Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Using Perl With Net::LDAP - How Do I Search An Active Directory Record For Strings.

Posted on 2004-10-29
Medium Priority
Last Modified: 2008-02-01

Using Perl With The Net::LDAP Module I am querying an entire directory to make-up a list of users and tossing the information into a database. (I'm fine with authentication, I get each record fine, and can search a single entry item but...

I look at each AD entry (See my example code below)

In each entry I search for certain strings.

What is _not_ happening during my search - if there is more than one item for the same object the search result returns false.

I trust that I have provided enough information and code.
(While not a total new-bee with Perl, I am still learning, go easy on me, please?)

$What_To_Check = 'Someone's Name';

my $scope = "subtree";
my $filter = "(&(objectclass=user)(objectcategory=user)(sAMAccountName=".$What_To_Check."))";
my $ldap = Net::LDAP->new($dc) or die $@;
my $rc = $ldap->bind( $user, password => $passwd);

my $search = $ldap->search (
         base => $base,
       scope => $scope,
         filter => $filter

foreach my $entry ($search->entries) {
     $Technician = $entry->get_value('memberof');

if ($Technician =~ /Admins/) {
           $My_Flag = True;
           print "\nHey, I Found An Admin\n";


I want to search the entry "memberOf" for string 'Admins', but it is only sees the first line and returns "False"  - what am I doing wrong?

(Am Example from an "Entry Dump")

   lotsStuff : Plenty Here On This Side Too
mOreStuff : Plenty More Here As Well
 memberOf: CN=Newport-RSRC,OU=Users,OU=Newport,OU=NHCNE,DC=med,DC=nads,DC=navy,DC=mil
                       CN=NHCNE - OWA Users,OU=NHCNE,DC=med,DC=nads,DC=navy,DC=mil
                       CN=Newport Admins,OU=Users,OU=Newport,OU=NHCNE,DC=med,DC=nads,DC=navy,DC=mil
                       CN=NHCNE - OU ADMIN,OU=NHCNE,DC=med,DC=nads,DC=navy,DC=mil
                       CN=Newport User Admins,OU=Users,OU=Newport,OU=NHCNE,DC=med,DC=nads,DC=navy,DC=mil
 andMore : More Junk Here.

Question by:billfinkri
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 13

Expert Comment

ID: 12444572
In the documentation, it indicates that the server may enforce a maximum number of returned results.. are you sure that's not the case here?

sizelimit => N
    A sizelimit that restricts the maximum number of entries to be
    returned as a result of the search. A value of 0, and the
    default, means that no restriction is requested. Servers may   <----
    enforce a maximum number of entries to return.                   <----

Also, despite it indicating a default of 0, did you try specifically setting the sizelimit attribute to a higher number?

Author Comment

ID: 12444705
Thanks kindly for such a quick response.

I'm not certain that my question was understood clearly enough.

If you look at the example of the 'entry dump' - you'll see 5(+) rows returned for 'memberOf'.

It is that entry that I am merely searching through, (see the code "$Technician = ...")

My search is not seeing (in my example AD Entry Dump)  the 2nd, 3rd ... through Xth line of 'memberOf' - it only returns 'true/false' as a result of the 1st line in in the 'memberOf' entry.

If I understand YOU correctly - if there were such a restriction, I wouldn't get that 'entry-dump' with that many lines of 'memberOf' displaying, correct?

Accepted Solution

rugdog earned 2000 total points
ID: 12444837

the memberOf attribute is multivalued, you need to tell Net::LDAP you want all of its values assigning it to an array,
you might modigy it like:

foreach my $entry ($search->entries) {
    my @memberof = $entry->get_value('memberof');

  for $Technician (@memberof){
    if ($Technician =~ /Admins/) {
          $My_Flag = True;
          print "\nHey, I Found An Admin\n";

Author Comment

ID: 12444898

You must have some sort of serious way of transmitting your thoughts / brainwaves through the air.

I swear - just as I heard my Email notification that I had "New Email" (that being YOUR response and BEFORE reading it) I was thinking to myself ... "I wonder, what would happen if I tried assigning it to an array?!!


It's works flawlessly - and thank you!

Expert Comment

ID: 12444940
you're welcome

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Email validation in proper way is  very important validation required in any web pages. This code is self explainable except that Regular Expression which I used for pattern matching. I originally published as a thread on my website : http://www…
In the distant past (last year) I hacked together a little toy that would allow a couple of Manager types to query, preview, and extract data from a number of MongoDB instances, to their tool of choice: Excel (http://dilbert.com/strips/comic/2007-08…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Six Sigma Control Plans

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question