Perl Net::LDAP filter not working_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-03-13 02:06 出处：网络

I\'m using perl-ldap to search and modify LDAP directories. Everything works fine except for when I try to search a group based on its \"uniqueMember\" attribute, whose value is a dn (e.g., cn=exuser

I'm using perl-ldap to search and modify LDAP directories.

Everything works fine except for when I try to search a group based on its "uniqueMember" attribute, whose value is a dn (e.g., cn=exuser,ou=people,dc=example,dc=com).

This would seem to make the filter string for a search based on a group member

uniqueMember=cn=exuser,ou=people,dc=example,dc=com

But that doesn't work.

Neither does "escaping" the equals in the string, so that the resultant string when printed looks like it has its equals signs escaped. And the Net::LDAP::Filter object doesn't have great documentation, so I'm not sure how to create one besides just passing the filter strings I've been using in the first place (which also doesn't work).

Any suggestions?

I should add that I'm certain the problem is with the search not returning results - the resulting Search object has 0 count.

I can't show the exact code, but it is something like this (only literals have been changed):

my $filter = "uniqueMember=cn=exuser,ou=people,dc=example,dc=com";

my $result = $ldap->search( base => 'ou=groups,dc=example,dc=com',
                            filter => $filter);
while(my $entry = $result->pop_entry)
{ ....
....
}

Connection and binding to the LDAP server has been done in a subroutine, which works. I'm certain about the names of the organizational unit as well as the format of the uniqueMember values. For the $filter string, I have tried escaping the equals signs once (\=) and twice (\\\\=开发者_Python百科). I have tried using Net::LDAP::Filter->new($filter) - although my understanding is that it takes a filter string like the one in the code, so this hasn't been very helpful.

What is the correct way to format this filter string?

Try the following debug statements to see what the final filter looks like

my $filter_str = "uniqueMember=cn=exuser,ou=people,dc=example,dc=com";
my $filter = Net::LDAP::Filter->new( $filter_str );

print $filter->as_string();

Also, Try using wildcards, like so:

#my $filter = "uniqueMember=cn=exuser,ou=people,dc=example,dc=com";
my $filter = "uniqueMember=*exuser*";

Also, your base is pointing at ou=groups instead of ou=people like your filter. That alone may be causing issues since there may not be any users with those attributes in the "groups" ou.

#my $result = $ldap->search( base => 'ou=groups,dc=example,dc=com',
my $result = $ldap->search( base => 'ou=people,dc=example,dc=com',
                        filter => $filter);
while(my $entry = $result->pop_entry)
{ ....
  ....
}

Does this work with the command line LDAP tools? It seems like it's a problem with the LDAP query rather than with Net::LDAP.

I'm not very good with the LDAP syntax, but I thought it'd be something like

(&(group=uniqueMember)(cn=exuser)(ou=people)(dc=example)(dc=com))

You could also try setting up the filter with Net::LDAP::Filter and see what it parses it to.