Net::LDAP::Examples(3pm)

1Net::LDAP::Examples(3)User Contributed Perl DocumentationNet::LDAP::Examples(3)
2
3
4

NAME

6       Net::LDAP::Examples - PERL LDAP by Example
7

DESCRIPTION

9       The following examples are of course PERL code, found to work with the
10       Net::LDAP modules.
11
12       The intent of this document is to give the reader a cut and paste jump
13       start to getting an LDAP application working.
14
15       Below you will find snippets of code that should work as-is with only a
16       small amount of work to correct any variable assignments and LDAP
17       specifics, e.g. Distinguished Name Syntax, related to the user's own
18       implementation.
19
20       The Standard Operating Proceedure that is followed here is:
21
22       1 Package      - use Net::LDAP
23       2 Initialization    - new
24       3 Binding      - bind
25       4 Operation    - add modify moddn search
26       4.1 Processing - displaying data from a search
27       5 Error        - displaying error information
28       6 Unbinding    - unbind
29
30       Look to each of these for a snippet of code to meet your needs.
31
32       What is not covered in these examples at this time:
33
34       abandon and compare methods
35       callback subroutines
36

CODE

38       PACKAGE - Definitions
39
40        use Net::LDAP;
41
42       INITIALIZING
43
44        $ldap = Net::LDAP->new ( "yourLDAPhost.yourCompany.com" ) or die "$@";
45
46       BINDING
47
48        $mesg = $ldap->bind ( version => 3 );          # use for searches
49
50        $mesg = $ldap->bind ( "$userToAuthenticate",
51                              password => "$passwd",
52                              version => 3 );          # use for changes/edits
53
54        # see your LDAP administrator for information concerning the
55        # user authentication setup at your site.
56
57       OPERATION - Generating a SEARCH
58
59        sub LDAPsearch
60        {
61          my ($ldap,$searchString,$attrs,$base) = @_;
62
63          # if they don't pass a base... set it for them
64
65          if (!$base ) { $base = "o=mycompany, c=mycountry"; }
66
67          # if they don't pass an array of attributes...
68          # set up something for them
69
70          if (!$attrs ) { $attrs = [ 'cn','mail' ]; }
71
72          my $result = $ldap->search ( base    => "$base",
73                                       scope   => "sub",
74                                       filter  => "$searchString",
75                                       attrs   =>  $attrs
76                                     );
77
78       }
79
80        my @Attrs = ( );               # request all available attributes
81                                       # to be returned.
82
83        my $result = LDAPsearch ( $ldap, "sn=*", \@Attrs );
84
85       PROCESSING - Displaying SEARCH Results
86
87        #------------
88        #
89        # Accessing the data as if in a structure
90        #  i.e. Using the "as_struct"  method
91        #
92
93        my $href = $result->as_struct;
94
95        # get an array of the DN names
96
97        my @arrayOfDNs  = keys %$href;        # use DN hashes
98
99        # process each DN using it as a key
100
101        foreach ( @arrayOfDNs ) {
102          print $_, "\n";
103          my $valref = $$href{$_};
104
105          # get an array of the attribute names
106          # passed for this one DN.
107          my @arrayOfAttrs = sort keys %$valref; #use Attr hashes
108
109          my $attrName;
110          foreach $attrName (@arrayOfAttrs) {
111
112            # skip any binary data: yuck!
113            next if ( $attrName =~ /;binary$/ );
114
115            # get the attribute value (pointer) using the
116            # attribute name as the hash
117            my $attrVal =  @$valref{$attrName};
118            print "\t $attrName: @$attrVal \n";
119          }
120          print "#-------------------------------\n";
121          # End of that DN
122        }
123        #
124        #  end of as_struct method
125        #
126        #--------
127
128        #------------
129        #
130        # handle each of the results independently
131        # ... i.e. using the walk through method
132        #
133        my @entries = $result->entries;
134
135        my $entr;
136        foreach $entr ( @entries ) {
137          print "DN: ", $entr->dn, "\n";
138
139          my $attr;
140          foreach $attr ( sort $entr->attributes ) {
141            # skip binary we can't handle
142            next if ( $attr =~ /;binary$/ );
143            print "  $attr : ", $entr->get_value ( $attr ) ,"\n";
144          }
145
146          print "#-------------------------------\n";
147        }
148
149        #
150        # end of walk through method
151        #------------
152
153       OPERATION - Modifying entries
154
155        #
156        #   Modify
157        #
158        #  for each of the modifies below you'll need to supply
159        #  a full DN (Distinguished Name) for the $dn variable.
160        #   example:
161        #    cn=Jo User,ou=person,o=mycompany,c=mycountry
162        #
163        #   I would recommend doing a search (listed above)
164        #   then use the dn returned to populate the $dn variable.
165
166        #
167        #  Do we only have one result returned from the search?
168
169        if ( $result->count != 1 ) { exit; }  # Nope.. exit
170
171        my $dn = $entries[0]->dn;         # yes.. get the DN
172
173        #######################################
174        #
175        #   MODIFY using a HASH
176        #
177
178        my %ReplaceHash = ( keyword => "x", proxy => "x" );
179
180        my $result = LDAPmodifyUsingHash ( $ldap, $dn, \%ReplaceHash );
181
182        sub LDAPmodifyUsingHash
183        {
184          my ($ldap, $dn, $whatToChange ) = @_;
185          my $result = $ldap->modify ( $dn,
186                                       replace => { %$whatToChange }
187                                     );
188          return $result;
189        }
190
191        #######################################
192        #
193        #   MODIFY using a ARRAY List
194        #
195
196        my @ReplaceArrayList = [ 'keyword', "xxxxxxxxxx",
197                                 'proxy' , "yyyyyyyyyy"   ];
198
199        my $result = LDAPmodifyUsingArrayList ( $ldap, $dn, \@ReplaceArrayList );
200
201        sub LDAPmodifyUsingArrayList
202        {
203          my ($ldap, $dn, $whatToChange ) = @_;
204          my $result = $ldap->modify ( $dn,
205                                       changes => [
206                                         replace => @$whatToChange
207                                       ]
208                                     );
209          return $result;
210        }
211
212        #######################################
213        #
214        #   MODIFY using a ARRAY
215        #
216
217        my @ReplaceArray = ( 'keyword', "xxxxxxxxxx" ,
218                             'proxy' , "yyyyyyyyyy"   );
219
220        my $result = LDAPmodifyUsingArray ( $ldap, $dn, \@ReplaceArray );
221
222        sub LDAPmodifyUsingArray
223        {
224          my ($ldap, $dn, $whatToChange ) = @_;
225          my $result = $ldap->modify ( $dn,
226                                       changes => [
227                                         replace => [ @$whatToChange ]
228                                       ]
229                                     );
230          return $result;
231        }
232
233        #######################################
234        #
235        #   MODIFY an existing record using 'Changes'
236        #    (or combination of add/delete/replace)
237        #
238
239        my @whatToChange;
240        my @ReplaceArray;
241        my @DeleteArray;
242        my @AddArray;
243
244        push @AddArray, 'cn', "me myself";
245        push @ReplaceArray, 'sn', '!@#$%^&*()__+Hello THere';
246        push @ReplaceArray, 'cn', "me myself I";
247        push @DeleteArray, 'cn', "me myself";
248
249        if ( $#ReplaceArray > 0 ) {
250          push @whatToChange, 'replace';
251          push @whatToChange, \@ReplaceArray;
252        }
253        if ( $#DeleteArray > 0 ) {
254          push @whatToChange, 'delete';
255          push @whatToChange, \@DeleteArray;
256        }
257        if ( $#AddArray > 0 ) {
258          push @whatToChange, 'add';
259          push @whatToChange, \@AddArray;
260        }
261
262        $result = LDAPmodify ( $ldap, $dn, \@whatToChange );
263
264        sub LDAPmodify
265        {
266          my ($ldap, $dn, $whatToChange) = @_;
267
268          my $result = $ldap->modify ( $dn,
269                                       changes => [
270                                         @$whatToChange
271                                       ]
272                                     );
273          return $result;
274        }
275
276       OPERATION - Changing the RDN
277
278        my $newRDN = "cn=Joseph User";
279
280        my $result = LDAPrdnChange ( $ldap, $dn, $newRDN, "archive" );
281
282        sub LDAPrdnChange
283        {
284          my ($ldap,$dn,$whatToChange,$action) = @_;
285
286          my $branch;
287
288          #
289          # if the archive action is selected, move this
290          # entry to another place in the directory.
291          #
292          if ( $action =~ /archive/i )  {
293            $branch = "ou=newbranch, o=mycompany, c=mycountry";
294          }
295
296          #
297          # use the 'deleteoldrdn' to keep from getting
298          # multivalues in the NAMING attribute.
299          # in most cases that would be the 'CN' attribute
300          #
301          my $result = $ldap->moddn ( $dn,
302                                      newrdn => $whatToChange,
303                                      deleteoldrdn => '1',
304                                      newsuperior => $branch
305                                    );
306
307          return $result;
308
309        }
310
311       OPERATION - Adding a new Record
312
313        my $DNbranch = "ou=bailiwick, o=mycompany, c=mycountry";
314
315        #
316        # check with your Directory Schema or Administrator
317        # for the correct objectClass... I'm sure it'll be different
318        #
319        my $CreateArray = [
320          objectClass => [ "top", "person", "organizationalPerson", "inetOrgPerson" ],
321          cn => "Jane User",
322          uid => "0000001",
323          sn => "User",
324          mail => "JaneUser@mycompany.com"
325        ];
326
327        #
328        # create the  new DN to look like this
329        # " cn=Jo User + uid=0000001 , ou=bailiwick, o=mycompany, c=mycountry "
330        #
331        # NOTE: this DN  MUST be changed to meet your implementation
332        #
333
334        my $NewDN = "@$CreateArray[2]=".
335                    "@$CreateArray[3]+".
336                    "@$CreateArray[4]=".
337                    "@$CreateArray[5],".
338                    $DNbranch;
339
340        LDAPentryCreate($ldap, $NewDN, $CreateArray);
341
342        #
343        # CreateArray is a reference to an anonymous array
344        # you have to dereference it in the  subroutine it's
345        # passed to.
346        #
347
348        sub LDAPentryCreate
349        {
350           my ($ldap, $dn, $whatToCreate) = @_;
351           my $result = $ldap->add ( $dn, attrs => [ @$whatToCreate ] );
352           return $result;
353        }
354
355       ERROR - Retrieving and Displaying ERROR information
356
357        if ( $result->code ) {
358          #
359          # if we've got an error... record it
360          #
361          LDAPerror ( "Searching", $result );
362        }
363
364        sub LDAPerror
365        {
366          my ($from, $mesg) = @_;
367          print "Return code: ", $mesg->code;
368          print "\tMessage: ", $mesg->error_name;
369          print " :",          $mesg->error_text;
370          print "MessageID: ", $mesg->mesg_id;
371          print "\tDN: ", $mesg->dn;
372
373          #---
374          # Programmer note:
375          #
376          #  "$mesg->error" DOESN'T work!!!
377          #
378          #print "\tMessage: ", $mesg->error;
379          #-----
380        }
381
382       UNBIND
383
384        $ldap->unbind;
385

LDAP SCHEMA RETRIEVAL

387       The following code snippet shows how to retrieve schema information.
388
389       The first procedure is to initialize a new LDAP object using the same
390       procedures as listed at the beginning of this document.
391
392       The second procedure is to bind to your directory server.  Some servers
393       may require authentication to retrieve the schema from the directory
394       server.  This procedure is listed at the beginning of this document
395       too.
396
397       After a successful bind you are ready to retrieve the schema informa‐
398       tion.  You do this by initializing a schema object.
399
400        $schema = $ldap->schema ( );
401
402       In this case Net::LDAP will attempt to determine the dn under which the
403       schema can be found. First it will look for the attribute "subschema‐
404       subentry" in the root DSE. If that cannot be found then it will default
405       to the assumption of "cn=schema"
406
407       Alternatively you can specify the dn where the schema is to be found
408       with
409
410        $schema = $ldap->schema ( dn => $dn );
411
412       Once we have a dn to search for, Net::LDAP will fetch the schema entry
413       with
414
415         $mesg = $self->search ( base   => $dn,
416                                 scope  => 'base',
417                                 filter => '(objectClass=subschema)',
418                               );
419
420       Once the schema object has been initialized, schema methods are used to
421       retrieve the data.  There are a number of ways this can be done.
422       Information on the schema methods can be found in the Net::LDAP::Schema
423       pod documentation.
424
425       The following is a code snippet showing how to get and display informa‐
426       tion about returned attributes.
427
428        #
429        # Get the attributes
430        #
431
432        @attributes = $schema->all_attributes ( );
433
434        #
435        # Display the attributes
436        #
437
438        foreach $ar ( @attributes ) {
439          print "attributeType: ", $ar->{name}, "\n";
440
441          #
442          # Print all the details
443          #
444
445          foreach $key ( keys %{$ar} ) {
446            print join ( "\n\t\t", "\t$key:",
447                         ref ( $ar->{$key} ) ? @{$ar->{$key}} : $ar->{$key}
448                       ), "\n";
449          }
450        }
451
452       The process is the basically the same for getting objectClass informa‐
453       tion.  Where schema->all_attributes() is used, substitute
454       schema->all_objectclasses().  From that point on the process is the
455       same for both objectClasses and attributes.
456

BUGS

458       None known, but there may be some
459

AUTHOR (of this document)

461       Russell Biggs <rgb@ticnet.com>
462

COPYRIGHT

464       All rights to this document are hereby relinquished to Graham Barr.
465
466
467
468perl v5.8.8                       2007-02-10            Net::LDAP::Examples(3)