An Introduction to perl-ldap
As systems get larger and the number of users they support increases, it becomes more difficult to manage systems using only the old-fashioned UNIX /etc/passwd file. A common solution to this problem is to use a Lightweight Directory Access Protocol (LDAP) server. The use of an LDAP server presents a problem to the system administrator, however, in that the contents of the database are no longer available in an easy to read or modify format. Hence, new tools must be written that allow standard, everyday tasks, such as adding or deleting users, to be performed.
This is where perl-ldap comes in. perl-ldap provides the Net::LDAP perl module, which enables easy access to the data contained in LDAP directories from Perl scripts. This makes the module a useful tool for system administrators and Web developers alike. The perl-ldap home page is located at http://perl-ldap.sourceforge.net/.
For this article, I assume you have a reasonable knowledge of LDAP and are a competent Perl programmer. If not, plenty of published material is available on the Internet covering both of these topics.
If you're running one of the popular Linux distributions, chances are perl-ldap already has been packaged for you, which makes installation simple. Under Debian Linux, perl-ldap is found in the libnet-ldap-perl package. Assuming that your /etc/apt/sources.list file contains an up-to-date Debian server, the following commands should install perl-ldap:
apt-get update apt-get install libnet-ldap-perl
Mandrake users will find what they need in the perl-ldap package; for Mandrake 9.1, the specific package is perl-ldap-0.27.01-1mdk.noarch.rpm. If you have urpmi configured correctly, you can install perl-ldap simply by entering:
This command also installs the perl-Authen-SASL and perl-XML-Parser packages, which are perl-ldap dependencies in Mandrake.
Red Hat does not appear to provide a perl-ldap package, so users of this distribution either have to obtain it from another RPM-based distribution or install it from the tar.gz package as described below.
If a pre-built package isn't available for your system, you have to download the tar.gz package from CPAN and install it yourself. As the LDAP protocol uses ASN1 encodings, you also need the Convert::ASN1 library. Although you probably can install perl-ldap without it, perl-ldap certainly won't run unless this library available. Both of these libraries are easy to install:
perl Makefile.PL make make test su root make install
As with other Perl libraries, perl-ldap is invoked with the use statement:
A new LDAP connection is opened using the new() function call. In the following example, we open a connection to a machine with hostname ldapserver.domain.name:
$ldap = Net::LDAP->new("ldapserver.domain.name");
Because we haven't specified which port number to use, perl-ldap assumes a default of port 389, the well-known LDAP port. If we want to use a different port, say 1389, we need to pass the port parameter:
$ldap = Net::LDAP->new("ldapserver.domain.name", port=>1389);
If the server is not reachable, the above function calls return an error after 120 seconds. You can use the timeout parameter to alter this:
$ldap = Net::LDAP->new("ldapserver.domain.name", timeout=>30);
After the connection has been initiated, you no longer need to refer explicitly to the Net::LDAP package. All of the perl-ldap functions are accessed as methods of the reference returned from the new() call. The most commonly used methods provided by perl-ldap are as follows:
$ldap->add(); # Add an entry to the server $ldap->bind(); # Bind to a directory server $ldap->delete(); # Delete an entry from the server $ldap->moddn(); # Modify an entry's Distinguished Name (DN) $ldap->modify(); # Modify the contents of an entry $ldap->search(); # Perform a search on a directory $ldap->unbind(); # Unbind from a server
These are described in detail below.
For this example, we assume that I have an LDAP directory with the following contents:
dn: dc=leapster,dc=org | -- dn: cn=admin,dc=leapster,dc=org | -- dn: ou=People,dc=leapster,dc=org | -- dn: uid=paul,ou=People,dc=leapster,dc=org | -- dn: uid=mike,ou=People,dc=leapster,dc=org
Put simply, my LDAP base DN is dc=leapster,dc=org. The administrative user of the system (the entry that has superuser control) is cn=admin,dc=leapster,dc=org. It also contains two user entries, uid=paul and uid=mike.
Once you have created a connection to an LDAP server, you need to bind to it. If you're writing a program to talk to public LDAP directories, chances are you need to use only an anonymous bind:
$mesg = $ldap->bind;
However, if you're writing scripts to manage the directory of a server used for storing the account information of local users or customers, you are likely to allow only write access to specific, high-privilege users. In this case, you need to give the DN of the LDAP entry which has these privileges, as well as the password. For example:
$mesg = $ldap->bind("cn=admin,dc=leapster,dc=org", password=>"secret");
In this case, I use the following privileged user on my system: cn=admin,dc=leapster,dc=org. If I'd bound to one of the unprivileged users (for example, uid=paul,dc=leapster,dc=org), I may not have had any access to read or write options on the system at all, depending on how the server was configured.
The return value, which we store in $mesg, is an object of class New::LDAP::Message. It is discussed later in this article.
If you wish to close a connection, you must unbind from it:
|Using Salt Stack and Vagrant for Drupal Development||May 20, 2013|
|Making Linux and Android Get Along (It's Not as Hard as It Sounds)||May 16, 2013|
|Drupal Is a Framework: Why Everyone Needs to Understand This||May 15, 2013|
|Home, My Backup Data Center||May 13, 2013|
|Non-Linux FOSS: Seashore||May 10, 2013|
|Trying to Tame the Tablet||May 08, 2013|
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Using Salt Stack and Vagrant for Drupal Development
- New Products
- Validate an E-Mail Address with PHP, the Right Way
- Drupal Is a Framework: Why Everyone Needs to Understand This
- A Topic for Discussion - Open Source Feature-Richness?
- Home, My Backup Data Center
- New Products
- Tech Tip: Really Simple HTTP Server with Python
- RSS Feeds
- Connecting Android device to desktop Linux via USB
26 min 17 sec ago
- Find new cell phone and tablet pc
1 hour 24 min ago
2 hours 53 min ago
- Automatically updating Guest Additions
4 hours 1 min ago
- I like your topic on android
4 hours 48 min ago
- Reply to comment | Linux Journal
5 hours 9 min ago
- This is the easiest tutorial
11 hours 23 min ago
- Ahh, the Koolaid.
17 hours 2 min ago
- git-annex assistant
23 hours 2 min ago
- direct cable connection
23 hours 24 min ago
Enter to Win an Adafruit Prototyping Pi Plate Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Prototyping Pi Plate Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- Next winner announced on 5-21-13!
Free Webinar: Linux Backup and Recovery
Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.
In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.