I2A2 Examples in Perl
Many (but not all) of the examples on this page use the Net::Telnet module to make a connection to the I2A2 DBMs.
i2a2-auth.pl
The i2a2-auth.pl file contains a Perl script,
written by Ron Kittendorf, that shows how to use the Net::LDAP Perl module to bind via the
I2A2 LDAP protocol converter. The
script uses the Net::LDAP module, available at the Perl LDAP Homepage.
Don't overlook the Net::LDAP module's requirements, described on the Perl LDAP Homepage. Those requirements include the
packages Convert::ASN1, Net::SSLeay, and a special package combination requirement for Net::LDAP with IO::Socket::SSL.
The package combination requirement is that Net::LDAP version 0.25 will work with IO::Socket::SSL version 0.80 (It will NOT
work with version 0.81.), or Net::LDAP version 0.26 will work with IO::Socket:SSL version 0.901 or 0.95 (It will NOT work with
version 0.81 or 0.90.) No other Net::LDAP and IO::Socket:SSL combinations have been tested (e.g., Net::LDAP 0.26 with IO:Socket:SSL
0.80).
$ perl i2a2-auth.perl <puid> <password>
Subject DN: ...
CA: ...
RDN: ...
Successful bind! (or) Error during bind: ...
<puid> must have a coordinated career account alias associated with it, and the alias may be used in place of <puid>
i2a2-ident.pl
The i2a2-ident.pl file contains a Perl script, written by Ron Kittendorf, that shows how to use the Net::LDAP Perl module to do searches via the I2A2 LDAP protocol converter. The script uses the Net::LDAP module, available at the Perl LDAP Homepage Don't overlook the Net::LDAP module's requirements, described on the Perl LDAP Homepage.
$ perl i2a2-ident.perl uid=<alias>
----------------------------------------------------------------
cn: ...
givenname: ...
objectclass: top puidObject uidObject
puid: ...
sn: ...
uid: <alias>
----------------------------------------------------------------
** Entries returned: 1 **
A PUID or a common name may also be used as search keys -- e.g.,
$ perl i2a2-ident.pl puid=...
$ perl i2a2-ident.pl cn=...
lookup.pl
The
lookup.pl example allows lookups in the Reflector by PUID, alias, name or regular
expression. To make it easier to follow, it doesn't use the constants in
puidnetd.ph like the other examples. Therefore, it may not work if the protocol is
changed in the future (and would be painful to correct). When writing scripts, you
should use the constants in puidnetd.ph like the other examples.
The example determines the type of each of its arguments, (puid, alias, name, or
regular expression), and performs the appropriate lookup in the Reflector.
$ perl lookup.pl 'jeff.*stewart' jsmith 00100-99899 The request "lr,,jeff.*stewart": failed: Error: 17 MSG: Person not found (75) MSG: There are 2 possible matches: MSG: 10226466(jws) JEFF W STEWART MSG: 10348429(milllo) JEFFREY BENEDICT STEWART The request "lajsmith": succeeded: Name: JEFFREY M SMITH PUID: 10254533 Alias: jsmith The request "lp010099899": succeeded: Name: WILLIAM I BORMANN PUID: 10099899 Alias: wbormann
DBparse.pl
The DBparse function (DBparse.pl) parses the reply from the DBM into a Perl HASH, where each field is stored by its type. This function uses constants from puidnetd.ph.
$fields = DBparse($reply); printf "The puid for %s is $s\n", $fields{&I2A2::PUIDNETD_DATA_AKA}, $fields{&I2A2::PUIDNETD_DATA_PUID};
char.pl
The char.pld example looks up each of its arguments, either characteristic numbers or names, and prints the mapping. This example uses constants from puidnetd.ph and the DBparse() function from DBparse.pl.
$ perl char.pl employee "Campus: 1 West Lafayette" 1 3229 w employee -> 0 Campus: 1 West Lafayette -> 2029 1 -> Student 3229 -> Department: 1408 COMPUTING CENTER
charchk.pl
The charchk.pl example is a more
complicated one that issues many requests and then processes the responses to get better throughput. This example uses
constants from puidnetd.ph.
charchk.pl reads a file of characteristic names and looks them up in the Authorizer. If given the "-l" option, it will
print the mapping for the characteristic.
charcvt.pl
The charcvt.pl script contains an even more complicated example. This is the script that converts characteristic names in httpd.conf (or .htaccess) templates into their corresponding characteristic numbers. It will optionally lookup aliases and puids. This example uses constants from puidnetd.ph and the DBparse() function from DBparse.pl.
$ perl charcvt.pl -h charcvt.pl usage: [-c] [-h] [-l] [-v] [files] -c output original "CharsExp" lines as comments -h produce help output -l lookup PUIDs and aliases -v verbose display of PUIDS and aliases $ cat input # Any text that doesn't begin with charsexp (ignoring case) is # passed through untouched. Aliases and PUIDs in allowuser and denyuser # lines will be looked up if '-l' or '-v' is given. AllowUser jws junk CharsExp ("Employee" | "Student") & "Campus: 1 West Lafayette" $ perl charcvt.pl -c -v < input > output ** jws: 00102-26466 JEFF W STEWART # due to -v option ** junk: Person not found (75) $ cat output # Any text that doesn't begin with charsexp (ignoring case) is # passed through untouched. Aliases and PUIDs in allowuser and denyuser # lines will be looked up if '-l' or '-v' is given. AllowUser jws junk # CharsExp ("Employee" | "Student") & "Campus: 1 West Lafayette" CharsExp ( 0 | 1 ) & 2029
sslrefl.pl
The sslrefl.pl example contains a sample
client that makes an SSL connection to the I2A2 reflector net daemon and exchanges external protocol information with
it. Client-side authentication will occur if public and private certificates are provided. This example uses constants
from puidnetd.ph and the DBparse() function from
DBparse.pl.
This example requires version 1.30 or later of the I2A2::DB package, first released with the 0.5 Beta release of
I2A2.
sslrefl.pl [-c cpath] [-d dir] [-h] [pub|priv] -c cpath set Certificate Authority PEM path -d dir set Certificate Authority directory path (/opt/openssl/certs) -h print this (Help) output pub path to client's public certificate priv path to client's private certificate
When a client certificate and it's private key are supplied (pub & priv), a client-side SSL connection is
attempted. Otherwise, a server-side SSL connection is made.
After a connection is established, commands may be entered in the
I2A2 external protocol.
Results are parsed and displayed in a more human readable form.