On 18/5/06 10:46, Clark, Ian <[EMAIL PROTECTED]> wrote:
> I'm using the following code to bind to LDAP (that's working), then to
> read in an object instance (that's working) and attempts to change and
> rewrite an attribute - siebelID (that's NOT working, but not returning
> an error either)...
>
>
>
> Code is written for windows and accesses LDAP on s Sun server.
>
>
>
> Is it that I have defaulted to anonymous bind and so cannot write?
Yes.
> $entry = $mesg->entry(0);
>
> if ($entry) {
>
> if ($conn->bind(dn=>$entry->get(),password=>$password)) {
>
> print "Authentication successful\n";
>
> } else {
>
> print "Authentication failed\n";
>
> }
That doesn't test what you think it is testing, and you're not passing in
the DN correctly.
Bind's just another operation like search/modify/etc, so you need to test
the result code in the same way, ie:
$mesg = $conn->bind($entry->dn, password => $password);
if ($mesg->code) {
print "Authentication failed\n";
} else {
print "Authentication successful\n";
}
This is the number 1 mistake people make with Net::LDAP :-(
> }
>
> #
>
> # reads in value
>
> #
>
> $mesg = $conn->search(base=>"ou=NAS -
> ProBusiness,dc=corp,dc=prbz,dc=net",
>
> scope=>"sub",
>
> filter=>"(uid=iclark)");
>
> $entry = $mesg->entry(0);
>
> #
>
> # and changes siebelID
>
> #
>
> $entry->replace("siebelID","changed");
>
> $entry->update($conn);
>
> if ($mesg->code()) {
>
> print "error #" . $mesg->code . "\n";
>
> }
The last bit's a little inefficient. If all you're doing is replacing all
the values of an attribute with another bunch of values, you don't actually
need to read the whole (possibly large) entry beforehand, all you need is
the entry's DN. This is a bit more efficient:
# No attributes back, just the DNs
$mesg = $conn->search(whatever you had before and
attrs => ['1.1']);
$dn = $mesg->entry(0)->dn;
$mesg = $conn->modify($dn,
replace => {
'siebelID' => 'changed'
});
if ($mesg->code) {
print "error...";
}
Cheers,
Chris
