1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
|
#!/usr/bin/perl
#
#
# ldapwalk.pl - Walks through Records Matching a Given Filter
# Author: Clayton Donley, Motorola, <donley@cig.mot.com>
#
# Demonstration of Synchronous Searching in PERL5.
#
# Rather than printing attribute and values directly, they are
# stored in a Hash, where further manipulation would be very simple.
# The output could then be printed to a file or standard output, or
# simply run through the modify or add commands.
#
# Usage: ldapwalk.pl FILTER
# Example: ldapwalk.pl "sn=Donley"
#
use strict;
use Net::LDAPapi;
# Define these values
my $ldap_server = "localhost";
my $BASEDN = "o=Org, c=US";
my $sizelimit = 100; # Set to Maximum Number of Entries to Return
# Can set small to test error routines
# Various Variable Declarations...
my $ld;
my $dn;
my $attr;
my $ent;
my $ber;
my @vals;
my %record;
my $result;
#
# Initialize Connection to LDAP Server
if (($ld = new Net::LDAPapi($ldap_server)) == -1)
{
die "Unable to initialize!";
}
#ldap_set_option(0,LDAP_OPT_DEBUG_LEVEL,-1);
#
# Bind as NULL User to LDAP connection $ld
#$ld->sasl_parms(-mech=>"CRAM-MD5",-flags=>LDAP_SASL_AUTOMATIC);
#if ($ld->bind_s("tester","tester",LDAP_AUTH_SASL) != LDAP_SUCCESS)
if ($ld->bind_s != LDAP_SUCCESS)
{
my $errstr=$ld->errstring;
$ld->unbind;
die "bind: ", $errstr;
}
# This will set the size limit to $sizelimit from above. The command
# is a Netscape addition, but I've programmed replacement versions for
# other APIs.
$ld->set_option(LDAP_OPT_SIZELIMIT,$sizelimit);
# This routine is COMPLETELY unnecessary in this application, since
# the rebind procedure at the end of this program simply rebinds as
# a NULL user.
#$ld->set_rebind_proc(&rebindproc);
#
# Specify Search Filter and List of Attributes to Return
my $filter = $ARGV[0];
my @attrs = ();
#
# Perform Search
my $msgid = $ld->search($BASEDN,LDAP_SCOPE_SUBTREE,$filter,\@attrs,0);
if ($msgid < 0)
{
$ld->unbind;
die "search: ", $ld->errstring, ": ", $ld->extramsg;
}
# Reset Number of Entries Counter
my $nentries = 0;
# Set no timeout.
my $timeout = -1;
#
# Cycle Through Entries
while (1)
{
$result = $ld->result($msgid, 0, $timeout);
last unless $result;
last if( $ld->{"status"} == $ld->LDAP_RES_SEARCH_RESULT );
next if( $ld->{"status"} != $ld->LDAP_RES_SEARCH_ENTRY );
$nentries++;
for ($ent = $ld->first_entry; $ent != 0; $ent = $ld->next_entry)
{
#
# Get Full DN
if (($dn = $ld->get_dn) eq "")
{
$ld->unbind;
die "get_dn: ", $ld->errstring, ": ", $ld->extramsg;
}
#
# Cycle Through Each Attribute
for ($attr = $ld->first_attribute; defined($attr); $attr = $ld->next_attribute)
{
#
# Notice that we're using get_values_len. This will retrieve binary
# as well as text data. You can change to get_values to only get text
# data.
#
@vals = $ld->get_values_len($attr);
$record{$dn}->{$attr} = [@vals];
}
}
$ld->msgfree;
}
if ( !defined($result) && $ld->err != LDAP_SUCCESS)
{
$ld->unbind;
die "result: ", $ld->errstring, ": ", $ld->extramsg;
}
print "Found $nentries records\n";
$ld->unbind;
foreach $dn (keys %record)
{
my $item;
print "dn: $dn\n";
foreach $attr (keys %{$record{$dn}})
{
for $item ( @{$record{$dn}{$attr}})
{
if ($attr =~ /binary/ )
{
print "$attr: <binary>\n";
} elsif ($attr eq "jpegphoto") {
#
# Notice how easy it is to take a binary attribute and dump it to a file
# or such. Gotta love PERL.
#
print "$attr: JpegPhoto (length: " . length($item). ")\n";
open (TEST,">$dn.jpg");
print TEST $item;
close (TEST);
} else {
print "$attr: $item\n";
}
}
}
print "\n";
}
exit;
sub rebindproc
{
return("","",LDAP_AUTH_SIMPLE);
}
|
