Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW

Re^5: Net::LDAP help with distinguished name

by Sinistral (Monsignor)
on Feb 04, 2012 at 13:35 UTC ( #951800=note: print w/replies, xml ) Need Help??

in reply to Re^4: Net::LDAP help with distinguished name
in thread Net::LDAP help with distinguished name

Although you complain that the responses are vague, they are not. The API exposed by Net::LDAP is pretty much a Perl equivalent to the OpenLDAP C API. As such, if you want to be able to get the information for a single entry, you need to go through the bind and search steps

The bind can be anonymous, if you LDAP server allows it and allows retrieval of the object whose DN you already have. If not, then you need to bind with that DN and provide the password associated with it. Once you do the bind, you can do a search for the DN. Once you have the search, you have the attributes and values associated with it.

Even if you do a non-anonymous bind, what returns in Net::LDAP is a connection variable, not a hash or array of information on the entity that made the connection

Your experience with Windows and Visual Basic has led you to believe that there is some magical way to say, "I have this DN, give me the attributes associated with it". Although the API you were using made this easy, behind the scenes what was happening is what you have to do more explicitly if you were using, say, C, Perl, or something else

  • Comment on Re^5: Net::LDAP help with distinguished name

Replies are listed 'Best First'.
Re^6: Net::LDAP help with distinguished name
by Discreet Entity (Initiate) on Feb 04, 2012 at 15:08 UTC
    Thank you for replying. It appears you took the time to actually read my request.

    I understand what you're saying but constructing a filter for a distinguished name does not appear to work. Here is a bit of test code I wrote.

    sub getLDAPInfo { my $targetuser = shift; my $ldapuser = "SomeUser"; my $ldappassword = "SomePassword"; my $domain = ""; my $fullname; my $ad = Net::LDAP->new($domain) or die "Could not connect!"; $ad->bind($ldapuser, password=>$ldappassword); my $searchbase = 'DC=mycompany,DC=com'; my $filter = "samaccountname=$targetuser"; my $results = $ad->search(base=>$searchbase,filter=>$filter); my $count = $results->count; if ($count) { my @entries = $results->entries; foreach my $entry (@entries) { $fullname = $entry->get_value('givenname'). " +" . $entry->get_value('sn'); return ($fullname); } else { return ""; } $ad->unbind; } my $fullname= &getLDAPInfo("JUSER"); print $fullname. "\n";

    This works perfectly. However, if I change the filter like so:

    my $filter = "distinguishedname=$targetuser";

    And pass it a distinguished name like so:

    my $fullname= &getLDAPInfo("CN=JUSER,OU=ACCT,DC=MYCOMPANY,DC=COM");

    it returns nothing. I have tried to build the filter as both distinguishedname= and dn= to no avail.

    If, as you say, I still need to do the search, please help me understand how to construct the filter to search for a distinguished name.


      Whenever I'm stuck with figuring out proper LDAP usage, I revert to testing with LDAP Browser Editor Despite. Based on your code looking for sAMAccountname, plus the fact you call your variable 'ad', I'm guessing you're hitting an Active Directory server. I know that LBE will be able to hit it (it works with ours) and you can triple check your filters.

      For one thing, you need parens around the filter: (dn=CN=JUSER,OU=ACCT,DC=MYCOMPANY,DC=COM). I always use dn, but distinguishedname might also be valid. Use the sAMAccountname filter to view your entry in LBE and verify that you are actually using the distinguished name of the person


        There were two issues. First, I had to use distinguishedname= rather than dn=a. Apparently Active Directory is picky about the filter though oddly you can use dn when specifying get_value. Secondly, the sample distinguishednames I tested had parens in them which must be escaped. Net::LDAP doesn't handle that for you.

        I added this bit:

        sub cleanLDAPString { my $tempstr = shift; $tempstr =~ s/\\/\\5c/; $tempstr =~ s/\(/\\28/; $tempstr =~ s/\)/\\29/; $tempstr =~ s/&/\\26/; $tempstr =~ s/\|/\\7c/; $tempstr =~ s/>/\\3e/; $tempstr =~ s/</\\3c/; $tempstr =~ s/\~/\\7e/; $tempstr =~ s/\*/\\2a/; return $tempstr; }

        and called it before I constructed the filter. Worked just fine. Thank you very much for the feedback. It helped lead me to the solution.


        And nuts to those that think minimalist responses and snide comments are in any way helpful to the people who come here. If you don't have anything helpful to contribute then don't post. And for the record, posting greps to the doc that I already specified I'd read and that didn't have any relevant examples is just effing arrogant and lazy.

Re^6: Net::LDAP help with distinguished name
by Anonymous Monk on Feb 04, 2012 at 15:10 UTC

    behind the scenes what was happening is what you have to do more explicitly if you were using, say, C, Perl, or something else

    ;) Well, in perl , DBD::LDAP looks pretty slick

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://951800]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (2)
As of 2023-04-02 08:29 GMT
Find Nodes?
    Voting Booth?

    No recent polls found