Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge pull request #4 from marschap/next

fixes & new features for the next branch/version
  • Loading branch information...
commit 7d265712bc994fb13b82c83171d105466c60f5c8 2 parents db0b090 + 4fb95de
@marschap marschap authored
View
31 MANIFEST.SKIP
@@ -5,7 +5,14 @@
,v$
\B\.svn\b
\B\.git\b
+\B\.gitignore\b
\b_darcs\b
+\B\.cvsignore$
+
+# Avoid VMS specific MakeMaker generated files
+\bDescrip.MMS$
+\bDESCRIP.MMS$
+\bdescrip.mms$
# Avoid Makemaker generated and utility files.
\bMANIFEST\.bak
@@ -19,7 +26,10 @@
# Avoid Module::Build generated and utility files.
\bBuild$
\b_build/
-\b_dev/
+\bBuild.bat$
+\bBuild.COM$
+\bBUILD.COM$
+\bbuild.com$
# Avoid temp and backup files.
~$
@@ -27,12 +37,29 @@
\#$
\b\.#
\.bak$
+\.tmp$
+\.#
+\.rej$
+
+# Avoid OS-specific files/dirs
+# Mac OSX metadata
+\B\.DS_Store
+# Mac OSX SMB mount metadata files
+\B\._
-# Avoid Devel::Cover files.
+# Avoid Devel::Cover and Devel::CoverX::Covered files.
\bcover_db\b
+\bcovered\b
+
+# Avoid MYMETA files
+^MYMETA\.
+
+# perl-ldap-sepcifc extensions
+\b_dev/
\b_test/
\btemp/
\bperl-ldap-\d
\bmy.cfg$
+# EOF
View
2  Makefile.PL
@@ -12,7 +12,7 @@ license ('perl');
abstract ('LDAP client library');
resources homepage => 'http://ldap.perl.org/';
-resources repository => 'http://git.goingon.net/?p=perl-ldap.git;a=summary';
+resources repository => 'https://github.com/perl-ldap/perl-ldap';
resources MailingList => 'http://lists.cpan.org/showlist.cgi?name=perl-ldap';
resources ListArchive => 'http://perl.markmail.org/search/list:perl-ldap';
View
14 lib/Net/LDAP/Constant.pm
@@ -4,7 +4,7 @@
package Net::LDAP::Constant;
-$VERSION = "0.10";
+$VERSION = "0.14";
use Exporter qw(import);
@@ -398,9 +398,9 @@ A loop has been detected. For example when following referals.
The referral hop limit has been exceeded.
-=item LDAP_CANCELLED (118)
+=item LDAP_CANCELED (118)
-Operation was cancelled
+Operation was canceled
=item LDAP_NO_SUCH_OPERATION (119)
@@ -438,6 +438,8 @@ Refresh Required.
=item LDAP_CONTROL_VLVRESPONSE (2.16.840.1.113730.3.4.10)
+=item LDAP_CONTROL_PROXYAUTHORIZATION (2.16.840.1.113730.3.4.18)
+
=item LDAP_CONTROL_PROXYAUTHENTICATION (2.16.840.1.113730.3.4.18)
=item LDAP_CONTROL_PAGED (1.2.840.113556.1.4.319)
@@ -470,6 +472,8 @@ Refresh Required.
=item LDAP_CONTROL_ASSERTION (1.3.6.1.1.12)
+=item LDAP_CONTROL_DONTUSECOPY (1.3.6.1.1.22)
+
=item LDAP_CONTROL_SYNC (1.3.6.1.4.1.4203.1.9.1.1)
=item LDAP_CONTROL_SYNC_STATE (1.3.6.1.4.1.4203.1.9.1.2)
@@ -581,6 +585,10 @@ Indicates that the server supports the "Who am I?" extension (RFC 4532)
Indicates that the server supports the Refresh extension (RFC 2589)
+=item LDAP_EXTENSION_CANCEL (1.3.6.1.1.8)
+
+Indicates the server supports the Cancel extension (RFC 3909)
+
=back
=head2 Feature OIDs
View
8 lib/Net/LDAP/Control.pm
@@ -13,7 +13,7 @@ use Net::LDAP::Constant qw(
LDAP_CONTROL_VLVREQUEST
LDAP_CONTROL_VLVRESPONSE
LDAP_CONTROL_PAGED
- LDAP_CONTROL_PROXYAUTHENTICATION
+ LDAP_CONTROL_PROXYAUTHORIZATION
LDAP_CONTROL_MANAGEDSAIT
LDAP_CONTROL_PERSISTENTSEARCH
LDAP_CONTROL_ENTRYCHANGE
@@ -27,7 +27,7 @@ use Net::LDAP::Constant qw(
LDAP_CONTROL_ASSERTION
);
-$VERSION = "0.10";
+$VERSION = "0.12";
my %Pkg2Type = (
@@ -39,7 +39,7 @@ my %Pkg2Type = (
'Net::LDAP::Control::Paged' => LDAP_CONTROL_PAGED,
- 'Net::LDAP::Control::ProxyAuth' => LDAP_CONTROL_PROXYAUTHENTICATION,
+ 'Net::LDAP::Control::ProxyAuth' => LDAP_CONTROL_PROXYAUTHORIZATION,
'Net::LDAP::Control::ManageDsaIT' => LDAP_CONTROL_MANAGEDSAIT,
@@ -300,8 +300,10 @@ for this method is to return TRUE if there is no error, but sub-classes may over
=head1 SEE ALSO
L<Net::LDAP>
+L<Net::LDAP::Control::Assertion>
L<Net::LDAP::Control::EntryChange>
L<Net::LDAP::Control::ManageDsaIT>
+L<Net::LDAP::Control::MatchedValues>
L<Net::LDAP::Control::Paged>
L<Net::LDAP::Control::PasswordPolicy>
L<Net::LDAP::Control::PersistentSearch>
View
6 lib/Net/LDAP/Control/Assertion.pm
@@ -35,7 +35,7 @@ sub assertion {
}
elsif (exists $self->{value}) {
my $f = $Filter->decode($self->{value});
- $self->{asn} ||= $f->as_string
+ $self->{asn} ||= Net::LDAP::Filter::as_string($f)
if (ref $f);
}
@@ -84,7 +84,7 @@ manipulation of objects that represent the C<Assertion Control> as described
by RFC 4528.
The C<Assertion Control> allows the client to specify a condition, an assertion,
-that must be true for the operation to be processed normally.
+that must be TRUE for the operation to be processed normally.
Otherwise, the operation is not performed.
For instance, the control can be used with the Modify operation to perform
atomic "test and set" and "test and clear" operations.
@@ -102,7 +102,7 @@ L<Net::LDAP::Control> the following are provided.
=item assertion => FILTER
-A filter specifying the assertion that must valuate to true in order to make the
+A filter specifying the assertion that must evaluate to TRUE in order to make the
operation process normally.
=back
View
2  lib/Net/LDAP/Control/EntryChange.pm
@@ -107,7 +107,7 @@ Net::LDAP::Control::EntryChange - LDAPv3 Entry Change Notification control objec
C<Net::LDAP::Control::EntryChange> provides an interface for the creation
and manipulation of objects that represent the C<EntryChangeNotification>
-control as described by draft-smith-psearch-ldap-01.txt.
+control as described by draft-smith-psearch-ldap-03.txt.
=head1 CONSTRUCTOR ARGUMENTS
View
267 lib/Net/LDAP/Control/MatchedValues.pm
@@ -0,0 +1,267 @@
+# Copyright (c) 2011 Peter Marschall <peter@adpm.de>. All rights reserved.
+# This program is free software; you can redistribute it and/or
+# modify it under the same terms as Perl itself.
+
+package Net::LDAP::Control::MatchedValues;
+
+use vars qw(@ISA $VERSION);
+use Net::LDAP::Control;
+
+@ISA = qw(Net::LDAP::Control);
+$VERSION = "0.01";
+
+use Net::LDAP::ASN qw(ValuesReturnFilter);
+use strict;
+
+sub init {
+ my($self) = @_;
+
+ delete $self->{asn};
+
+ unless (exists $self->{value}) {
+ $self->{asn} = $self->{matchedValues} || '';
+ }
+
+ $self;
+}
+
+sub matchedValues {
+ my $self = shift;
+
+ if (@_) {
+ delete $self->{value};
+ return $self->{asn} = shift;
+ }
+ elsif (exists $self->{value}) {
+ my $f = $ValuesReturnFilter->decode($self->{value});
+ $self->{asn} ||= Net::LDAP::FilterList::as_string($f)
+ if (ref $f);
+ }
+
+ $self->{asn};
+}
+
+sub value {
+ my $self = shift;
+
+ unless (exists $self->{value}) {
+ my $f = Net::LDAP::FilterList->new;
+ $self->{value} = $ValuesReturnFilter->encode($f)
+ if ($f->parse($self->{asn}));
+ }
+
+ $self->{value};
+}
+
+1;
+
+=head1 NAME
+
+Net::LDAP::Control::MatchedValues - LDAPv3 MatchedValues Control
+
+=head1 SYNOPSIS
+
+ use Net::LDAP;
+ use Net::LDAP::Control::MatchedValues;
+
+ $ldap = Net::LDAP->new( "ldap.mydomain.eg" );
+
+ $mv = Net::LDAP::Control::MatchedValues->new( matchedValues => '((sn=Jensen)(sn=Miller))' );
+
+ # return the entries of all people with first name "Babs",
+ # but only show the sn if it is "Jensen" or "Miller"
+ my $mesg = $ldap->search( base => "o=University of Michigan, c=US",
+ filter => "(givenName=Babs)",
+ attrs => [ qw/sn/ ],
+ control => $mv );
+
+=head1 DESCRIPTION
+
+C<Net::LDAP::Control::MatchedValues> provides an interface for the creation and
+manipulation of objects that represent the C<MatchedValues Control> as described
+by RFC 3876.
+
+The C<MatchedValues Control>, which only has a meaning with the C<Search> operation,
+allows the client to specify criteria that restrict the values of attributes returned.
+It has no effect on the number of objects found, but only allows to restrict the
+values of the attributes returned by the search to those matching the criteria.
+
+
+=head1 CONSTRUCTOR ARGUMENTS
+
+In addition to the constructor arguments described in
+L<Net::LDAP::Control> the following are provided.
+
+=over 4
+
+=item matchedValues => VALUESRETURNFILTER
+
+A filter giving the criteria which attribute values shall be returned.
+
+VALUESRETURNFILTER is a sequence of simple filter items of the form
+C<< ( <ATTRSPEC> <OP> <VALUE> ) >> surrounded by an additional set of parentheses;
+e.g.
+
+=over 4
+
+=item ((personsAge<=29))
+
+Only return the age if is less than 30 ;-)
+
+=item ((cn=*Emergency*)(telephoneNumber=+1*)(telephoneNumber=911))
+
+Only return those values of the cn that contain C<Emergency>,
+and phone numbers from North America including the one for emergency calls.
+
+=back
+
+=back
+
+
+=head1 METHODS
+
+As with L<Net::LDAP::Control> each constructor argument
+described above is also available as a method on the object which will
+return the current value for the attribute if called without an argument,
+and set a new value for the attribute if called with an argument.
+
+
+=head1 SEE ALSO
+
+L<Net::LDAP>,
+L<Net::LDAP::Control>,
+http://www.ietf.org/rfc/rfc3876.txt
+
+=head1 AUTHOR
+
+Peter Marschall E<lt>peter@adpm.deE<gt>
+
+Please report any bugs, or post any suggestions, to the perl-ldap mailing list
+E<lt>perl-ldap@perl.orgE<gt>
+
+=head1 COPYRIGHT
+
+Copyright (c) 2011 Peter Marschall. All rights reserved. This program is
+free software; you can redistribute it and/or modify it under the same
+terms as Perl itself.
+
+=cut
+
+
+package Net::LDAP::FilterList;
+
+use vars qw(@ISA $VERSION);
+use Net::LDAP::Filter;
+
+@ISA = qw(Net::LDAP::Filter);
+$VERSION = "0.02";
+
+# filter = "(" 1*item ")"
+# item = simple / present / substring / extensible
+# simple = attr filtertype value
+# filtertype = equal / approx / greater / less
+# equal = "="
+# approx = "~="
+# greater = ">="
+# less = "<="
+# extensible = attr [":" matchingrule] ":=" value
+# / ":" matchingrule ":=" value
+# present = attr "=*"
+# substring = attr "=" [initial] any [final]
+# initial = value
+# any = "*" *(value "*")
+# final = value
+# attr = AttributeDescription from Section 4.1.5 of [1]
+# matchingrule = MatchingRuleId from Section 4.1.9 of [1]
+# value = AttributeValue from Section 4.1.6 of [1]
+#
+# Special Character encodings
+# ---------------------------
+# * \2a, \*
+# ( \28, \(
+# ) \29, \)
+# \ \5c, \\
+# NUL \00
+
+
+sub new {
+ my $self = shift;
+ my $class = ref($self) || $self;
+
+ my $me = bless [], $class;
+
+ if (@_) {
+ $me->parse(shift) or
+ return undef;
+ }
+ $me;
+}
+
+my $Attr = '[-;.:\d\w]*[-;\d\w]';
+
+my %Op = qw(
+ = equalityMatch
+ ~= approxMatch
+ >= greaterOrEqual
+ <= lessOrEqual
+ := extensibleMatch
+);
+
+my $ErrStr;
+
+sub parse {
+ my $self = shift;
+ my $filterlist = shift;
+
+ my @parsed = ();
+
+ undef $ErrStr;
+
+ # a filterlist is required
+ if (!defined $filterlist) {
+ $ErrStr = "Undefined filterlist";
+ return undef;
+ }
+
+
+ # remove surrounding braces ((..)(..)(..)) -> (..)(..)(..)
+ $filterlist =~s/^\((\(.*)\)$/$1/;
+
+ while (length($filterlist)) {
+
+ # process (attr op string)
+ if ($filterlist =~ s/^\(\s*
+ ($Attr)\s*
+ ([:~<>]?=)
+ ((?:\\.|[^\\()]+)*)
+ \)\s*
+ //xo) {
+ my $item = Net::LDAP::Filter::_encode($1,$2,$3);
+ return undef if (!$item);
+ push(@parsed, $item);
+ next;
+ }
+
+ # If we get here then there is an error in the filter string
+ # so exit loop with data in $filterlist
+ last;
+ }
+
+ if (length $filterlist) {
+ # If we have anything left in the filter, then there is a problem
+ $ErrStr = "Bad filterlist, error before " . substr($filterlist,0,20);
+ return undef;
+ }
+
+ @$self = @parsed;
+
+ $self;
+}
+
+sub as_string {
+ my $l = shift;
+
+ return '(' . join('', map { Net::LDAP::Filter::_string(%{$_}) } @{$l}) . ')';
+}
+
+1;
View
2  lib/Net/LDAP/Control/PersistentSearch.pm
@@ -105,7 +105,7 @@ Net::LDAP::Control::PersistentSearch - LDAPv3 Persistent Search control object
C<Net::LDAP::Control::PersistentSearch> provides an interface for the creation
and manipulation of objects that represent the C<PersistentSearch> control as
-described by draft-smith-psearch-ldap-01.txt.
+described by draft-smith-psearch-ldap-03.txt.
=head1 CONSTRUCTOR ARGUMENTS
View
50 lib/Net/LDAP/Control/ProxyAuth.pm
@@ -8,13 +8,13 @@ use vars qw(@ISA $VERSION);
use Net::LDAP::Control;
@ISA = qw(Net::LDAP::Control);
-$VERSION = "1.05";
+$VERSION = "1.06";
-use Net::LDAP::Constant qw(LDAP_CONTROL_PROXYAUTHENTICATION);
+use Net::LDAP::Constant qw(LDAP_CONTROL_PROXYAUTHORIZATION);
use Net::LDAP::ASN qw(proxyAuthValue);
use strict;
-sub LDAP_CONTROL_PROXYAUTHENTICATION_OLD { "2.16.840.1.113730.3.4.12"; }
+sub LDAP_CONTROL_PROXYAUTHORIZATION_OLD { "2.16.840.1.113730.3.4.12"; }
sub init {
my($self) = @_;
@@ -22,7 +22,7 @@ sub init {
delete $self->{asn};
if (defined($self->{proxyDN})) {
- $self->{type} = LDAP_CONTROL_PROXYAUTHENTICATION_OLD;
+ $self->{type} = LDAP_CONTROL_PROXYAUTHORIZATION_OLD;
unless (exists $self->{value}) {
$self->{asn} = { proxyDN => $self->{proxyDN} || '' };
@@ -45,10 +45,10 @@ sub proxyDN {
if (@_) {
delete $self->{value};
- $self->{type} = LDAP_CONTROL_PROXYAUTHENTICATION_OLD;
+ $self->{type} = LDAP_CONTROL_PROXYAUTHORIZATION_OLD;
return $self->{asn}{proxyDN} = shift || '';
}
- elsif ($self->{type} eq LDAP_CONTROL_PROXYAUTHENTICATION) {
+ elsif ($self->{type} eq LDAP_CONTROL_PROXYAUTHORIZATION) {
$self->{error} = 'Illegal query method: use authzID()';
return undef;
}
@@ -66,10 +66,10 @@ sub authzID {
if (@_) {
delete $self->{value};
- $self->{type} = LDAP_CONTROL_PROXYAUTHENTICATION;
+ $self->{type} = LDAP_CONTROL_PROXYAUTHORIZATION;
return $self->{authzID} = shift || '';
}
- elsif ($self->{type} eq LDAP_CONTROL_PROXYAUTHENTICATION_OLD) {
+ elsif ($self->{type} eq LDAP_CONTROL_PROXYAUTHORIZATION_OLD) {
$self->{error} = 'Illegal query method: use proxyDN()';
return undef;
}
@@ -85,7 +85,7 @@ sub value {
my $self = shift;
unless (exists $self->{value}) {
- $self->{value} = ($self->{type} eq LDAP_CONTROL_PROXYAUTHENTICATION_OLD)
+ $self->{value} = ($self->{type} eq LDAP_CONTROL_PROXYAUTHORIZATION_OLD)
? $proxyAuthValue->encode($self->{asn})
: $self->{authzID} || '';
}
@@ -99,7 +99,7 @@ __END__
=head1 NAME
-Net::LDAP::Control::ProxyAuth - LDAPv3 Proxy Authentication control object
+Net::LDAP::Control::ProxyAuth - LDAPv3 Proxy Authorization control object
=head1 SYNOPSIS
@@ -130,7 +130,20 @@ Net::LDAP::Control::ProxyAuth - LDAPv3 Proxy Authentication control object
=head1 DESCRIPTION
C<Net::LDAP::Control::ProxyAuth> provides an interface for the creation and manipulation
-of objects that represent the C<proxyauthorisationControl> as described by draft-weltman-ldapv3-proxy-XX.txt.
+of objects that represent the C<Proxy Authorization Control> as described by RFC 4370.
+
+It allows a client to be bound to an LDAP server with its own identity, but to perform
+operations on behalf of another user, the C<authzID>.
+
+With the exception of any extension that causes a change in authentication,
+authorization or data confidentiality, a single C<Proxy Authorization Control>
+may be included in any search, compare, modify, add, delete, or moddn or
+extended operation.
+
+As cqrequired by the RFC, the criticality of this control is automatically set to
+TRUE in order to protect clients from submitting requests with other identities
+that they intend to.
+
=head1 CONSTRUCTOR ARGUMENTS
@@ -141,19 +154,20 @@ L<Net::LDAP::Control> the following are provided.
=item authzID
-The authzID that is required. This is the identity we are requesting operations to use
+The authzID that is required. This is the identity we are requesting operations to use.
=item proxyDN
-In older versions of draft-weltman-ldapv3-proxy-XX.txt the value in the control and thus the
-constructor argument was a DN and was called C<proxyDN>. It served the same purpose as C<authzID>
-in recent versions of C<proxyauthorisationControl>.
+In early versions of the drafts to RFC 4370, draft-weltman-ldapv3-proxy-XX.txt,
+the value in the control and thus the constructor argument was a DN and was called C<proxyDN>.
+It served the same purpose as C<authzID> in recent versions of C<proxyAuthorization> control.
=back
B<Please note:>
-Unfortunately the OID and the encoding or the C<proxyauthorisationControl>
-changed significantly in recent versions of draft-weltman-ldapv3-proxy-XX.txt.
+Unfortunately the OID and the encoding or the C<Proxy Authorization Control>
+changed significantly between early versions of draft-weltman-ldapv3-proxy-XX.txt
+and the final RFC.
Net::LDAP::Control::ProxyAuth tries to cope with that situation and changes
the OID and encoding used depending on the constructor argument.
@@ -173,7 +187,7 @@ and set a new value for the attribute if called with an argument.
L<Net::LDAP>,
L<Net::LDAP::Control>,
-=head1 AUTHOR
+=head1 AUTHORS
Olivier Dubois, Swift sa/nv based on Net::LDAP::Control::Page from
Graham Barr E<lt>gbarr@pobox.comE<gt>.
View
2  lib/Net/LDAP/Control/VLV.pm
@@ -272,7 +272,7 @@ Net::LDAP::Control::VLV - LDAPv3 Virtual List View control object
C<Net::LDAP::Control::VLV> provides an interface for the creation and
manipulation of objects that represent the Virtual List View as described
-by draft-ietf-ldapext-ldapv3-vlv-03.txt.
+by draft-ietf-ldapext-ldapv3-vlv-09.txt.
When using a Virtual List View control in a search, it must be accompanied by a sort
control. See L<Net::LDAP::Control::Sort>
View
117 lib/Net/LDAP/Extension/Cancel.pm
@@ -0,0 +1,117 @@
+
+package Net::LDAP::Extension::Cancel;
+
+require Net::LDAP::Extension;
+
+$VERSION = "0.01";
+@ISA = qw(Net::LDAP::Extension);
+
+use Convert::ASN1;
+
+my $cancelReq = Convert::ASN1->new;
+$cancelReq->prepare(q<SEQUENCE {
+ cancelID INTEGER -- originally: MessageID
+ }>);
+
+sub Net::LDAP::cancel {
+ my $ldap = shift;
+ my $op = shift;
+ my %opt = @_;
+
+ my $res = $ldap->extension (
+ name => '1.3.6.1.1.8',
+ value => $cancelReq->encode({ cancelID => ref($op) ? $op->mesg_id : $op }),
+ ($opt{control} ? (control => $opt{control}) : ())
+ );
+
+ bless $res;
+}
+
+1;
+
+__END__
+
+=head1 NAME
+
+Net::LDAP::Extension::Cancel - LDAP Cancel Operation
+
+=head1 SYNOPSIS
+
+ use Net::LDAP;
+ use Net::LDAP::Constant qw(LDAP_SUCCESS LDAP_CANCELED)
+ use Net::LDAP::Extension::Cancel;
+
+ $ldap = Net::LDAP->new( 'ldap.mydomain.eg' );
+
+ $ldap->bind('cn=Joe User,cn=People,dc=example,dc=com',
+ password => 'secret');
+
+ $search = $ldap->search(
+ base => 'c=US',
+ filter => '(&(sn=Barr) (o=Texas Instruments))',
+ callback => \&process_entry, # Call this sub for each entry
+ );
+
+ $mesg = $ldap->cancel($search);
+
+ die "error :", $mesg->code(), ": ", $mesg->error()
+ if ($mesg->code() != LDAP_CANCELED && mesg->code() != LDAP_SUCCESS);
+
+=head1 DESCRIPTION
+
+C<Net::LDAP::Extension::Cancel> implements the C<Cancel>
+extended LDAPv3 operation as described in RFC 3909.
+
+The C<Cancel> extended operation is very similar to the C<Abandon>
+standard operation, and has the same call signature.
+Unlike the C<Abandon> operation, it has a response which provides
+an indication of its outcome.
+
+It implements no object by itself but extends the L<Net::LDAP> object
+by another method:
+
+=head1 METHODS
+
+=over 4
+
+=item cancel ( OPERATION, OPTIONS )
+
+Cancel an outstanding operation. C<OPERATION> may be a number or an
+object which is a sub-class of L<Net::LDAP::Message>, returned from a
+previous method call.
+
+OPTIONS is a list of key/value pairs. The following keys are reconized:
+
+=over 4
+
+=item control => CONTROL
+
+=item control => [ CONTROL, .. ]
+
+Control(s) to be passed to the operation.
+
+=back
+
+
+=back
+
+=head1 SEE ALSO
+
+L<Net::LDAP>,
+L<Net::LDAP::Extension>
+
+=head1 AUTHOR
+
+Peter Marschall <peter@adpm.de>.
+
+Please report any bugs, or post any suggestions, to the perl-ldap
+mailing list E<lt>perl-ldap@perl.orgE<gt>
+
+=head1 COPYRIGHT
+
+Copyright (c) 2011 Peter Marschall. All rights reserved. This program is
+free software; you can redistribute it and/or modify it under the same
+terms as Perl itself.
+
+=cut
+
View
2  lib/Net/LDAP/Extension/WhoAmI.pm
@@ -42,7 +42,7 @@ Net::LDAP::Extension::WhoAmI - LDAP "Who am I?" Operation
=head1 DESCRIPTION
C<Net::LDAP::Extension::WhoAmI> implements the C<Who am I?>
-extended LDAPv3 operation as described in draft-zeilenga-ldap-authzid-09.
+extended LDAPv3 operation as described in RFC 4532.
It implements no object by itself but extends the L<Net::LDAP> object
by another method:
View
71 lib/Net/LDAP/Filter.pm
@@ -7,7 +7,7 @@ package Net::LDAP::Filter;
use strict;
use vars qw($VERSION);
-$VERSION = "0.15";
+$VERSION = "0.16";
# filter = "(" filtercomp ")"
# filtercomp = and / or / not / item
@@ -71,12 +71,12 @@ my %Op = qw(
my %Rop = reverse %Op;
-# Unescape
-# \xx where xx is a 2-digit hex number
-# \y where y is one of ( ) \ *
sub errstr { $ErrStr }
+# Unescape
+# \xx where xx is a 2-digit hex number
+# \y where y is one of ( ) \ *
sub _unescape {
$_[0] =~ s/
\\([\da-fA-F]{2}|.)
@@ -90,11 +90,11 @@ sub _unescape {
sub _escape { (my $t = $_[0]) =~ s/([\\\(\)\*\0-\37\177-\377])/sprintf("\\%02x",ord($1))/sge; $t }
+# encode a triplet ($attr,$op,$val) representing a single filter item
sub _encode {
my($attr,$op,$val) = @_;
- # An extensible match
-
+ # extensible match
if ($op eq ':=') {
# attr must be in the form type:dn:1.2.3.4
@@ -114,34 +114,40 @@ sub _encode {
});
}
- # If the op is = and contains one or more * not
- # preceeded by \ then do partial matches
-
- if ($op eq '=' && $val =~ /^(\\.|[^\\*]+)*\*/o ) {
+ # special cases: present / substring match
+ if ($op eq '=') {
- my $n = [];
- my $type = 'initial';
+ # present match
+ if ($val eq '*') {
+ return ({ present => $attr });
+ }
- while ($val =~ s/^((\\.|[^\\*]+)*)\*//) {
- push(@$n, { $type, _unescape("$1") }) # $1 is readonly, copy it
- if length($1) or $type eq 'any';
+ # if val contains unescaped *, then we have substring match
+ elsif ( $val =~ /^(\\.|[^\\*]+)*\*/o ) {
- $type = 'any';
- }
+ my $n = [];
+ my $type = 'initial';
- push(@$n, { 'final', _unescape($val) })
- if length $val;
+ while ($val =~ s/^((\\.|[^\\*]+)*)\*//) {
+ push(@$n, { $type, _unescape("$1") }) # $1 is readonly, copy it
+ if length($1) or $type eq 'any';
- return ({
- substrings => {
- type => $attr,
- substrings => $n
+ $type = 'any';
}
- });
- }
- # Well we must have an operator and no un-escaped *'s on the RHS
+ push(@$n, { 'final', _unescape($val) })
+ if length $val;
+
+ return ({
+ substrings => {
+ type => $attr,
+ substrings => $n
+ }
+ });
+ }
+ }
+ # in all other cases we must have an operator and no un-escaped *'s on the RHS
return {
$Op{$op} => {
attributeDesc => $attr, assertionValue => _unescape($val)
@@ -149,6 +155,7 @@ sub _encode {
};
}
+# parse & encode a filter string
sub parse {
my $self = shift;
my $filter = shift;
@@ -173,7 +180,7 @@ sub parse {
while (length($filter)) {
- # Process the start of (& (...)(...))
+ # Process the start of (<op> (...)(...)), with <op> = [&!|]
if ($filter =~ s/^\(\s*([&!|])\s*//) {
push @stack, [$op,$cur];
@@ -182,7 +189,7 @@ sub parse {
next;
}
- # Process the end of (& (...)(...))
+ # Process the end of (<op> (...)(...)), with <op> = [&!|]
elsif ($filter =~ s/^\)\s*//o) {
unless (@stack) {
@@ -196,13 +203,6 @@ sub parse {
next if @stack;
}
- # present is a special case (attr=*)
-
- elsif ($filter =~ s/^\(\s*($Attr)=\*\)\s*//o) {
- push(@$cur, { present => $1 } );
- next if @stack;
- }
-
# process (attr op string)
elsif ($filter =~ s/^\(\s*
@@ -246,7 +246,6 @@ sub print {
sub as_string { _string(%{$_[0]}) }
sub _string { # prints things of the form (<op> (<list>) ... )
- my $i;
my $str = "";
for ($_[0]) {
View
176 lib/Net/LDAP/RFC.pod
@@ -147,6 +147,39 @@ directory objects defined for specific uses in other documents.
=head1 Other LDAP Related RFCs - Proposed Standards
+=head2 RFC-6171 The Lightweight Directory Access Protocol (LDAP) Don't Use Copy Control
+
+http://www.ietf.org/rfc/rfc6171.txt
+
+This document defines the Lightweight Directory Access Protocol (LDAP)
+Don't Use Copy control extension which allows a client to specify that
+copied information should not be used in providing service. This
+control is based upon the X.511 dontUseCopy service control option.
+
+
+=head2 RFC-5020 The Lightweight Directory Access Protocol (LDAP) entryDN Operational Attribute
+
+http://www.ietf.org/rfc/rfc5020.txt
+
+This document describes the LDAP/X.500 'entryDN' operational
+attribute. The attribute provides a copy of the entry's distinguished
+name for use in attribute value assertions.
+
+
+=head2 RFC-4792 Encoding Instructions for the Generic String Encoding Rules (GSER)
+
+http://www.ietf.org/rfc/rfc4792.txt
+
+Abstract Syntax Notation One (ASN.1) defines a general framework for
+annotating types in an ASN.1 specification with encoding instructions
+that alter how values of those types are encoded according to ASN.1
+encoding rules. This document defines the supporting notation for
+encoding instructions that apply to the Generic String Encoding Rules
+(GSER), and in particular defines an encoding instruction to provide
+a machine-processable representation for the declaration of a GSER
+ChoiceOfStrings type.
+
+
=head2 RFC-4532 Lightweight Directory Access Protocol (LDAP) Who am I? Operation
http://www.ietf.org/rfc/rfc4532.txt
@@ -251,6 +284,21 @@ provided authorization identity instead of under the current
authorization identity associated with the connection.
+=head2 RFC-4104 Policy Core Extension Lightweight Directory Access Protocol Schema (PCELS)
+
+http://www.ietf.org/rfc/rfc4104.txt
+
+This document defines a number of changes and extensions to the
+Policy Core Lightweight Directory Access Protocol (LDAP) Schema (RFC
+3703) based on the model extensions defined by the Policy Core
+Information Model (PCIM) Extensions (RFC 3460). These changes and
+extensions consist of new LDAP object classes and attribute types.
+Some of the schema items defined in this document re-implement
+existing concepts in accordance with their new semantics introduced
+by RFC 3460. The other schema items implement new concepts, not
+covered by RFC 3703. This document updates RFC 3703.
+
+
=head2 RFC-3928 Lightweight Directory Access Protocol (LDAP) Client Update Protocol (LCUP)
http://www.ietf.org/rfc/rfc3928.txt
@@ -411,8 +459,7 @@ results but still needs them sorted. Other permissible controls
on search operations are not defined in this extension.
-=head2 RFC-2849 The LDAP Data Interchange Format (LDIF) - Technical
-Specification
+=head2 RFC-2849 The LDAP Data Interchange Format (LDIF) - Technical Specification
http://www.ietf.org/rfc/rfc2849.txt
@@ -610,6 +657,47 @@ procedures.
=head1 Other LDAP Related RFCs - Informational
+=head2 RFC-5803 Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted Challenge Response Authentication Mechanism (SCRAM) Secrets
+
+http://www.ietf.org/rfc/rfc5803.txt
+
+This memo describes how the "authPassword" Lightweight Directory
+Access Protocol (LDAP) attribute can be used for storing secrets used
+by the Salted Challenge Response Authentication Mechanism (SCRAM)
+mechanism in the Simple Authentication and Security Layer (SASL)
+framework.
+
+
+=head2 RFC-4876 A Configuration Profile Schema for Lightweight Directory Access Protocol (LDAP)-Based Agents
+
+http://www.ietf.org/rfc/rfc4828.txt
+
+This document consists of two primary components, a schema for agents
+that make use of the Lightweight Directory Access protocol (LDAP) and
+a proposed use case of that schema, for distributed configuration of
+similar directory user agents. A set of attribute types and an
+object class are proposed. In the proposed use case, directory user
+agents (DUAs) can use this schema to determine directory data
+location and access parameters for specific services they support.
+In addition, in the proposed use case, attribute and object class
+mapping allows DUAs to reconfigure their expected (default) schema to
+match that of the end user's environment. This document is intended
+to be a skeleton for future documents that describe configuration of
+specific DUA services.
+
+
+=head2 RFC-4529 Requesting Attributes by Object Class in the Lightweight Directory Access Protocol (LDAP)
+
+http://www.ietf.org/rfc/rfc4829.txt
+
+The Lightweight Directory Access Protocol (LDAP) search operation
+provides mechanisms for clients to request all user application
+attributes, all operational attributes, and/or attributes selected by
+their description. This document extends LDAP to support a mechanism
+that LDAP clients may use to request the return of all attributes of
+an object class.
+
+
=head2 RFC-4525 Lightweight Directory Access Protocol (LDAP) Modify-Increment Extension
http://www.ietf.org/rfc/rfc4525.txt
@@ -881,6 +969,20 @@ demonstrating the use of the API.
=head1 Other LDAP Related RFCs - Experimental
+=head2 RFC-5805 Lightweight Directory Access Protocol (LDAP) Transactions
+
+http://www.ietf.org/rfc/rfc5805.txt
+
+Lightweight Directory Access Protocol (LDAP) update operations, such
+as Add, Delete, and Modify operations, have atomic, consistency,
+isolation, durability (ACID) properties. Each of these update
+operations act upon an entry. It is often desirable to update two or
+more entries in a single unit of interaction, a transaction.
+Transactions are necessary to support a number of applications
+including resource provisioning. This document extends LDAP to
+support transactions.
+
+
=head2 RFC-4533 The Lightweight Directory Access Protocol (LDAP) Content Synchronization Operation
http://www.ietf.org/rfc/rfc4533.txt
@@ -972,7 +1074,7 @@ has already been implemented with some success.
-=head1 Current Internet Drafts
+=head1 Expired but still interesting Internet Drafts
=head2 draft-wahl-ldap-adminaddr -- Administrator Address Attribute
@@ -989,34 +1091,6 @@ provide a way for the user of the management client to send
email to manager of a particular server.
-=head2 draft-zeilenga-ldap-txn -- LDAP Transactions
-
-Lightweight Directory Access Protocol (LDAP) update operations, such
-as Add, Delete, and Modify operations, have atomic, consistency,
-isolation, durability (ACID) properties. Each of these update
-operations act upon an entry. However, It is often desirable to
-update two or more entries in a single unit of interaction, a
-transaction. Transactions are necessary to support a number of
-applications including resource provisioning. This document defines
-an LDAP extension to support transactions.
-
-
-=head2 draft-joslin-config-schema -- A Configuration Profile Schema for LDAP-based agents
-
-This document consists of two primary components, a schema for agents
-that make use of the Lightweight Directory Access protocol (LDAP) and
-a proposed use case of that schema, for distributed configuration of
-similar directory user agents. A set of attribute types and an
-objectclass are proposed. In the proposed use case, directory user
-agents (DUAs) can use this schema to determine directory data
-location and access parameters for specific services they support.
-In addition, in the proposed use case, attribute and objectclass
-mapping allows DUAs to re-configure their expected (default) schema
-to match that of the end user's environment. This document is
-intended to be a skeleton for future documents that describe
-configuration of specific DUA services.
-
-
=head2 draft-zeilenga-ldap-noop -- The LDAP No-Op Control
This document defines the Lightweight Directory Access Protocol (LDAP)
@@ -1048,14 +1122,6 @@ e.g. if an entry must exist even though its contents are
uninteresting.
-=head2 draft-zeilenga-ldap-dontusecopy -- The LDAP Don't Use Copy Control
-
-This document defines the Lightweight Directory Access Protocol (LDAP)
-Don't Use Copy control extension which allows a client to specify that
-copied information should not be used in providing service. This
-control is based upon the X.511 dontUseCopy service control option.
-
-
=head2 draft-wahl-ldap-p3p -- P3P Policy Attributes for LDAP
This document defines attributes that can be retrieved via
@@ -1066,18 +1132,6 @@ directory server, and the privacy policies that apply to the contents
of the directory (a subtree of entries).
-=head2 draft-legg-ldap-gser-ei -- Encoding Instructions for the Generic String Encoding Rules (GSER)
-
-Abstract Syntax Notation One (ASN.1) defines a general framework for
-annotating types in an ASN.1 specification with encoding instructions
-that alter how values of those types are encoded according to ASN.1
-encoding rules. This document defines the supporting notation for
-encoding instructions that apply to the Generic String Encoding Rules
-(GSER), and in particular defines an encoding instruction to provide
-a machine-processable representation for the declaration of a GSER
-ChoiceOfStrings type.
-
-
=head2 draft-chu-ldap-xordered -- Ordered Entries and Values in LDAP
As LDAP is used more extensively for managing various kinds of data,
@@ -1101,13 +1155,6 @@ server. It may be used by various applications for auditing, flight
recorder, replication, and other purposes.
-=head2 draft-zeilenga-ldap-entrydn -- The LDAP entryDN Operational Attribute
-
-This document describes the LDAP/X.500 'entryDN' operational
-attribute. The attribute provides a copy of the entry's distinguished
-name for use in attribute value assertions.
-
-
=head2 draft-zeilenga-ldap-relax -- The LDAP Relax Rules Control
This document defines the Lightweight Directory Access Protocol (LDAP)
@@ -1157,11 +1204,6 @@ clients using the Lightweight Directory Access Protocol (LDAP) to
determine the source of directory entries.
-
-
-=head1 Expired but still interesting Internet Drafts
-
-
=head2 draft-ietf-ldapext-psearch -- Persistent Search: A Simple LDAP Change Notification Mechanism
This document defines two controls that extend the LDAPv3
@@ -1186,5 +1228,13 @@ search result set. This subset is specified in terms of offsets into the
ordered list, or in terms of a greater than or equal comparison value.
+
+
+=head1 Where to find the latest information
+
+Latest information on the RFCs and drafts around LDAP can be found at
+L<IETF's datatracker|https://datatracker.ietf.org>.
+
+
=cut
View
4 lib/Net/LDAP/Util.pm
@@ -55,7 +55,7 @@ require Net::LDAP::Constant;
escape_dn_value unescape_dn_value) ],
);
-$VERSION = "0.11";
+$VERSION = "0.12";
=item ldap_error_name ( ERR )
@@ -164,7 +164,7 @@ my @err2desc = (
undef,
undef,
undef,
- undef,
+ "VLV error", # 0x4C LDAP_VLV_ERROR
undef,
undef,
undef,
View
2  t/06constant.t
@@ -83,7 +83,7 @@ my @constant = qw(
73
74
75
- 76
+ LDAP_VLV_ERROR
77
78
79
Please sign in to comment.
Something went wrong with that request. Please try again.