Cool Solutions

Reading the LDAP ‘networkAddress’ Attribute of a Server or User Object



By:

December 18, 2007 6:45 pm

Reads: 11609

Comments:5

License:
free

Download netaddr.pl

A perl script to read the LDAP ‘networkAddress’ attribute of a server or user object from an eDirectory LDAP server and get the TCP/IP address in decimal dot notation.

The network address attribute when read via LDAP is in the form-
LDAP Format, String:
taggedData = uint32String “#” octetstring
byte 0 = uint32String = Address Type: eg. 1 = IP Address (user); 9 = TCP Address (server)
byte 1 = char = “#” – separator
byte 2+ = octetstring – the ordinal value of the address

The following instructions assume that you have a working LDAP server and Perl installed with the Net::LDAP module http://ldap.perl.org/ . Of course, the LDAP ‘networkAddress’ attribute must be visible for your LDAP proxy user.

This script can be used a command line tool or called from another script by passing the following arguments:
- LDAP server qualified DNS name or IP address
- Base OU for the LDAP search, o=myorg
- CN of the object look up the IP address of, username or server name
In that order! eg:
netaddr.pl (ldap server) (base dn) (object)

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)


Categories: Uncategorized

Disclaimer: This content is not supported by Novell. It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test it thoroughly before using it in a production environment.

5 Comments

  1. By:bthoreson

    $addr = “”;
    $addrtype = intval(substr($networkaddress, 0, 1));

    // throw away bytes 0 and 1 which should be the addrtype and the “#” separator
    $networkaddress = substr($networkaddress, 2);

    $addrtypes = array(‘IPX’, ‘IP’, ‘SDLC’, ‘Token Ring’, ‘OSI’, ‘AppleTalk’, ‘NetBEUI’, ‘Socket’, ‘UDP’, ‘TCP’, ‘UDP6′, ‘TCP6′, ‘Reserved (12)’, ‘URL’, ‘Count’);

    $len = strlen($networkaddress);

    if ($len > 0) {
    for ($i=0; $i<$len; $i+=1) {
    $byte = substr($networkaddress, $i, 1);
    $addr .= ord($byte);

    if ($addrtype == 1){ // dot separate IP addresses…
    $addr .= “.”;
    }
    }

    if ($addrtype == 1) {
    // strip last period from end of $addr
    $addr = substr($addr, 0, strlen($addr)-1);
    }
    }
    else {
    $addr .= “address not available.”;
    }

    printf($addrtypes[$addrtype] . “: ” . $addr);

    VN:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  2. By:morgaia

    This took me a good while to figure out, so I hope that the community finds it useful. Please feel free to e-mail me if you have comments or suggestions…

    // with a connected and bound ldap connection ldapConn...

    LdapEntry server = ldapConn.Read(serverDN); // find server in tree

    // retrieve and decode the server's network address

    LdapAttribute serverNetAddr = server.getAttribute("networkaddress");

    // loop through the multivalued networkaddress field
    foreach(sbyte[] addrBytes in serverNetAddr.ByteValueArray) {

       // get the first character in the line which indicates type
       char type = (char)addrBytes[0];

       if(type == '9') { // only interested in TCP address
           string serverTCPAddr = "";
           for(int i=(addrBytes.Length-4); i<addrBytes.Length; i++) { // last four bytes are the ip address
          byte b = unchecked((byte)addrBytes[i]); // convert sbyte to byte
             serverTCPAddr = serverTCPAddr + b; // append value to string
             if(i>0 && i<(addrBytes.Length - 1))
             serverTCPAddr = serverTCPAddr + "."; // brute force the dots
        }

      }

    }

    VN:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  3. By:sparch

    Hi, I would like to know if is there a way to provide the inverse value, I mean, I got the IP address, and I wanna compare with the value into networkAddress to see if the IP being passed to me matches with the one into NDS.

    Is that possible?

    Thanks!

    VN:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  4. By:jleblois

    Next you will find my own function that helps me to convert the base64 coded networkAddress in awk scripts. The output of this function presents only the IP address in a dotted decimal format . I hope it can help. It was written for a french company.


    function decode(chaine){

    # Cette fonction est limitee a la conversion des netAddress IP des serveurs
    # Novell stockees dans la base eDirectory en format Base64.
    # Nous ne tenons pas compte ici des 4 premiers octets recuperes, qui precise
    # le port (NCP) et le transport (UDP, TCP, IP) qui importe peu dans cette procedure.

    BASE64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"

    resultat = ""
    nextPosDec = 1

    while (length(chaine) > 0){
    # recuperation par groupe de 4 codes Base64
    for (pos=1; pos<5; pos++) code[pos] = substr(chaine,pos,1)
    # Transcription du code en valeur numerique selon Base64
    for (pos=1; pos<5; pos++){
    numCode[pos] = index(BASE64,code[pos]) - 1
    if (numCode[pos] < 0) numCode[pos] = 0
    }
    # Transcription des 4 codes (6 bits) en 3 octets (8 bits) valeurs
    # decimales
    octetDec[nextPosDec + 2] = (numCode[3] % 4) * 64 + numCode[4]
    octetDec[nextPosDec + 1] = (numCode[2] % 16) * 16 + int(numCode[3] / 4)
    octetDec[nextPosDec] = (numCode[1] * 4) + int(numCode[2] / 16)

    nextPosDec += 3

    chaine = substr(chaine, 5)
    }

    resultat = octetDec[5] "." octetDec[6] "." octetDec[7] "." octetDec[8]

    return resultat
    }

    VN:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)

Comment

RSS