ch19_04.htm

by Randal L. Schwartz and Tom Phoenix ISBN 0-596-00132-0 Third Edition, published July 2001. (See

<html><head><title>Net::LDAP Methods (Perl in a Nutshell, 2nd Edition)</title><link rel="stylesheet" type="text/css" href="../style/style1.css" />

<meta name="DC.Creator" content="Stephen Spainhour" /><meta name="DC.Format" content="text/xml" scheme="MIME" /><meta name="DC.Language" content="en-US" /><meta name="DC.Publisher" content="O'Reilly &amp; Associates, Inc." /><meta name="DC.Source" scheme="ISBN" content="0596002416L" /><meta name="DC.Subject.Keyword" content="stuff" /><meta name="DC.Title" content="Perl in a Nutshell, 2nd Edition" /><meta name="DC.Type" content="Text.Monograph" />

</head><body bgcolor="#ffffff">

<img src="gifs/smbanner.gif" usemap="#banner-map" border="0" alt="Book Home" /><map name="banner-map"><area shape="rect" coords="1,-2,616,66" href="index.htm" alt="Java and XSLT" /><area shape="rect" coords="629,-11,726,25" href="jobjects/fsearch.htm" alt="Search this book" /></map>

<div class="navbar"><table width="684" border="0"><tr><td align="left" valign="top" width="228"><a href="ch19_03.htm"><img src="../gifs/txtpreva.gif" alt="Previous" border="0" /></a></td><td align="center" valign="top" width="228" /><td align="right" valign="top" width="228"><a href="part8.htm"><img src="../gifs/txtnexta.gif" alt="Next" border="0" /></a></td></tr></table></div>



<h2 class="sect1">19.4. Net::LDAP Methods</h2>

<p><a name="INDEX-2359" />Net::LDAP
implements the following methods:
</p>

<dl>
<dt><b><tt class="literal">new (</tt><em class="replaceable">host</em> <tt class="literal">[, %</tt><em class="replaceable">options</em> <tt class="literal">])</tt> </b></dt>
<dd>
<tt class="literal">new(
)</tt><a name="INDEX-2360" />
creates a new Net::LDAP object and opens a connection to
<em class="replaceable"><tt>host</tt></em>.
<tt class="literal">%</tt><em class="replaceable"><tt>options</tt></em> include:
</p>

<dl>
<dt><b><tt class="literal">port</tt> </b></dt>
<dd>
Port to connect to on the remote server.</p>
</dd>


<dt><b><tt class="literal">timeout</tt> </b></dt>
<dd>
The maximum time that Net::LDAP will take to connect to a host. The
default is 120 seconds.
</p>
</dd>


<dt><b><tt class="literal">debug</tt> </b></dt>
<dd>
Shows details of the conversion between Net::LDAP and the directory
server.
</p>
</dd>


<dt><b><tt class="literal">async</tt> </b></dt>
<dd>
Performs asynchronous entry retrieval so that search results are
returned to the client as they are identified:
</p>

<blockquote><pre class="code">$ldap = Net::LDAP-&gt;new('ldap.my.domain', async =&gt; 1);</pre></blockquote>
</dd>


<dt><b><tt class="literal">onerror</tt> </b></dt>
<dd>
If set to true, and if <tt class="literal">async</tt> is also true, then
Net::LDAP will check for errors on all methods. If an error exists in
the resulting data, then one of the following actions will be taken:
<tt class="literal">die( )</tt>, <tt class="literal">warn( )</tt>,
<tt class="literal">undef</tt>.
</p>
</dd>


<dt><b><tt class="literal">CODEREF</tt> </b></dt>
<dd>
Calls the given coderef in a scalar context with the result message
as the argument.
</p>
</dd>


<dt><b><tt class="literal">version( )</tt> </b></dt>
<dd>
Sets the version of the LDAP protocol to use. Values are
<tt class="literal">LDAPv2</tt> (default) and <tt class="literal">LDAPv3</tt>.
</p>
</dd>

</dl>
</dd>


<dt><b><tt class="literal">bind(</tt><em class="replaceable">dn</em> <tt class="literal">[, %</tt><em class="replaceable">options</em> <tt class="literal">])</tt> </b></dt>
<dd>
<a name="INDEX-2361" />Binds
to the server that's contained in the connection
handle. <em class="replaceable"><tt>dn</tt></em> is the DN to bind as.
You'll end up binding anonymously if you call
<tt class="literal">bind( )</tt> without any arguments.
</p>

<p>As for <tt class="literal">%</tt><em class="replaceable"><tt>options</tt></em>, you
should give no more than one of the following:
</p>

<dl>
<dt><b><tt class="literal">noauth</tt> </b></dt>
<dd>
Do not attempt to authenticate at all.</p>
</dd>


<dt><b><tt class="literal">anonymous</tt> </b></dt>
<dd>
Binds without any password; the value passed with this option is
ignored. This is the default if no arguments are given.
</p>
</dd>


<dt><b><tt class="literal">password</tt> </b></dt>
<dd>
Binds with the given password.</p>
</dd>


<dt><b><tt class="literal">sasl</tt> </b></dt>
<dd>
Binds using an SASL mechanism. The argument given should be a
sub-class of Authen::SASL.
</p>

<blockquote><pre class="code">my $dn = 'cn=Directory Manager';
my $password = 'adminpass';
my $sasl = Authn::SASL::stuff::here;
$ldap-&gt;bind($dn, sasl =&gt; $sasl, version =&gt; 3);</pre></blockquote>
</dd>
</dl>
</dd>


<a name="INDEX-2362" /><dt><b><tt class="literal">unbind</tt> </b></dt>
<dd>
Does not take any parameters and unbinds the connection from the
server. You will probably need to call <tt class="literal">bind( )</tt>
again if you wish to reconnect to the LDAP server.
</p>

<blockquote><pre class="code">$ldap-&gt;unbind;</pre></blockquote>

</dd>


<a name="INDEX-2363" /><dt><b><tt class="literal">add (</tt> <em class="replaceable">dn</em> <tt class="literal">[, %</tt><em class="replaceable">options</em> <tt class="literal">] )</tt> </b></dt>
<dd>
Adds an entry to the directory. <em class="replaceable"><tt>dn</tt></em> can be
either a Net::LDAP::Entry object or a string that represents the DN.
</p>

<dl>
<dt><b><tt class="literal">attrs</tt> </b></dt>
<dd>
A reference to a list of attribute/value pairs. These attribute/value
pairs correspond to the attributes of an entry in the directory. Each
attribute can have multiple values. <tt class="literal">attrs</tt> is not
used if <em class="replaceable"><tt>dn</tt></em> is an existing Net::LDAP::Entry
object. For example:
</p>

<blockquote><pre class="code">$ldap-&gt;add($<em class="replaceable"><tt>dn</tt></em>,
           attrs =&gt; [
               'uid'        =&gt; 'nvp',
               'cn'         =&gt; ['Nathan Patwardhan', 'Enrico Pallazo'],
               'gecos'      =&gt; 'Nathan Patwardhan',
               'loginShell' =&gt; '/usr/bin/bash'
           ]
);</pre></blockquote>
</dd>
</dl>
</dd>


<a name="INDEX-2364" /><dt><b><tt class="literal">delete(</tt><em class="replaceable">dn</em> <tt class="literal">[, %</tt><em class="replaceable">options</em> <tt class="literal">])</tt> </b></dt>
<dd>
Deletes <em class="replaceable"><tt>dn</tt></em> from the server.
<em class="replaceable"><tt>dn</tt></em> may be a string that represents the DN
or a Net::LDAP::Entry object. For example:
</p>

<blockquote><pre class="code">my $dn = q[uid=nvp,ou=People,o=my.domain];
$ldap-&gt;delete($dn);</pre></blockquote></dd>


<a name="INDEX-2365" /><dt><b><tt class="literal">moddn(</tt><em class="replaceable">dn</em><tt class="literal">, %</tt><em class="replaceable">options</em><tt class="literal">)</tt> </b></dt>
<dd>
Modifies <em class="replaceable"><tt>dn</em>. <em class="replaceable">dn</tt></em>may be a string or a Net::LDAP::Entry object.
</p>

<dl>
<dt><b><tt class="literal">newrdn</tt> </b></dt>
<dd>
A new RDN to assign to <em class="replaceable"><tt>dn</tt></em>.</p>
</dd>


<dt><b><tt class="literal">deleteoldrdn</tt> </b></dt>
<dd>
True if the existing RDN will be deleted.</p>
</dd>


<dt><b><tt class="literal">newsuperior</tt> </b></dt>
<dd>
If given, this value should be the <em class="replaceable"><tt>dn</tt></em> of
the new superior for <em class="replaceable"><tt>dn</tt></em>.
</p>

<blockquote><pre class="code">$ldap-&gt;moddn($dn, newrdn =&gt; 'cn=Nate Patwardhan');</pre></blockquote>
</dd>
</dl>
</dd>


<a name="INDEX-2366" /><dt><b><tt class="literal">modify(</tt><em class="replaceable">dn</em><tt class="literal">, %</tt><em class="replaceable">options</em><tt class="literal">)</tt> </b></dt>
<dd>
Modifies the contents of <em class="replaceable"><tt>dn</tt></em>.
<em class="replaceable"><tt>dn</tt></em> may be a string or a Net::LDAP::Entry
object.
</p>

<dl>
<dt><b><tt class="literal">add</tt> </b></dt>
<dd>
Should be a reference to a HASH. HASH is comprised of the attributes
to add, and the values may be a string or a reference to a list of
values.
</p>
</dd>


<dt><b><tt class="literal">delete</tt> </b></dt>
<dd>
A reference to ARRAY that contains attributes to delete, or a
reference to a HASH, if only specific values should be deleted. If
the values for any attribute in HASH are references to an empty
ARRAY, then all instances of the attribute will be deleted.
</p>
</dd>


<dt><b><tt class="literal">replace</tt> </b></dt>
<dd>
Works like <tt class="literal">add</tt>, but will replace any of the
existing attributes.
</p>
</dd>


<dt><b><tt class="literal">changes</tt></b></dt>
<dd>
An alternative to <tt class="literal">add</tt>, <tt class="literal">delete</tt>,
and <tt class="literal">replace</tt>, in which the whole operation can be
given in a single argument. The argument should be a reference to an
ARRAY.
</p>


<p>Values in the ARRAY are used in pairs; the first is the operation
<tt class="literal">add</tt>, <tt class="literal">delete</tt>, or
<tt class="literal">replace</tt>, and the second is a reference to an ARRAY
of attribute values.
</p>

<p>The attribute value list is also used in pairs. The first value in
each pair is the attribute name, and the second is a reference to a
list of values.
</p>

<p>Use this form if you want to control the order in which the
operations will be performed:
</p>

<blockquote><pre class="code">my $dn = q[uid=nvp,ou=People,o=my.domain];

$ldap-&gt;modify($dn, add =&gt; { sn =&gt; 'Patwardhan' } );
$ldap-&gt;modify($dn, delete =&gt; { 'weight' =&gt; '175' });
$ldap-&gt;modify($dn, replace =&gt; { 'loginShell' =&gt; '/usr/bin/tcsh' });
$ldap-&gt;modify( $dn,
   changes =&gt; [
     add     =&gt; [ sn =&gt; 'Patwardhan' ],
     delete  =&gt; [ faxNumber =&gt; []],
     delete  =&gt; [ weight =&gt; ['175']],
     replace =&gt; [ loginShell =&gt; '/usr/bin/tcsh']
   ]
);</pre></blockquote>

</dd>
</dl>
</dd>


<a name="INDEX-2367" /><dt><b><tt class="literal">search(@</tt><em class="replaceable">options</em><tt class="literal">)</tt> </b></dt>
<dd>
Requests that an LDAP server perform a search and can read attributes
from a single entry, entries immediately below a particular entry, or
a whole subtree of entries. The result is an object of the class
Net::LDAP::Search.
</p>

<dl>
<dt><b><tt class="literal">base</tt> </b></dt>
<dd>
The DN that is the base object entry relative to the search that will
be performed.
</p>
</dd>


<dt><b><tt class="literal">scope</tt> </b></dt>
<dd>
By default, the search is performed on the whole tree below the
specified base object. This may be changed by specifying a