Tool

colin_pearce's picture
tool
Reads:

10882

Score:
0
0
 
Comments:

5

Reading the LDAP 'networkAddress' Attribute of a Server or User Object

Author Info

18 December 2007 - 6:45pm
Submitted by: colin_pearce

Author Blog
Author Profile

Tags

Tags Map
license: 
free

A perl script to read the LDAP 'networkAddress' attribute of a server or user object from an eDirectory LDAP server and get the TCP/IP address in decimal dot notation.

The network address attribute when read via LDAP is in the form-
LDAP Format, String:
taggedData = uint32String "#" octetstring
byte 0 = uint32String = Address Type: eg. 1 = IP Address (user); 9 = TCP Address (server)
byte 1 = char = "#" - separator
byte 2+ = octetstring - the ordinal value of the address

The following instructions assume that you have a working LDAP server and Perl installed with the Net::LDAP module http://ldap.perl.org/ . Of course, the LDAP 'networkAddress' attribute must be visible for your LDAP proxy user.

This script can be used a command line tool or called from another script by passing the following arguments:
- LDAP server qualified DNS name or IP address
- Base OU for the LDAP search, o=myorg
- CN of the object look up the IP address of, username or server name
In that order! eg:
netaddr.pl (ldap server) (base dn) (object)

AnhangGröße
netaddr.pl.txt2.22 KB



Related Articles


User Comments

bthoreson's picture

PHP IP Address code snippet

Submitted by bthoreson on 21 December 2007 - 9:26pm.

$addr = "";
$addrtype = intval(substr($networkaddress, 0, 1));

// throw away bytes 0 and 1 which should be the addrtype and the "#" separator
$networkaddress = substr($networkaddress, 2);

$addrtypes = array('IPX', 'IP', 'SDLC', 'Token Ring', 'OSI', 'AppleTalk', 'NetBEUI', 'Socket', 'UDP', 'TCP', 'UDP6', 'TCP6', 'Reserved (12)', 'URL', 'Count');

$len = strlen($networkaddress);

if ($len > 0) {
for ($i=0; $i<$len; $i+=1) {
$byte = substr($networkaddress, $i, 1);
$addr .= ord($byte);

if ($addrtype == 1){ // dot separate IP addresses...
$addr .= ".";
}
}

if ($addrtype == 1) {
// strip last period from end of $addr
$addr = substr($addr, 0, strlen($addr)-1);
}
}
else {
$addr .= "address not available.";
}

printf($addrtypes[$addrtype] . ": " . $addr);

morgaia's picture

C# IP Address Code Snippet

Submitted by morgaia on 18 June 2008 - 7:02am.

This took me a good while to figure out, so I hope that the community finds it useful. Please feel free to e-mail me if you have comments or suggestions...

// with a connected and bound ldap connection ldapConn...

LdapEntry server = ldapConn.Read(serverDN); // find server in tree

// retrieve and decode the server's network address

LdapAttribute serverNetAddr = server.getAttribute("networkaddress");

// loop through the multivalued networkaddress field
foreach(sbyte[] addrBytes in serverNetAddr.ByteValueArray) {

   // get the first character in the line which indicates type
   char type = (char)addrBytes[0];

   if(type == '9') { // only interested in TCP address
       string serverTCPAddr = "";
       for(int i=(addrBytes.Length-4); i<addrBytes.Length; i++) { // last four bytes are the ip address
      byte b = unchecked((byte)addrBytes[i]); // convert sbyte to byte
         serverTCPAddr = serverTCPAddr + b; // append value to string
         if(i>0 && i<(addrBytes.Length - 1))
         serverTCPAddr = serverTCPAddr + "."; // brute force the dots
    }

  }

}

jjader's picture

Thanks for the C# example,

Submitted by jjader on 5 November 2008 - 9:48am.

Thanks for the C# example, works like a charm!

sparch's picture

The inverse

Submitted by sparch on 5 May 2009 - 2:17pm.

Hi, I would like to know if is there a way to provide the inverse value, I mean, I got the IP address, and I wanna compare with the value into networkAddress to see if the IP being passed to me matches with the one into NDS.

Is that possible?

Thanks!

jleblois's picture

My function in awk (french)

Submitted by jleblois on 2 November 2010 - 2:20am.

Next you will find my own function that helps me to convert the base64 coded networkAddress in awk scripts. The output of this function presents only the IP address in a dotted decimal format . I hope it can help. It was written for a french company.


function decode(chaine){

# Cette fonction est limitee a la conversion des netAddress IP des serveurs
# Novell stockees dans la base eDirectory en format Base64.
# Nous ne tenons pas compte ici des 4 premiers octets recuperes, qui precise
# le port (NCP) et le transport (UDP, TCP, IP) qui importe peu dans cette procedure.

BASE64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"

resultat = ""
nextPosDec = 1

while (length(chaine) > 0){
# recuperation par groupe de 4 codes Base64
for (pos=1; pos<5; pos++) code[pos] = substr(chaine,pos,1)
# Transcription du code en valeur numerique selon Base64
for (pos=1; pos<5; pos++){
numCode[pos] = index(BASE64,code[pos]) - 1
if (numCode[pos] < 0) numCode[pos] = 0
}
# Transcription des 4 codes (6 bits) en 3 octets (8 bits) valeurs
# decimales
octetDec[nextPosDec + 2] = (numCode[3] % 4) * 64 + numCode[4]
octetDec[nextPosDec + 1] = (numCode[2] % 16) * 16 + int(numCode[3] / 4)
octetDec[nextPosDec] = (numCode[1] * 4) + int(numCode[2] / 16)

nextPosDec += 3

chaine = substr(chaine, 5)
}

resultat = octetDec[5] "." octetDec[6] "." octetDec[7] "." octetDec[8]

return resultat
}

© 2013 Novell