use strict ;
use warnings ;

use Net::LDAP ;

sub makefilter {
  return qq/(|(uid~=$_[0])(|(cn~=$_[0])(loginname~=$_[0])))/
}

my $ldap = Net::LDAP->new('x.it') ;
{
  my $msg = $ldap->bind('cn=admin,ou=People,dc=x,dc=it',
                        password => 'secret') ;
  die "Cannot bind: ".$msg->error if $msg->is_error ;
}

my $base = 'ou=People,dc=x,dc=it' ;

my @users ;

# I won't preload all entries in production code,
# in fact this is just an example :-)
foreach my $user (qw(pinco pallino caro bellino)) {
  my $filter = makefilter($user) ;
  my $msg = $ldap->search(base => $base,
                          filter => $filter) ;
  die $msg->error if $msg->is_error ;
  push @users,$ldap->entries ;
}

foreach my $entry (@users) {
  my $msg = $ldap->modify($entry,
                add => { objectclass => 'posixAccount' }) ;
  if ($msg->is_error) {
    warn "Cannot modify ".$entry->dn.", giving up!" ;
    last ;
  }
}