I've a little issue. At work, we will shortly use a proxy ldap to connect to our ldap.
However, my perl script used to connect directly to the ldap, and I can't find the right way to connect to the ldap through the ldap proxy.
The ldap team told me to simply change "my.local.ldap.org" by the url of the proxy.
But when I do that, I get nothing back except the error "Can't contact LDAP server at myscript.pl line X, < DATA> line 403."
I'm at my wits end, since I'm pretty new to perl.
How can I connect to my ldap throught the ldap proxy and get my data ?
There is my perl code :
#!/usr/bin/perl
use warnings;
use strict;
use Net::LDAP;
use Net::SMTP;
use MIME::Lite;
use Getopt::Std;
connect_ldap();
sub connect_ldap {
my #attributs = qw(uid subsidiary preferredLanguage);
my $ldap = Net::LDAP->new(
"my.local.ldap.org",
port => 389
) or die open (STDERR, ">&SDTOUT");
my $mesg = $ldap->bind (
"cn=app_readonly,ou=account,ou=security,o=oubase",
password => "mypassword"
);
$mesg = $ldap->search(
base => "o=oubase",
scope => "sub",
filter => "(&(objectclass=inetOrgPerson)(|(subsidiary=sub1)(subsidiary=sub2))(role=id=app_access,id=APP,*))",
attrs => [ #attributs ]
);
printf "COUNT : %s\n", $mesg->count;
foreach my $entry ($mesg->entries) {
$entry->dump;
}
print "==========================================\n";
$mesg = $ldap->unbind;
$ldap->unbind;
}
In general, there should not be any difference connecting through a proxy (provided that it is an LDAP proxy) compared to connecting to an LDAP server directly as long as the LDAP proxy is setup properly. Did you try telnetting to the host/port of the proxy to see if you got the correct connection information?
Related
I wrote a Perl script that uses POP3 to retrieve mail from a Gmail account. A while ago, the script became broken, and I suspect it was because Gmail began requiring either SSL or TLS connections when using POP3.
I found this interesting post on Mike B's blog, which includes this sample code:
#!/usr/bin/env perl
use strict;
use warnings;
use Net::SSLGlue::POP3;
use Mozilla::CA;
my $host = 'pop.aol.com';
my $login = 'myusername#aol.com';
my $pass = '4Radfsai8fsfd9sdf9sdf';
my $pop3 = Net::POP3->new( $host) || die "Can't connect to $host: $!";
$pop3->starttls(
SSL_verify_mode => 1,
SSL_ca_file => Mozilla::CA::SSL_ca_file(),
) || die "Can't perform starttls: $!";
my $messages = $pop3->login( $login, $pass )
|| die "Failed to authenticate login $login on $host: $!";
print "There are $messages messages on $host for $login.\n";
Here's a portion of my exact code (some specifics changed for security reasons):
use YAML;
use Net::SSLGlue::POP3;
use Mozilla::CA;
use Email::Find;
use Data::Dumper;
use LWP::Simple;
my $email_finder = Email::Find->new(\&process_email);
my $verbose = 1;
my $email_account = 'my.email#mydomain.net';
my $email_password = 'somepassword';
my $mail_server = "mail.mydomain.net";
print("\nStarted\n") if ($verbose);
$pop = Net::POP3->new($mail_server) || die("Could not log on to server.");
print(" - starttls using " . Mozilla::CA::SSL_ca_file() . "\n") if ($verbose);
$pop->starttls(
SSL_verify_mode => 1,
SSL_ca_file => Mozilla::CA::SSL_ca_file()
) || die "Can't perform starttls: $!";
My issue is that...
$pop->starttls(
SSL_verify_mode => 1,
SSL_ca_file => Mozilla::CA::SSL_ca_file()
) || die "Can't perform starttls: $!";
... is failing, but I can't tell why. Any suggestions?
UPDATE...
Thank you Steffen. I've updated my code by adding Debug => 1 and outputting $IO::Socket::SSL::SSL_ERROR:
$pop = Net::POP3->new($mail_server, Debug => 1)
|| die("Could not log on to server.");
print(" - starttls using " . Mozilla::CA::SSL_ca_file() . "\n") if ($verbose);
$pop->starttls(
SSL_verify_mode => 1,
SSL_ca_file => Mozilla::CA::SSL_ca_file()
) || die "Can't perform starttls: $!\n" . $IO::Socket::SSL::SSL_ERROR;
The error message now is:
Net::POP3>>> Net::POP3(2.29)
Net::POP3>>> Net::Cmd(2.29)
Net::POP3>>> Exporter(5.63)
Net::POP3>>> IO::Socket::INET(1.31)
Net::POP3>>> IO::Socket(1.31)
Net::POP3>>> IO::Handle(1.28)
Net::POP3=GLOB(0xb41980)<<< +OK Dovecot ready.
- starttls using /usr/local/share/perl/5.10.1/Mozilla/CA/cacert.pem
Net::POP3=GLOB(0xb41980)>>> STLS
Net::POP3=GLOB(0xb41980)<<< +OK Begin TLS negotiation now.
Can't perform starttls:
**SSL connect attempt failed with unknown error error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed at (my script) line 26.**
Is this basically saying, "The Mozilla::CA certificate is not going to work for you."?
There might be several reasons it might fail and it would help if you add Debug => 1 within Net::POP3->new.
I could think of the following reasons:
The server does not support a STLS command. In this case you wou, would see an error message when running with the Debug flag, you can also could print $pop->message.
The servers supports STLS, but the SSL handshake fails. In this case you will find more information in the $IO::Socket::SSL::SSL_ERROR variable. Typical examples why the handshake might fail
the CA of the certificate is unknown (e.g. not in the CA store provided by Mozilla::CA). This is typically the case with servers from private persons, or inside companies or universities. They often don't use public CAs to sign their certificates or even use self-signed certificates
no shared cipher can be found. This can be the case with older servers, which like to do MD5. Recent versions of IO::Socket::SSL or OpenSSL disable these insecure ciphers by default.
If this does not help please post the output from Debug and maybe set $IO::Socket::SSL::DEBUG=10 too.
Steffen (author of Net::SSLGlue::POP3, current developer of IO::Socket::SSL)
I'm working on moving a Perl script that pushed commands to routers. We have turned off telnet, so I'm working on getting SSH to work. After looking at a number of SSH libraries in Perl, I've opted to use Net::OpenSSH. I have no problem logging in and passing commands to the routers, but the problem I'm having is with entering config mode and subsequently passing a command.
The problem is that with each command entered, the underlying system appears to logout then reenter with the next subsequent command. For example with a Juniper router I'm trying to do the following:
edit private
set interfaces xe-1/3/2 description "AVAIL: SOMETHING GOES HERE"
commit
exit
quit
Tailing the syslog from the router I'm seeing something like this...
(...)
UI_LOGIN_EVENT: User 'tools' login, class 'j-remote-user' [65151], ssh-connection 'xxx.xxx.xxx.xxx 42247 xxx.xxx.xxx.xxx 22', client-mode 'cli'
UI_CMDLINE_READ_LINE: User 'tools', command 'edit private '
UI_DBASE_LOGIN_EVENT: User 'tools' entering configuration mode
UI_DBASE_LOGOUT_EVENT: User 'tools' exiting configuration mode
UI_LOGOUT_EVENT: User 'tools' logout
UI_AUTH_EVENT: Authenticated user 'remote' at permission level 'j-remote-user'
UI_LOGIN_EVENT: User 'tools' login, class 'j-remote-user' [65153], ssh-connection 'xxx.xxx.xxx.xxx 42247 xxx.xxx.xxx.xxx 22', client-mode 'cli'
UI_CMDLINE_READ_LINE: User 'tools', command 'set interfaces '
UI_LOGOUT_EVENT: User 'tools' logout
(...)
As you notice I'm getting a LOGOUT_EVENT after each command entered. Of course exiting config mode immediately after entering it causes the set interfaces command to fail as it's no longer in config mode.
The Perl code I'm using is as follows...
#!/usr/bin/perl -w
use strict;
use lib qw(
/usr/local/admin/protect/perl
/usr/local/admin/protect/perl/share/perl/5.10.1
);
use Net::OpenSSH;
my $hostname = "XXXXX";
my $username = "tools";
my $password = "XXXXX";
my $timeout = 60;
my $cmd1 = "edit private";
my $cmd2 = 'set interfaces xe-1/3/2 description "AVAIL: SOMETHING GOES HERE"';
my $cmd3 = "commit";
my $cmd4 = "exit";
my $ssh = Net::OpenSSH->new($hostname, user => $username, password => $password, timeout => $timeout,
master_opts => [-o => "StrictHostKeyChecking=no"]);
$ssh->error and die "Unable to connect to remote host: " . $ssh->error;
my #lines = eval { $ssh->capture($cmd1) };
foreach (#lines) {
print $_;
};
#lines = eval { $ssh->capture($cmd2) };
foreach (#lines) {
print $_;
};
#lines = eval { $ssh->capture($cmd3) };
foreach (#lines) {
print $_;
};
#lines = eval { $ssh->capture($cmd4) };
foreach (#lines) {
print $_;
};
$ssh->system("quit");
The sequence of events is the same as when telnet was used. The only real change was in using SSH objects verses Telnet objects. I'm stumped. Any ideas you could provide would be quite helpful.
[SOLVED, sort of]
The suggestion let Net::Telnet do the driving was the correct one. The following code works...
#!/usr/bin/perl -w
use strict;
use Net::OpenSSH;
use Net::Telnet;
use Data::Dumper;
my $promptEnd = '/\w+[\$\%\#\>]\s{0,1}$/o';
my $cmd1 = "show system uptime | no-more";
my $cmd2 = "show version brief | no-more";
my $hostname = "xxx.xxx";
my $username = "xxxxxxx";
my $password = "xxxxxxx";
my $timeout = 60;
my $ssh = Net::OpenSSH->new(
$hostname,
user => $username,
password => $password,
timeout => $timeout,
master_opts => [ -o => "StrictHostKeyChecking=no" ]
);
$ssh->error and die "Unable to connect to remote host: " . $ssh->error;
my ( $fh, $pid ) = $ssh->open2pty( { stderr_to_stdout => 1 } );
my %params = (
fhopen => $fh,
timeout => $timeout,
errmode => 'return',
);
$conn = Net::Telnet->new(%params);
$conn->waitfor($promptEnd);
#lines = $conn->cmd($cmd1);
foreach (#lines) {
print $_;
}
#lines = $conn->cmd($cmd2);
foreach (#lines) {
print $_;
}
$conn->cmd("quit");
The problem I'm having is that I can't seem to separate the code into subroutines. Once the $conn object is returned from a subroutine, the underlying ssh connection drops. I need to separate this logic in order to not have to rewrite many, many programs and lines of code that relay on this pusher routine. However that problem I'll direct to another question.
[Edit, fully solved]
Just an update in case anyone needs to do something similar.
While the above worked very well when run under a single subroutine, I found that any time I passed the handle to another subroutine, the telnet handle remained open, but the ssh connection dropped.
To solve this I found that if I passed the ssh handle to another subroutine, then later attached the open2pty, and attached Net::Telnet, then I could pass the Net::Telnet handle between subroutines without the underlying ssh connection dropping. This also worked for Net::Telnet::Cisco as well. I have this code working well with Cisco, Juniper, and Brocade routers.
You should also consider adding a few more parameters to the Net::Telnet->new() because it is interacting with ssh rather than a TELNET server.
-telnetmode => 0
-output_record_separator => "\r",
-cmd_remove_mode => 1,
Because there is no TELNET server on remote side, -telnetmode => 0 turns off TELNET negotiation.
The end-of-line is most likely just a carriage-return (i.e. -output_record_separator => "\r") rather than the TCP or TELNET combination of carriage-return linefeed ("\r\n").
Always strip the echoed back input -cmd_remove_mode => 1
There are several possibilities:
Some routers accept having the sequence of commands sent up front via stdin:
my $out = $ssh->capture({stdin_data => join("\r\n", #cmds, '')})
In other cases you will have to use something like Expect to send a command, wait for the prompt to appear again, send another command, etc.
If you were using Net::Telnet before, the Net::OpenSSH docs explain how to integrate both (though I have to admit that combination is not very tested).
Also, some routers provide some way to escape to a full Unix-like shell. I.e., preppending the commands with a bang:
$ssh->capture("!ls");
I'm trying to use an API for a Palo Alto Networks software. The code is supposed to submit username and ipaddress of user network logins to a web interface.
When I try using PANs' API with their sample code for a windows machine the following exception is thrown:
Can't use an undefined value as a symbol reference at
C:/Perl/lib/PAN/API.pm line 179 (#1)
PAN::API::UID::login('PAN::API::UID=HASH(0x7fd113828598)', 'SCU-DSM22/pmmertens', 172.16.6.117) called at API_events.pl line 12
This is the code-example that comes with the API documentation:
#!/usr/bin/perl -w
use strict;
use PAN::API;
my $useridagent = '10.0.0.99'; #I changed this to our PAN server address
my $useridapi = PAN::API::UID->new($useridagent);
my $user = $ENV{USERDOMAIN}.'/'.$ENV{USERNAME};
my $ipaddress = unpack('W4',gethostbyname($ENV{COMPUTERNAME}));
$useridapi->login($user,$ipaddress);
I've ensure that all variables are retrieved correctly. Substituting literal values did not help either. Googling this error turned up references about hard and soft references but I don't see any infractions of these rules in the code below.
This is the codeblock from PAN/Api.pm. Line 179 is where the print starts.
sub submit () {
my $self = shift;
use IO::Socket::INET;
use IO::Socket::SSL;
my $socket = IO::Socket::INET->new(PeerAddr => $self->{server},
PeerPort => $self->{port},
Proto => 'tcp');
my $socketssl = IO::Socket::SSL->start_SSL( $socket,
SSL_version =>'TLSv1');
print $socketssl $self->xml;
$socketssl->close;
$socketssl->stop_SSL;
}
Both the IO::Socket::INET and IO::Socket::SSL lines should have error checking. Something like:
my $socket = IO::Socket::INET->new(....)
or die "Failed to create socket: $!"
And:
my $socketssl = IO::Socket::SSL->start_SSL(...)
or die "Failed to start SSL: ".IO::Socket::SSL::errstr();
Although instead of die I might go with Carp::confess.
I've installed this module to gain access and controls within a Gmail inbox. However, when I try to connect through a small Perl script and test the functionality, I get this error message.
Error: Could not login with those credentials - could not find final URL
Additionally, HTTP error: 200 OK
This is an error built within the Gmail.pm module.
I can ping the URL in question ( https://www.google.com/accounts/ServiceLoginBoxAuth ) so I feel that the trouble isn't finding the URL. Furthermore, I know the credentials are correct and work at that URL because I have tried them manually.
I'm using this script for testing. I have supplied my credentials in the appropriate places.
I've also installed this module with the same type of error.
Any idea why I'm getting blocked?
Use Mail::IMAPClient as shown below. To get pass SSL authentication through Mail::IMAPClient, you should have IO::Socket::SSL from Net::SSLeay installed. If so this works like a charm.
#!/usr/bin/env perl
use strict; use warnings;
use Mail::IMAPClient;
# Connect to IMAP server
my $client = Mail::IMAPClient->new(
Server => 'imap.gmail.com',
User => 'yourusername',
Password => 'yourp4a55w0r&',
Port => 993,
Ssl => 1,
)
or die "Cannot connect through IMAPClient: $!";
# List folders on remote server (see if all is ok)
if ( $client->IsAuthenticated() ) {
print "Folders:\n";
print "- ", $_, "\n" for #{ $client->folders() };
};
# Say so long
$client->logout();
I am successfully accessing a gmail account (google apps account to be precise) using Mail::POP3Client
If you cannot access gmail through normal POP3 or IMAP either, then you have a configuration problem rather than a programming problem.
I fetch my mail from gmail (actually Google Apps, which uses the same interface), using configuration details described here: http://download.gna.org/hpr/fetchmail/FAQ/gmail-pop-howto.html
(This answer is far more appropriate for Super User though!)
You can tried with the following module
Mail::Webmail::Gmail
You can use the following code also
use warnings;
use strict;
use Mail::POP3Client;
use IO::Socket::SSL;
use CGI qw(:standard);
my $cgi = new CGI;
my $LOG ;
open $LOG , ">>filename" ;
my $username = 'name#gmail.com';
my $password = '*******' ;
chomp($password);
my $mailhost = 'pop.gmail.com';
my $port = '995';
$cgi->header();
my $pop = new Mail::POP3Client(
USER => $username,
PASSWORD => $password,
HOST => $mailhost,
PORT => $port,
USESSL => 'true',
DEBUG => 0,
);
if (($pop->Count()) < 1) {
exit;
}
print $pop->Count() . " messages found!:$!\n";
for(my $i = 1; $i <= $pop->Count(); $i++) {
foreach($pop->Head($i)) {
/^(From|Subject|Email):\s+/i && print $_, "\n";
}
$pop->BodyToFile($LOG,$i);
}
$pop->Close();
exit;
I want to upload a list of users from my work's LDAP server to upload into our wiki as a company directory.
How can I download a list of users from an LDAP server using Perl?
Thanks.
Use the NET::LDAP module.
A little example from the POD:
use Net::LDAP;
$ldap = Net::LDAP->new( 'ldap.bigfoot.com' ) or die "$#";
$mesg = $ldap->bind ; # an anonymous bind
$mesg = $ldap->search( # perform a search
base => "c=US",
filter => "(&(sn=Barr) (o=Texas Instruments))"
);
$mesg->code && die $mesg->error;
foreach $entry ($mesg->entries) { $entry->dump; }
$mesg = $ldap->unbind; # take down session