CN is a property of any LDAP object. In AD, so is objectCategory. Thus, your filter would look like:
$filter = '(&(cn=my user)(objectCategory=person)(objectclass=user))'; The '&' turns the whole statement into an AND condition. (objectCategory=person)(objectclass=user) makes sure that only user accounts are returned. It would help if you opened up a program like ldp.exe and were able to see the raw LDAP data contained in your AD. This will probably help you find the correct properties to filter on. AG > -----Original Message----- > From: John Parks, SEI Webmaster [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 09, 2005 9:34 AM > To: perl-ldap@perl.org > Subject: RE: Trying to Query against Active Directory > > > Rick- > > Thanks for the reply... > > I tried both enclosing the filter in parentheses and using > port 3268. But it > still came back with the same error: > > Can't call method "get_value" on an undefined value at > test-get.pl line 35, > <DATA> line 225. > > I am new to using LDAP and AD, so I am not sure what you are > suggesting with > using objectcategory=person or group? > > Are you talking about using something like? > my $filter = "(CN=john doe,OU=person)"; > > > --John > > -----Original Message----- > From: Rick Tatem [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 09, 2005 10:20 AM > To: perl-ldap@perl.org > Subject: RE: Trying to Query against Active Directory > > Try enclosing your filter in parentheses (sp?). > > "(cn=[text])" > > Also, I usually suggest making "(objectcategory=person)" (or > group, when > it's appropriate) a part of the filter. In wide searches it > can help a good > bit. > > Also, in general for Active Directory, it's important to remember that > queries bound to port 389 (i.e. "straight LDAP") only scope > to the local > domain of the server. If you're in a multi-domain forest and you start > searching for things outside of your local domain, the server > will return > LDAP Referrals (which are up to the client to handle). > Whereas if you bind > to the Global Catalog (port 3268, and the server must be > designated a GC... > Most DCs are) you're searching a replicated subset of the > entire forest. > The GC has most of the stuff you'd ever look for anyway (and > you can always > add more). > > Rick > > --- > Rick Tatem > Messaging and Directory Resources > SAS Institute Inc. > > -----Original Message----- > From: John Parks, SEI Webmaster [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 09, 2005 9:56 AM > To: perl-ldap@perl.org > Subject: Trying to Query against Active Directory > > Greetings, > > I am trying to use perl-ldap to search an Active Directory. I > am able to > connect and bind, but when I attempt to search I am not > getting any usable > results back. I am hoping someone can spot what I am doing > wrong and help me > out a bit. I have removed some content from the script > replacing it with > notes about what the content was surrounded by []. So the [] > are not really > part of the script just place holds for the content. > > #!/usr/bin/perl > print "Content-type: text/html\n\n"; > use strict; > use Net::LDAP; > > my $ad = Net::LDAP->new("[the address I am connecting to]:389") or die > (print "connection failed\n"); > > $ad->bind("[EMAIL PROTECTED] ur]l", password =>'[the > password using single > quotes due to the use of special characters]'); > > #Up to this point everything seems to be working based on my > error checking. > > # Declare the necessary search variables > > # What is the search base? > > my $searchbase = 'OU=[This is the folder I am looking in. > It's three words > separated by a space between each word],DC=[url part],DC=[url > part],DC=[url > part]'; > > # What are we searching for? > > my $filter = "CN=[name of one of our users that I know is in the AD]"; > > # Which attributes should be returned? > > my $attrs = "sn, givenname, mail"; > > # Execute the search > > my $results = > $ad->search(base=>$searchbase,filter=>$filter,attrs=>$attrs); > > # Display entries > > my $entry; > > $entry = $results->entry(0); > > print $entry->get_value('sn').", > ".$entry->get_value('givenname')."\n"; > print "Email: ".$entry->get_value('mail')."\n"; > > > # Unbind from the server > $ad->unbind; > > The error messages I am getting are: > Can't call method "get_value" on an undefined value at > test-get.pl line 38, > <DATA> line 225. > > To me, this sounds like the search results are not coming > back in a useful > manor. > > This is what the results look like: > Net::LDAP::Search=HASH(0x8345f68) > > Any suggestions would be greatly appreciated. > > Thanks > --John > > >
