I have been trying to query my organizations AD for specific usernames and groups, I have had no luck however and have scaled things down to just try to shoot information back at me but im getting some errors I can't seem to debug. I have done searches on this and it seems to be that I'm having an authentication issue with logging on (I am not setup for anon queries to it) I have tried running ldapsearch from the command line with success to find out what works and what doesn't but I seem unable to code this successfully in perl. My end goal is a web based emailsearch tool and dynamic groups being displayed on my website from AD. Here are my successful results from ldasearch..
firewall# ldapsearch -x -b "dc=bhs,dc=local" -D "bhs\noel" -h 192.168.9.1 -p 389 -W "sAMAccountName=noel" -LLL | more Enter LDAP Password: version: 2 # # filter: sAMAccountName=noel # requesting: -LLL # # Noel A. Ashford, Users, bhs, local dn: CN=Noel A. Ashford,CN=Users,DC=bhs,DC=local # search reference ref: ldap://bhs.local/CN=Configuration,DC=bhs,DC=local # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 1 # numReferences: 1 firewall# so these work. how do I code this info into perl. using the net module successfully.. How do I put the -LLL part in as well? This is what I am currently trying. I found this code somewhere and I have also tried code directly from perldoc :Net::LDAP.. All with no success. there are all similar and I think my problem is the same with all things that I have tried. authenticating correctly... #!/usr/bin/perl #-------------------------------------------------------------- # File: ldapquery3.pl # Desc: This script uses the as_struct() function from Net::LDAP. # It lets us individually access each attribute, ie. cn, sn. # Attribute values are stored as an array. # # $base: This is the root node of your tree. # $searchString: Search the tree for nodes meeting the # search conditions. Example: sn=*, cn=Michael Yee. # @Attrs: Array that specifies which attributes should # be displayed for each node in the result set. # Example: @Attrs = [ 'cn', 'sn' ]; # Display cn, sn #-------------------------------------------------------------- use Net::LDAP qw(:all); # Replace localhost with IP address or DNS entry if available $ldap = Net::LDAP->new('192.168.9.1:389', debug => 2) or die "$@"; $mesg = $ldap->bind( "cn=noel, o=Exchange, c=us", passsword => "pass_for_noel"); my $base = "dc=bhs,dc=local"; my $searchString = "sAMAccountName=*"; my @Attrs; @Attrs = [ 'cn', 'sn', 'sAMAccountName' ]; # anonymous array, Return cn and sn only my $result = $ldap->search ( base => "$base", scope => "sub", filter => "$searchString", attrs => @Attrs ); my $href = $result->as_struct; # get an array of the DN's my @arrayOfDNs = keys %$href ; # use DN hashes # process each dn: foreach (@arrayOfDNs) { print "dn: ", $_, "\n"; # print the dn: my $valref = $$href{$_}; # get an array of the attribute names passed for this one DN. my @arrayOfAttrs = sort keys %$valref; #use Attr hashes my $attrName; # Print the attributes and their values foreach $attrName (@arrayOfAttrs) { # skip any binary data next if ( $attrName =~ /;binary$/ ); # get attribute value (pointer) using the attribute name as the hash my $attrVal = @$valref{$attrName} ; #print "\t $attrName: @$attrVal \n"; foreach $attElement (@$attrVal) { print "\t $attrName: $attElement \n"; } } # End of attribute list print "#-------------------------------\n"; } # End of that dn: This is the result I get in my debugging.. firewall# ./test4.cgi Net::LDAP=HASH(0x82767a8) sending: Net::LDAP=HASH(0x82767a8) received: 0000 30 60: SEQUENCE { 0006 02 1: INTEGER = 2 0009 73 51: [APPLICATION 19] { 000F 04 49: STRING = 'ldap://bhs.local/CN=Configuration,DC=bhs,DC=local' 0042 : } 0042 : } Net::LDAP=HASH(0x82767a8) received: 0000 30 16: SEQUENCE { 0006 02 1: INTEGER = 2 0009 65 7: [APPLICATION 5] { 000F 0A 1: ENUM = 0 0012 04 0: STRING = '' 0014 04 0: STRING = '' 0016 : }Net::LDAP=HASH(0x82767a8) sending: 0000 30 79: SEQUENCE { 0002 02 1: INTEGER = 2 0005 63 74: [APPLICATION 3] { 0007 04 15: STRING = 'dc=bhs,dc=local' 0018 0A 1: ENUM = 2 001B 0A 1: ENUM = 2 001E 02 1: INTEGER = 0 0021 02 1: INTEGER = 0 0024 01 1: BOOLEAN = FALSE 0027 87 14: [CONTEXT 7] 0029 : 73 41 4D 41 63 63 6F 75 6E 74 4E 61 6D 65 __ __ sAMAccountName 0037 30 24: SEQUENCE { 0039 04 2: STRING = 'cn' 003D 04 2: STRING = 'sn' 0041 04 14: STRING = 'sAMAccountName' 0051 : } 0051 : } 0051 : } Net::LDAP=HASH(0x82767a8) received: Net::LDAP=HASH(0x82767a8) received: 0016 : } Why is nothing being displayed here? Im asking to send all usernames, and their attributes of CN, sn and the accountname back.. what am I doing wrong here guys? I hope I provided enough to get some help ;) heh -Noel
