|
Net::LDAP -- Lightweight Directory Access Protocol |
Net::LDAP -- Lightweight Directory Access Protocol
use Net::LDAP;
$ldap = Net::LDAP->new('ldap.bigfoot.com') or die "$@";
$ldap->bind ; # an anonymous bind
$mesg = $ldap->search ( # perform a search
base => "c=US",
filter => "(&(sn=Barr) (o=Texas Instruments))"
);
$mesg->code && die $mesg->error;
foreach $entry ($mesg->all_entries) { $entry->dump; }
$ldap->unbind; # take down session
$ldap = Net::LDAP->new('ldap.umich.edu');
$ldap->bind ( # bind to a directory with dn and password
dn => 'cn=root, o=University of Michigan, c=us',
password => 'secret'
);
$result = $ldap->add (
dn => 'cn = Barbara Jensen, o=University of Michigan, c=us',
attr => [ 'cn' => ['Barbara Jensen', 'Barbs Jensen'],
'sn => 'Jensen',
'mail' => 'b.jensen@umich.edu'
]
);
$result->code && warn "failed to add entry: ", $result->error ;
Net::LDAP is a collection of modules that implements a LDAP services API for Perl programs. The module may be used to search directories or perform maintenance functions such as add, deleting or modify entries in an LDAP directory.
This document assumes that the reader has some knowledge of the LDAP protocol.
IO::Socket when connecting the remote server.
(Default: 120)
STDERR. The
bits of this value are :-
1 Show outgoing packets. 2 Show incoming packets.
Example
$ldap = Net::LDAP->new('remote.host', async => 1);
Each of the following methods take as arguments some number of fixed parameters followed by options, these options are passed in a named fashion, for example
$mesg = $ldap->bind( "me", password => "mypasswd");
The return value from these methods is an object derived from the the Net::LDAP::Message manpage class. The methods of this class allow you to examine the status of request.
ID may be a number
or a object which is a sub-class of Net::LDAP::Message, returned from
a previous method call.
ID argument which replaces this option.
Example
$mesg = $ldap->search( @search_args );
$ldap->abandon( $mesg ); # This could be written as $mesg->abandon
DN argument can be either a
the Net::LDAP::Entry manpage object or a string.
DN argument which replaces this option.
This argument is not used if DN is a the Net::LDAP::Entry manpage object.
Example
# $entry is an object of class Net::LDAP::Entry $mesg = $ldap->add( $entry );
$mesg = $ldap->add( $DN,
attrs => [
name => 'Graham Barr',
attr => 'value1',
attr => 'value2',
multi => [qw(value1 value2)]
]
);
DN is the DN to bind as. An anonymous bind may be done
by calling bind without any arguments.
DN argument which replaces this option.
Only one of the following should be given, if none are given then noauth
is assumed.
Example
$ldap->bind; # Anonymous bind
$ldap->bind( $DN, password => $password);
# $sasl is an object of class Authen::SASL $ldap->bind( $DN, sasl => $sasl, version => 3);
DN is the DN which the comparison is
to be performed. DN May be a string or a the Net::LDAP::Entry manpage
object.
DN argument which replaces this option.
Example
$ldap->compare( $DN,
attr => 'cn',
value => 'Graham Barr'
);
DN from the server. DN May be a string or a the Net::LDAP::Entry manpage
object.
DN argument which replaces this option.
Example
$ldap->delete( $dn );
DN on the server. DN May be a string or a
the Net::LDAP::Entry manpage object.
DN argument which replaces this option.
DN.
DN.
Example
$ldap->moddn( $dn, newrdn => 'cn=Graham Barr');
DN on the server. DN May be a string or a
the Net::LDAP::Entry manpage object.
DN argument which replaces this option.
add option should be a reference to a HASH. The values of the
HASH are the attributes to add, and the values may be a string or a reference
to a list of values.
add) if only specific values should be deleted. If the
value for any attribute in the HASH is a reference to an empty ARRAY
the all instances of the attribute will be deleted.
add, but will
cause any existing attributes with the same name to be replaced. If the
value for any attribute in the HASH is a reference to an empty ARRAY
the all instances of the attribute will be deleted.
add, delete and replace where the
whole operation can be given in a single argument. The argument should
be a reference to an ARRAY.
Values in the ARRAY are used in pairs, the first is the operation
add, delete or replace and the second is a reference to an
ARRAY of attribute values.
The attribute value list is also used in pairs. The first value in each pair is the attribute name and the second is a reference to a list of values.
Use this form if you want to control the order in which the operations will be performed.
Example
$ldap->modify( $dn, add => { sn => 'Barr' } );
$ldap->modify( $dn, delete => [qw(faxNumber)]);
$ldap->modify( $dn, delete => { 'telephoneNumber' => '911' });
$ldap->modify( $dn, replace => { 'email' => 'gbarr@pobox.com' });
$ldap->modify( $dn,
changes => [
add => [ sn => 'Barr' ], # Add sn=Barr
delete => [ faxNumber => []], # Delete all fax numbers
delete => [ telephoneNumber => ['911']], # delete phone number 911
replace => [ email => 'gbarr@pobox.com'] # change email address
]
);
base, one or sub or
it can be the numeric value for each of these 0,1,2 respectively. The default
is sub.
never,
search, find or always. Or it can be the numeric value fro each
of these. The default is find.
Example
$mesg = $ldap->search( base => $base_dn, scope => 'sub', filter => '(|(objectclass=rfc822mailgroup)(sn=jones))' );
Net::LDAP::LDIF->new(\*STDOUT,"w")->write($mesg->entries);
Example
$ldap->unbind;
The following methods are for convenience.
VALUE is given the debug bit-value will be set to VALUE and the
previous value will be returned. If not given the bit-value will remain
unchanged and will be returned.
MESG is given
it will return when MESG has been completed.
Returns an error code defined in the Net::LDAP::Constant manpage.
Many of the methods described above accept a control option.
This allows the user to pass controls to the server as described
in LDAPv3. The value to the control argument may be either a
HASH reference to a reference to an array of HASH references.
The HASH, or each HASH in the array may contain three elements.
critical is optional and should be a boolean value, if it is not specified
then it is assumed to be false.
Most of the above commands accept a callback option. This option
should be a reference to a subroutine. This subroutine will be called
for each packet received from the server as a response to the request
sent.
When the subroutine is called the first argument will be the the Net::LDAP::Message manpage object which was returned from the method.
If the request is a search then multiple packets can be received from the server. Each entry is received as a separate packet. For each of these the subroutine will be called with a the Net::LDAP::Entry manpage object as the second argument.
During a search the server may also send a list of references. When such a list is received then the subroutine will be called with a the Net::LDAP::Reference manpage object as the second argument.
Net::LDAP also exports constants for the error codes that can be received from the server, see the Net::LDAP::Constant manpage.
the Net::LDAP::BER manpage, the Net::LDAP::Constant manpage, the Net::LDAP::Entry manpage, the Net::LDAP::Filter manpage, the Net::LDAP::Message manpage, the Net::LDAP::Reference manpage, the Net::LDAP::Search manpage, the URI::URL::ldap manpage,
The LDAP protocol is defined in the following RFC's
The homepage for the perl-ldap modules can be found at http://www.pobox.com/~gbarr/perl-ldap/.
This document is based on a document originally written by Russell Fulton <r.fulton@auckland.ac.nz>.
Chris Ridd @isode.com for the many hours spent testing and contribution of the ldap* command line utilities.
Graham Barr <gbarr@pobox.com>
Please report any bugs, or post any suggestions, to the perl-ldap mailing list <perl-ldap@mail.med.cornell.edu>.
Copyright (c) 1997-1999 Graham Barr. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
|
Net::LDAP -- Lightweight Directory Access Protocol |