FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 05-29-2012, 08:40 PM
Josh Ellsworth
 
Default Get Effective Rights on centOS 6

So, I’m trying to debug some ACLs and need to use the Get Effective Rights search control. My issue is that my centos 6 box does not have the Mozilla LDAP packages and I can’t see how to install them. I read somewhere that they are deprecated
– are there any plans to support the Get Effective Rights in the future?

*

Josh

--

Joshua Ellsworth

System Administrator, Primatics Financial

Phone: 571.765.7528

jellsworth@primaticsfinancial.com

*

*




--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 05-31-2012, 08:45 PM
Andrey Ivanov
 
Default Get Effective Rights on centOS 6

Hi Josh,

i'm using perl scripts for this since openldap client does not support this control "out of box":
Here is a typical script :

#!/usr/bin/perl
use strict;
use Net::LDAP;
use Net::LDAP::Constant qw(LDAP_SUCCESS LDAP_NO_SUCH_ATTRIBUTE LDAP_NO_SUCH_OBJECT LDAP_PROTOCOL_ERROR LDAP_COMPARE_TRUE LDAP_COMPARE_FALSE


*LDAP_TYPE_OR_VALUE_EXISTS);
use Net::LDAP::Util qw(escape_filter_value);
use Net::LDAP::Search;
use Net::LDAP::Control;
use Authen::SASL;
use Unicode::Normalize;
use Data:umper;
require Encode;




# Connection to LDAP by SASL, you can change it to simple bind
my $ldap = Net::LDAP -> new ("ldap.example.com", port => 389, version => 3 ) or die $!;


my $sasl = Authen::SASL -> new( 'GSSAPI');
my $result = $ldap -> bind( "", sasl => $sasl, version => 3 );

my $user = "uid=<who's rights we are testing>,ou=Users,dc=example,dc=com";



my $control = Net::LDAP::Control -> new( type => "1.3.6.1.4.1.42.2.27.9.5.2", value => "dn:".$user, critical => 1);

my $ldap_filter = "(objectClass=*)";
my $result_search = $ldap -> search (


************************* ****** base*** => "uid=<on who's entry we test the rights>,ou=Users,dc=example,dc=com",
************************* ****** scope** => "base",
************************* ****** filter* => $ldap_filter,


************************* ****** control => [ $control ]
************************* ****** );


foreach my $ldap_entry ($result_search -> entries())
{
******* print Dumper ($ldap_entry);
}





@+


2012/5/29 Josh Ellsworth <jellsworth@primaticsfinancial.com>










So, I’m trying to debug some ACLs and need to use the Get Effective Rights search control. My issue is that my centos 6 box does not have the Mozilla LDAP packages and I can’t see how to install them. I read somewhere that they are deprecated
– are there any plans to support the Get Effective Rights in the future?

*

Josh

--

Joshua Ellsworth

System Administrator, Primatics Financial

Phone: 571.765.7528

jellsworth@primaticsfinancial.com

*

*





--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 05-31-2012, 08:45 PM
Andrey Ivanov
 
Default Get Effective Rights on centOS 6

Hi Josh,

i'm using perl scripts for this since openldap client does not support this control "out of box":
Here is a typical script :

#!/usr/bin/perl
use strict;
use Net::LDAP;
use Net::LDAP::Constant qw(LDAP_SUCCESS LDAP_NO_SUCH_ATTRIBUTE LDAP_NO_SUCH_OBJECT LDAP_PROTOCOL_ERROR LDAP_COMPARE_TRUE LDAP_COMPARE_FALSE


*LDAP_TYPE_OR_VALUE_EXISTS);
use Net::LDAP::Util qw(escape_filter_value);
use Net::LDAP::Search;
use Net::LDAP::Control;
use Authen::SASL;
use Unicode::Normalize;
use Data:umper;
require Encode;




# Connection to LDAP by SASL, you can change it to simple bind
my $ldap = Net::LDAP -> new ("ldap.example.com", port => 389, version => 3 ) or die $!;


my $sasl = Authen::SASL -> new( 'GSSAPI');
my $result = $ldap -> bind( "", sasl => $sasl, version => 3 );

my $user = "uid=<who's rights we are testing>,ou=Users,dc=example,dc=com";



my $control = Net::LDAP::Control -> new( type => "1.3.6.1.4.1.42.2.27.9.5.2", value => "dn:".$user, critical => 1);

my $ldap_filter = "(objectClass=*)";
my $result_search = $ldap -> search (


************************* ****** base*** => "uid=<on who's entry we test the rights>,ou=Users,dc=example,dc=com",
************************* ****** scope** => "base",
************************* ****** filter* => $ldap_filter,


************************* ****** control => [ $control ]
************************* ****** );


foreach my $ldap_entry ($result_search -> entries())
{
******* print Dumper ($ldap_entry);
}





@+


2012/5/29 Josh Ellsworth <jellsworth@primaticsfinancial.com>










So, I’m trying to debug some ACLs and need to use the Get Effective Rights search control. My issue is that my centos 6 box does not have the Mozilla LDAP packages and I can’t see how to install them. I read somewhere that they are deprecated
– are there any plans to support the Get Effective Rights in the future?

*

Josh

--

Joshua Ellsworth

System Administrator, Primatics Financial

Phone: 571.765.7528

jellsworth@primaticsfinancial.com

*

*





--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 07:06 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org