I understand what you're saying but constructing a filter for a distinguished name does not appear to work. Here is a bit of test code I wrote.

sub getLDAPInfo
{
        my $targetuser = shift;
        my $ldapuser = "SomeUser";
        my $ldappassword = "SomePassword";
        my $domain = "dc.mycompany.com";
        my $fullname;

        my $ad = Net::LDAP->new($domain) or die "Could not connect!";

        $ad->bind($ldapuser, password=>$ldappassword);
        my $searchbase = 'DC=mycompany,DC=com';
        my $filter = "samaccountname=$targetuser";
     
        my $results = $ad->search(base=>$searchbase,filter=>$filter);

        my $count = $results->count;

        if ($count)
        {
                my @entries = $results->entries;
                foreach my $entry (@entries)
                {
                        $fullname = $entry->get_value('givenname'). " 
+" . $entry->get_value('sn');
                return ($fullname);
        }
        else
        {
                return "";
        }

        $ad->unbind;
}

my $fullname= &getLDAPInfo("JUSER");
print $fullname. "\n";
[download]

This works perfectly. However, if I change the filter like so:

        my $filter = "distinguishedname=$targetuser";
[download]

And pass it a distinguished name like so:

my $fullname= &getLDAPInfo("CN=JUSER,OU=ACCT,DC=MYCOMPANY,DC=COM");
[download]

it returns nothing. I have tried to build the filter as both distinguishedname= and dn= to no avail.

If, as you say, I still need to do the search, please help me understand how to construct the filter to search for a distinguished name.

Thanks,

Whenever I'm stuck with figuring out proper LDAP usage, I revert to testing with LDAP Browser Editor Despite. Based on your code looking for sAMAccountname, plus the fact you call your variable 'ad', I'm guessing you're hitting an Active Directory server. I know that LBE will be able to hit it (it works with ours) and you can triple check your filters.

For one thing, you need parens around the filter: (dn=CN=JUSER,OU=ACCT,DC=MYCOMPANY,DC=COM). I always use dn, but distinguishedname might also be valid. Use the sAMAccountname filter to view your entry in LBE and verify that you are actually using the distinguished name of the person

Resolved!

There were two issues. First, I had to use distinguishedname= rather than dn=a. Apparently Active Directory is picky about the filter though oddly you can use dn when specifying get_value. Secondly, the sample distinguishednames I tested had parens in them which must be escaped. Net::LDAP doesn't handle that for you.

I added this bit:

sub cleanLDAPString
{
    my $tempstr = shift;

    $tempstr =~ s/\\/\\5c/;
    $tempstr =~ s/\(/\\28/;
    $tempstr =~ s/\)/\\29/;
    $tempstr =~ s/&/\\26/;
    $tempstr =~ s/\|/\\7c/;
    $tempstr =~ s/>/\\3e/;
    $tempstr =~ s/</\\3c/;
    $tempstr =~ s/\~/\\7e/;
    $tempstr =~ s/\*/\\2a/;

    return $tempstr;
}
[download]

and called it before I constructed the filter. Worked just fine. Thank you very much for the feedback. It helped lead me to the solution.

:)

And nuts to those that think minimalist responses and snide comments are in any way helpful to the people who come here. If you don't have anything helpful to contribute then don't post. And for the record, posting greps to the doc that I already specified I'd read and that didn't have any relevant examples is just effing arrogant and lazy.

behind the scenes what was happening is what you have to do more explicitly if you were using, say, C, Perl, or something else

;) Well, in perl , DBD::LDAP looks pretty slick