--- Dennis Putnam <[EMAIL PROTECTED]> wrote:
> Thanks for the reply. I'm not an LDAP expert either
> but this issue is more of a Perl Net::LDAP user than
> an LDAP expert per se. Unfortunately there are no
> real world working script examples readily
> available. The samples that are, show the syntax
> but not the context, making them pretty much
> useless to the novice.
I can't claim to be an expert, but I have worked a
good deal at LDAP both in general and from Perl. Right
you are about there being few examples available (for
values of "few" =~ m/none/). The only LDAP docs I
could manage to find when I was a novice were all
about how nifty the theory of the architecture is,
maybe one document about installing the server, and
absolutely no word on how to set up clients or
otherwise actually use it.
I've been meaning to publish the code I wrote for my
last project to get at least one example out there,
but haven't had the time just yet. (Not that posting
it to my blog would get it out into the aether for
others to readily find...) The script you gave looks
basically correct, though you really should check
whether the binding succeeded. And yes, Net::LDAP::new
sets $@ not $!.
Re not being able to get errors back, the things
Net::LDAP returns are "response objects", these
themselves contain any error messages for what went
wrong, accessible via method calls. This code snippet
from the aforementioned project should help you out.
The bits in all caps are global 'constants' naturally.
# wren ng thornton <[EMAIL PROTECTED]>, 2006, Licenced
under the same terms as Perl
#
# Function to bind to LDAP server with TLS, run a
function, then disconnect
#
# Takes a function as our first argument. That
function recieves a Net::LDAP
# object as its first arg, an error reporting
function as the second, and
# then any extra arguments passed to us.
#
# Returns 0 on success, -1 on connect failure, and the
LDAP error code otherwise
sub connect_to_ldap (&@) {
my ($sub, @user_args) = @_;
sub check_ldap_error {
my ($msg, $result) = @_;
my $code = $result->code();
print STDERR "$0: LDAP Error: $msg: ",
$result->error(), "\n"
if $code;
return $code;
}
# Connect to the server
my $ldap = Net::LDAP->new(@LDAP_NEW_ARGS);
unless (defined $ldap) {
print STDERR "$0: Server Error: Couldn't
connect to server: [EMAIL PROTECTED]";
return -1;
}
# Convert to TLS
my $exit = check_ldap_error("Couldn't convert to
TLS" =>
$ldap->start_tls(@LDAP_TLS_ARGS) );
return $exit if $exit;
# Bind / Authenticate
$exit = check_ldap_error("Couldn't bind to server"
=>
$ldap->bind(@LDAP_BIND_ARGS) );
return $exit if $exit;
# Run the user's code
$exit = &{$sub}($ldap, \&check_ldap_error,
@user_args);
# Don't exit just yet, must unbind first
# Unbind (don't clobber user's return if they had
one)
$exit ||= check_ldap_error("Couldn't unbind from
server" =>
$ldap->unbind() );
return $exit if $exit;
return 0;
}
__END__
Oh, and the filter error you got is because you need
to pass in a filter of what to search for under the
base. If you want everything under the base then you
should use a liberal filter like "(cn=*)" though
generally you never want everything and the server may
hang up on you if you ask for it. I'm quite surprised
that your ldapsearch allows you to get away without
specifying a filter, every version I'm familiar with
will spew errors if you don't pass one.
Live well,
~wren
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
