Obtaining user information from LDAP using Perl

This is much simpler that the PHP example listed a few weeks ago. It demonstrates some of the advantages of Perl (namely, just about anything you want to do is already built as a module by someone who’s been where you are). Please refer to http://search.cpan.org for Net::LDAP and Net::LDAPS module documentation and usage examples.

In this example, we’ll bind to the LDAP server using an application account (in the cn=applications,dc=uta,dc=edu branch of our directory server) and search the account branch (cn=accounts,dc=uta,dc=edu) for all users (uid=*). We’ll fetch the NetIDs (uid), e-mail addresses (mail), and the common names (cn) for each account.

#!/usr/bin/perl -w

use strict;
use Net::LDAPS;
use Data::Dumper;

my $bind_dn       = 'cn=mavapp,cn=applications,dc=uta,dc=edu';
my $bind_password = 'mavAppPass';
my $ldaps         = Net::LDAPS->new('ldap.cedar.uta.edu');
my $mesg          = $ldaps->bind( $bind_dn, password => $bind_password );

my $result  = $ldaps->search(base => "cn=accounts,dc=uta,dc=edu",
                                            filter => "(uid=*)",
                                            attrs => ['uid','mail','cn'] );

my $entries = $result->as_struct();

# How many entries did we find?
print scalar $entries . " entries returned\n";

# Print them out
foreach my $dn ( keys %{$entries} ) {
   foreach my $attr ( keys %{$entries->{$dn}} ) {
      foreach my $val ( @{$entries->{$dn}->{$attr}} ) {
         print "$attr - $val\n";
   print "\n";

This last section could be simplified using the Data::Dumper module as:

print Dumper( $entries );

Obtaining user information from LDAP using PHP

This ought to be in a FAQ somewhere, I certainly get asked it enough: “How can I retrieve attributes from LDAP of users who log into my web application?” Well, I’ll break it down with an example that retrieves information about a user that submits their uid & password to a form. Note that this code could be simplified to handle authentication only by determining if the ldap_bind() succeeds or not — it’s usually enough to simply be able to bind to verify someones identity.

I’ll make my comments after each section of code. Continue reading →

Have your (Perl) Pie and eat it too!

Undoubtedly one of the most frequent tasks a system administrator, or developer, faces involves making inline changes to a file or set of files. This can range from the very complex edit to the very trivial.

Let’s say you have a series of PHP pages in your web site that access your MySQL server. What happens if you need to change the name of your MySQL server? Would you go into each file individually, search for the line (or lines) of code to edit and save the file? This can be tedious, error-prone and time consuming.

The ‘sed’ (string editor) command is often used to accomplish this, where sed is passed a file name and a regular expression for the string substitutions. Output from sed is sent to standard output (usually the terminal) which means that you must redirect it to another file and then copy the new file over the original. This effectively changes the original but requires a lot of excess steps. There’s got to be a better way, right? Yes, ‘perl’ can do it in one shot — Continue reading →