Menu
▾
▴
Re: problems with resolving groups (rescursive)
|
From: Mark W. <mew...@un...> - 2000-10-05 17:58:04
|
Hi, Actually this is an early attempt. If you look at my code for Apache::AuthzNetLDAP on CPAN, you can see a better way that handles the 3 types of groups: groupOfUniquenames, groupOfNames, groupOfURLs (which are Netscape Dynamic groups). I just reread my printMembers.pl script again. All I checked for is groupOfUniquenames, which is the most common occurance, at least with Netscape and Novell LDAP servers. If you're using openLDAP you'll likely be using groupOfNames which uses the member attribute, so change any occurance of "uniquemember" to member & the code should work fine. Ideally it would handle either occurance but I haven't had time to do that. If you can make it work this way, send me a patch & I'll add it for the next release. I wrote an example scrip that handled all 3 occurances in the May issue of WebTechniques. I don't have the code handy, but it might be at the WebTechniques.com site. Mark On Thu, 5 Oct 2000, [iso-8859-1] Björn Nilsson (QDT) wrote: > Hi all! > > I'm trying to modify the printMembers.pl script (which is included in the > Example subdir of the distribution of the LDAP module) to suit my needs. My > problem is that the script doesn't resolve the sublists at all, or that it > just resolve the first member of a sublist. What I want is to get each and > every members (person) attributes to insert them into another database, > grouped by the mailinglist in question. > > What I do is: > > #!/usr/local/bin/perl > > use Net::LDAP qw(:all); > > $cnt = 0; > # the connection to the ldap server is configured here > $server = "an_exchangeserver.ericsson.se"; > $port = getservbyname("ldap", "tcp") || "389"; > $basedn = "o=ericsson"; > $scope = "base"; > $which = "AXE Swingers"; # No, there is no group in ericsson with that name > :-) > > # escape ( and ) if present > $which =~ s/\(/\\(/g; > $which =~ s/\)/\\)/g; > > $c = new Net::LDAP($server) or die "Unable to connect to $server: $@\n"; > > $c->bind() or die "Unable to bind: $@\n"; > > my @attrs = ['dn', 'objectClass', 'member']; > > eval > { > my $searchobj = $c->search( > base => $basedn, > scope => $scope, > filter => > "(&(cn=$which)(objectClass=groupOfNames) )", > #attrs => @attrs > ); > die "Bad search, errorcode #" . $searchobj->code() if > $searchobj->code(); > my $entry = $searchobj->pop_entry(); > my $groupDN = $entry->dn(); > &printMembers($groupDN); > }; > > $c->unbind(); > > sub printMembers > { > my $dn = @_[0]; > print "\t$dn\n"; > my @attrs = ['dn', 'member']; > my $searchobj = $c->search( > base => $dn, > scope => 'base', > filter => "objectClass=*", > #attrs => @attrs > ); > die $searchobj->error if $searchobj->code; > # eval > # { > # foreach $entry2 ($searchobj->all_entries) { $entry2->dump; } > # }; > > > eval > { > # should only be one entry > my $entry = $searchobj->pop_entry(); > print "\nMembers of group: $dn\n"; > # returns an array reference > my $values = $entry->get("member"); > > foreach my $val ( @{$values} ) > { > print "$val\n"; > my $isGroup = 0; #Lets us know if the entry is also > a group, default no. > # my @entryAttrs = ["objectClass", "member", "cn"]; > > $mesg = $c->search( > base => $val, > scope => 'base', > filter => "objectClass=*", > #attrs => @entryAttrs > ); > die $mesg->error if $mesg->code; > #foreach $entry2 ($mesg->all_entries) { > $entry2->dump; } > eval > { > my $entry = $mesg->pop_entry(); > #if ($attr) > #{ > # my $values = $entry->get($attr); > # foreach my $vals ( @{$values} ) > # { > # print $vals . "\n"; > # } > #} > #else > #{ > print "$val\n"; > #} > > my $values = $entry->get("objectClass"); > # This value is also a group, print the > members of it as well > > &printMembers($entry->dn(), $attr) if (grep > /groupOfNames/i, @{$values} ); > }; > } > }; > return 0; > } > |
