Home > Archive > LDAP > December 2006 > search for samaccountname
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
search for samaccountname
|
|
| bubslg@gmail.com 2006-10-30, 7:46 pm |
| Help! I've been banging my head against the wall on this for a while
now. I'm trying to write a script to search for a specific user acct.
The only piece of information I will have is logonid/samaccountname.
I've been trying simple LDAP searches, but not having much luck. The
following works, provided I already know the users name, which is
usually the same as his Display Name. Unfortunately I won't know this,
only thier logon id.
use Win32::OLE;
$user=Win32::OLE->GetObject("<LDAP://cn=someuser,DC=mydomain,DC=org>");
print "$user->{'displayname'}, \n";
print "$user->{'description'}, \n";
Is there any way to apply some type of filter like
& (objectCategory=user)(objectClass=user)(
samaccountname=bubslg) to this
query? Or is there a better way to query for an object that matches a
specific logonid.samaccountname?
Any ideas would be greatly appreciated.
| |
|
| Have you tried using the net-ldap module? It does this pretty easily.
bubslg@gmail.com wrote:
> Help! I've been banging my head against the wall on this for a while
> now. I'm trying to write a script to search for a specific user acct.
> The only piece of information I will have is logonid/samaccountname.
>
> I've been trying simple LDAP searches, but not having much luck. The
> following works, provided I already know the users name, which is
> usually the same as his Display Name. Unfortunately I won't know this,
> only thier logon id.
>
> use Win32::OLE;
> $user=Win32::OLE->GetObject("<LDAP://cn=someuser,DC=mydomain,DC=org>");
> print "$user->{'displayname'}, \n";
> print "$user->{'description'}, \n";
>
> Is there any way to apply some type of filter like
> & (objectCategory=user)(objectClass=user)(
samaccountname=bubslg) to this
> query? Or is there a better way to query for an object that matches a
> specific logonid.samaccountname?
>
> Any ideas would be greatly appreciated.
| |
| arno teunisse 2006-10-31, 7:12 pm |
| <bubslg <at> gmail.com> writes:
>
>
> use Win32::OLE;
> $user=Win32::OLE->GetObject("<LDAP://cn=someuser,DC=mydomain,DC=org>");
> print "$user->{'displayname'}, \n";
> print "$user->{'description'}, \n";
>
You Could use Net-LDAP for searching the LDAP
#!/usr/bin/perl
# Search the CalNet Directory Service using a 'uid' attribute
# and return selected attributes of the UC Berkeley-affiliated
# person, if any, that matches that 'uid'
# Prerequisite: Graham Barr's Perl-LDAP, whose home page is located at:
#
# http://perl-ldap.sourceforge.net/
#
# For additional Perl-LDAP documentation and usage examples, see:
#
# http://www.perlmonth.com/features/l...p.html?issue=11
# http://theoryx5.uwinnipeg.ca/CPAN/d...P/Examples.html
# Some significant limitations of the code sample below include:
#
# - It is a simple, procedural script. You'd likely want to break out
# several of its functions into individual subroutines.
#
# - It performs only primitive error handling. (It just dies and displays
# an error message when an error occurs.)
#
# - It doesn't automatically try any alternate directory servers
# if the primary server is unavailable.
#
# - It performs an "anonymous" bind to the directory.
#
# In some cases, your application might need to bind (authenticate)
# to the CalNet directory as a specific user, rather than anonymously.
# You'd need to do so, for instance, to access non-public attributes of
# campus people, such as their CalNet IDs or student IDs.
#
# (Note: to access such non public-attributes, you'll first need to
# obtain the appropriate permissions from the CalNet System's
# administrators and often also from the campus department[s] which
# own that data.)
#
# Here is an example of how you would bind to the directory as a specific
# user, from Mark Wilcox's article on www.pearlmonth.com (above):
#
# my $mesg = $ldap-> bind('uid=myuid,ou=people,dc=berkeley,dc
=edu',
# password => 'password');
#
# In addition, when binding as a specific user, your application's
# connection to the directory should be made using SSL. This way,
# your directory user password and the non-public data you are
# receiving will be encrypted when being sent over the network.
#
# For more information about how to use Perl-LDAP to connect to the
# directory using SSL encryption, see the documentation for the
# Net::LDAPS module, which is included with the Perl-LDAP distribution:
#
# http://perl-ldap.sourceforge.net/doc/Net/LDAPS.html
#
# The additional prerequisites for using Perl-LDAP with SSL appear to be:
#
# OpenSSL: http://www.openssl.org/
# Net::SSLeay: http://www.bacus.pt/Net_SSLeay/index.html
use Net::LDAP;
my $ldap;
$= = 100000; # setting the page length of STDOUT, so we can have 100000 entries
and only 1 ( one ) header
# ---------------------------------------------------------------
# Accept a single command line parameter, the 'uid' attribute that
# uniquely identifies 'people' entries in the CalNet Directory Service
# $uid = personeels nummer.
# $uid = $ARGV[0];
# instead of using the print statement we create a FORMAT , so all output is
on one line
format STDOUT_TOP =
@<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<@<<<<<<<<<<<<<<<<<<<<<
<<<<<<<<<<<<<<<<<<@<<<<<<<<<<<<<<<<<<<<@<<<<<<<<<<<<<<@<<<<<<<<<<<<<<<<<@<<<<<<<
<<<<<<<<<<<<<<<<<<<<<<<<<<<<@<<<<<<<<<<<<<<
'DisplayName' , 'mail'
,'telephoneNumber', 'Pers.Number', 'mobile' , 'compa
ny' , 'GRIP'
@<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<@<<<<<<<<<<<<<<<<<<<<<
<<<<<<<<<<<<<<<<<<@<<<<<<<<<<<<<<<<<<<<@<<<<<<<<<<<<<<@<<<<<<<<<<<<<<<<<@<<<<<<<
<<<<<<<<<<<<<<<<<<<<<<<<<<<<@<<<<<<<<<<<<<<
"--------------------------------------------------------
","=====================================",'-------------','-----------','-------
------','---------------------------------', '-----------'
..
format STDOUT =
@<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<@<<<<<<<<<<<<<<<<<<<<<
<<<<<<<<<<<<<<<<<<@<<<<<<<<<<<<<<<<<<<<@<<<<<<<<<<<<<<@<<<<<<<<<<<<<<<<<@<<<<<<<
<<<<<<<<<<<<<<<<<<<<<<<<<<<<@<<<<<<<<<<<<<<
$displayName ,";;$eMailAddress"
,";;$phoneNumber" ,";;$persNumber",";;$mobile"
, ";;$company" , ";;$grip"
..
# Convenience placeholder if we want to repeatedly test with a specific uid
# $uid = "3877"; // Replace this uid with the one you would like to test
# Define variables
# ----------------
# LDAP directory to contact
# $directoryURL = "caldir.berkeley.edu";
my ( $directoryURL) = "VLDDC1.simac.local";
# $directoryURL = "pongo.berkeley.edu"; // alternate server
# Portion of the directory we'll be searching
my ($searchBase ) = "OU=Users,OU=SIMAC,DC=simac,DC=local";
# The attributes (and their associated values) that we wish to
# search for in the directory.
#
# In this instance, we're searching for the directory entry
# which matches a specific 'uid'.
#
# If we were searching for entries by name, for instance,
# we could instead search on the common name (cn) attribute,
# such as "(cn=John*Doe)", or the surname (sn) attribute,
# such as "(sn=Doe)" ...
my $searchFilter = "(extensionAttribute3=*)";
# The attributes we'd like to have returned for each entry
#
# (Doing this is entirely optional; it simply reduces the
# volume of data returned by excluding attributes that we're
# not interested in receiving.)
my ( $attributesToReturn) = [
'displayName',
'mail',
'telephoneNumber',
'extensionAttribute3',
'mobile',
'company',
'otherTelephone',
];
# Connect to the directory
# ------------------------
print STDERR "Connecting to LDAP server \"$directoryURL\" ...\n";
# Open a connection to the directory
$ldap = Net::LDAP->new($directoryURL) # as struct
or die "$@";
# Make an anonyous bind to the directory
# (See the comments above if you wish to bind to the
# directory as a specific user.)
my $userToAuthenticate = 'Your_Login' ;
my $passwd = 'Your Passwd' ;
my $mesg = $ldap->bind ( "$userToAuthenticate",
password => "$passwd",
version => 3 ); # use for changes/edits
print STDERR "Looking up directory data for uid \"$uid\" ...\n";
# Perform a search
# ----------------
my $searchResultsObject = $ldap->search
(
# Search the 'people' portion of the directory,
# as defined above
base => $searchBase, # Note the comma here
# Search on the uid attribute
filter => $searchFilter, # and here
# Return only a limited set of attributes from
# the search, *if* we've defined such a set above
attrs => $attributesToReturn
);
# If there is a result code (indicating an error),
# display an error message
if ($searchResultsObject->code) {
print STDERR "An error occurred during the LDAP search attempt:\n";
die $searchResultsObject->error;
}
# Disconnect from the directory
# -----------------------------
$ldap->unbind;
# Work with the data returned from the search
# -------------------------------------------
my $countOfEntriesReturned = $searchResultsObject->count;
print STDERR "Search returned $countOfEntriesReturned entries ...\n\n";
# Cycle through each of the directory entries returned from the
# search, and extract and print the values of selected attributes
# of each entry
for ( my $index = 0 ; $index < $countOfEntriesReturned; $index++)
{
# Look at each of the 'entry' objects returned from the search
my $entry = $searchResultsObject->entry($index);
# Initialize each variable each time through the loop
$displayName = "";
$eMailAddress = "";
$phoneNumber = "";
$extensionAttribute3 = "";
$mobile = "";
$company = "";
$grip = "";
# Extract the values from selected attributes
( $displayName = $entry->get_value('displayname')) =~ s/\s*$// ;
$eMailAddress = $entry->get_value('mail');
$phoneNumber = $entry->get_value('telephoneNumber');
$persNumber = $entry->get_value('extensionAttribute3');
$mobile = $entry->get_value('mobile');
$company = $entry->get_value('company');
$grip = $entry->get_value('otherTelephone');
next if $displayName =~ /^uit diens/i ;
=pod
This will not be executed
Below will write out the data, i've used a STDOUT format
print "Name : $displayName\n";
print "Compagny : $company\n";
print "E-mail : $eMailAddress\n";
print "Phone : $phoneNumber\n";
print "Mobile : $mobile\n";
print "Grip : $grip\n";
print "personeelsNummer: $persNumber\n";
print "\n";
=cut
# using the STDOUT_FORMAT
write;
}
| |
| j.a.m.e.s@btinternet.com 2006-11-13, 8:07 am |
|
Chris wrote:[color=darkred]
> Have you tried using the net-ldap module? It does this pretty easily.
> bubslg@gmail.com wrote:
I'm sure you've managed what you wanted from the other excellent
suggestions, but this code did the trick for extracting Home Drive and
Profile locations:
my $ad = Net::LDAP->new( $DomainController, timeout=>5 ) or die 'Could
not connect to AD: ' . $!;
$ad_msg = $ad->search( base=>'dc=xxxx,dc=xxxx,dc=com',
filter=>"(SamAccountName=$username)",
sizelimit=>1,
timelimit=>10,
scope=>'sub',
sizelimit=>1,
attrs => ['homeDirectory','profilePath'],
callback => \&process_ad_entry );
sub process_ad_entry {
my ( $ad_msg, $entry) = @_;
# Final callback has no entry
if ( defined($entry) ) {
my %hash = ();
$hash{'home'} = $entry->get_value('homeDirectory') || 'Not
Available';
$hash{'profile'} = $entry->get_value('profilePath') || 'Not
Available';
display_results ( \%hash, 'data_lines' );
}
}
This site should give you some ideas on sample LDAP queries:
http://www.petri.co.il/ ldap_search...>
_exchange.htm
Hope this helps
James.
| |
| bubslg 2006-12-06, 4:27 am |
|
Thanks for all the suggestions. I did find a little snippet that seems
to do what I want, however, it seems to have problems returning, or
printing anyway, multiple attributes. I only seem to get the first
attribute. Any ideas?
my $strBase = "<LDAP://dc=bob,dc=com>;"; # BaseDN should be the
search base
my $strFilter =
"(& (objectCategory=user)(ObjectClass=user)(
samAccountName=doug));";
# Valid LDAP search filter
#my $strAttrs = "department,physicalDeliveryOfficeName;"; #
Comma-seperated list
my $strAttrs = "displayname,department;"; # Comma-seperated list
my $strScope = "subtree"; # Should be on of Subtree,
Onelevel or Base
use Win32::OLE;
$Win32::OLE::Warn = 3;
my $objConn = Win32::OLE->CreateObject("ADODB.Connection");
$objConn->{Provider} = "ADsDSOObject";
$objConn->Open;
my $objRS = $objConn->Execute($strBase . $strFilter . $strAttrs .
$strScope);
$objRS->MoveFirst;
while (not $objRS->EOF) {
print $objRS->Fields(0)->Value,"\n";
$objRS->MoveNext;
}
|
|
|
|
|