1Net::LDAP::Examples(3)User Contributed Perl DocumentationNet::LDAP::Examples(3)
2
3
4
6 Net::LDAP::Examples - PERL LDAP by Example
7
9 The following examples are of course PERL code, found to work with the
10 Net::LDAP modules.
11
12 The intent of this document is to give the reader a cut and paste jump
13 start to getting an LDAP application working.
14
15 Below you will find snippets of code that should work as-is with only a
16 small amount of work to correct any variable assignments and LDAP
17 specifics, e.g. Distinguished Name Syntax, related to the user's own
18 implementation.
19
20 The Standard Operating Procedure that is followed here is:
21
22 1 Package - use Net::LDAP
23 2 Initialization - new
24 3 Binding - bind
25 4 Operation - add modify moddn search
26 4.1 Processing - displaying data from a search
27 5 Error - displaying error information
28 6 Unbinding - unbind
29
30 Look to each of these for a snippet of code to meet your needs.
31
32 What is not covered in these examples at this time:
33
34 abandon and compare methods
35 callback subroutines
36
38 PACKAGE - Definitions
39 use Net::LDAP;
40
41 INITIALIZING
42 $ldap = Net::LDAP->new ( "yourLDAPhost.yourCompany.com" ) or die "$@";
43
44 BINDING
45 $mesg = $ldap->bind ( version => 3 ); # use for searches
46
47 $mesg = $ldap->bind ( "$userToAuthenticate",
48 password => "$passwd",
49 version => 3 ); # use for changes/edits
50
51 # see your LDAP administrator for information concerning the
52 # user authentication setup at your site.
53
54 OPERATION - Generating a SEARCH
55 sub LDAPsearch
56 {
57 my ($ldap,$searchString,$attrs,$base) = @_;
58
59 # if they don't pass a base... set it for them
60
61 if (!$base ) { $base = "o=mycompany, c=mycountry"; }
62
63 # if they don't pass an array of attributes...
64 # set up something for them
65
66 if (!$attrs ) { $attrs = [ 'cn','mail' ]; }
67
68 my $result = $ldap->search ( base => "$base",
69 scope => "sub",
70 filter => "$searchString",
71 attrs => $attrs
72 );
73
74 }
75
76 my @Attrs = ( ); # request all available attributes
77 # to be returned.
78
79 my $result = LDAPsearch ( $ldap, "sn=*", \@Attrs );
80
81 PROCESSING - Displaying SEARCH Results
82 #------------
83 #
84 # Accessing the data as if in a structure
85 # i.e. Using the "as_struct" method
86 #
87
88 my $href = $result->as_struct;
89
90 # get an array of the DN names
91
92 my @arrayOfDNs = keys %$href; # use DN hashes
93
94 # process each DN using it as a key
95
96 foreach ( @arrayOfDNs ) {
97 print $_, "\n";
98 my $valref = $$href{$_};
99
100 # get an array of the attribute names
101 # passed for this one DN.
102 my @arrayOfAttrs = sort keys %$valref; #use Attr hashes
103
104 my $attrName;
105 foreach $attrName (@arrayOfAttrs) {
106
107 # skip any binary data: yuck!
108 next if ( $attrName =~ /;binary$/ );
109
110 # get the attribute value (pointer) using the
111 # attribute name as the hash
112 my $attrVal = @$valref{$attrName};
113 print "\t $attrName: @$attrVal \n";
114 }
115 print "#-------------------------------\n";
116 # End of that DN
117 }
118 #
119 # end of as_struct method
120 #
121 #--------
122
123
124 #------------
125 #
126 # handle each of the results independently
127 # ... i.e. using the walk through method
128 #
129 my @entries = $result->entries;
130
131 my $entr;
132 foreach $entr ( @entries ) {
133 print "DN: ", $entr->dn, "\n";
134
135 my $attr;
136 foreach $attr ( sort $entr->attributes ) {
137 # skip binary we can't handle
138 next if ( $attr =~ /;binary$/ );
139 print " $attr : ", $entr->get_value ( $attr ) ,"\n";
140 }
141
142 print "#-------------------------------\n";
143 }
144
145 #
146 # end of walk through method
147 #------------
148
149 OPERATION - Modifying entries
150 #
151 # Modify
152 #
153 # for each of the modifies below you'll need to supply
154 # a full DN (Distinguished Name) for the $dn variable.
155 # example:
156 # cn=Jo User,ou=person,o=mycompany,c=mycountry
157 #
158 # I would recommend doing a search (listed above)
159 # then use the dn returned to populate the $dn variable.
160
161 #
162 # Do we only have one result returned from the search?
163
164 if ( $result->count != 1 ) { exit; } # Nope.. exit
165
166 my $dn = $entries[0]->dn; # yes.. get the DN
167
168 #######################################
169 #
170 # MODIFY using a HASH
171 #
172
173 my %ReplaceHash = ( keyword => "x", proxy => "x" );
174
175 my $result = LDAPmodifyUsingHash ( $ldap, $dn, \%ReplaceHash );
176
177 sub LDAPmodifyUsingHash
178 {
179 my ($ldap, $dn, $whatToChange ) = @_;
180 my $result = $ldap->modify ( $dn,
181 replace => { %$whatToChange }
182 );
183 return $result;
184 }
185
186 #######################################
187 #
188 # MODIFY using a ARRAY List
189 #
190
191 my @ReplaceArrayList = [ 'keyword', "xxxxxxxxxx",
192 'proxy' , "yyyyyyyyyy" ];
193
194 my $result = LDAPmodifyUsingArrayList ( $ldap, $dn, \@ReplaceArrayList );
195
196 sub LDAPmodifyUsingArrayList
197 {
198 my ($ldap, $dn, $whatToChange ) = @_;
199 my $result = $ldap->modify ( $dn,
200 changes => [
201 replace => @$whatToChange
202 ]
203 );
204 return $result;
205 }
206
207 #######################################
208 #
209 # MODIFY using a ARRAY
210 #
211
212 my @ReplaceArray = ( 'keyword', "xxxxxxxxxx" ,
213 'proxy' , "yyyyyyyyyy" );
214
215 my $result = LDAPmodifyUsingArray ( $ldap, $dn, \@ReplaceArray );
216
217 sub LDAPmodifyUsingArray
218 {
219 my ($ldap, $dn, $whatToChange ) = @_;
220 my $result = $ldap->modify ( $dn,
221 changes => [
222 replace => [ @$whatToChange ]
223 ]
224 );
225 return $result;
226 }
227
228 #######################################
229 #
230 # MODIFY an existing record using 'Changes'
231 # (or combination of add/delete/replace)
232 #
233
234 my @whatToChange;
235 my @ReplaceArray;
236 my @DeleteArray;
237 my @AddArray;
238
239 push @AddArray, 'cn', "me myself";
240 push @ReplaceArray, 'sn', '!@#$%^&*()__+Hello There';
241 push @ReplaceArray, 'cn', "me myself I";
242 push @DeleteArray, 'cn', "me myself";
243
244 if ( $#ReplaceArray > 0 ) {
245 push @whatToChange, 'replace';
246 push @whatToChange, \@ReplaceArray;
247 }
248 if ( $#DeleteArray > 0 ) {
249 push @whatToChange, 'delete';
250 push @whatToChange, \@DeleteArray;
251 }
252 if ( $#AddArray > 0 ) {
253 push @whatToChange, 'add';
254 push @whatToChange, \@AddArray;
255 }
256
257 $result = LDAPmodify ( $ldap, $dn, \@whatToChange );
258
259 sub LDAPmodify
260 {
261 my ($ldap, $dn, $whatToChange) = @_;
262
263 my $result = $ldap->modify ( $dn,
264 changes => [
265 @$whatToChange
266 ]
267 );
268 return $result;
269 }
270
271 OPERATION - Changing the RDN
272 my $newRDN = "cn=Joseph User";
273
274 my $result = LDAPrdnChange ( $ldap, $dn, $newRDN, "archive" );
275
276
277 sub LDAPrdnChange
278 {
279 my ($ldap,$dn,$whatToChange,$action) = @_;
280
281 my $branch;
282
283 #
284 # if the archive action is selected, move this
285 # entry to another place in the directory.
286 #
287 if ( $action =~ /archive/i ) {
288 $branch = "ou=newbranch, o=mycompany, c=mycountry";
289 }
290
291 #
292 # use the 'deleteoldrdn' to keep from getting
293 # multivalues in the NAMING attribute.
294 # in most cases that would be the 'CN' attribute
295 #
296 my $result = $ldap->moddn ( $dn,
297 newrdn => $whatToChange,
298 deleteoldrdn => '1',
299 newsuperior => $branch
300 );
301
302 return $result;
303
304 }
305
306 OPERATION - Adding a new Record
307 my $DNbranch = "ou=bailiwick, o=mycompany, c=mycountry";
308
309 #
310 # check with your Directory Schema or Administrator
311 # for the correct objectClass... I'm sure it'll be different
312 #
313 my $CreateArray = [
314 objectClass => [ "top", "person", "organizationalPerson", "inetOrgPerson" ],
315 cn => "Jane User",
316 uid => "0000001",
317 sn => "User",
318 mail => 'JaneUser@mycompany.com'
319 ];
320
321 #
322 # create the new DN to look like this
323 # " cn=Jo User + uid=0000001 , ou=bailiwick, o=mycompany, c=mycountry "
324 #
325 # NOTE: this DN MUST be changed to meet your implementation
326 #
327
328 my $NewDN = "@$CreateArray[2]=".
329 "@$CreateArray[3]+".
330 "@$CreateArray[4]=".
331 "@$CreateArray[5],".
332 $DNbranch;
333
334 LDAPentryCreate($ldap, $NewDN, $CreateArray);
335
336 #
337 # CreateArray is a reference to an anonymous array
338 # you have to dereference it in the subroutine it's
339 # passed to.
340 #
341
342 sub LDAPentryCreate
343 {
344 my ($ldap, $dn, $whatToCreate) = @_;
345 my $result = $ldap->add ( $dn, attrs => [ @$whatToCreate ] );
346 return $result;
347 }
348
349 ERROR - Retrieving and Displaying ERROR information
350 if ( $result->code ) {
351 #
352 # if we've got an error... record it
353 #
354 LDAPerror ( "Searching", $result );
355 }
356
357 sub LDAPerror
358 {
359 my ($from, $mesg) = @_;
360 print "Return code: ", $mesg->code;
361 print "\tMessage: ", $mesg->error_name;
362 print " :", $mesg->error_text;
363 print "MessageID: ", $mesg->mesg_id;
364 print "\tDN: ", $mesg->dn;
365
366 #---
367 # Programmer note:
368 #
369 # "$mesg->error" DOESN'T work!!!
370 #
371 #print "\tMessage: ", $mesg->error;
372 #-----
373 }
374
375 UNBIND
376 $ldap->unbind;
377
379 The following code snippet shows how to retrieve schema information.
380
381 The first procedure is to initialize a new LDAP object using the same
382 procedures as listed at the beginning of this document.
383
384 The second procedure is to bind to your directory server. Some servers
385 may require authentication to retrieve the schema from the directory
386 server. This procedure is listed at the beginning of this document
387 too.
388
389 After a successful bind you are ready to retrieve the schema
390 information. You do this by initializing a schema object.
391
392 $schema = $ldap->schema ( );
393
394 In this case Net::LDAP will attempt to determine the dn under which the
395 schema can be found. First it will look for the attribute
396 "subschemaSubentry" in the root DSE. If that cannot be found then it
397 will default to the assumption of "cn=schema"
398
399 Alternatively you can specify the dn where the schema is to be found
400 with
401
402 $schema = $ldap->schema ( dn => $dn );
403
404 Once we have a dn to search for, Net::LDAP will fetch the schema entry
405 with
406
407 $mesg = $self->search ( base => $dn,
408 scope => 'base',
409 filter => '(objectClass=subschema)',
410 );
411
412 Once the schema object has been initialized, schema methods are used to
413 retrieve the data. There are a number of ways this can be done.
414 Information on the schema methods can be found in the Net::LDAP::Schema
415 pod documentation.
416
417 The following is a code snippet showing how to get and display
418 information about returned attributes.
419
420 #
421 # Get the attributes
422 #
423
424 @attributes = $schema->all_attributes ( );
425
426 #
427 # Display the attributes
428 #
429
430 foreach $ar ( @attributes ) {
431 print "attributeType: ", $ar->{name}, "\n";
432
433 #
434 # Print all the details
435 #
436
437 foreach $key ( keys %{$ar} ) {
438 print join ( "\n\t\t", "\t$key:",
439 ref ( $ar->{$key} ) ? @{$ar->{$key}} : $ar->{$key}
440 ), "\n";
441 }
442 }
443
444 The process is the basically the same for getting objectClass
445 information. Where schema->all_attributes() is used, substitute
446 schema->all_objectclasses(). From that point on the process is the
447 same for both objectClasses and attributes.
448
450 None known, but there may be some
451
453 Russell Biggs <rgb@ticnet.com>
454
456 All rights to this document are hereby relinquished to Graham Barr.
457
458
459
460perl v5.34.0 2022-01-21 Net::LDAP::Examples(3)