1. LDAP API: Searching CNS 4650 Fall 2004 Rev. 2

2. LDAP Search Create connection Bind (if needed) Perform search Display results Close connection

3. Project 1 Example Language is PERL Data is not completely formatted to specification Example code is in download area These slides will walk through the code

4. Variables Declares this is a PERL script Include Net::LDAP and Net::LDAP::LDIF libraries, so that we can use the LDAP API calls Declare $LDAPSERVER and $SEARCHBASE as empty strings. They are used to hold the server address and search base that is passed from the command line $YEAR, $MONTH, $DAY, $TIME are set to the current date and time. This uses the `date` command found on Linux/Unix workstations. Chomp() is used to remove the carriage return. $COMBODATE puts all the values together in a generalizedTime format (Discussed later in these slides) $FILTER is the defined filter, in this case it only searches for “user-password- expire” that is greater than the current date and time #!/usr/bin/perl -w use Net::LDAP use Net::LDAP::LDIF; $LDAPSERVER = $SEARCHBASE = ""; $YEAR = `date "+%Y"`; chomp($YEAR); $MONTH = `date "+%m"`; chomp($MONTH); $DAY = `date "+%d"`; chomp($DAY); $DAY = $DAY + 3; $TIME = `date "+%H%M%SZ"`; chomp($TIME); $COMBODATE = $YEAR. $MONTH. $DAY. $TIME; $FILTER = "&(user-password-expire>=$COMBODATE)"; …

5. Command Line Arguments The first if statement checks the argument vector to see if any arguments were passed in, if not returns usage statement The $LDAPSERVER variable is set to the first command line argument and $SEARCHBASE is set to the second command line argument … if(!@ARGV) { print "You must specify a server!\n"; } else { $LDAPSERVER = $ARGV[0]; $SEARCHBASE = $ARGV[1]; …

6. Build the LDAP Connection The LDAP connection is made by calling Net::LDAP() Net::LDAP returns a LDAP handle that is used to perform the search and then to unbind Net::LDAP(host, port, timeout, async, debug, onerror, version) http://search.cpan.org/~gbarr /perl-ldap/lib/Net/LDAP.podhttp://search.cpan.org/~gbarr /perl-ldap/lib/Net/LDAP.pod my $conn = new Net::LDAP($LDAPSERVER);

7. Perform the Search The LDAP handle ($conn) is used to perform the search The search() call can be passed base, scope, filter, attrs (attributes returned) If the attributes are not listed all the attributes of the objects found will be returned … $mesg = $conn->search( base=>$SEARCHBASE, scope=>"sub", filter=>$FILTER, attrs=>['mail', 'uid', 'user-password- expire',]); …

8. Printing out the Return Data The $mesg structure has a value named “count” that contains the number of objects returned from the search The $entry creates storage for a single entry that is extracted from $mesg To retrieve a attribute value use the $entry->get_value() call, pass in the name of the attribute. Example: “uid” … for ($i = 0; $i count; $i++) { my $entry = $mesg->entry($i); print $entry->get_value( 'mail' ); print "\n\n"; print join(" ", $entry->get_value( 'uid' ), "your password will expire on", $entry->get_value( 'user-password-expire' )); print "\nPlease change your password before that date.\nThank you,\nIS&T"; print "\n\n\n" } …

9. Unbind from the Directory The connection always needs to be unbound Make sure the LDAP handle is not destroyed before the connection is unbound $conn->unbind;