Version of Perl:
5.8.0 (as supplied with RedHat9)
Version of Net::LDAP:
[EMAIL PROTECTED] utilities]$ perl -mNet::LDAP -e 'print "$Net::LDAP::VERSION\n"'
0.29
Relevant part of Perl code:
#!/usr/bin/perl
use Net::LDAP;
use Net::LDAP::Filter;
$filter = '(&(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.803:=2))';
#$filter = '(objectCategory=person)';
$f = new Net::LDAP::Filter;
$f->parse($filter);
$f->print();
#exit;
my $ldap = Net::LDAP->new('acutex-dc01');
my $mesg = $ldap->bind(dn => "***valid-account***",
password => "***appropriate-password***");
$mesg = $ldap->search( base => "DC=hilite-ind, DC=net",
filter => $filter,
);
die $mesg->error if $mesg->code;
foreach my $entry ($mesg->entries) {
my @addresses = $entry->get_value("ProxyAddresses");
foreach my $address(@addresses) {
if ($address =~ s/^smtp://i) {
print "$address\n";
}
}
}
---- END PERL CODE ----
If the second $filter assignment is uncommented I run into a size limit so the "die"
takes effect, but if I comment out that "die" I get appropriate results. As is above,
the query appears to be sent to the LDAP server (domain controller) but then it dies
when it gets to the "die if" statement. If I write a similar routine in PHP (some
account info, same machine), then the query correctly returns a list of email
addresses for disabled users.
Regarding the PS: I know. I've tried telling that the disclaimer is silly in general
and does nothing to protect us legally, but corporate seems to sleep better at night
with it in place or something like that so they won't remove it.
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange
Server next.
-----Original Message-----
From: Peter Marschall [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 30, 2003 5:11 AM
To: Steenhagen, Jacob; [EMAIL PROTECTED]
Subject: Re: Net::LDAP, Active Directory and Disabled Users
Hi,
On Monday 29 September 2003 22:50, Steenhagen, Jacob wrote:
> I've been trying to write a simple perl script that will query the active
> directory via LDAP and give me a list of email addresses for disabled users
> (eg, addresses we don't want to accept email for anymore). I found a
> website or two that suggested I use the following as my filter:
>
> (&(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.803:=2))
>
> I was beginning to think these websites were wrong as whenever I tried this
> filter, I'd go no results. With other filters, I'd get the results I'd
> expect to get. I then tried that filter in a couple other applications (one
> MS tool and a PHP script running on the same box as my perl script) and it
> worked as expected in those cases. In the interest of testing, I created a
> Net::LDAP::Filter object in my script and it seemed to parse the filter
> fine. But when I try to run it via the search routine of Net::LDAP I get
> the following error:
>
> I/O Error at ./gather_email.pl line 24, <DATA> line 283.
>
>
> Unfortunately, I'm not an LDAP expert by any means nor am I at all familiar
> with the Net::LDAP code so I think I've hit a stand-still. Has anybody else
> experienced this (I did try a couple searches and came up empty). Or better
> yet, does anybody know how to fix it :).
It would help people willing to help you if they knew
* the interesting parts of your script
* the data you feed it
* the versions of Perl and perl-ldap you use
Peter
PS: the discaimer you send is ridiculous when sending to a mailing list
with subscribers from all over the world.
--
Peter Marschall
eMail: [EMAIL PROTECTED]
* EMAIL DISCLAIMER AND TERMS OF USE *
The information transmitted is intended only for the person to whom it is addressed
and may contain confidential and/or privileged material. If you have received an email
in error please notify [EMAIL PROTECTED] and then delete all copies of it from your
systems.
Any use of, or any action relying upon, information in an email by persons other than
the intended recipient is prohibited.
Although Hilite International scans incoming and outgoing emails and email attachments
for viruses we cannot guarantee a communication to be free of all viruses nor accept
any responsibility for viruses.
Although Hilite International monitors incoming and outgoing emails for inappropriate
content, Hilite International cannot be held responsible for the views or expressions
of the author.
The views expressed may not necessarily be those of Hilite International and Hilite
International cannot be held responsible for any loss or injury resulting from the
contents of a message.
