LDAP - Correct usage

Author

Correct usage

Darren Young

2005-04-14, 4:01 am

I have a general question on how the first parts of the connect (the new() and bind()) calls should be used.

The first question is on the usage of the new method. Now, I'm assuming that new() is actually trying to establish a connection to the server, so if that fails then the server is unavailable? The reason I ask is that we have several LDAP servers that I want to perform searches against, if one is down then move on to the next, if they're all down, explode.

Is this the correct way to perform the new():

if ( $ldap = Net::LDAP->new($host, => timeout=>$timeout, version=>$ldapver)) {
logmsg("$name: established LDAP connection to $host");
} else {
logmsg("$name: FAILED to estblish LDAP connection to $host");
return(0);
}

Now, for the bind() call. Does it return true/false or do I need to evaluate the code() or error() from it? In the same code, I'm doing this:

if ( $mesg = $ldap->bind( $binddn, password => $bindpw ) ) {
logmsg("$name: successful bind to $conn");
} else {
logmsg("$name: FAILED to bind to LDAP server $conn as $binddn");
logmsg("$name: LDAP error code is " . $ldap->code);
logmsg("$name: LDAP error text is " . $ldap->error);
return(0);
}

then I do this:

if ( $mesg->code ) {
logmsg("$name: FAILED to bind to $conn");
logmsg("$name: LDAP error is: " . $mesg->error);
return(0);
} else {
logmsg("$name: bind was successful");
logmsg("$name: performing search");
}

Is the second part just overly redundant?

Any clarification on how new() and bind() actually work would be wonderful. Pointers to other resources or answers would be great. Did the perldoc on it, got me this far..

Thanks in advance,

Darren Young
Senior UNIX Administrator
University of Chicago
Graduate School of Business
http://www.chicagogsb.edu
darren.young@gsb.uchicago.edu

Peter Marschall

2005-04-19, 4:05 pm

Hi Darren,

On Thursday 14 April 2005 03:43, Young, Darren wrote:
> I have a general question on how the first parts of the connect (the new()
> and bind()) calls should be used.
>
> The first question is on the usage of the new method. Now, I'm assuming
> that new() is actually trying to establish a connection to the server, so
> if that fails then the server is unavailable? The reason I ask is that we
> have several LDAP servers that I want to perform searches against, if one
> is down then move on to the next, if they're all down, explode.
>
> Is this the correct way to perform the new():
>
> if ( $ldap = Net::LDAP->new($host, => timeout=>$timeout,
> version=>$ldapver)) { logmsg("$name: established LDAP connection to
> $host");
> } else {
> logmsg("$name: FAILED to estblish LDAP connection to $host");
> return(0);
> }

Correct new() either returns an object or undef. In the latter case the
variable $@ gives more information about the error.

> Now, for the bind() call. Does it return true/false or do I need to
> evaluate the code() or error() from it? In the same code, I'm doing this:
>
> if ( $mesg = $ldap->bind( $binddn, password => $bindpw ) ) {
> logmsg("$name: successful bind to $conn");
> } else {
> logmsg("$name: FAILED to bind to LDAP server $conn as $binddn");
> logmsg("$name: LDAP error code is " . $ldap->code);
> logmsg("$name: LDAP error text is " . $ldap->error);
> return(0);
> }

This is wrong:
Simply do:
$mesg = $ldap->bind( $binddn, password => $bindpw);

The bind() method returns an object no matter if the bind was successful
or not. This resulting object then needs to be checked to find out whether
the bind() was successful.

> if ( $mesg->code ) {
> logmsg("$name: FAILED to bind to $conn");
> logmsg("$name: LDAP error is: " . $mesg->error);
> return(0);
> } else {
> logmsg("$name: bind was successful");
> logmsg("$name: performing search");
> }

This is O.K.

> Is the second part just overly redundant?

No, the first part was ;-)

Hope it helps
Peter
--
Peter Marschall
eMail: peter@adpm.de

Sponsored Links