bhikshu has asked for the wisdom of the Perl Monks concerning the following question:

Hello, I am trying to figure out how I can translate following code to use Net::LDAP: 

my $rootDseQueryString = "LDAP://RootDSE";
if ("" ne $domain) {
  $rootDseQueryString = "LDAP://".$domain."/RootDSE";
  
}

print $rootDseQueryString."\n";

my $RootDSE = Win32::OLE->GetObject($rootDseQueryString);

[download]
The following code translation does not work when working with domain name alias. By domain name alias I mean referring to the domain "us.mydomain.com" as "mydomainus" 

my $rootDseQueryString = "RootDSE";
if ("" ne $domain) {
  $rootDseQueryString = $domain."/RootDSE";
  
}

print $rootDseQueryString."\n";
my $ldap_server = $rootDseQueryString;

$ldap = Net::LDAP->new($ldap_server) or die $@;

[download]
Any idea how can I achieve it? Thanks, -Neel.

Replies are listed 'Best First'.
Re: using Net::LDAP
by kcott (Archbishop) on Feb 23, 2012 at 06:25 UTC
[reply]
Re: using Net::LDAP
by wwe (Friar) on Feb 23, 2012 at 13:03 UTC
    You are trying to translate code using ADSI (Microsoft's proprietery interface to AD and other services) to LDAP.

    LDAP doesn't know the internal NETBIOS representation of your domain name. In LDAP you can't bind to a domain itself have to bind to bind with a specific domain controller by using it's fqdn (hostname may or may not work depending on client's DNS configuration). In addition there is AFAIK no way way to inherit user credentials from logged in user. This is a payoff for using more general interface - magic provided by ADSI is lost.

    The code below successfully connects to AD but you need to provide a dc server fqdn, user name and password: 

    my $ad_ldap = Net::LDAP->new( $ad_ldap_server ) or die ($@);
my $ad_mesg = $ad_ldap->bind ( $ad_ldap_user, password => $ad_ldap_pwd
+, version =>3, onerror => 'die');   
die ( $ad_mesg->error ) if $ad_mesg->code;

    [download]

[reply]
[d/l]

Back to Seekers of Perl Wisdom