Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Re^4: Net::LDAP q

by fisher (Priest)
on Sep 06, 2011 at 10:48 UTC ( #924353=note: print w/ replies, xml ) Need Help??


in reply to Re^3: Net::LDAP q
in thread Net::LDAP q

answer has been found, thank you.


Comment on Re^4: Net::LDAP q
Re^5: Net::LDAP q
by salva (Monsignor) on Sep 06, 2011 at 11:09 UTC
    Net::LDAP::Gateway contains a sample LDAP server that can dump the packets it receives as almost-human-friendly Perl data structures. It has served me in the past to compare and validate requests made through Net::LDAP and ldapsearch and solve problems as the one you were facing.
Re^5: Net::LDAP q
by MidLifeXis (Prior) on Sep 06, 2011 at 12:32 UTC

    What was the issue? Inquiring minds want to know. Adding information as to the source of the problem, solutions tried, and one that actually worked will help those who come after you.

    --MidLifeXis

      1. My assumption that 'ldapsearch' utility gives me the right result was wrong. According to rfc4515 there is no '>' or '<' comparators - at all. Thus, ldapsearch utility forms request with filter 'objectclass=*', which gives me all the entries in the given basedn. As I have almost all the entries with uidNumber in between 500 and 1000, I misunderstood the result.

      I got this fact only with wireshark's help - yes, I did tcpdump on request to find it. If 'ldapsearch' can't recognize given filter, it silently forms the filter 'present, objectClass' and treating original user's filter as attribute name to search.

      2. The server actually can't answer that kind of requests; to do this, you need to modify ldap schema and define attribute with proper ordering rules. The most helpful piece of text can be found here.

        So what happens under Net::LDAP. Was "1000" was actually being treated as less than "500"?

        Update:: Did some testing and answered my own question. I populated a few uid fields in some sample data, then ran a few ranging queries using Net::LDAP. Seems that (under open LDAP at least), not only can you get different result via ldapsearch and Net::LDAP, but the LDAP server just silently ignores the query. No errors or other status information.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://924353]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others browsing the Monastery: (14)
As of 2014-09-17 12:11 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (74 votes), past polls