Using Net::LDAP or ldapsearch to return attributes of object attributes

Question

In our corporate LDAP structure a 'user' has two attributes:

uid = the id of the user

manager = the DN of the user's manager

Since I'm writing a script to find out the organization chain for a user, I'd like to be able to find the uid of a manager with a single query. Right now, I have to do it in 2 queries:

$ ldapsearch -h ldap.example.com -p 389 -b dc=example,dc=com uid=myuid manager
dn: cn=mycn,L=AMER,DC=EXAMPLE,DC=COM
manager: cn=mymanagercn,L=AMER,DC=EXAMPLE,DC=COM

Parse out the cn value 'mymanagercn', then run another query:

$ ldapsearch -h ldap.example.com -p 389 -b dc=example,dc=com cn=mymanagercn uid
dn: cn=mymanagercn,L=AMER,DC=EXAMPLE,DC=COM
uid: mymanageruid

Is there a way to do this with 1 query? Bonus points if you can do this using the Net::LDAP Perl modules!

Answer 1

No. However, it should be possible with a properly designed API to accomplish this task in one connection, but not in one search request. If you are using the UnboundID Directory Server you can write a plugin using the Server SDK to alter the contents of the search result before it is returned to the client. The plugin could perform the search for the manager entry and append the results to the search result.

Answer 2

The second search can really be a lookup, as you have the complete DN. You shouldn't just strip out the CN, use the whole thing.