Sorry, hit send prematurely... as i was saying the code for dn2entry.mpl
<%args>
$ldap
$dn
$opts => {}
</%args>
<%init>
my %search_opts = (
base => $dn,
scope => 'base',
filter => '(objectClass=*)',
%{$opts},
);
my $mesg = $ldap->search(%search_opts);
if($mesg->is_error) {
die "Error. Failed to search directory. Options:\n"
. join("\n", map { "$_=$search_opts{$_}" } keys %search_opts)
. ". LDAP error: [" . $mesg->error_name . "] " . $mesg->error_desc;
}
if($mesg->count != 1) {
die "Search for DN='$dn' returned " .$mesg->count.
" entries. We expected one entry.";
}
return scalar $mesg->entry(0);
</%init>
I'm wondering if i can put the check here to see if any object exists?
I realize there are other ways to skin a cat, such as a process to check
for terminated users in groups and remove them, or if hr deletes a member
to try and do it at that point, but i would like I still would like to add
the check in the app.
On Wed, May 31, 2017 at 11:38 AM, Hiram Gibbard <[email protected]> wrote:
> So when we say "from the internet" does that include intranet? What I
> have is a form that lists all the members of a group defined in LDAP. The
> call to get the members for the group is all internal and our companies
> internal ldap server. is that considered "from internet". I didn't write
> this app, just trying to make adjustments. Currently if you hit a member of
> the group that has been terminated/removed from ldap, the app errors out
> because the its it a member of the group in which its trying to execute a
> look on while listing.
>
> my %member_hash;
> my $member_hash;
> my $member_Co;
> foreach (@memb) {
> # Fetch entry.
>
> my $entry2 = $m->comp("/widgets/ldap/dn2entry.mpl",
> ldap => $ldap,
> dn => $_,
> opts => {control => $control}, # Important!
> );
>
> $member_Co = $entry2->get_value('company');
>
> }
>
> 1. Is it a security issue to wrap $entry2 code in a eval { } statement?
> 2. I'm thinking there is a better way to do this because (code wise)
> becuase ever since i put the eval {} in place (in dev env), groups with
> thousands of members takes a very long time to display.
>
>
> here is the code for dn2entry.mpl:
>
>
>
>
> On Tue, May 30, 2017 at 3:13 PM, John Dunlap <[email protected]> wrote:
>
>> Okay, I can see that but we were talking specifically about eval. So, my
>> examples were intended to showcase the two ways that eval can be called and
>> not how to safely obtain data from the internet.
>>
>> On Tue, May 30, 2017 at 4:06 PM, Ruben Safir <[email protected]> wrote:
>>
>>> On 05/30/2017 04:04 PM, John Dunlap wrote:
>>> > In that example, the contents of $data are never evaluated by eval so
>>> > even if it can be "smashed"(whatever that means) eval would have
>>> nothing
>>> > to do with the failure.
>>>
>>>
>>> it means your bringing in data without a limit and you can smash the
>>> stack like that and I've seen this kind of code do just that.
>>>
>>> That is not just an issue for eval...
>>>
>>>
>>>
>>> --
>>> So many immigrant groups have swept through our town
>>> that Brooklyn, like Atlantis, reaches mythological
>>> proportions in the mind of the world - RI Safir 1998
>>> http://www.mrbrklyn.com
>>>
>>> DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
>>> http://www.nylxs.com - Leadership Development in Free Software
>>> http://www2.mrbrklyn.com/resources - Unpublished Archive
>>> http://www.coinhangout.com - coins!
>>> http://www.brooklyn-living.com
>>>
>>> Being so tracked is for FARM ANIMALS and and extermination camps,
>>> but incompatible with living as a free human being. -RI Safir 2013
>>>
>>
>>
>>
>> --
>> John Dunlap
>> *CTO | Lariat *
>>
>> *Direct:*
>> *[email protected] <[email protected]>*
>>
>> *Customer Service:*
>> 877.268.6667
>> [email protected]
>>
>
>
>
> --
> Hiram Gibbard
> [email protected]
> http://hiramgibbard.com
>
>
--
Hiram Gibbard
[email protected]
http://hiramgibbard.com
