1

Currently have an small perl script what for the given username fetch his email address from the ActiveDirectory using Net::LDAP.

The search part is the following:

my $user = "myuser";
my $mesg = $ldap->search(
    base => "dc=some,dc=example,dc=com",
    filter => '(&(sAMAccountName=' . $user . ')(mail=*))',   #?!?
);
for my $entry ($mesg->entries) {
    my $val = $entry->get_value('mail');
    say "==$val==";
}

Working ok.

How i should modify the above statement to fetch all available information for the given user myuser? I'm looking to get an perl-ish data structure, such something like next:

my $alldata = search(... all info for the given $user ... );
say Dumper $alldata; #hashref with all stored informations for the $user

It is probably dead simple - but i'm an total AD & LDAP-dumb person...

Edit: When I dump out the $msg->entries (what is an LADP::Entry object) got something, but i'm not sure than it contains everything or only the part of the stored data...

Improve this question
5
  • if you want to see what you get a fast way is to dump them out... foreach my $e ($mesg->entries) { $e->dump; }. But unless you stipulate that you only want a few attributes or your service account only has access to some attributes you should get all data attributes. Commented Dec 5, 2014 at 19:48
  • So, with the filer => ... what is in my above code I should get all information available for my service account for the given user? Commented Dec 5, 2014 at 19:59
  • correct, you would get everything that is available to your service account for every user that has a an (e)mail address. If you want users that don't have mail (not that any wouldn't have mail) you could just use the specific samaccountname in your filter => '(sAMAccountName=' . $user . '). You can iterate over all of the attributes returned too... foreach $a ( $e->attributes ). Each value back is either going to be a scalar or an array depending on whether it is single or multi valued. Commented Dec 5, 2014 at 20:13
  • if you want all of the enabled users you could ask for filter => '(&(objectclass=user)(userAccountControl=512))' Commented Dec 5, 2014 at 20:38
  • if you dump variable $entry , you will show everything. You can compare this with any ldap client. for example apache directory studio will show you what you can access by ldap. it works with ms AD properly. But with you code, you do not use attrs filter in search. Then you will fetch everything, including 'objectClass' attributes. Commented Jun 20, 2018 at 9:56

1 Answer 1

Reset to default
2

I've done something similar, and I use this to query LDAP:

my $ldapResponse = $ldap->search(base => $base, filter => $filter, attrs => $attrs);

And then this to parse it:

  if ($ldapResponse && $ldapResponse->count()) {
    $ldapResponse->code && die $ldapResponse->error;
    my %domainNames = %{$ldapResponse->as_struct};
    foreach my $domainName (keys %domainNames) {
      my %ldapResponse;

      my %dnHash = %{$domainNames{$domainName}};

      foreach my $attr (sort(keys %dnHash)) {
        # Note that the value for each key of %dnHash is an array,
        # so join it together into a string.
        my $value = join(" ", @{$dnHash{$attr}});
        $ldapResponse{$attr} = $value;
      }
      // Dump/use %ldapResponse
    }
  }

I've never tried to use the ldap->entries in your code, but the above works for me!

I explicitly specify a(long) list of attributes ($attr), but perhaps that's optional as your example shows, and you can get ALL LDAP fields by just skipping that arg to search().

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanx, The main question is how to construct the right $filter to get ALL stored info.
The $filter limits what records get returned, think of it as the WHO of the query. The $attr limits WHAT fields get returned with each record. Just checked the docs, and $attr is optional. So if you want ALL the fields for a given user, run the search() the way it's in your code, but then use my code to parse the results and get ALL the fields.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.