7/10/2007 2:33PM
Mr. Barr:
I work at a community college on a network consisting of 8 Microsoft
Windows servers running Microsoft Windows Server 2003 and 900+
Microsoft Windows XP workstations.
I chose to use Perl as a scripting language a year ago. I've
installed your Net::LDAP module to our installation of Perl v 5.8.8
build 819 [267479].
I use Perl Monk as a source of help and have recently come up against
a problem I think is specific to Microsoft network operating system
and their version of LDAP.
The concept of the Distinguished Name ( DN ) and objects have got me
confused at this time.
I wanted to create a script that would allow me to quickly check a
group object to see if it contained a user ID. I can not get the
script to accept what I think the DN is.
Here is a snippet of the code I'm using.
my $nll_Group_Base_Dn =
"CN=TargetGroup,CN=Users,DC=Domain,DC=Name,DC=Vars,DC=edu";
my $acs_User_LogonName =
"CN=logonName,OU=OrgUnit,DC=Domain,DC=Name,DC=Vars,DC=edu";
my $ldap = Net::LDAP->new('Domain.Name.Vars.edu')
or die "Could not connect to server: $@";
my $mesg = $ldap->bind ( "$userToAuthenticate",
password => "$passwd",
version => 3 );
my $attrs = ['cn', 'sn'];
my $results = $ldap->search(
#base => $base_dn,
base => $nll_Group_Base_Dn,
scope => 'base',
attrs => $attrs,
filter => $acs_User_LogonName
);
if ( $results->code ) {
#
# if we've got an error... record it
#
LDAPerror ( "Searching", $results );
}# END if ( $results->code )
if ( $results->count == 0 ){
print "The user $acs_User_LogonName was NOT found in\n";
print "\t group $nll_Group_Base_Dn.\n\n";
}# END if ( $results->count == 0 )
elsif ( $results->count == 1 ) {
print "Found user with logon $acs_User_LogonName in group
$nll_Group_Base_Dn.\n\n";
}# END elsif ( $results->count == 1 )
my $max = $results->count;
for ( my $i = 0 ; $i < $max ; $i++ ) {
my $entry = $results->entry ( $i );
foreach my $attr ( $entry->attributes ) {
print join( "\n ", $attr, $entry->get_value( $attr ) ), "\n";
}
}
$ldap -> unbind;
* * * END of Perl script
The result of this script is to print the data from the 'if ( count
== 0 )' statement. I know the user is a member of the appropriate
group. I added the snippet of code starting with 'my $max = ...'
hoping to get the contents of the attributes to print out so I could
see what was returned but that code does not execute.
I use the Microsoft tool called Active Directory Browser to verify
the DN to specify for the objects I trying to search for in Active
Directory. I've been over the code several time to verify the
spelling. I know the user exists and are in the OU listed in the
script.
Can you suggest something to help me get past this road block.
Thanks for you time.
Carl Hurley
Academic Computer Services
Edmonds Community College
