Home > Archive > LDAP > November 2005 > Trying to Query against Active Directory
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Trying to Query against Active Directory
|
|
| John Parks 2005-11-09, 7:04 pm |
| Greetings,
I am trying to use perl-ldap to search an Active Directory. I am able to
connect and bind, but when I attempt to search I am not getting any usable
results back. I am hoping someone can spot what I am doing wrong and help me
out a bit. I have removed some content from the script replacing it with
notes about what the content was surrounded by []. So the [] are not really
part of the script just place holds for the content.
#!/usr/bin/perl
print "Content-type: text/html\n\n";
use strict;
use Net::LDAP;
my $ad = Net::LDAP->new("[the address I am connecting to]:389") or die
(print "connection failed\n");
$ad->bind("[username]\@[domain ur]l", password =>'[the password using single
quotes due to the use of special characters]');
#Up to this point everything seems to be working based on my error checking.
# Declare the necessary search variables
# What is the search base?
my $searchbase = 'OU=[This is the folder I am looking in. It's three words
separated by a space between each word],DC=[url part],DC=[url part],DC=[url
part]';
# What are we searching for?
my $filter = "CN=[name of one of our users that I know is in the AD]";
# Which attributes should be returned?
my $attrs = "sn, givenname, mail";
# Execute the search
my $results = $ad->search(base=>$searchbase,filter=>$filter,attrs=>$attrs);
# Display entries
my $entry;
$entry = $results->entry(0);
print $entry->get_value('sn').", ".$entry->get_value('givenname')."\n";
print "Email: ".$entry->get_value('mail')."\n";
# Unbind from the server
$ad->unbind;
The error messages I am getting are:
Can't call method "get_value" on an undefined value at test-get.pl line 38,
<DATA> line 225.
To me, this sounds like the search results are not coming back in a useful
manor.
This is what the results look like:
Net::LDAP::Search=HASH(0x8345f68)
Any suggestions would be greatly appreciated.
Thanks
--John
| |
| Rick Tatem 2005-11-09, 7:04 pm |
| Try enclosing your filter in parentheses (sp?).
"(cn=3D[text])"
Also, I usually suggest making "(objectcategory=3Dperson)" (or group, =
when it's appropriate) a part of the filter. In wide searches it can =
help a good bit.
Also, in general for Active Directory, it's important to remember that =
queries bound to port 389 (i.e. "straight LDAP") only scope to the local =
domain of the server. If you're in a multi-domain forest and you start =
searching for things outside of your local domain, the server will =
return LDAP Referrals (which are up to the client to handle). Whereas =
if you bind to the Global Catalog (port 3268, and the server must be =
designated a GC... Most DCs are) you're searching a replicated subset of =
the entire forest. The GC has most of the stuff you'd ever look for =
anyway (and you can always add more).
Rick
---
Rick Tatem
Messaging and Directory Resources
SAS Institute Inc.
-----Original Message-----
From: John Parks, SEI Webmaster [mailto:jparks@snellinc.com]=20
Sent: Wednesday, November 09, 2005 9:56 AM
To: perl-ldap@perl.org
Subject: Trying to Query against Active Directory
Greetings,
=20
I am trying to use perl-ldap to search an Active Directory. I am able to =
connect and bind, but when I attempt to search I am not getting any =
usable results back. I am hoping someone can spot what I am doing wrong =
and help me out a bit. I have removed some content from the script =
replacing it with notes about what the content was surrounded by []. So =
the [] are not really part of the script just place holds for the =
content.=20
=20
#!/usr/bin/perl
print "Content-type: text/html\n\n";
use strict;
use Net::LDAP;
=20
my $ad =3D Net::LDAP->new("[the address I am connecting to]:389") or die =
(print "connection failed\n");
=20
$ad->bind("[username]\@[domain ur]l", password =3D>'[the password using =
single quotes due to the use of special characters]');
=20
#Up to this point everything seems to be working based on my error =
checking.
=20
# Declare the necessary search variables
=20
# What is the search base?
=20
my $searchbase =3D 'OU=3D[This is the folder I am looking in. It's three =
words separated by a space between each word],DC=3D[url part],DC=3D[url =
part],DC=3D[url part]';
=20
# What are we searching for?
=20
my $filter =3D "CN=3D[name of one of our users that I know is in the =
AD]";
=20
# Which attributes should be returned?
=20
my $attrs =3D "sn, givenname, mail";
=20
# Execute the search
=20
my $results =3D =
$ad->search(base=3D>$searchbase,filter=3D>$filter,attrs=3D>$attrs);
=20
# Display entries
=20
my $entry;
=20
$entry =3D $results->entry(0);
=20
print $entry->get_value('sn').", ".$entry->get_value('givenname')."\n";
print "Email: ".$entry->get_value('mail')."\n";
=20
=20
# Unbind from the server
$ad->unbind;
=20
The error messages I am getting are:=20
Can't call method "get_value" on an undefined value at test-get.pl line =
38, <DATA> line 225.
=20
To me, this sounds like the search results are not coming back in a =
useful manor.
=20
This is what the results look like:
Net::LDAP::Search=3DHASH(0x8345f68)
=20
Any suggestions would be greatly appreciated.
=20
Thanks
--John
=20
| |
| Aaron Giuoco 2005-11-09, 7:04 pm |
| > =20
> my $attrs =3D "sn, givenname, mail";
> =20
This should be a list (array), like:
my @attrs =3D ['sn' 'givenname' 'mail'];
AG
| |
| John Parks 2005-11-09, 7:04 pm |
| Rick-
Thanks for the reply...
I tried both enclosing the filter in parentheses and using port 3268. But it
still came back with the same error:
Can't call method "get_value" on an undefined value at test-get.pl line 35,
<DATA> line 225.
I am new to using LDAP and AD, so I am not sure what you are suggesting with
using objectcategory=person or group?
Are you talking about using something like?
my $filter = "(CN=john doe,OU=person)";
--John
-----Original Message-----
From: Rick Tatem [mailto:Rick.Tatem@sas.com]
Sent: Wednesday, November 09, 2005 10:20 AM
To: perl-ldap@perl.org
Subject: RE: Trying to Query against Active Directory
Try enclosing your filter in parentheses (sp?).
"(cn=[text])"
Also, I usually suggest making "(objectcategory=person)" (or group, when
it's appropriate) a part of the filter. In wide searches it can help a good
bit.
Also, in general for Active Directory, it's important to remember that
queries bound to port 389 (i.e. "straight LDAP") only scope to the local
domain of the server. If you're in a multi-domain forest and you start
searching for things outside of your local domain, the server will return
LDAP Referrals (which are up to the client to handle). Whereas if you bind
to the Global Catalog (port 3268, and the server must be designated a GC...
Most DCs are) you're searching a replicated subset of the entire forest.
The GC has most of the stuff you'd ever look for anyway (and you can always
add more).
Rick
---
Rick Tatem
Messaging and Directory Resources
SAS Institute Inc.
-----Original Message-----
From: John Parks, SEI Webmaster [mailto:jparks@snellinc.com]
Sent: Wednesday, November 09, 2005 9:56 AM
To: perl-ldap@perl.org
Subject: Trying to Query against Active Directory
Greetings,
I am trying to use perl-ldap to search an Active Directory. I am able to
connect and bind, but when I attempt to search I am not getting any usable
results back. I am hoping someone can spot what I am doing wrong and help me
out a bit. I have removed some content from the script replacing it with
notes about what the content was surrounded by []. So the [] are not really
part of the script just place holds for the content.
#!/usr/bin/perl
print "Content-type: text/html\n\n";
use strict;
use Net::LDAP;
my $ad = Net::LDAP->new("[the address I am connecting to]:389") or die
(print "connection failed\n");
$ad->bind("[username]\@[domain ur]l", password =>'[the password using single
quotes due to the use of special characters]');
#Up to this point everything seems to be working based on my error checking.
# Declare the necessary search variables
# What is the search base?
my $searchbase = 'OU=[This is the folder I am looking in. It's three words
separated by a space between each word],DC=[url part],DC=[url part],DC=[url
part]';
# What are we searching for?
my $filter = "CN=[name of one of our users that I know is in the AD]";
# Which attributes should be returned?
my $attrs = "sn, givenname, mail";
# Execute the search
my $results = $ad->search(base=>$searchbase,filter=>$filter,attrs=>$attrs);
# Display entries
my $entry;
$entry = $results->entry(0);
print $entry->get_value('sn').", ".$entry->get_value('givenname')."\n";
print "Email: ".$entry->get_value('mail')."\n";
# Unbind from the server
$ad->unbind;
The error messages I am getting are:
Can't call method "get_value" on an undefined value at test-get.pl line 38,
<DATA> line 225.
To me, this sounds like the search results are not coming back in a useful
manor.
This is what the results look like:
Net::LDAP::Search=HASH(0x8345f68)
Any suggestions would be greatly appreciated.
Thanks
--John
| |
| Aaron Giuoco 2005-11-09, 7:04 pm |
| CN is a property of any LDAP object. In AD, so is objectCategory. =
Thus, your filter would look like:
$filter =3D '(&(cn=3Dmy =
user)(objectCategory=3Dperson)(objectcla
ss=3Duser))';
The '&' turns the whole statement into an AND condition. =
(objectCategory=3Dperson)(objectclass=3D
user) makes sure that only user =
accounts are returned.
It would help if you opened up a program like ldp.exe and were able to =
see the raw LDAP data contained in your AD. This will probably help you =
find the correct properties to filter on.
AG
> -----Original Message-----
> From: John Parks, SEI Webmaster [mailto:jparks@snellinc.com]
> Sent: Wednesday, November 09, 2005 9:34 AM
> To: perl-ldap@perl.org
> Subject: RE: Trying to Query against Active Directory
>=20
>=20
> Rick-
>=20
> Thanks for the reply...
>=20
> I tried both enclosing the filter in parentheses and using=20
> port 3268. But it
> still came back with the same error:
>=20
> Can't call method "get_value" on an undefined value at=20
> test-get.pl line 35,
> <DATA> line 225.
>=20
> I am new to using LDAP and AD, so I am not sure what you are=20
> suggesting with
> using objectcategory=3Dperson or group?
>=20
> Are you talking about using something like?
> my $filter =3D "(CN=3Djohn doe,OU=3Dperson)";
>=20
>=20
> --John
>=20
> -----Original Message-----
> From: Rick Tatem [mailto:Rick.Tatem@sas.com]=20
> Sent: Wednesday, November 09, 2005 10:20 AM
> To: perl-ldap@perl.org
> Subject: RE: Trying to Query against Active Directory
>=20
> Try enclosing your filter in parentheses (sp?).
>=20
> "(cn=3D[text])"
>=20
> Also, I usually suggest making "(objectcategory=3Dperson)" (or=20
> group, when
> it's appropriate) a part of the filter. In wide searches it=20
> can help a good
> bit.
>=20
> Also, in general for Active Directory, it's important to remember that
> queries bound to port 389 (i.e. "straight LDAP") only scope=20
> to the local
> domain of the server. If you're in a multi-domain forest and you start
> searching for things outside of your local domain, the server=20
> will return
> LDAP Referrals (which are up to the client to handle). =20
> Whereas if you bind
> to the Global Catalog (port 3268, and the server must be=20
> designated a GC...
> Most DCs are) you're searching a replicated subset of the=20
> entire forest.
> The GC has most of the stuff you'd ever look for anyway (and=20
> you can always
> add more).
>=20
> Rick
>=20
> ---
> Rick Tatem
> Messaging and Directory Resources
> SAS Institute Inc.
>=20
> -----Original Message-----
> From: John Parks, SEI Webmaster [mailto:jparks@snellinc.com]=20
> Sent: Wednesday, November 09, 2005 9:56 AM
> To: perl-ldap@perl.org
> Subject: Trying to Query against Active Directory
>=20
> Greetings,
> =20
> I am trying to use perl-ldap to search an Active Directory. I=20
> am able to
> connect and bind, but when I attempt to search I am not=20
> getting any usable
> results back. I am hoping someone can spot what I am doing=20
> wrong and help me
> out a bit. I have removed some content from the script=20
> replacing it with
> notes about what the content was surrounded by []. So the []=20
> are not really
> part of the script just place holds for the content.=20
> =20
> #!/usr/bin/perl
> print "Content-type: text/html\n\n";
> use strict;
> use Net::LDAP;
> =20
> my $ad =3D Net::LDAP->new("[the address I am connecting to]:389") or =
die
> (print "connection failed\n");
> =20
> $ad->bind("[username]\@[domain ur]l", password =3D>'[the=20
> password using single
> quotes due to the use of special characters]');
> =20
> #Up to this point everything seems to be working based on my=20
> error checking.
> =20
> # Declare the necessary search variables
> =20
> # What is the search base?
> =20
> my $searchbase =3D 'OU=3D[This is the folder I am looking in.=20
> It's three words
> separated by a space between each word],DC=3D[url part],DC=3D[url=20
> part],DC=3D[url
> part]';
> =20
> # What are we searching for?
> =20
> my $filter =3D "CN=3D[name of one of our users that I know is in the =
AD]";
> =20
> # Which attributes should be returned?
> =20
> my $attrs =3D "sn, givenname, mail";
> =20
> # Execute the search
> =20
> my $results =3D=20
> $ad->search(base=3D>$searchbase,filter=3D>$filter,attrs=3D>$attrs);
> =20
> # Display entries
> =20
> my $entry;
> =20
> $entry =3D $results->entry(0);
> =20
> print $entry->get_value('sn').",=20
> ".$entry->get_value('givenname')."\n";
> print "Email: ".$entry->get_value('mail')."\n";
> =20
> =20
> # Unbind from the server
> $ad->unbind;
> =20
> The error messages I am getting are:=20
> Can't call method "get_value" on an undefined value at=20
> test-get.pl line 38,
> <DATA> line 225.
> =20
> To me, this sounds like the search results are not coming=20
> back in a useful
> manor.
> =20
> This is what the results look like:
> Net::LDAP::Search=3DHASH(0x8345f68)
> =20
> Any suggestions would be greatly appreciated.
> =20
> Thanks
> --John
> =20
>=20
>=20
| |
| Rick Tatem 2005-11-09, 7:04 pm |
| The error probably indicates that it's finding an entry that does NOT =
have a value for one (or more) of the attributes you're wanting =
returned. Try just dumping the entry(ies).
Instead of:
print $entry->get_value('sn').", ".$entry->get_value('givenname')."\n";
print "Email: ".$entry->get_value('mail')."\n";
Try
$entry->dump();
That should show you something useful. I ran a simple script (similar =
to yours) that produced the same error. It was returning an additional =
account (an admin-type account) that doesn't have an email address (so =
$entry->ge_value('mail') didn't like it). If an attribute doesn't have =
a value, then the attribute doesn't exist for that object (it's not just =
=3D "")
Rick
---
Rick Tatem
Messaging and Directory Resources
-----Original Message-----
From: John Parks, SEI Webmaster [mailto:jparks@snellinc.com]=20
Sent: Wednesday, November 09, 2005 10:34 AM
To: perl-ldap@perl.org
Subject: RE: Trying to Query against Active Directory
Rick-
Thanks for the reply...
I tried both enclosing the filter in parentheses and using port 3268. =
But it still came back with the same error:
Can't call method "get_value" on an undefined value at test-get.pl line =
35, <DATA> line 225.
I am new to using LDAP and AD, so I am not sure what you are suggesting =
with using objectcategory=3Dperson or group?
Are you talking about using something like?
my $filter =3D "(CN=3Djohn doe,OU=3Dperson)";
--John
-----Original Message-----
From: Rick Tatem [mailto:Rick.Tatem@sas.com]
Sent: Wednesday, November 09, 2005 10:20 AM
To: perl-ldap@perl.org
Subject: RE: Trying to Query against Active Directory
Try enclosing your filter in parentheses (sp?).
"(cn=3D[text])"
Also, I usually suggest making "(objectcategory=3Dperson)" (or group, =
when it's appropriate) a part of the filter. In wide searches it can =
help a good bit.
Also, in general for Active Directory, it's important to remember that =
queries bound to port 389 (i.e. "straight LDAP") only scope to the local =
domain of the server. If you're in a multi-domain forest and you start =
searching for things outside of your local domain, the server will =
return LDAP Referrals (which are up to the client to handle). Whereas =
if you bind to the Global Catalog (port 3268, and the server must be =
designated a GC...
Most DCs are) you're searching a replicated subset of the entire forest.
The GC has most of the stuff you'd ever look for anyway (and you can =
always add more).
Rick
---
Rick Tatem
Messaging and Directory Resources
SAS Institute Inc.
-----Original Message-----
From: John Parks, SEI Webmaster [mailto:jparks@snellinc.com]
Sent: Wednesday, November 09, 2005 9:56 AM
To: perl-ldap@perl.org
Subject: Trying to Query against Active Directory
Greetings,
=20
I am trying to use perl-ldap to search an Active Directory. I am able to =
connect and bind, but when I attempt to search I am not getting any =
usable results back. I am hoping someone can spot what I am doing wrong =
and help me out a bit. I have removed some content from the script =
replacing it with notes about what the content was surrounded by []. So =
the [] are not really part of the script just place holds for the =
content.=20
=20
#!/usr/bin/perl
print "Content-type: text/html\n\n";
use strict;
use Net::LDAP;
=20
my $ad =3D Net::LDAP->new("[the address I am connecting to]:389") or die =
(print "connection failed\n");
=20
$ad->bind("[username]\@[domain ur]l", password =3D>'[the password using =
single quotes due to the use of special characters]');
=20
#Up to this point everything seems to be working based on my error =
checking.
=20
# Declare the necessary search variables
=20
# What is the search base?
=20
my $searchbase =3D 'OU=3D[This is the folder I am looking in. It's three =
words separated by a space between each word],DC=3D[url part],DC=3D[url =
part],DC=3D[url part]';
=20
# What are we searching for?
=20
my $filter =3D "CN=3D[name of one of our users that I know is in the =
AD]";
=20
# Which attributes should be returned?
=20
my $attrs =3D "sn, givenname, mail";
=20
# Execute the search
=20
my $results =3D =
$ad->search(base=3D>$searchbase,filter=3D>$filter,attrs=3D>$attrs);
=20
# Display entries
=20
my $entry;
=20
$entry =3D $results->entry(0);
=20
print $entry->get_value('sn').", ".$entry->get_value('givenname')."\n";
print "Email: ".$entry->get_value('mail')."\n";
=20
=20
# Unbind from the server
$ad->unbind;
=20
The error messages I am getting are:=20
Can't call method "get_value" on an undefined value at test-get.pl line =
38, <DATA> line 225.
=20
To me, this sounds like the search results are not coming back in a =
useful manor.
=20
This is what the results look like:
Net::LDAP::Search=3DHASH(0x8345f68)
=20
Any suggestions would be greatly appreciated.
=20
Thanks
--John
=20
| |
| John Parks 2005-11-09, 7:04 pm |
| Rick
I tried the dump and got the following error:
Can't call method "dump" on an undefined value at
/export/web/infolink/cgi/perl/test-get.pl line 34, <DATA> line 225.
I am getting the feeling it's not getting anything back or it doesn't know
how to read what it's getting back.
The results print out like this:
Net::LDAP::Search=HASH(0x83460b8)
Aaron thanks for the info.. I will try that in a minute.
-John
-----Original Message-----
From: Rick Tatem [mailto:Rick.Tatem@sas.com]
Sent: Wednesday, November 09, 2005 10:52 AM
To: perl-ldap@perl.org
Subject: RE: Trying to Query against Active Directory
The error probably indicates that it's finding an entry that does NOT have a
value for one (or more) of the attributes you're wanting returned. Try just
dumping the entry(ies).
Instead of:
print $entry->get_value('sn').", ".$entry->get_value('givenname')."\n";
print "Email: ".$entry->get_value('mail')."\n";
Try
$entry->dump();
That should show you something useful. I ran a simple script (similar to
yours) that produced the same error. It was returning an additional account
(an admin-type account) that doesn't have an email address (so
$entry->ge_value('mail') didn't like it). If an attribute doesn't have a
value, then the attribute doesn't exist for that object (it's not just = "")
Rick
---
Rick Tatem
Messaging and Directory Resources
-----Original Message-----
From: John Parks, SEI Webmaster [mailto:jparks@snellinc.com]
Sent: Wednesday, November 09, 2005 10:34 AM
To: perl-ldap@perl.org
Subject: RE: Trying to Query against Active Directory
Rick-
Thanks for the reply...
I tried both enclosing the filter in parentheses and using port 3268. But it
still came back with the same error:
Can't call method "get_value" on an undefined value at test-get.pl line 35,
<DATA> line 225.
I am new to using LDAP and AD, so I am not sure what you are suggesting with
using objectcategory=person or group?
Are you talking about using something like?
my $filter = "(CN=john doe,OU=person)";
--John
-----Original Message-----
From: Rick Tatem [mailto:Rick.Tatem@sas.com]
Sent: Wednesday, November 09, 2005 10:20 AM
To: perl-ldap@perl.org
Subject: RE: Trying to Query against Active Directory
Try enclosing your filter in parentheses (sp?).
"(cn=[text])"
Also, I usually suggest making "(objectcategory=person)" (or group, when
it's appropriate) a part of the filter. In wide searches it can help a good
bit.
Also, in general for Active Directory, it's important to remember that
queries bound to port 389 (i.e. "straight LDAP") only scope to the local
domain of the server. If you're in a multi-domain forest and you start
searching for things outside of your local domain, the server will return
LDAP Referrals (which are up to the client to handle). Whereas if you bind
to the Global Catalog (port 3268, and the server must be designated a GC...
Most DCs are) you're searching a replicated subset of the entire forest.
The GC has most of the stuff you'd ever look for anyway (and you can always
add more).
Rick
---
Rick Tatem
Messaging and Directory Resources
SAS Institute Inc.
-----Original Message-----
From: John Parks, SEI Webmaster [mailto:jparks@snellinc.com]
Sent: Wednesday, November 09, 2005 9:56 AM
To: perl-ldap@perl.org
Subject: Trying to Query against Active Directory
Greetings,
I am trying to use perl-ldap to search an Active Directory. I am able to
connect and bind, but when I attempt to search I am not getting any usable
results back. I am hoping someone can spot what I am doing wrong and help me
out a bit. I have removed some content from the script replacing it with
notes about what the content was surrounded by []. So the [] are not really
part of the script just place holds for the content.
#!/usr/bin/perl
print "Content-type: text/html\n\n";
use strict;
use Net::LDAP;
my $ad = Net::LDAP->new("[the address I am connecting to]:389") or die
(print "connection failed\n");
$ad->bind("[username]\@[domain ur]l", password =>'[the password using single
quotes due to the use of special characters]');
#Up to this point everything seems to be working based on my error checking.
# Declare the necessary search variables
# What is the search base?
my $searchbase = 'OU=[This is the folder I am looking in. It's three words
separated by a space between each word],DC=[url part],DC=[url part],DC=[url
part]';
# What are we searching for?
my $filter = "CN=[name of one of our users that I know is in the AD]";
# Which attributes should be returned?
my $attrs = "sn, givenname, mail";
# Execute the search
my $results = $ad->search(base=>$searchbase,filter=>$filter,attrs=>$attrs);
# Display entries
my $entry;
$entry = $results->entry(0);
print $entry->get_value('sn').", ".$entry->get_value('givenname')."\n";
print "Email: ".$entry->get_value('mail')."\n";
# Unbind from the server
$ad->unbind;
The error messages I am getting are:
Can't call method "get_value" on an undefined value at test-get.pl line 38,
<DATA> line 225.
To me, this sounds like the search results are not coming back in a useful
manor.
This is what the results look like:
Net::LDAP::Search=HASH(0x8345f68)
Any suggestions would be greatly appreciated.
Thanks
--John
| |
| Chris Ridd 2005-11-09, 7:04 pm |
| On 9/11/05 3:47, Giuoco, Aaron <agiuoco@atlantia.com> wrote:
> CN is a property of any LDAP object.
Er, no it isn't.
Look at the definition of (for example) the top, country, locality,
organization, organizationalUnit, person, organizationalPerson (etc etc)
objectclasses in X.520 and RFC 2256.
Cheers,
Chris
| |
| Aaron Giuoco 2005-11-09, 7:04 pm |
| Yes, you are correct. I mistyped. Thanks for the correcting my error.
AG
> -----Original Message-----
> From: Chris Ridd [mailto:chrisridd@mac.com]
> Sent: Wednesday, November 09, 2005 10:33 AM
> To: perl-ldap@perl.org
> Subject: Re: Trying to Query against Active Directory
>=20
>=20
> On 9/11/05 3:47, Giuoco, Aaron <agiuoco@atlantia.com> wrote:
>=20
>=20
> Er, no it isn't.
>=20
> Look at the definition of (for example) the top, country, locality,
> organization, organizationalUnit, person,=20
> organizationalPerson (etc etc)
> objectclasses in X.520 and RFC 2256.
>=20
> Cheers,
>=20
> Chris
>=20
>=20
>=20
| |
| Jonas Helgi Palsson 2005-11-10, 4:01 am |
| On Wednesday 09 November 2005 15:55, John Parks, SEI Webmaster wrote:
> I am trying to use perl-ldap to search an Active Directory. I am able to
> connect and bind, but when I attempt to search I am not getting any usable
> results back. I am hoping someone can spot what I am doing wrong and help
> me out a bit. I have removed some content from the script replacing it with
> notes about what the content was surrounded by []. So the [] are not really
> part of the script just place holds for the content.
Here's a small script that does a 'ugly' search agains ldap (tried in Linux
against AD) that takes one argument and uses that in 'cn=*ARG*' filter :-)
#!/usr/bin/perl
use strict;
use Net::LDAP;
my $ldapserver = 'ldap.example.com';
my $base = 'dc=example,dc=com';
my $string = $ARGV[0];
my $word;
my $dn;
#getting password
system "stty -echo";
print STDERR "Password for admin: ";
chomp($word = <STDIN> );
print "\n";
system "stty echo";
my $ldap = Net::LDAP->new($ldapserver) or die $@;
my $mesg = $ldap -> bind("cn=admin,dc=example,dc=com", password => "$word");
$mesg -> code && die $mesg -> error;
$mesg = $ldap -> search(base => $base,
filter => 'cn=*' . $string . '*',
scope => 'subtree');
if($mesg -> code){
$ldap -> unbind;
die $mesg -> error;
}
foreach my $entry ($mesg -> all_entries) {
#uncomment the one under to get a dump
# $entry -> dump;
print $entry->dn . "\n";
}
$ldap -> unbind;
The Net::LDAP module is just so neat :-)
Regards Jonas
--
Jonas Helgi Palsson
"Microsoft is not the answer. Microsoft is the question. NO is the answer."
-Erik Naggum
| |
| Peter Marschall 2005-11-13, 7:58 am |
| Hi,
On Wednesday, 9. November 2005 17:01, John Parks, SEI Webmaster wrote:
> I tried the dump and got the following error:
>
> Can't call method "dump" on an undefined value at
> /export/web/infolink/cgi/perl/test-get.pl line 34, <DATA> line 225.
>
> I am getting the feeling it's not getting anything back or it doesn't know
> how to read what it's getting back.
>
> The results print out like this:
> Net::LDAP::Search=3DHASH(0x83460b8)
>
> [ ... lot of stuff deleted ...]
>=20
> # Execute the search
> my $results =3D $ad->search(base=3D>$searchbase,filter=3D>$filter,attrs=
=3D>$attrs);
>
You do neither check whether the search succeeds nor whether it found
entries.=20
To cure it you might try the following directly after performing the search:
die "search failed: ".$results->error()."\n" if ($results->code);
die "nothing found\n" if ($results->count() <=3D 0);
> # Display entries
> my $entry;
>
> $entry =3D $results->entry(0);
>
> print $entry->get_value('sn').", ".$entry->get_value('givenname')."\n";
> print "Email: ".$entry->get_value('mail')."\n";
>
> [ ... stuff deleted ...]
>
> This is what the results look like:
> Net::LDAP::Search=3DHASH(0x8345f68)
This is correct: the result is a Net::LDAP::Search object !
> Any suggestions would be greatly appreciated.
Done.
Hope it helps
Peter
=2D-=20
Peter Marschall | eMail: peter.marschall@adpm.de
Scheffelstra=DFe 15 | Tel: +49 931 14721
D-97072 W=FCrzburg |
PGP: 0BB1 04A3 0FB0 E27F 8018 52BA A286 7B23 9C22 2C83
|
|
|
|
|