Code Comments

Programming Forum and web based access to our favorite programming groups.
For Programmers: Free Programming Magazines | New: Database administration forum
Registration is free! Edit your profileCalendarFind other membersFrequently Asked QuestionsSearch -> 
Code Comments > PERL > LDAP >

Resolving objectSid between domains


Post New Thread











Thread
Author
Resolving objectSid between domains
We have 2 domains on our network, both using Active Directory.  Domain1 has=
Domain Local security groups that can contain groups or users from Domain2=
=2E  The script that I have scans a group from Domain1 and if it finds an e=
ntry that resides in the ForeignSecurityPrincipals CN, it grabs the objectS=
id property from that ForeignSecurityPrincipals object.  Then I bind to Dom=
ain2 and try to do an LDAP search for that objectSid.  But this search alwa=
ys fails with the 'Bad Filter' error and I don't know why.  Here is the rel=
evant code.  Any ideas as to why my search keeps failing would be greatly a=
ppreciated.

 #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=
START  CODE=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=
=3D=3D=3D

$ldap =3D ldapBind ('my.domain.com', 'user@domain.com', 'password');

my @subMembers;

if ($ldap) {
my $base =3D "$rootDN";
#	filter by the foreign security principal SID from the first domain
my $filter =3D "(objectSid=3D$fsp)";
my $scope =3D 'sub';
my $searchRes =3D $ldap->search(
base =3D> $base,
filter =3D> $filter,
scope =3D> $scope
);
if ($searchRes->code =3D=3D 0) {
foreach my $entry ($searchRes->entries) {
@subMembers =3D getGrpMem($ldap,$entry);
foreach my $member (@subMembers) {
my ($lastname,$firstname) =3D split /,\s/, $member;
print $firstname . " " . $lastname . "\n";
}
}
} else {
print "Error with search in $base:\n" . $searchRes->error . "\n";
print "\$fsp =3D $fsp\n";
print "\$base =3D $base\n";
print "\$filter =3D $filter\n";
}
} else {
print "Error making LDAP connection to second domain.\n";
}
$ldap->unbind();


 #***************************************
*******************************
#	Takes:
#		$ldapConn - reference to an LDAP connection
#		$entry - reference to an LDAP entry that is a group
#	Returns:
#		Returns a list of all of the members of the group.
 #***************************************
*******************************
sub getGrpMem {
my $ldapConn =3D shift;
my $entry =3D shift;
my @retVal;
my $count =3D 0;

my $array =3D $entry->get_value('member',asref =3D> 1);
foreach my $arrayVal (@$array) {
my $searchRes2 =3D $ldapConn->search(
base =3D> $arrayVal,
filter =3D> '(objectclass=3D*)',
scope =3D> 'base',
attrs =3D> 'name','cn','mail'
);
if ($searchRes2->code =3D=3D 0) {
foreach my $entry2 ($searchRes2->entries) {
$retVal[$count++] =3D $entry2->get_value('cn');
}
} else {
print "Error with search for $arrayVal:\n" . $searchRes2->error . "\n";
}
}

return @retVal;
}



___________________________
Aaron Giuoco
e: agiuoco@atlantia.com

Report this thread to moderator Post Follow-up to this message
Old Post
Aaron Giuoco
05-05-05 09:03 PM

Sponsored Links



Last Thread Next Thread Next
Search this forum -> 
Post New Thread

LDAP archive

Show a Printable Version Send to friend Email This Page to Someone! subscribe to this thread Receive updates to this thread
Computer Consultants
Programming Jobs
Visual Basic Controls
SQL Server Programming
Webservices
Java Security
Visual Studio
C# Programming
Visual J++
Software engineering
Open source Software
Perl Programming
PHP Programming
ASP Programming
ASP .NET Programming
Visual Basic Programming
Windows Scripting Host
Java Programming
Java Help
Java Beans
VBScript
Cobol
MAC Applications
Unix Programming
Forum Jump:
All times are GMT. The time now is 09:44 AM.

 
Free MCSE Braindumps | Real Estate Topics
Programming forum archive

Copyrights CodeComments.com 2004 - 2006

Powered by vBulletin Copyright 2000-2006 Jelsoft Enterprises Limited.