Hello, new poster, all noob disclaimers apply.
I'm trying to write script that will be a concept for other scripts.
I want to connect to Active Directory and have the script
intelligently decipher the configuration naming context to thereafter
poll for other values. However it seems that I can't retrieve
configurationNamingContext from the Root DSE. When I itemize the
attributes for the Root DSE, the following are available:
subschemaSubentry
namingContexts
supportedControl
supportedLDAPVersion
supportedSASLMechanisms
supportedExtension
These are nice, but not what I'm looking for. I vaguely remember that
AD restricts certain attributes to authenticated users, but I can't
find documentation that is specific on the subject. Also, I
successfully authenticate with a valid user ID. I can retrieve the
value of configurationNamingContext manually using the ADSI Edit tool
with the same credentials.
Here's the failed script so far, with all of the sensitive stuff
removed. Any suggestions, or is what I'm trying to do impossible via
Net::LDAP?
#!/usr/bin/perl -w
use Net::DNS;
use Net::LDAP;
use Net::LDAP::Filter;
use Net::LDAP::Control::Paged;
use Net::LDAP::Constant qw( LDAP_CONTROL_PAGED );
use Authen::SASL qw(Perl);
use XML::Dumper;
use strict;
my $user='REMOVED';
my $pw='REMOVED';
my $res=Net::DNS::Resolver->new;
my $query = $res->query('REMOVED');
my @loginservers = map {"ldap://";. $_->target . ":" . $_->port} $query-
>answer;
my $sasl = Authen::SASL->new(mechanism => 'DIGEST-MD5',
callback => {
user => $user,
pass => $pw
},
);
my $ldap = Net::LDAP->new(\...@loginservers);
my $mesg = $ldap->bind(undef, sasl =>$sasl);
$mesg->code && die $mesg->error;
my $dse = $ldap->root_dse();
my $confnamecontext = $dse->get_value('configurationNamingContext');
#my @confnamecontext = $dse->attributes;
#print $mesg->code;
print pl2xml($confnamecontext);
$ldap->unbind;
