have the ::Control module do
> the right encoding for any given module.
>
> If you look at the other modules you will see they create a
> Convert::ASN1 object to perform encode/decode. You need to do the same
> for your control.
>
> Or if you do not want to do that and your control is very simple. You
> could determine the byte encodings for the possible values and pass
> those to the ::Control module.
Thanks! With some help from a friend, I have this working. :)
my $asn = Convert::ASN1->new;
$asn->prepare('SEQUENCE { b BOOLEAN }');
my $pdu = $asn->encode(b=>1); # or 0
my $ValSortControl=Net::LDAP::Control->new(
type=>"1.3.6.1.4.1.4203.666.5.14",
critical=>0,
value=>$pdu
);
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
| |
| Peter Marschall 2006-09-09, 8:03 am |
| Hi,
On Wednesday, 30. August 2006 00:29, Quanah Gibson-Mount wrote:
> --On Tuesday, August 29, 2006 3:18 PM -0700 Quanah Gibson-Mount
> This code works somewhat better. I think the documentation in "man
> Net::LDAP" is a bit misleading since it doesn't note you need to use
> Net::LDAP::Control.
I have added a refernce to Net::LDAP::Control to this part of the POD
in CVS.
Peter
--
Peter Marschall
peter@adpm.de
|
|
|
|
|