Net::LDAP compare question

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I am writing a perl script to query an ldap database and find users who
do not belong to any mail distribution list. I can run the query just
fine, but my problem is getting only results back for users who do have
an attribute entry for the field "memberOf". Here is my code

$ldap = Net::LDAP->new( '**************' );

$mesg = $ldap->bind ( "$user",
                      password => "$password",
                      version => 3 );

if (!$base) { $base = "ou=****,ou=*****,dc=******,dc=******"; }

if (!$attrs) { $attrs = [ 'memberOf' ]; }

$search = 'mail=*@**********.com';

$result = $ldap->search ( base => "$base",
                          scope => "sub",
                          filter => "$search",
                          attrs => $attrs

$href = $result->as_struct;

@arrayOfDNs  = keys %$href;

foreach ( @arrayOfDNs ) {
  $dn = $_;
  $res = $ldap->compare ( $dn,
                             attr => "$attrs",
                             value => ''
@entries = $res->dn;

foreach $entr ( @enties ) {
    $butes = $entr->dn;
    print $butes, "\n";

print "#-------------------------------\n";

$mesg = $ldap->unbind;

This is pretty much a cut/paste of the example given in CPAN, and I
have replaced the actual values of the query with '*' for obvious
reasons. In the lines

foreach ( @arrayOfDNs ) {
  $dn = $_;
  $res = $ldap->compare ( $dn,
                             attr => "$attrs",
                             value => ''

is where I am doing my compare statement, but get nothing back. It
should find any ldap entry where the attribute "memberOf" has no entry.
Any help would be appreciated in this.

Re: Net::LDAP compare question wrote:
Quoted text here. Click to load it

I'm not very familiar with Net::LDAP and, in any case, I don't have
access to an LDAP right now on which to test.  But I think you should
rule out the possibility that you're getting problems by writing less
than optimal Perl code.

use strict;   # this will require you to declare all variables with 'my'
use warnings;

Quoted text here. Click to load it

# unnecessary stringification:  $user will suffice; drop the quotes
# for this and all other instances

Quoted text here. Click to load it

# Above 2 lines could be reduced to:

   foreach my $dn (@arrayOfDNs) {

Quoted text here. Click to load it

# Without thinking too hard about it, what does '->dn' mean in the above
  line:  method call?  hash dereference?

Quoted text here. Click to load it

That will only be true once you've coded it more cleanly and rerun it
with strictures and warnings.


Re: Net::LDAP compare question

Ok, I added "use strict;" and found some defects. I am still not
getting the expected results though. This is where it should do the

my $href = $result->as_struct;

my @arrayOfDNs  = keys %$href;

my $dn;
my $res;
my @entries;
my $entr;
my $mesg;
my $crap;

foreach ( @arrayOfDNs ) {
   $dn = $_;
   $res = $ldap->compare ( $dn,
                           attr => "$attrs",
                             value => ''
@entries = $res->dn;

foreach $entr ( @entries ) {
   $crap = $entr->dn;
    print $crap, "\n";

I think I am doing something wrong as far as the compare statement.
This should take the attribute list that I defined earlier in the
script, and return a value of true or false based on the value. If
true, print the DN for the entry. If false, go to the next entry. For
some reason this isn't happening and I don't see the reason why.

Good idea about using strict though.

James E Keenan wrote:
Quoted text here. Click to load it

Re: Net::LDAP compare question

lexx21 wrote:
Quoted text here. Click to load it
I had luck only when passing a Net::LDAP::Entry object instead of a
string DN although this wasn't clear in the docs. Here's an example:

use Net::LDAP;

my $result = $ldap->search( base   => ...
                             filter => ...
die $result->error if $result->code;

my $compare;
foreach my $entry ($result->entries) {
    $compare = $ldap->compare( $entry, attr => ..., value => ...  );
    if ( $compare->code == LDAP_COMPARE_TRUE ) {
       print "compare->code is true"
    } elsif ( $compare->code == LDAP_COMPARE_FALSE ) {
       print "compare->code is false ";
    } else {
       print "compare error: ", $compare->code;

Charles DeRykus

Site Timeline