2

I have the DN of the LDAP entry. I know I could search for it: Doing something like this:

my $search = $ldap->search( 
    base => $dn, 
    scope => "base",
    filter => "(objectclass=*)",
);

But, I don't need to do a search. I have the DN. I simply want to pull up the DN entry and do my operations directly on that. Something like this:

my $dn_entry = $ldap->get( $dn );

Is there a method to get the DN entry from the DN string itself, or do you have to search for the entry even if you know the DN itself?

Improve this question

2 Answers 2

Reset to default
3

Using LDAP, clients must always search or use an extended operation to get data. If you're interested in all the attributes associated with an entry, and the DN is known, use the following parameters in a search request:

  • baseObject: the DN that is known
  • search scope: base
  • filter: either (&) or (objectClass=*)
  • the list of attributes to be returned. Some APIs use * for all user attributes and + for all operational attributes.
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Yeah, this is what I basically did: Search base was the DN and the scope was base and the filter was (objectclass=*). I didn't think of making it (&). It just seems that there must be some way to directly fetch the DN, but looking at the various LDAP APIs, none of them include any way of fetching an entry except through a search.
0

What it sounds like you are saying is that you have stored the "Distinguished Name" (a string) rather than the DN entry (a Net::LDAP::Entry object). If this is the case, I believe you have to create a new Net::LDAP::Entry object from the DN. The documentation indicates that you can apply operations directly to such an object without synchronizing with the server, but this won't supply all the data for the given DN. If you need the server's data, you need to get it via $ldap->search(...).

Have you considered using the Net::LDAP::LDIF mechanism for storing DN data locally?

Improve this answer

1 Comment

Yes, I have the DN string and not the entry. We're moving from a svn_auth_file to LDAP, and I am pulling out all users under a management chain. Manager has an directReports attribute with the DN strings of the employees who are direct reports. I need to recurse through these direct reports to get their direct reports until I have the whole organization. Since I have the DN string, I thought it would be silly to search for the DN Entry with that DN string. I was hoping there was some way to just retrieve that DN directly.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.