Overview#
An Example code we put together to help out with the semantics of a How To for adding a user to LDAP (Microsoft Active Directory specifically) using Perl in the sample.Often the hard part of connecting to AD using LDAP is determining the FDN of the user to login with.
NOTE: We specifically do NOT set a password as Microsoft Active Directory requires at least 128 bit SSL do set passwords.
#!/usr/bin/perl
use warnings;
use strict;
use Net::LDAP;
use IO::Socket;
use IO::Socket::INET;
my $base = "CN=Users,DC=mad,DC=yourdomain,DC=com";
my @Attrs = (
"accountexpires", "badpasswordtime",
"badpwdcount", "cn",
"displayname", "distinguishedname",
"givenname", "instancetype",
"lastlogoff", "lastlogon",
"lastlogontimestamp", "logoncount",
"memberof", "name",
" objectcategory", "objectclass"
);
my $ldapconnect =
Net::LDAP->new( "mad.yourdomain.com", version => 3, port => 389 );
print "\n";
my $bind =
$ldapconnect->bind( "CN=Administrator,CN=Users,DC=mad,DC=yourdomain,DC=com",
password => "secret" );
if ( $bind->code ) {
LDAPerror( "Bind: ", $bind );
}
print "\n";
my $currentCN = "testFour";
my $currentDN = "CN=".$currentCN.",".$base;
my $addrs =
addAdUser( $ldapconnect, $currentDN,
$currentCN, "User", "User.$currentCN", $currentCN );
if ( $addrs->code ) {
LDAPerror( "Bind: ", $addrs );
}
# We need to wait a little bit for AD to add the user...
print "waiting ..";
my $num = 10;
while($num--)
{
sleep(1);
print ".";
}
print "\n";
my $results = LDAPsearch( $ldapconnect, "cn=".$currentCN, \@Attrs, $base );
DisplayResults($results);
sub LDAPsearch {
my ( $ldap, $searchString, $attrs, $base ) = @_;
# if they don't pass a base... set it for them
if ( !$base ) { $base = "o=mycompany, c=mycountry"; }
# if they don't pass an array of attributes...
# set up something for them
if ( !$attrs ) { $attrs = [ 'cn', 'mail' ]; }
my $sr = $ldap->search(
base => "$base",
scope => "sub",
filter => "$searchString",
attrs => $attrs
);
}
sub DisplayResults {
my ($results) = @_;
#------------
#
# Accessing the data as if in a structure
# i.e. Using the "as_struct" method
#
my $href = $results->as_struct;
# get an array of the DN names
my @arrayOfDNs = keys %$href; # use DN hashes
# process each DN using it as a key
foreach (@arrayOfDNs) {
print $_, "\n";
my $valref = $$href{$_};
# get an array of the attribute names
# passed for this one DN.
my @arrayOfAttrs = sort keys %$valref; #use Attr hashes
my $attrName;
foreach $attrName (@arrayOfAttrs) {
# skip any binary data: yuck!
next if ( $attrName =~ /;binary$/ );
# get the attribute value (pointer) using the
# attribute name as the hash
my $attrVal = @$valref{$attrName};
print "\t $attrName: @$attrVal \n";
}
print "#-------------------------------\n";
# End of that DN
}
#
# end of as_struct method
#
#--------
#------------
#
# handle each of the results independently
# ... i.e. using the walk through method
#
my @entries = $results->entries;
my $entr;
foreach $entr (@entries) {
print "DN: ", $entr->dn, "\n";
my $attr;
foreach $attr ( sort $entr->attributes ) {
# skip binary we can't handle
next if ( $attr =~ /;binary$/ );
print " $attr : ", $entr->get_value($attr), "\n";
}
print "#-------------------------------\n";
}
#
# end of walk through method
#------------
sub LDAPerror {
my $unknown = "not known";
my ( $from, $mesg ) = @_;
print "Return code: ", $mesg->code;
print "\tMessage: ", $mesg->error_name;
print " :", $mesg->error_text;
print "MessageID: ", $mesg->mesg_id;
my $dn = $mesg->dn;
if ( !$dn ) { $dn = $unknown; }
print "\tDN: ", $dn;
#---
# Programmer note:
#
# "$mesg->error" DOESN'T work!!!
#
#print "\tMessage: ", $mesg->error;
#-----
}
sub addAdUser {
my ( $ldap, $dn, $cn, $sn, $displayName, $givenName ) = @_;
$ldap->add(
$dn,
attr => [
'cn' => $cn,
'sn' => $sn,
'displayName' => $displayName,
'givenName' => $givenName,
'objectclass' =>
[ "top", "person", "organizationalPerson", "user" ]
]
);
}
}
