These are the most Frequently Asked Questions about the PerLDAP source and distributions from mozilla.org. A few of these questions will most likely be merged into the official POD documentation, in a later release. The questions are divided into these sections:

Recent changes to this document

• Added a bunch of 1.4 information.
• Removed old information dealing with 1.0.

• Cleaned up a bunch of the FAQs, to clarify v1.2/v1.2.1/issues.
• Added Q-5.10, giving an example how to do simple authentication of users against the LDAP server.
• Added Q-6.9, describing how to compile and install PerLDAP in a non-standard directory.
• Added possible (partial) solution for memory issues to Q-7.2.

• Updated a lot of text for the release of PerLDAP v1.2, changing from v1.0 and v1.1 where appropriate.
• Added more CVS tags to Q-4.4.

1. General information about PerLDAP

1. What is PerLDAP?
2. Where can I get source code for PerLDAP?
3. Where can I get binary distributions?
4. Where do I send bug reports, or ask for help?
5. Does PerLDAP support SSL?
6. Do you have some links to relevant LDAP sites or books?

2. Using and building PerLDAP from the source

1. How do I get the source code?
2. What do I need to build PerLDAP?
3. What's the latest PerLDAP version?
4. Where are the beta/development releases?
5. Do I really need the C-SDK?

3. Binary distributions and released versions

1. Where can I find a binary distribution for platform <XXX>?
2. I can't get the binaries to work, who do I turn to?
3. Where are the C-SDK binaries?

4. Working with the source, CVS and bug reports

1. What the heck is CVS? How do I use it? Where can I get it?
2. How do I check out the latest, stable released code?
3. How do I check out a beta/development branch?
4. Is there a list of all development branches?
5. What CVS modules are available and relevant to PerLDAP?
6. Where do I send patches or new code I'd like to contribute?
7. How do I report a bug I just found?
8. Where can I read about known, open bugs?

5. LDAP related questions

1. How do I "browse" an LDAP entry when I know its DN?
2. How can I manage my Netscape DS-4 server information with PerLDAP?
3. What is the "manage DSA IT" control? Can I use it with PerLDAP?
4. Does PerLDAP support all LDAP v3 features?
5. How do I search for something? What is an LDAP filter?
6. How do I specify/limit what attributes are retrieved in a search?
7. How can I call an LDAP API function, when it needs the internal C SDK structures?
8. How can I count the number of entries a search found?
9. How do I create a new LDAP entry?
10. How do I authenticate a user against the LDAP server?
11. How do I limit the number of entries returned?
12. How do I add binary data to an entry?
13. How do I print out a JPEG image from my directory to an HTML page?
14. How do I add a user to a group?

6. Platform, Perl and version specific problems

1. What Perl versions are supported?
2. Which Perl version is recommended?
3. Which Unix and Windows platforms are supported, and which versions?
4. How do I get PerLDAP to build on my Windows/NT machine? Why can't NT find libldap.dll?
5. What C SDKs are supported? What about SSL?
6. What is the build options for DecUnix/OSF? What is "-taso"?
7. What link options are used/needed for Irix?
8. Why are there missing symbols when linking PerLDAP on Windows/NT?
9. How do I compile and install PerLDAP in a test environment?

7. Known bugs and problems

1. I can't get PerLDAP to work with ActivePerl.
2. Is it just me, or is PerLDAP very memory intensive?
3. I can't get LDAP controls to work.

8. Missing features and modules

1. What about LDAP controls?
2. How can I use and support the LDAP v3 password management control?
3. Does PerLDAP support VLV indexes?
4. The LDIF module seems horky, what gives?
5. Are there any PerLDAP code to manage LDAP schemas?
6. What are the plans for the next PerLDAP version?

1. General information about PerLDAP

1. What is PerLDAP?

   PerLDAP, Perl-LDAP, is made up of two main components to write LDAP clients: An interface to the C SDK API, and a set of Object Oriented Perl classes. The API interface is almost 100% compatible with Netscape's C SDK, but it's harder to use than the OO layer. The Object oriented interface is ment to be an easier way to write most common LDAP clients. For more information, see the Mozilla Directory project home page.

   I've also prepared a PerLDAP presentation in PowerPoint, which is available in HTML as well.

2. Where can I get source code for PerLDAP?

   The source is available via both CVS and FTP. You can use Mozilla's CVS server to easily keep up to date with latest releases and development. For more information about relevant CVS modules to check out, see question 4.5.

   If you don't have access to CVS, or want to quickly get the latest CVS release, you can FTP a source distribution. After unpacking such a distribution, you can again use CVS to get updates etc.

3. Where can I get binary distributions?

   See the section on Binary Distributions.

4. Where do I send bug reports, or ask for help?

   Please use the News Discussion group as much as possible - the PerLDAP team reads this constantly. You can also use Bugzilla, see question 4.7 for details. Here's the list of all currently open PerLDAP bugs and RFEs.

5. Does PerLDAP support SSL?

   Yes! But only if the C SDK you have installed supports SSL, PerLDAP itself does not have any SSL code or encryption code. As such, PerLDAP source can be distributed without any export restrictions.

6. Do you have some links to relevant LDAP sites or books?

   Absolutely, how about:

   • The official Mozilla Directory source code home page.
   • Netscape DevEdge Directory Developer Central.
   • My private LDAP central pages.
   • The PerLDAP home page, not much there yet, but I'm working on it...
   • LDAP: Programming Directory Enabled Applications with Lightweight Directory Access Protocol and Understanding and Deploying LDAP Directory Services are two good books from Tim Howes, Mark Smith, and Gordon Good.

2. Using and building PerLDAP from the source

1. How do I get the source code?

   CVS is your friend! You can use Mozilla's CVS server to easily keep up to date with latest releases and development. The CVS module for PerLDAP is named PerLDAP. The tip of the tree is the latest stable release, and all development is being done on branches. If you know absolutely nothing about CVS, see Q4.1 which discusses how to use CVS. You can also use FTP to get a packaged source distribution.

2. What do I need to build PerLDAP?

   At a minimum you'll need

   • An ANSI compatible C compiler (e.g. gcc or Visual C++).
   • A make tool, like GNU make, or nmake.
   • Perl version 5.004 or later, including ActiveState's latest Perl distribution, but not ActivePerl v5.003 or earlier.
   • A C SDK, either a binary distribution from Netscape's DevEdge, or the Mozilla source.

3. What's the latest PerLDAP version?

   The latest official release is v1.4, released 08/21/99. The tip of the CVS tree is always the latest official release, development is done on branches. We strongly encourage everyone to upgrade to 1.4 as soon as possible as it fixes a number of bugs and has many improvements. You can check out the 1.4 Release Notes for specifics.

4. Where are the beta/development releases?

   The beta releases and development branches are only available via CVS. The current beta/development branch is devel-branch-1_9, which is the branch for v2.x. PerLDAP v1.4 has been merged onto the main trunk, and is also tagged as v1.4.

   I'll make snapshots of the development branches available every now and then, or upon request. These can easiest be downloaded from my private FTP site.

5. Do I really need the C-SDK?

   Absolutely! If you intend to build PerLDAP, you will need a Netscape C-SDK distribution, period. Mozilla distributes the source to this SDK, which will build and run on a number of platforms. Unfortunately this source does not have any encryption support, so you can't use SSL.

   Netscape's DevEdge Online provides precompiled (binary) distributions of the C SDK. You can get it from the Directory Developer Central.

3. Binary distributions and released versions

1. Where can I find a binary distribution for platform <XXX>?

   Currently there are 4 different binary distributions for PerLDAP 1.4:
   

   • Windows/NT for Perl 5.005_03
   • Windows/NT for Perl 5.004_05
   • Redhat Linux 6.0 for Perl 5.005_03 - installed using "rpm -i perldap-rhl6.i386.rpm"
   • Solaris-2.x for Perl 5.005_03 - installed using "pkgadd -d perldap-solaris2-sparc.pkg" after ungzipped.

   There also are binary packages for ActiveState Perl build 519. These can be found at ftp://ftp.perldap.org/pub/perldap/PPM/

2. I can't get the binaries to work, who do I turn to

   The binaries are unsupported and provided "as-is". If you are having trouble, then post something to the netscape.public.mozilla.directory newsgroup, or download the source code and build your own binaries.

3. Where are the C-SDK binaries?

   At Netscape's DevEdge site at http://developer.netscape.com/tech/directory/downloads.html#c.

4. Working with the source, CVS and bug reports

1. What the heck is CVS? How do I use it? Where can I get it?

   CVS is a source code version control system, used to manage large software projects with many developers. It's built on top of RCS, and is available for free for most Unix and Windows platforms. Source for the latest CVS version (currently v1.10.7) can be FTP'd from the Cyclic FTP repository for instance. The source includes documentation, which I've also made available on my Web site.

   I've also made a few, unsupported, binary distributions available, for:

   • Linux (install with "rpm -i cvs-1.10.5-1.i386.rpm").
   • Solaris (gunzip the file, and install with "pkgadd -d GNUcvs-1.10.5.pkg").
   • Windows/NT (use your favorite "unzip" application to extract the cvs.exe binary).

   Note that you might have to <shift>-click on the links above to get the download dialog. Alternatively, you can use HTTP to get these files. Again, these are not Mozilla "blessed" builds, I'm just providing them for your convenience.

2. How do I check out the latest, stable released code?

   You can use anonymous CVS to the mozilla CVS server, logging in with the username anonymous, password anonymous. For instance, to login and check out the tip of the PerLDAP module, you'll do

   
   % cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot login
   (Logging in to anonymous@cvs-mirror.mozilla.org)
   CVS password:  [you type anonymous]
   %
   % cvs -z3 -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot co PerLDAP
   
   cvs server: Updating mozilla/directory/perldap
   U mozilla/directory/perldap/API.pm
   U mozilla/directory/perldap/API.xs
   U mozilla/directory/perldap/ChangeLog
   .
     

   Remember that you usually only have to login the first time you use CVS, the authentication credentials are stored in your ~/.cvspass file. The "-z3" option tells CVS to use compression, make sure your version of CVS has support for this (some versions apparently chokes badly with this option).

   The following releases are available, please use the main trunk when possible (to get the latest, stable code):

   • release-1_0: First, original, PerLDAP release (quite shaky...).
   • release-1_2_2: The last and most stable release in the 1.2 series.
   • release-1_4: Latest release with lots of bug fixes.

3. How do I check out a beta/development branch?

   Just as above, but also specify a specific branch to check out. For instance, to update your source to the v1.9 branch, you can do something like

   
   % cd mozilla/directory/perldap
   % cvs -z3 update -r devel-branch-1_9
   cvs server: Updating .
   P API.pm
   P API.xs
   .
     

   We will continuously tag the development branch with snapshots, e.g. devel-release-1_9_1, devel-release-1_9_2 and so on. Hopefully we'll also get these snapshots packaged up automatically and added to the Mozilla FTP server. For now I'm making them available on the PerLDAP site.

4. Is there a list of all development branches?

   Of course:

   • devel-branch-1_3: This is closed and has been merged to the trunk.
   • devel-branch-1_9: The development branch for PerLDAP v2.0, and the currently used one.

   It's recommended that you use the main trunk (release-1_4) in production use, and devel-branch-1_9 for PerLDAP development.

   Also, you can get a list of all the CVS tags for a file or module by doing a "cvs status -v".

5. What CVS modules are available and relevant to PerLDAP?

   The PerLDAP module is named PerLDAP. You can also check out the entire "directory" source, with something like

   
   % cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot co mozilla/directory
     

   The above gives you everything, if you're only intersted in say the C SDK source, you can limit the checkout to the module DirectorySDKSourceC. A list of all available modules is in the modules files in the CVSROOT directory.

6. Where do I send patches or new code I'd like to contribute?

   Post it to the News group.

7. How do I report a bug I just found?

   Post it to the News group. If you have access to Bugzilla, file a bug against me. Here's the list of all currently open PerLDAP bugs and RFEs.

8. Where can I read about known, open bugs?

   See previous question, Q-4.7.

5. LDAP related questions

1. How do I "browse" an LDAP entry when I know its DN?

   New with the PerLDAP 1.4 release is the browse() method which sets some default values (such as (filter=objectclass=*), scope=BASE, and so on). This makes it easy to return an entire entry if you know the DN:

   
   use Getopt::Std;
   use Mozilla::LDAP::Conn;
     
   $DN = "uid=leif, ou=People, dc=netscape, dc=com";
   $conn = new Mozilla::LDAP::Conn(\%ld);
   die "Could't connect to LDAP server $ld{host}" unless $conn;
   $entry = $conn->browse($DN);
   
   if ($entry) {
     # We found one entry
   } else {
     # We did not find an entry, the DN is invalid.
   }
     

   For versions previous to 1.4, you do a base search with the DN as the baseDN, and a filter of (objectclass=*). For example:

   
   # Same code as above but include other code to parse arguments etc...
   # And replace the browse() call with:
   
   $entry = $conn->search($DN, "base", "(objectclass=*)");
     

2. How can I manage my Netscape DS-4 server information with PerLDAP?

   Right now there's no code ready for this, but we are working on a DS-4 management module using PerLDAP.

3. What is the "manage DSA IT" control? Can I use it with PerLDAP?

   This control can be used to manage Smart Referrals for instance. For more information, see the DevEdge documentation. PerLDAP has support for controls, but the OO layers do not use (or support) them at this point. There's a slight problem with LDAP controls in PerLDAP 1.4, see Q-7.3.

4. Does PerLDAP support all LDAP v3 features?

   Yep, the API.pm package does. The OO layers (Conn.pm, Entry.pm etc.) do not use an LDAP v3 features, yet. We'll be working on this in the next few months, hopefully adding cool features like LDAP controls, VLV indexes and so on. There's a slight problem with LDAP controls in PerLDAP 1.4, see Q-7.3.

5. How do I search for something? What is an LDAP filter?

   RTFM, perhaps from one of the links above.

6. How do I specify/limit what attributes are retrieved in a search?

   By default a PerLDAP search operation will retrieve all attributes that an entry has, assuming you have read permission to the entry (and/or the attributes). You can limit the number of attributes by specifying an array of attribute types, for instance

   
   @attr = ("cn", "uid", "mail");
   $entry = $conn->search($base, "sub", $filter, 0, @attr);
     

   The 0 parameter in the example is a flag, which if set to 1, ("True") tells the search function to only retrieve the attribute types, not the actual values. In most cases you want to set this flag to 0 ("False"). Remember that just because you explicitly asked for an attribute, doesn't necessarily mean you'll get it (either because the entry doesn't have such a user attribute value, or perhaps because you don't have access to it).

   Some attributes, typically operational attributes, are not returned by default, and you might have to explicitly ask for them. An example of such an attribute is the modifiersName attribute. If you want to get all user attributes, and an operational attribute, you can do

   
   @attr = ("*", "modifiersName");
   $entry = $conn->search($base, "sub", $filter, 0, @attr);
     

   The attribute "*" matches all attributes. If you don't want to retrive any attributes at all, specify the attribute "1.1" (there is no such OID, so no attributes can be returned). This is useful if you need the DN only, and no attribute values.

   
   @attr = ("1.1");
   $entry = $conn->search($base, "sub", $filter, 0, @attr);
     

7. How can I call an LDAP API function, when it needs the internal C SDK structures?

   This is not generally recommended when using the OO modules (e.g. Conn.pm) . But there are two methods to retrieve the internala handles from the Mozilla::LDAP::Conn object:

   
   $cld = $conn->getLD();
   $result = $conn->getRes();
     

   The first method returns the LDAP connection handle, and the second returns the handle to the last result message. Use these with care, and remember that this might cause your code to break in future version of PerLDAP. Also, the getRes() method is only available as of PerLDAP v1.2, for PerLDAP v1.0 you could instead use an even uglier solution:

   
   $cld = $conn->{"ld"};
   $res = $conn->{"ldres"};
     

8. How can I count the number of entries a search found?

   Using the information from the previous question, the answer is of course:

   
   $cld = $conn->getLD();
   $res = $conn->getRes();
   $count = Mozilla::LDAP::API::ldap_count_entries($cld, $res);
     

   Again, this is not really recommended, and this might change in future releases. One possibility is to add this feature as a native method, but I need to investigate this further, since v2.0 of PerLDAP might use asynchronous LDAP calls (for much better scalability).

   Another common task is to decide if a search returns exactly one entry, no more, no less. That can easily be done with the existing modules, for instance

   
   $entry = $conn->search($base, $scope, $filter);
   if ($entry && !$conn->nextEntry()) {
      # We found exactly one entry, go ahead
   }
     

9. How do I create a new LDAP entry?

   There are several options, the easiest are then please change it to be one of

   
   $entry = $conn->newEntry();
   $entry = Mozilla::LDAP::Conn->newEntry();
     

   You can (as of PerLDAP v1.2.1) also use the new() method in the Entry package, like

   
   $entry = new Mozilla::LDAP::Entry;
     

   $conn is your ::Conn object, as usual.

   The outline to create a new object is, as of PerLDAP v1.2, something like:

   
   $conn = new Mozilla::LDAP::Conn(\%main::ld);
   $entry = Mozilla::LDAP::Conn->newEntry();
   
   $entry->setDN("uid=$UID, $PEOPLE, $BASE");
   $entry->{objectclass} = [ "top", "person", "inetOrgPerson", "mailRecipient" ];
   $entry->addValue("uid", $UID);
   $entry->addValue("cn", "Leif Hedstrom");
   $entry->addValue("cn", "The Swede");
   .
   .
   .
   $conn->add($entry);
     

10. How do I authenticate a user against the LDAP server?

    Easy, first bind as the anonymous user, find the DN for the person you wish to authenticate, get the DN, and rebind using the DN and password. This example, which requires PerLDAP v1.2 or later, shows how to do flexible user authentication:

    
    #!/usr/bin/perl5
    
    use Mozilla::LDAP::Conn;
    
    #
    # Configuration part, change this
    #
    $BASE = "dc=netscape,dc=com";
    $USER = $ARGV[0];
    $PASS = $ARGV[1];
    
    $conn = new Mozilla::LDAP::Conn({ "host" => "localhost",
    				  "port" => "389"} );
    die "Can't get an LDAP connection" unless $conn;
    
    
    #
    # Try to find the user using the UID, CN and last MAIL attributes.
    #
    $entry = $conn->search($BASE, "SUB", "(uid=$USER)", 0, ("1.1"));
    if (!$entry || $conn->nextEntry()) {
      $entry = $conn->search($BASE, "SUB", "(cn=$USER)", 0, ("1.1"));
      if (!$entry || $conn->nextEntry()) {
        $entry = $conn->search($BASE, "SUB", "(mail=$USER)", 0, ("1.1"));
        $dn = $entry->getDN() if ($entry && ! $conn->nextEntry());
      } else {
        $dn = $entry->getDN();
      }
    } else {
      $dn = $entry->getDN();
    }
    
    #
    # Now let's verify the authentication credentials, by rebinding with the
    # users DN and password. Note that this leaves the connection bound
    # as the user, do another simpleAuth() to rebind as anonymous again.
    #
    my $authenticated = 0;
    if (($PASS ne "") && ($dn ne "") && ($conn->simpleAuth($dn, $PASS))) {
      print "WhooHoo, authentication is good!\n";
      $authenticated = 1;
    }
    
    print "Wrong username or password, dude.\n" unless $authenticated;
      

11. How do I limit the number of entries returned?

    You can do this using C syntax, and using the API. This example returns 10 entries.

    
    #!/usr/local/bin/perl
    
    use Mozilla::LDAP::Conn;
    use Mozilla::LDAP::API qw ( /.+/ );
    
    my ( $conn, $search_base, $search_scope, $res, @attrs, $return );
    
    $search_base = "o=Airius.com";
    $search_scope = "subtree";
    
    @attrs = ();
    
    #
    #       Open LDAP Connection
    #
    $conn = new Mozilla::LDAP::Conn ( "ldap", 389, "", "" );
    
    die ( "$0: Cannot open LDAP Connection!" ) unless $conn;
    
    #
    #       Set sizelimit
    #
    ldap_set_option ( $conn->getLD (), LDAP_OPT_SIZELIMIT, 10 );
    
    #
    #       Do a C style search ( from API )
    #
    $return = ldap_search_s ( $conn->getLD(), $search_base, 
            Mozilla::LDAP::Utils::str2Scope ( $search_scope ),
            "(cn=a*)", \@attrs, 0, $res );
    
    if ( $return == LDAP_SIZELIMIT_EXCEEDED )
    {
            #
            #       More then 10 results returned!
            #
    }
    
    #
    #       Set the PerLDAP maintenance attributes (these are internal to PerLDAP,
    #       messing with them can be icky and cause undesired results if changed)
    #
    $conn->{'ldfe'} = 1;
    $conn->{'ldres'} = $res;
    
    $entry = $conn->nextEntry ();
    
    #
    #       Proceed as normal
    #
    
    while ( $entry )
    {
            ...
    }
    
    $conn->close ();
    

    Thanks to Michael Konopka (konopka@netscape.com) for this code.

12. How do I add binary data to an entry?

    Very easily. As an example, we'll add a JPEG image to our directory entry.
    

     
      # all the standard configuration stuff, including opening a connection,
      # and getting an entry.
    
      if ($entry) {
        binmode(JPEG);
        open(JPEG, "/u/mwyner/b5.jpg") || die;
        
        # read the data from the filehandle into a variable.
    
        while (sysread JPEG, $tmp, 1024) {
        	$jpegimage .= $tmp;
        }
        $entry->setValue("jpegphoto", $jpegimage);
        $conn->update($entry) && print "modified\n";
      } 
      

    The "binmode" call is only needed for MS-DOS and Windows. This correctly translates the end of the line character. It's not needed under UNIX, MacOS, etc..., because all those systems use a "\n" at the end of a line, which is considered a single character in C.

13. How do I print out a JPEG image from my directory to an HTML page?

    The key to this is to remember to change the content/type attribute for your page before printing it out.

    
      print "Content-type: image/jpeg\n\n";
      print $entry->{jpegphoto}[0];
      

    Or, if you're using the CGI.pm Perl module, you change the content/type in the header:

    
      print $query->header(-type=>'image/jpeg');
      
      #some random code
    
      print $entry->{jpegphoto}[0];
      

    If you're using Windows, you may need to add

    
      binmode(STDOUT);
      

    before you print.

14. How do I add a user to a group?

    If you know the name of the group, you can search to make sure the group exists via its CN entry. If you've got a group that has the same CN has a person, then you can also search to see if there's an "objectclass=groupofuniquenames" attached to the entry.

    Once you've got the group, you can add someone's DN to the group via the group's "uniquemember" attribute. See the following:

    
    $entry = $conn->search("o=mcom.com","subtree","uid=mwyner");
    
    if (!$entry) {
      die "No one found";
    } 
    
    # Make sure we only got 1 entry back
    
    elsif ($entry && !$conn->nextEntry()) {
      $groupentry = $conn->search("o=mcom.com","subtree","cn=PD Managers");
      
      if (!$groupentry) {
        die "no group found";
      }
    
    # Make sure we only got 1 back
    
     elsif ($groupentry && !$conn->nextEntry()) {
        $groupentry->addValue("uniquemember",$entry->getDN());
        $conn->update($groupentry) && print "group updated\n";
      } 
    } 
    
      

6. Platform and Perl version specific problems

1. What Perl versions are supported?

   Any Perl version from v5.004 or later. The binaries prepared will only work with the Perl version used during the build, see README and INSTALL information for more details on the distribution.

2. Which Perl version is recommended?

   Perl v5.005_03.

3. Which Unix and Windows platforms are supported, and which versions?

   I know PerLDAP v1.4 and later should work on at least these platform and version combinations:

   	Perl 5.004	Perl 5.005	ActivePerl 519
   Solaris-2.x	Yes	Yes	-
   Linux/glibc	Yes	Yes	-
   Irix-6.x	Yes	???	-
   Windows/NT4 SP3	Yes	Yes	Yes
   Windows/NT4 SP4	Yes	Yes	Yes

   
   
   

   If you are using PerLDAP on another platform, please let us know.

4. How do I get PerLDAP to build on my Windows/NT machine? Why can't NT find libldap.dll?

   I've succesfully compiled Perl and PerLDAP using nmake and Visual C++. Your mileage might vary, if you have build details we want to hear about it.

   One common problem seems to be where to put the C SDK libldap DLL. I've found that copying the DLL to the perl "bin" directory, where the perl.exe resides, works well. Another good alternative is to add the C-SDK library folder to your PATH environment variable.

   As of Perl v5.005, it seems that you should put the libldap DLL in the "site" directory, and not the the "bin" directory. For instance, if you installed ActiveState build 509 in C:\perl, put the LDAP DLL in C:\perl\site.

5. What C SDKs are supported? What about SSL?

   All released C SDK versions are supported in PerLDAP v1.2 and later. In v1.0 we only verified SDK v1.2 and SDK v3.0. As of v1.2, the Mozilla C SDK source should also work out of the box with PerLDAP.

   PerLDAP has full support for SSL, but only if your C SDK has support for it. The Mozilla C SDK source on mozilla.org does not have SSL support, but the DevEdge binary distributions do.

6. What is the build options for DecUnix/OSF? What is "-taso"?

   The -taso/-xtaso compile options are used for 32 bit compatibility. Specificially

   • -taso ensures that the code is 32 bit compatible, specfically, the linker forces loading of a library or module into the lower 31 bits of virtual memory. It is useful in porting from 32-bit architectures.
   • -xtaso extends the 32 bit -taso style builds to optionally use 32-bit pointers. This requires using #pragma pointer_size in the code and linking with -taso and -xtaso objects.

   What does this mean? Well, apparently there can be a mismatch in how you compiled Perl for instance, causing the dynamic loader to misbehave. If someone can give more information exactly how to compile PerLDAP for OSF, I'd be happy to put that in here (post something to the News group).

7. What link options are used/needed for Irix?

   I don't know, I saw something about some special linker options, someone who knows Irix please let me know.

8. Why are there missing symbols when linking PerLDAP on Windows/NT?

   With Perl v5.005, I had to remove the link option -nodefaultlib from the LINK_FLAGS definition in the Makefile (when building Perl itself). I don't know why this was added in v5.005, but at least this solved the problem for me.

   There are several alternatives to solve this problem, like

   1. Modify the Makefile for Perl as described above, and rebuild Perl.
   2. Modify the Config.pm file in the Perl5 installation.
   3. Modify the Makefile as generated for PerLDAP.
9. How do I compile and install PerLDAP in a test environment?

   Easy, give an option like "LIB=/u/leif/lib" to the Makefile.PL script during the installation and configuration, like

   
   % perl5 Makefile.PL LIB=/u/leif/lib
     

   Then in your perl script, add a line like

   
   use lib '/u/leif/lib';
     

7. Known bugs and problems

1. I can't get PerLDAP to work with ActivePerl.

   Definitely make sure you're using ActivePerl build 519, along with PerLDAP 1.4 if you're having problems. 1.4 in conjunction with build 519 seems to fix a bunch of the ActivePerl issues.

2. Is it just me, or is PerLDAP very memory intensive?

   It can be, depending on how large a database you are searching or retrieving, however the main memory leaks have been fixed.

3. I can't get LDAP controls to work

   This is a known problem in API.xs and is being worked on. A fix will be included in v2.0. For more information about using LDAP v3 controls, see the DevEdge documentation site.

8. Missing features and modules

1. What about LDAP controls?

   Refer to Q-7.3.

2. How can I use and support the LDAP v3 password management control?

   Yes, if you write code using the API directly. An OO module will be added in v2.0.

3. Does PerLDAP support VLV indexes?

   Yes, if you use API directly. We will have a VLV OO module for v2.0.

4. The LDIF module seems horky, what gives?

   Upgrade to v1.4. We have a completely new LDIF.pm module, written by Netscape LDAP guru John Kristian <kristian@netscape.com>

5. Are there any PerLDAP code to manage LDAP schemas?

   Not any specific code, yet. Hopefully a new schema package, and a Netscape Console module will be developed by Netscape's Allen Tom <atom@netscape.com>

6. What are the plans for the next PerLDAP version?

   Tons of new stuff. Check out some of these cool new feature ideas for v2.0.

   • Rewrite to use/support asynchronous LDAP, which should improvem performance and reduce memory usage when doing very large searches.
   • Support for SASL, with client authentication at least.
   • A group management module, similar to the one I wrote for Ldapp.
   • A framework for LDAP v3 controls, with some sample controls (e.g. password control, Manage DsaIT control etc).
   • VLV indexes support (requires LDAP v3 controls I think).
   • An Oracle database synchronization module.
   • A module, or extension to Entry.pm, to synchronize, compare, "diff", join etc. two Entry objects.
   • Schema discovery and management.
   • A module to manage Netscape Directory Server configurations, schema discovery etc. This one might be capable of managing all Netscape Console enabled servers, assuming they store the configurations in LDAP. An example script using this module would be to "synchronize" two LDAP server, making sure all (or selected) configuration parameters are identical.
   • A configuration module, to make it easy to configure appropriate default values (like base-DN etc). This could be used by all tools, including the existing modules/methods (like that argument parser).
   • Extend the argument parser to support all standard LDAP arguments as used by Netscape's command line tools (as of DS-v4.x).
   • Support/use new features of LDAP v3 which are not covered by other modules?