Perl | LDAP Server

Lightweight Directory Access Protocol (LDAP) is an internet protocol that works on TCP/IP and is used to access information from directories. The LDAP protocol is usually used to access an active directory. It allows us to keep a directory of items and information about them. LDAP stores the data in the form of records that contain a set of attributes. 
 

Perl – LDAP Server

The Perl-LDAP distribution is a collection of Perl modules which provides us with an object-orientated interface to LDAP servers. Some features of Perl-LDAP Server are given below:

  1. By using the Perl object interface the Perl-LDAP modules provide an interface that allows complex searches of LDAP directories by using just a small amount of code.
  2. All the Perl-LDAP modules are written completely in Perl, which makes its library truly cross-platform compatible.
  3. It is being actively developed.

The four steps to working with an LDAP server are connecting, authenticating, interacting, and logging off. Interacting includes searching, adding, deleting, and altering records. To do all that we need a Perl module which is responsible for managing the LDAP session.

Net::LDAP is one of those. It is a collection of modules which allows us to implement LDAP services API for Perl programs. The module can be used to search directories and perform maintenance functions such as adding, deleting, or modifying entries.

To install the Net::LDAP server, use the following command:



perl -MCPAN -e shell
install Net::LDAP

Fetching Data from the Server

LDAP-based directory service stores the information in entries. Each entry belongs to one or more object classes that specify the type of entry being stored within the directory. An attribute is the one that contains the pieces of data in an entry.
Each entry in an LDAP-based directory service has a unique name associated with it. This “distinguished name” (DN) is made up of a comma-separated string of “relative distinguished names” (RDN) that together specify an entry’s location and name within the directory tree. A relative distinguished name is made up of one or more attribute/value pairs that are unique at their level in the directory tree.

Note: While using LDAP, we must always search or use an extended operation to get data.

When we use the search method, it returns an object containing a set of entries (data).
The basic components of a search method are the base and the filter. The base marks the top of the tree which is being searched, and the filter indicates the records we’re interested in.
There are 2 ways to fetch the entries:

  • Fetching the entire set of entries

Perl

filter_none

edit
close

play_arrow

link
brightness_4
code

foreach $result ($mesg->all_entries)
{
  # Perform some operation on the data
}

chevron_right


 
 

  • Fetching the entries one by one

Perl

filter_none

edit
close

play_arrow

link
brightness_4
code

$num_entries = $mesg->count( ); 
for ($i = 0; $i < $num_entries; $i++)
  my $entry = $mesg->entry($i);
  # Perform some operation on the data
}

chevron_right


Given below is a basic program to fetch information from the LDAP Server and print it:

Perl

filter_none

edit
close

play_arrow

link
brightness_4
code

use strict;
use warnings;
use Net::LDAP; # Package Definition
  
# Initialization
$ldap = Net::LDAP->new("ldap.example.com") or die $@; 
  
# Binding
$ldap->bind( ); 
  
$mesg = $ldap->search(base => $base_dn
                       filter => $FILTER); 
$mesg->code( ) && die $mesg->error; 
foreach $result ($mesg->all_entries)
{
  # We can perform any operation on the entries 
  # like adding, removing, modifying the data etc
  print $result->get_value(''), "\n",
  
$ldap->unbind( );

chevron_right


 Admin Limit Exceeded error

Sometimes there are errors in the server logs that often relate to the internal LDAP problems, resulting in LDAP related error messages. Even though the errors are nonfatal, they indicate problems to investigate.

Administrative Limit Exceeded Error indicates that the LDAP server limit set by the administrative authority has been exceeded. 
Suppose an LDAP search was made which was larger than the allowed directory server’s nsslapd-sizelimit attribute, then it will not return the whole information but partial.

There are few ways through which we can avoid getting that error.

  1. By increasing the value of the nsslapd-sizelimit attribute.
  2. Implement a VL V index for the failing search.

Example – Suppose we are fetching the data from a university’s server having the limit of 50. And we search for someone named “Thomas” with a surname “Shelby”. It will return us with few results.
But if we search for “Thomas” and we don’t know the full surname, so we just search for “S”. Then the number might exceed the limit and hit us with the Admin Limit Exceeded error”.

Perl

filter_none

edit
close

play_arrow

link
brightness_4
code

use Net::LDAP; # Package Definition
  
# Initialization
$ldap = Net::LDAP->new("mumbaiuniversity.com") or die $@; 
  
# Binding
$ldap->bind( ); 
  
my $result = $ldap->search(  # Searching
    base   => "",
    filter => "(&(cn=Thomas*) (sn=S*))",
);
die $result->error if $result->code;
   
printf "COUNT: %s\n", $result->count;
  
$ldap->unbind;

chevron_right





My Personal Notes arrow_drop_up

Check out this Author's contributed articles.

If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to contribute@geeksforgeeks.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.


Article Tags :
Practice Tags :


6


Please write to us at contribute@geeksforgeeks.org to report any issue with the above content.