LS und LDAP

[eknori]

Hat schon mal jemand einen Zugriff von LS auf LDAP realisiert?
Ich möchte gerne das eDirectory von Novell alslesen. Mit ICE und LDIF kein Problem, ich suche aber einen Weg, daß direkt aus LS zu machen.
...

[eknori]

hmm, werde ich mich mal mit der wldap32.dll anfreunden

[flaite]

Randbemerkung: Mit Java gibts z.B. das hier -> http://www.openldap.org/jldap/
Die LDAP Funktionalitäten schön modular einpacken und mit LS2J hast du ja schon gearbeitet.

[eknori]

merci, werde ich mir auch mal ansehen. In der Sandbox gibt es auch noch was. Das basiert wiederum auf der o.a. DLL.

[eknori]

Mal q+d zusammengebraten:

Code

Sub Click(Source As Button)
	
	Dim session	As	LDAPSession
	Dim search	As 	LDAPSearch
	Dim result	As 	LDAPResultSet
	Dim entry 	As	LDAPEntry
	Dim status	As 	Variant
	Dim i As Integer
	
	Dim fileNumber As Integer
	fileNumber = Freefile
	
	Set session = New LDAPSession
	Set search = New LDAPSearch
	Set result = New LDAPResultSet
	session.dn = ""
	session.password = ""
	session.Host = "10.14.1.130"
	
	Print "Connecting to..." , session.Host
	If  session.Connect  Then
		Print "Connected to ", session.Host
	Else
		Print "Can't connect to", session.Host
		Exit Sub
	End If
	
	Set search.Session = session
	Set search.ResultSet = result
	
	search.filter = "(objectclass=*)"
	search.base 	= "cn=ST236243917,ou=Arbeitsstationen,ou=System,o=Velbert"
	search.scope 	= LDAP_SCOPE_SUBTREE
	
	status = search.Execute
	
	Dim attr_name As String
	Dim valuestr As String
	Dim avalue As Variant
	
	Set entry = result.GetFirstEntry()
	
	Open "c:\computer.txt" For Output As fileNumber
	While Not (entry Is Nothing)
		
		attr_name = entry.getFirstAttr()
		While Not (attr_name = "")
			avalue = entry.getValue(attr_name)
			For i=Lbound(avalue) To Ubound(avalue) 
				'Print ,, avalue(i)
				If Instr(attr_name,"zEN")Or Instr(attr_name,"wMN") Then
					Write #fileNumber,attr_name & "~~" & avalue(i)
				End If
			Next
			attr_name = entry.getNextAttr()
		Wend
		Write #fileNumber, "=================================================================="
		Set entry = result.GetNextEntry(entry)
	Wend
	Close fileNumber	
	session.disconnect
	Print "Finished"
End Sub

schreibt die Ergebnisse der Abfrage in eine Textdatei.

Code

"zENINVLastScanDate~~1182495000000"
"zENINVIPAddress~~[10.24.13.145] "
"zENINVSubNetAddress~~[255.255.0.0] "
"zENINVMACAddress~~[009027A26B82] "
"zENINVDiskInfo~~[C: 2000 MB] [D: 2000 MB] "
"zENINVMemorySize~~256 MB"
"zENINVProcessorType~~[Celeron(TM)] "
"zENINVBIOSType~~AT/AT COMPATIBLE"
"zENINVVideoType~~VGA"
"zENINVNICType~~[Intel(R) PRO/100 S Desktop Adapter [Bus 2 Slot 11]] "
"zENINVNovellClientVersion~~4.90, Service pack : 2"
"zENINVOSRevision~~4.0 Service Pack 6"
"zENINVOSType~~Windows NT"
"zENINVAssetTag~~"
"zENINVSerialNumber~~"
"zENINVModelNumber~~"
"zENINVComputerModel~~"
"zENINVComputerType~~"
"wMNetworkAddress~~10.24.13.145"
"wMNAMEServer~~DREAM"
"wMNAMEOS~~WINNT (4.0 Service Pack 6)"
"wMNAMEDNS~~st236243917.witte-velbert.de"
"wMNAMECPU~~PENTIUM III"
"wMNAMEComputer~~ST236243917"

Ich verwende die dll aus der Sandbox

Die DLL ist eigentlich blß ein Wrapper für die wldap32.dll, die folgende Funktionen enthält.

Code

Declare Function ldap_init Lib "wldap32.dll" (hostName As String, portNumber As Long) As Integer
Declare Function ldap_sslinit Lib "wldap32.dll" (hostName As String, portNumber As Integer, secure As Integer) As Integer
Declare Function ldap_unbind Lib "wldap32.dll" (ld As Integer) As Integer
Declare Function LdapGetLastError Lib "wldap32.dll" () As Integer
Declare Function ldap_connect Lib "wldap32.dll" (ld As Integer, timeout As Integer) As Integer
Declare Function ldap_simple_bind_s Lib "wldap32.dll" (ld As Integer, dn As String, passwd As String) As Integer
Declare Function ldap_bind_s Lib "wldap32.dll" (ld As Integer, dn As String, passwd As String, method As Integer) As Integer

allerdings ist es mir bisher nicht gelungen, die Funktionen direkt aus LS aufzurufen.

Vielleicht fällt mir ja in den nächsten Wochen am Strand was dazu ein ... 

[eknori]

Schnell noch eine Datenbank drumherum gebaut und man bekommt einen hübschen Überblick über seine Rechner.
Und mit den richtigen Abfragen bekommt man noch ein paar Informationen mehr aus der Datenbank ausgelesen.

 

[Axel]

Hallo Ulrich,

das sieht ja klasse aus. Wir setzen auch Novell mit ZEN (Version 4) ein und haben auch das Inventory aktiviert, allerdings ohne LDAP. Funktioniert das dann auch?

Axel

PS: Eine unsittliche Bitte: Könntest du mir die DB mal zukommen lassen?

[eknori]

auf vielfachen Wusch eines einzelnen Herrn, hier die Datenbank 

Ohne LDAP wird der Agent nicht funktionieren, da ich ja über Port 389 auf das Inventory zugreife.

[Axel]

Hier ist der Dank des einzelnen Herrn.   

Ich werde es mal versuchen.

Schönes Wochenende und einen erholsamen Urlaub.

Axel

[eknori]

die einem User zugeordnete Software bekommt man auch ausgelesen
Ebenso die Drucker.
Damit erhält man einen ganz guten Überblick über die Ausstattung eines Arbeitsplatzes. Es wird auch eine Historie mitgeführt; da kann man dann erkennen, welcher Rechner von welchen Personen benutzt wurde ( Schichtbetrieb ).

[eknori]

Bi Verwendung der DLL aus der Sandbox funktioniert der Zugriff problemlos. Leider gibt es ein Memory Leak. Lässt man den Code in einem Agenten auf dem Server laufen, wird irgendwann der Server in die Knie gehen. Der damalige Entwickler ist nicht mehr erreichbar. Daher wird es auch niemanden geben der das Problem beheben könnte. Möglicherweise taucht irgendwann einmal der SourceCode auf.

Evtl kann Axel Janssen ja einen Agenten unter Verwendung der Java Klassen hier posten.

Ich habe auch noch probiert, die Windows API direkt aufzurufen. Mit ein paar Tricks habe ich das auch bis zum LDAP_BIND geschafft. Alle anderen Operationen resultieren unweigerlich in einem Crash des Client ...

Hier einmal das, was ich bisher habe. Wenn jemand Lust hat, kann er ja malsein Glück versuchen ...

Code

Const LDAP_SSL_PORT = 636
Const LDAP_PORT = 389
Const LDAP_SUCCESS = 0
Const LDAP_SERVER_DOWN = 81
Const LDAP_INVALID_CREDENTIALS = 31

Declare Function ldap_init Lib "wldap32.dll" (Byval HostName As String, Byval PortNumber As Long) As Long
Declare Function ldap_connect Lib "wldap32.dll"(ld As Long, timeout As Long) As Integer
Declare Function LDAP_BIND Lib "wldap32.dll" Alias "ldap_simple_bind_s" (ld As Long, dn As String, passwd As String) As Long
Declare Function ldap_unbind Lib "wldap32.dll" (ld As Long) As Integer

Declare Function ldap_get_dn Lib "wldap32.dll" (ld As Long, enty As String) As String

Declare Function ldap_search Lib "wldap32.dll"(ld As Long, Byval baseDN As String, Byval scope As Long, Byval filter As String, attrs As String, Byval attrsonly As Long) As Long

Declare Function ldap_sslinit Lib "wldap32.dll" (hostName As String, portNumber As Integer, secure As Integer) As Integer

Declare Function LdapGetLastError Lib "wldap32.dll" () As Integer

Declare Function ldap_bind_s Lib "wldap32.dll" (ld As Long, dn As String, passwd As String, method As Integer) As Integer

%REM
LDAP_SUCCESS                      0x00   Sucessful request.
LDAP_OPERATIONS_ERROR             0x01   Intialization of LDAP library
                                         failed.
LDAP_PROTOCOL_ERROR               0x02   Protocol error occurred.
LDAP_TIMELIMIT_EXCEEDED           0x03   Time limit has exceeded.
LDAP_SIZELIMIT_EXCEEDED           0x04   Size limit has exceeded.
LDAP_COMPARE_FALSE                0x05   Compare yielded FALSE.
LDAP_COMPARE_TRUE                 0x06   Compare yielded TRUE.
LDAP_AUTH_METHOD_NOT_SUPPORTED    0x07   The authentication method is not
                                         supported.
LDAP_STRONG_AUTH_REQUIRED         0x08   Strong authentication is required.
LDAP_REFERRAL_V2                  0x09   LDAP version 2 referral.
LDAP_PARTIAL_RESULTS              0x09   Partial results and referrals 
                                         received.
LDAP_REFERRAL                     0x0a   Referral occurred.
LDAP_ADMIN_LIMIT_EXCEEDED         0x0b   Administration limit on the server 
                                         has exceeded.
LDAP_UNAVAILABLE_CRIT_EXTENSION   0x0c   Critical extension is unavailable.
LDAP_CONFIDENTIALITY_REQUIRED     0x0d   Confidentiality is required.
LDAP_NO_SUCH_ATTRIBUTE            0x10   Requested attribute does not 
                                         exist.
LDAP_UNDEFINED_TYPE               0x11   The type is not defined.  
LDAP_INAPPROPRIATE_MATCHING       0x12   An inappropriate matching 
                                         occurred. 
LDAP_CONSTRAINT_VIOLATION         0x13   A constraint violation occurred.
LDAP_ATTRIBUTE_OR_VALUE_EXISTS    0x14   The attribute exists or the value 
                                         has been assigned.
LDAP_INVALID_SYNTAX               0x15   The syntax is invalid.
LDAP_NO_SUCH_OBJECT               0x20   Object does not exist.
LDAP_ALIAS_PROBLEM                0x21   The alias is invalid.
LDAP_INVALID_DN_SYNTAX            0x22   The distinguished name has an 
                                         invalid syntax.
LDAP_IS_LEAF                      0x23   The object is a leaf.
LDAP_ALIAS_DEREF_PROBLEM          0x24   Cannot de-reference the alias.
LDAP_INAPPROPRIATE_AUTH           0x30   Authentication is inappropriate.
LDAP_INVALID_CREDENTIALS          0x31   The supplied credential is 
                                         invalid.
LDAP_INSUFFICIENT_RIGHTS          0x32   The user has insufficient access 
                                         rights.
LDAP_BUSY                         0x33   The server is busy.
LDAP_UNAVAILABLE                  0x34   The server is unavailable.
LDAP_UNWILLING_TO_PERFORM         0x35   The server does not handle
                                         directory requests.
LDAP_LOOP_DETECT                  0x36   The chain of referrals has looped 
                                         back to a referring server.
LDAP_NAMING_VIOLATION             0x40   There was a naming violation.
LDAP_OBJECT_CLASS_VIOLATION       0x41   There was an object class 
                                         violation.
LDAP_NOT_ALLOWED_ON_NONLEAF       0x42   Operation is not allowed on a 
                                         non-leaf object.
LDAP_NOT_ALLOWED_ON_RDN           0x43   Operation is not allowed on RDN.
LDAP_ALREADY_EXISTS               0x44   The object already exists.
LDAP_NO_OBJECT_CLASS_MODS         0x45   Cannot modify object class.
LDAP_RESULTS_TOO_LARGE            0x46   Results returned are too large.
LDAP_AFFECTS_MULTIPLE_DSAS        0x47   Multiple directory service agents 
                                         are affected.
LDAP_OTHER                        0x50   Unknown error occurred.
LDAP_SERVER_DOWN                  0x51 (81)  Cannot contact the LDAP server.
LDAP_LOCAL_ERROR                  0x52   Local error occurred.
LDAP_ENCODING_ERROR               0x53   Encoding error occurred.
LDAP_DECODING_ERROR               0x54   Decoding error occurred.
LDAP_TIMEOUT                      0x55   The search was timed out.
LDAP_AUTH_UNKNOWN                 0x56   Unknown authentication error 
                                         occurred.
LDAP_FILTER_ERROR                 0x57   The search filter is incorrect.
LDAP_USER_CANCELLED               0x58   The user has canceled the 
                                         operation.
LDAP_PARAM_ERROR                  0x59   An incorrect parameter was passed 
                                         to a routine.
LDAP_NO_MEMORY                    0x5a   The system is out of memory.
LDAP_CONNECT_ERROR                0x5b   Cannot establish a connection to 
                                         the server.
LDAP_NOT_SUPPORTED                0x5c   The feature is not supported.
LDAP_CONTROL_NOT_FOUND            0x5d   The ldap function did not find the 
                                         specified control.
LDAP_NO_RESULTS_RETURNED          0x5e   The feature is not supported.
LDAP_MORE_RESULTS_TO_RETURN       0x5f   Additional results are to be 
                                         returned.
LDAP_CLIENT_LOOP                  0x60   Client loop was detected.
LDAP_REFERRAL_LIMIT_EXCEEDED      0x61   The referral limit was exceeded.
LDAP_SASL_BIND_IN_PROGRESS        0x0E   Intermediary bind result for 
                                         multi-stage binds
%END REM

Code

Sub Click(Source As Button)
	Dim hnd As Long
	Dim HOSTNAME As String
	HOSTNAME = "192.168.123.122"
	'HOSTNAME = "10.14.1.130"
	hnd = LDAP_INIT(HOSTNAME, 389)
	If LDAP_CONNECT(Byval hnd, Byval 0) = 0 Then
		If LDAP_BIND(Byval hnd, Null, Null) = 0 Then
			Msgbox "Bound to: "& HOSTNAME
		Else
			Msgbox "Cannot bind to: "& HOSTNAME			
		End If
	Else	
		Msgbox "Cannot connect to: "& HOSTNAME
		Exit Sub
	End If

	Msgbox ldap_unbind(Byval hnd)
End Sub

ICh mache ab Dienstag 14 Tage Urlaub und werde die Finger vom Rechner lassen ... 

[eknori]

Habs mit Java auch noch zusammengefummelt...

Code

import lotus.domino.*;
import com.novell.ldap.*;
import javax.security.auth.callback.*;
import com.novell.security.sasl.*;
import java.io.IOException;
import java.util.*;
import java.security.*;
import java.util.Enumeration;

public class JavaAgent extends AgentBase {

	public void NotesMain() {
	int searchScope = LDAPConnection.SCOPE_SUB;
     int    ldapVersion = LDAPConnection.LDAP_V3;
     String ldapHost = "10.14.1.130";
     int    ldapPort = 389;
     String loginDN = "";
     final String password = "";
     String searchBase = "ou=Arbeitsstationen,ou=System,o=Mettmann";
     String searchFilter = "(objectclass=*)";
     boolean attributeOnly = true;
     String attrs[] = {LDAPConnection.NO_ATTRS}; 
		
	try {
			Session session = getSession();
			AgentContext agentContext = session.getAgentContext();

			LDAPConnection lc  = new LDAPConnection();
			lc.connect( ldapHost, ldapPort );
			lc.bind( ldapVersion, loginDN, password.getBytes("UTF8") );
			
            	LDAPSearchResults searchResults =
                lc.search(  searchBase,      // container to search
                            searchScope,     // search scope
                            searchFilter,    // search filter
                            attrs,           // "1.1" returns entry name only
                            attributeOnly);  // no attributes are returned

              while ( searchResults.hasMore()) {
                LDAPEntry nextEntry = null;
                try {
                    nextEntry = searchResults.next();
                }
                catch(LDAPException e) {
                    System.out.println("Error: " + e.toString());
                    // Exception is thrown, go for next entry
                    continue;
                }
                System.out.println("\n" + nextEntry.getDN());
            }
		} catch(Exception e) {
			e.printStackTrace();
		}
	}
}

Zumindest schon mal ein Anfang. Nach dem Urlaub geht es dann weiter.

Jetzt aber erst einmal:

[flaite]

Bestimmt ein interessantes Thema.
Allerdings hab ich nicht den Novell eDirectory Server.
Versuch das mit http://directory.apache.org/
Was sicher für so Java Integrationsprojekte einfacher ist:
1. Eine (oder mehrere) Klassen für das zu integrierende Zeugs in Eclipse schreiben (ohne jegliche Abhängigkeiten von Notes).
2. Für diese Klassen direkt auch Unit- und v.a. Integrationstests mit JUnit oder TestNG schreiben. Das machen btw. Julian Robichaux, Mikkel Heisterberg und die Leute auf openNTF auch nicht und das ist imho suboptimal.
3. In einem Notes Agenten eine Beispielzugriffsklasse schreiben und das evtl. auch in Eclipse (die Vorschläge von Bob Balaban). Die Vorteile liegen imho v.a. auch darin, dass man dafür auch direkt Tests schreiben kann.

Ich mache hier weiter:
http://atnotes.de/index.php?topic=36782.0