>From what I can see, your main problem is your search filter. In your code, your entire search filter was $acs_User_LogonName, which represents the distinguished name of your user. Your filter needs to also include the attribute being queried, so it would be something like:
"uniquemember=$acs_User_LogonName" David Pinkowitz Senior Software Engineer Numara(tm) Software, Inc. 732.404.8943 (o) 732.287.4929 (f) [EMAIL PROTECTED] -----Original Message----- From: Carl Hurley [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 10, 2007 6:11 PM To: [EMAIL PROTECTED] Subject: Perl Net::LDAP question 7/10/2007 2:33PM Mr. Barr: I work at a community college on a network consisting of 8 Microsoft Windows servers running Microsoft Windows Server 2003 and 900+ Microsoft Windows XP workstations. I chose to use Perl as a scripting language a year ago. I've installed your Net::LDAP module to our installation of Perl v 5.8.8 build 819 [267479]. I use Perl Monk as a source of help and have recently come up against a problem I think is specific to Microsoft network operating system and their version of LDAP. The concept of the Distinguished Name ( DN ) and objects have got me confused at this time. I wanted to create a script that would allow me to quickly check a group object to see if it contained a user ID. I can not get the script to accept what I think the DN is. Here is a snippet of the code I'm using. my $nll_Group_Base_Dn = "CN=TargetGroup,CN=Users,DC=Domain,DC=Name,DC=Vars,DC=edu"; my $acs_User_LogonName = "CN=logonName,OU=OrgUnit,DC=Domain,DC=Name,DC=Vars,DC=edu"; my $ldap = Net::LDAP->new('Domain.Name.Vars.edu') or die "Could not connect to server: $@"; my $mesg = $ldap->bind ( "$userToAuthenticate", password => "$passwd", version => 3 ); my $attrs = ['cn', 'sn']; my $results = $ldap->search( #base => $base_dn, base => $nll_Group_Base_Dn, scope => 'base', attrs => $attrs, filter => $acs_User_LogonName ); if ( $results->code ) { # # if we've got an error... record it # LDAPerror ( "Searching", $results ); }# END if ( $results->code ) if ( $results->count == 0 ){ print "The user $acs_User_LogonName was NOT found in\n"; print "\t group $nll_Group_Base_Dn.\n\n"; }# END if ( $results->count == 0 ) elsif ( $results->count == 1 ) { print "Found user with logon $acs_User_LogonName in group $nll_Group_Base_Dn.\n\n"; }# END elsif ( $results->count == 1 ) my $max = $results->count; for ( my $i = 0 ; $i < $max ; $i++ ) { my $entry = $results->entry ( $i ); foreach my $attr ( $entry->attributes ) { print join( "\n ", $attr, $entry->get_value( $attr ) ), "\n"; } } $ldap -> unbind; * * * END of Perl script The result of this script is to print the data from the 'if ( count == 0 )' statement. I know the user is a member of the appropriate group. I added the snippet of code starting with 'my $max = ...' hoping to get the contents of the attributes to print out so I could see what was returned but that code does not execute. I use the Microsoft tool called Active Directory Browser to verify the DN to specify for the objects I trying to search for in Active Directory. I've been over the code several time to verify the spelling. I know the user exists and are in the OU listed in the script. Can you suggest something to help me get past this road block. Thanks for you time. Carl Hurley Academic Computer Services Edmonds Community College
