Your issue is that your perl logic has only one loop, over the first group. You need to search and then start processing the groups with pop_entry.
You'll also probably need to use paging controls if your domain is large. On Jan 6, 2016 2:55 AM, "Natxo Asenjo" <natxo.ase...@gmail.com> wrote: > hi, > > following the FAQ ( > http://search.cpan.org/~marschap/perl-ldap-0.65/lib/Net/LDAP/FAQ.pod#How_do_I_search_for_all_members_of_a_large_group_in_AD > ?) > > I successfully retrieve all members of a large group, nice. > > The example searchs only using scope 'base' and as base the group > distinguishedname. > > If I change that to > > base = "dc=domain,dc=tld", > scope = "sub", > > it finds just one group: > > my $mesg; > my @members; > my $samaccount; > my $index = 0; > > while ( $index ne '*' ) { > $mesg = $ldapprod->search( > base => $prod_base, > filter => "(objectclass=group)", > scope => 'sub', > attrs => [ ( $index > 0 ) ? "member;range=$index-*" : 'member', > 'samaccountname', ] > ); > if ( $mesg->code == LDAP_SUCCESS ) { > my $entry = $mesg->entry(0); > my $attr; > > # large group: > if ( ($attr) = grep( /^member;range=/, $entry->attributes ) ) { > push( @members, $entry->get_value($attr) ); > $samaccount = $entry->get_value('samaccountname'); > > if ( $attr =~ /^member;range=\d+-(.*)$/ ) { > $index = $1; > $index++ if ( $index ne '*' ); > } > } > > # small group: > else { > @members = $entry->get_value('member'); > $samaccount = $entry->get_value('samaccountname'); > last; > } > } > > # failure > else { > last; > } > } > > if ( $mesg->code == LDAP_SUCCESS ) { > for (@members) { > print "$_\n"; > } > print "Group: $samaccount\n"; > } > > I'm obviously doing something wrong. Do I need to get the groups > distinguishedname and then use the scope 'base' to look at membership of > all groups? > > Thanks for your advice. > > > -- > -- > Groeten, > natxo >
