過去に別の場所で英語で投稿した内容の再掲です。
Acitve Directory側がLDAPSEARCHの結果の最大値を1000に設定していた場合に、PERLでうまいこと全件持ってくるためのスクリプトの一部です。
Active Directory (AD) has server side limit of 1,000 on ldapsearch.
On command line, options can be used to handle with more than 1,000 entries like:
|
1 |
ldapsearch -h [hostname] -p [port] -b [ldapbase] -E pr=1000/noprompt cn * |
How can this be done using Net::LDAP, was my question.
And this is my work around.
I referred to CPAN Net::LDAP::Control::Paged.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
use Net::LDAP; use Net::LDAP::Control::Paged; use Net::LDAP::Constant qw( LDAP_CONTROL_PAGED ); $LDAPBINDDN = "viewer"; $LDAPBINDPW = "password"; $LDAPSERVER = "localhost"; $LDAPSEBASE = "ou=users,dc=kohachi,dc=net"; $USERATTRS = [ 'cn', 'sn', 'givenName', 'memberOf' ]; $ldap = Net::LDAP->new($LDAPSERVER); $page = Net::LDAP::Control::Paged->new( size => 1000 ); $bindResult = $ldap->bind( "$LDAPBINDDN", password=>$LDAPBINDPW ); $users = {}; #Hash to store information in memory for later use. if ( $bindResult->{'resultCode'} == 0 ) { while ( 1 ) { my $searchResult = $ldap->search( base=>LDAPSEBASE, filter=>'(objectClass=user)', attrs=>@USERATTRS, callback=>procEntry(), #subroutine called by every entry control=>[ $page ], ); my $searchResp=$searchResult->control(LDAP_CONTROL_PAGED) or last; $cookie=$searchResp->cookie; last if (!defined($cookie) || !length($cookie)); $page->cookie($cookie); } } sub procEntry { my ( $result, $entry ) = @_; if ( $entry->isa('Net::LDAP::Entry') ) { my $cn = $entry->get_value(cn); my $sn = $entry->get_value(sn); my $gn = $entry->get_value(givenName); my @memberOf = $entry->get_value(member); $users->{$cn}->{'sn'} = $sn; $users->{$cn}->{'gn'} = $gn; @{$users->{$cn}->{'memberOf'}} = @memberOf; } } |