| Graham Barr 2006-12-11, 7:30 pm |
| Begin forwarded message:
> From: "Megan Kielman" <megan.kielman@gmail.com>
> Date: December 11, 2006 5:41:02 PM CST
> Subject: Net::LDAP search
> Message-Id:
> < 55b535340612111541k26b69ad7w8da2b4b5d4f7
2082@mail.gmail.com>
>
> Graham,
>
> I hope it is ok that I am emailing you. Anyway, I am searching for
> groups in AD and writing the contents of the "member" attribute to a
> file. I have found there are cases when some groups are not returning
> the members, but when I look in AD, the group does in fact have
> members.
>
> One thing that is common amongst these groups is that when viewing
> them via ADUC, the members all have gray hair which according to MS
> means that the group contains more then 500 members.
>
> here is a sample of my code:
>
> my $ldap = Net::LDAPS->new($addr) or die "$@";
> my $login = $ldap->bind($user, password=> $pass);
> my @srcargs1 = (
> base => $path,
> scope => "sub",
> filter => "(sAMAccountName=
> $group)",
> attrs => ['member', 'name',
> 'description', 'managedBy', 'createTimeStamp', 'modifyTimeStamp'],
> control => [ $page ],
> );
> $search = $ldap->search(@srcargs1);
> foreach $entry ($search->entries) {
> @members = $entry->get_value("member");
> unless (scalar(@members)) {
> &getempty($entry);
> $count++;
> }else{
> print "$group is not empty\n";
> }
> }
>
|