How do I make a complex query with Perl's Net::LDAP?
https://stackoverflow.com/questions/242621
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm having trouble running a complex query against our company LDAP server. I'm using the following Perl script:
use Data::Dumper;
use Net::LDAP;
die "Can't connect to LDAP-Server: $@\n"
unless $ldap = Net::LDAP->new( 'xLDAPx' );
foreach my $filter ( 'ou=Personal', 'ou=BAR', 'ou=Personal,ou=BAR', 'ou=Personal,ou=FOO,o=FOO,dc=foo,dc=com' )
{
$mesg = $ldap->search( base => "o=FOO,dc=foo,dc=com", filter => $filter );
print Dumper($mesg), "\n\n";
}
While the first two filters work (as in returning the expected values) the last and complex one doesn't. It returns an empty array. What really puzzles me is that exactly the same query string works when I use it with a tool like the Softerra LDAP Browser.
I have also tried the same query using PHP's ldap_search & co, no avail.
Can somebody shed some light on this?
Thanks for reading
holli
Edit: This is the structure of the server:
Server
ou=FOO
ou=...
ou=Personal
uid=something
I need a list of uids.
Solution
I think you want it to be more like (&(ou=Personal)(ou=FOO)(o=FOO)(dc=foo)(dc=com)).
But you are not clear at all on what you want exactly, so I can't make a filter for you.
Edited to add: I'm guessing this is what you want to do: (|(ou=Personal)(ou=FOO))
OTHER TIPS
The reason is that you are not providing syntactically correct filter strings, but parts of a DN. I can't imagine this works in Ldap Browser - I just tried myself without success.
The first two are correct filter strings. They filter on a single object attribute in a "({attribute}={value})" fashion. The first ("ou=Personal") would return any OU named "Personal" within your search base.
If you explain in more detail what you are trying to find I can probably tell you what filter expression you need.
Write a filter that conforms to RFC 2254 and then see what happens. You don't need a complex query, you want one attribute for every entry under one branch. Look at the attrs argument for the search method.
