querying Active Directory via LDAP in perl

[joseph85750]

I've been poking at this on and off over the past few months, never
having much success. I was never sure what sort of crazy query string
the AD server wanted. But then it occurred to me that my Linux
Evolution email client does this without any problems-- only using the
IP address of the Active Directory LDAP server. I can query/search,
and it immediately returns all matches.

How can it do this without the big ugly
"cn=users,dc=foo,dc=blah,o=acme......" string ?

Since this is obviously possible and simple (except for me), how could
I do this same simple query in perl-- only armed with the IP address
of my AD/LDAP server?

Curiously,
JS

 

[Thrill5]

I've been poking at this on and off over the past few months, never
having much success. I was never sure what sort of crazy query string
the AD server wanted. But then it occurred to me that my Linux
Evolution email client does this without any problems-- only using the
IP address of the Active Directory LDAP server. I can query/search,
and it immediately returns all matches.

How can it do this without the big ugly
"cn=users,dc=foo,dc=blah,o=acme......" string ?

Since this is obviously possible and simple (except for me), how could
I do this same simple query in perl-- only armed with the IP address
of my AD/LDAP server?

Curiously,
JS

Google "LDAP query syntax", and you will find a whole bunch of information
about querying AD via LDAP.

 

[joseph85750]

Google "LDAP query syntax",  and you will find a whole bunch of information
about querying AD via LDAP.

Yes, google returns many articles mentioning query strings, such as:

search DN: ou=groups,ou=@company,dc=corp,dc=trx,dc=com

But back to my original question-- Evolution doesn't seem to need any
of this. In Evolution, you simply give it the IP address of your AD/
LDAP server and it all magically works. Evolution is running on a
linux box, which has no knowledge of the query string variables.

I even tried running a tcpdump on the connection to figure out what it
was doing but couldn't figure it out.

 

[Thrill5]

Google "LDAP query syntax", and you will find a whole bunch of information
about querying AD via LDAP.

Yes, google returns many articles mentioning query strings, such as:

search DN: ou=groups,ou=@company,dc=corp,dc=trx,dc=com

But back to my original question-- Evolution doesn't seem to need any
of this. In Evolution, you simply give it the IP address of your AD/
LDAP server and it all magically works. Evolution is running on a
linux box, which has no knowledge of the query string variables.

I even tried running a tcpdump on the connection to figure out what it
was doing but couldn't figure it out.

You obviously haven't read them, if you did you would know how to do this.
You need only to specify the CN to search for, the base DN (where to start
the search) along with setting the appropriate seach scope (i.e. subtree).

 

[joseph85750]

You obviously haven't read them, if you did you would know how to do this.
You need only to specify the CN to search for, the base DN (where to start
the search) along with setting the appropriate seach scope (i.e. subtree).

How does the Evolution mail client know how to query the AD Ldap
then? I specified no CN, DN, or subtree; only the IP address of the
AD Ldap.

 

[Mart van de Wege]

How does the Evolution mail client know how to query the AD Ldap
then? I specified no CN, DN, or subtree; only the IP address of the
AD Ldap.

Evolution does specify the CN:

mvdwege@gareth:/usr/lib/evolution$ find . -exec strings \{} \; | grep -i 'cn ='
cn = %s

Furthermore, I concur with the previous poster: *read* those search
entries. LDAP query syntax isn't that hard to understand, it's just
verbose.

Mart