| Aaron Giuoco 2005-05-05, 4:03 pm |
| We have 2 domains on our network, both using Active Directory. Domain1 has=
Domain Local security groups that can contain groups or users from Domain2=
=2E The script that I have scans a group from Domain1 and if it finds an e=
ntry that resides in the ForeignSecurityPrincipals CN, it grabs the objectS=
id property from that ForeignSecurityPrincipals object. Then I bind to Dom=
ain2 and try to do an LDAP search for that objectSid. But this search alwa=
ys fails with the 'Bad Filter' error and I don't know why. Here is the rel=
evant code. Any ideas as to why my search keeps failing would be greatly a=
ppreciated.
#=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
START CODE=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
$ldap =3D ldapBind ('my.domain.com', 'user@domain.com', 'password');
my @subMembers;
if ($ldap) {
my $base =3D "$rootDN";
# filter by the foreign security principal SID from the first domain
my $filter =3D "(objectSid=3D$fsp)";
my $scope =3D 'sub';
my $searchRes =3D $ldap->search(
base =3D> $base,
filter =3D> $filter,
scope =3D> $scope
);
if ($searchRes->code =3D=3D 0) {
foreach my $entry ($searchRes->entries) {
@subMembers =3D getGrpMem($ldap,$entry);
foreach my $member (@subMembers) {
my ($lastname,$firstname) =3D split /,\s/, $member;
print $firstname . " " . $lastname . "\n";
}
}
} else {
print "Error with search in $base:\n" . $searchRes->error . "\n";
print "\$fsp =3D $fsp\n";
print "\$base =3D $base\n";
print "\$filter =3D $filter\n";
}
} else {
print "Error making LDAP connection to second domain.\n";
}
$ldap->unbind();
#***************************************
*******************************
# Takes:
# $ldapConn - reference to an LDAP connection
# $entry - reference to an LDAP entry that is a group
# Returns:
# Returns a list of all of the members of the group.
#***************************************
*******************************
sub getGrpMem {
my $ldapConn =3D shift;
my $entry =3D shift;
my @retVal;
my $count =3D 0;
my $array =3D $entry->get_value('member',asref =3D> 1);
foreach my $arrayVal (@$array) {
my $searchRes2 =3D $ldapConn->search(
base =3D> $arrayVal,
filter =3D> '(objectclass=3D*)',
scope =3D> 'base',
attrs =3D> 'name','cn','mail'
);
if ($searchRes2->code =3D=3D 0) {
foreach my $entry2 ($searchRes2->entries) {
$retVal[$count++] =3D $entry2->get_value('cn');
}
} else {
print "Error with search for $arrayVal:\n" . $searchRes2->error . "\n";
}
}
return @retVal;
}
___________________________
Aaron Giuoco
e: agiuoco@atlantia.com
|