Net::LDAP compare question

I am writing a perl script to query an ldap database and find users who
do not belong to any mail distribution list. I can run the query just
fine, but my problem is getting only results back for users who do have
an attribute entry for the field "memberOf". Here is my code
listing....

$ldap = Net::LDAP->new( '**************' );

$mesg = $ldap->bind ( "$user",
password => "$password",
version => 3 );

if (!$base) { $base = "ou=****,ou=*****,dc=******,dc=******"; }

if (!$attrs) { $attrs = [ 'memberOf' ]; }

$search = 'mail=*@**********.com';

$result = $ldap->search ( base => "$base",
scope => "sub",
filter => "$search",
attrs => $attrs
);


$href = $result->as_struct;

@arrayOfDNs = keys %$href;

foreach ( @arrayOfDNs ) {
$dn = $_;
$res = $ldap->compare ( $dn,
attr => "$attrs",
value => ''
);
@entries = $res->dn;

foreach $entr ( @enties ) {
$butes = $entr->dn;
print $butes, "\n";
}

print "#-------------------------------\n";
}

$mesg = $ldap->unbind;



This is pretty much a cut/paste of the example given in CPAN, and I
have replaced the actual values of the query with '*' for obvious
reasons. In the lines

foreach ( @arrayOfDNs ) {
$dn = $_;
$res = $ldap->compare ( $dn,
attr => "$attrs",
value => ''
);

is where I am doing my compare statement, but get nothing back. It
should find any ldap entry where the attribute "memberOf" has no entry.
Any help would be appreciated in this.

Re: Net::LDAP compare question

max_headroom27606@yahoo.com wrote:
> I am writing a perl script to query an ldap database and find users who
> do not belong to any mail distribution list. I can run the query just
> fine, but my problem is getting only results back for users who do have
> an attribute entry for the field "memberOf". Here is my code
> listing....
>

I'm not very familiar with Net::LDAP and, in any case, I don't have
access to an LDAP right now on which to test. But I think you should
rule out the possibility that you're getting problems by writing less
than optimal Perl code.

use strict; # this will require you to declare all variables with 'my'
use warnings;

> $ldap = Net::LDAP->new( '**************' );
>
> $mesg = $ldap->bind ( "$user",

# unnecessary stringification: $user will suffice; drop the quotes
# for this and all other instances

> password => "$password",
> version => 3 );
>
> if (!$base) { $base = "ou=****,ou=*****,dc=******,dc=******"; }
>
> if (!$attrs) { $attrs = [ 'memberOf' ]; }
>
> $search = 'mail=*@**********.com';
>
> $result = $ldap->search ( base => "$base",
> scope => "sub",
> filter => "$search",
> attrs => $attrs
> );
>
>
> $href = $result->as_struct;
>
> @arrayOfDNs = keys %$href;
>
> foreach ( @arrayOfDNs ) {
> $dn = $_;

# Above 2 lines could be reduced to:

foreach my $dn (@arrayOfDNs) {

> $res = $ldap->compare ( $dn,
> attr => "$attrs",
> value => ''
> );
> @entries = $res->dn;
>

# Without thinking too hard about it, what does '->dn' mean in the above
line: method call? hash dereference?

> foreach $entr ( @enties ) {
> $butes = $entr->dn;
> print $butes, "\n";
> }
>
> print "#-------------------------------\n";
> }
>
> $mesg = $ldap->unbind;
>
>
>
> This is pretty much a cut/paste of the example given in CPAN,

That will only be true once you've coded it more cleanly and rerun it
with strictures and warnings.

jimk

Re: Net::LDAP compare question

Ok, I added "use strict;" and found some defects. I am still not
getting the expected results though. This is where it should do the
compare:

my $href = $result->as_struct;

my @arrayOfDNs = keys %$href;


my $dn;
my $res;
my @entries;
my $entr;
my $mesg;
my $crap;

foreach ( @arrayOfDNs ) {
$dn = $_;
$res = $ldap->compare ( $dn,
attr => "$attrs",
value => ''
);
@entries = $res->dn;

foreach $entr ( @entries ) {
$crap = $entr->dn;
print $crap, "\n";


I think I am doing something wrong as far as the compare statement.
This should take the attribute list that I defined earlier in the
script, and return a value of true or false based on the value. If
true, print the DN for the entry. If false, go to the next entry. For
some reason this isn't happening and I don't see the reason why.

Good idea about using strict though.


James E Keenan wrote:
> max_headroom27606@yahoo.com wrote:
> > I am writing a perl script to query an ldap database and find users who
> > do not belong to any mail distribution list. I can run the query just
> > fine, but my problem is getting only results back for users who do have
> > an attribute entry for the field "memberOf". Here is my code
> > listing....
> >
>
> I'm not very familiar with Net::LDAP and, in any case, I don't have
> access to an LDAP right now on which to test. But I think you should
> rule out the possibility that you're getting problems by writing less
> than optimal Perl code.
>
> use strict; # this will require you to declare all variables with 'my'
> use warnings;
>
> > $ldap = Net::LDAP->new( '**************' );
> >
> > $mesg = $ldap->bind ( "$user",
>
> # unnecessary stringification: $user will suffice; drop the quotes
> # for this and all other instances
>
> > password => "$password",
> > version => 3 );
> >
> > if (!$base) { $base = "ou=****,ou=*****,dc=******,dc=******"; }
> >
> > if (!$attrs) { $attrs = [ 'memberOf' ]; }
> >
> > $search = 'mail=*@**********.com';
> >
> > $result = $ldap->search ( base => "$base",
> > scope => "sub",
> > filter => "$search",
> > attrs => $attrs
> > );
> >
> >
> > $href = $result->as_struct;
> >
> > @arrayOfDNs = keys %$href;
> >
> > foreach ( @arrayOfDNs ) {
> > $dn = $_;
>
> # Above 2 lines could be reduced to:
>
> foreach my $dn (@arrayOfDNs) {
>
> > $res = $ldap->compare ( $dn,
> > attr => "$attrs",
> > value => ''
> > );
> > @entries = $res->dn;
> >
>
> # Without thinking too hard about it, what does '->dn' mean in the above
> line: method call? hash dereference?
>
> > foreach $entr ( @enties ) {
> > $butes = $entr->dn;
> > print $butes, "\n";
> > }
> >
> > print "#-------------------------------\n";
> > }
> >
> > $mesg = $ldap->unbind;
> >
> >
> >
> > This is pretty much a cut/paste of the example given in CPAN,
>
> That will only be true once you've coded it more cleanly and rerun it
> with strictures and warnings.
>
> jimk

Re: Net::LDAP compare question

lexx21 wrote:
> Ok, I added "use strict;" and found some defects. I am still not
> getting the expected results though. This is where it should do the
> compare:
>
> my $href = $result->as_struct;
>
> my @arrayOfDNs = keys %$href;
>
>
> my $dn;
> my $res;
> my @entries;
> my $entr;
> my $mesg;
> my $crap;
>
> foreach ( @arrayOfDNs ) {
> $dn = $_;
> $res = $ldap->compare ( $dn,
> attr => "$attrs",
> value => ''
> );
> @entries = $res->dn;
>
> foreach $entr ( @entries ) {
> $crap = $entr->dn;
> print $crap, "\n";
>
>
> I think I am doing something wrong as far as the compare statement.
> This should take the attribute list that I defined earlier in the
> script, and return a value of true or false based on the value. If
> true, print the DN for the entry. If false, go to the next entry. For
> some reason this isn't happening and I don't see the reason why.
>
> Good idea about using strict though.
>
I had luck only when passing a Net::LDAP::Entry object instead of a
string DN although this wasn't clear in the docs. Here's an example:

use Net::LDAP;
use Net::LDAP::Constant /LDAP_COMPARE_TRUE LDAP_COMPARE_FALSE/;

my $result = $ldap->search( base => ...
filter => ...
);
die $result->error if $result->code;

my $compare;
foreach my $entry ($result->entries) {
$compare = $ldap->compare( $entry, attr => ..., value => ... );
if ( $compare->code == LDAP_COMPARE_TRUE ) {
print "compare->code is true"
} elsif ( $compare->code == LDAP_COMPARE_FALSE ) {
print "compare->code is false ";
} else {
print "compare error: ", $compare->code;
}
}


hth,
--
Charles DeRykus