Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Net::LDAP problem with wildcard on applied filter

by mellin (Scribe)
on Feb 10, 2006 at 09:41 UTC ( [id://529311]=perlquestion: print w/replies, xml ) Need Help??

mellin has asked for the wisdom of the Perl Monks concerning the following question:

I have a strange behaviour of applied filter on my program. It uses Net::LDAP to fetch object information from Microsoft Active Directory. Group and Computer objects can have "managedBy" attribute set on them, this attribute, if set, uses object distinguished name (DN) as its syntax. When i try to search all computer objects with managedBy attribute against string *Administrator*, i don't get any returned objects, altough i can verify otherwise that this user is found on managedBy attribute on several computer objects. Same thing when trying to search group objects where Administrator is found in managedBy

Note that i use wildcards, as they are supported on LDAP filters, far as i know. I'm also using user Administrator just as an example here. If i replace *Administrator* string with the complete user DN, i get the expected results, but i'm aiming to simplify things here.

Administrator DN:

CN=Administrator,CN=Users,DC=domain,DC=ad,DC=local

Applied filter:

(&(objectClass=computer)(managedBy=*Administrator*))

Replies are listed 'Best First'.
Re: Net::LDAP problem with wildcard on applied filter
by g0n (Priest) on Feb 10, 2006 at 09:55 UTC
    I've come across this kind of behaviour in AD before. It looks like there may be some sort of 'undocumented' feature, examining search filters, and returning a null record set on anything with too broad a scope. managedBy probably doesn't have a medial index, so your search would be insanely slow, so AD returns nothing. There is some information on efficient filtering here

    Just to verify that this behaviour originates in AD, you could try doing the same search with ldapsearch from the command line.

    You might get better behaviour with (managedBy=cn=Administrator*)

    --------------------------------------------------------------

    "If there is such a phenomenon as absolute evil, it consists in treating another human being as a thing."
    John Brunner, "The Shockwave Rider".

    Can you spare 2 minutes to help with my research? If so, please click here

[reply]
[d/l]
[select]

      Sure, didn't think of that. I'll try with ldapsearch if it returns the same.

[reply]

      I'm getting similar results with other ldap tools as well, Microsoft AD returns nothing when trying to search by managedBy attribute. Too bad, because i would really need this functionality.

      Now i need to come up with some other ldap filter, if this doesn't work.

[reply]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://529311]
Approved by wfsp
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others contemplating the Monastery: (6)
As of 2024-04-16 12:11 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found