Net::LDAP, Active Directory and Disabled Users

------_=_NextPart_001_01C386CB.502F3B30
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I've been trying to write a simple perl script that will query the =
active
directory via LDAP and give me a list of email addresses for disabled =
users
(eg, addresses we don't want to accept email for anymore). I found a =
website
or two that suggested I use the following as my filter:

(&(objectCategory=3Dperson)(userAccountControl:1.2.840.113556.1.4.803:=3D=
2))

I was beginning to think these websites were wrong as whenever I tried =
this
filter, I'd go no results. With other filters, I'd get the results I'd
expect to get. I then tried that filter in a couple other applications =
(one
MS tool and a PHP script running on the same box as my perl script) and =
it
worked as expected in those cases. In the interest of testing, I created =
a
Net::LDAP::Filter object in my script and it seemed to parse the filter
fine. But when I try to run it via the search routine of Net::LDAP I get =
the
following error:

I/O Error   at ./gather_email.pl line 24, <DATA> line 283.


Unfortunately, I'm not an LDAP expert by any means nor am I at all =
familiar
with the Net::LDAP code so I think I've hit a stand-still. Has anybody =
else
experienced this (I did try a couple searches and came up empty). Or =
better
yet, does anybody know how to fix it :).


Thanks,
Jake


--
 "Outlook not so good." That magic 8-ball knows everything! I'll ask =
about Exchange Server next.=20
=20


* EMAIL DISCLAIMER AND TERMS OF USE *
The information transmitted is intended only for the person to whom it =
is addressed and may contain confidential and/or privileged material. If =
you have received an email in error please notify abuse@us.hilite.com =
and then delete all copies of it from your systems.
Any use of, or any action relying upon, information in an email by =
persons other than the intended recipient is prohibited.
Although Hilite International scans incoming and outgoing emails and =
email attachments for viruses we cannot guarantee a communication to be =
free of all viruses nor accept any responsibility for viruses.

Although Hilite International monitors incoming and outgoing emails for =
inappropriate content, Hilite International cannot be held responsible =
for the views or expressions of the author.
The views expressed may not necessarily be those of Hilite International =
and Hilite International cannot be held responsible for any loss or =
injury resulting from the contents of a message.

------_=_NextPart_001_01C386CB.502F3B30--
0
Jacob
9/29/2003 8:50:27 PM
perl.ldap 1261 articles. 0 followers. Follow

1 Replies
892 Views

Similar Articles

[PageSpeed] 21

Hi,

On Monday 29 September 2003 22:50, Steenhagen, Jacob wrote:
> I've been trying to write a simple perl script that will query the active
> directory via LDAP and give me a list of email addresses for disabled users
> (eg, addresses we don't want to accept email for anymore). I found a
> website or two that suggested I use the following as my filter:
>
> (&(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.803:=2))
>
> I was beginning to think these websites were wrong as whenever I tried this
> filter, I'd go no results. With other filters, I'd get the results I'd
> expect to get. I then tried that filter in a couple other applications (one
> MS tool and a PHP script running on the same box as my perl script) and it
> worked as expected in those cases. In the interest of testing, I created a
> Net::LDAP::Filter object in my script and it seemed to parse the filter
> fine. But when I try to run it via the search routine of Net::LDAP I get
> the following error:
>
> I/O Error   at ./gather_email.pl line 24, <DATA> line 283.
>
>
> Unfortunately, I'm not an LDAP expert by any means nor am I at all familiar
> with the Net::LDAP code so I think I've hit a stand-still. Has anybody else
> experienced this (I did try a couple searches and came up empty). Or better
> yet, does anybody know how to fix it :).

It would help people willing to help you if they knew
* the interesting parts of your script
* the data you feed it
* the versions of Perl and perl-ldap you use

Peter

PS: the discaimer you send is ridiculous when sending to a mailing list
      with subscribers from all over the world.

-- 
Peter Marschall
eMail: peter@adpm.de
0
peter
9/30/2003 9:10:46 AM
Reply:

Similar Artilces:

Net::LDAP, Active Directory and Disabled Users #2
I've been trying to write a simple perl script that will query the active directory via LDAP and give me a list of email addresses for disabled users (eg, addresses we don't want to accept email for anymore). I found a website or two that suggested I use the following as my filter: (&(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.803:=2)) I was begining to think these websites were wrong as whenever I tried this filter, I'd go no results. With other filters, I'd get the results I'd expect to get. I then tried that filter in a couple other appli...

RE: Net::LDAP, Active Directory and Disabled Users
Version of Perl:=20 5.8.0 (as supplied with RedHat9) Version of Net::LDAP: [jsteenha@jake utilities]$ perl -mNet::LDAP -e 'print = "$Net::LDAP::VERSION\n"' 0.29 Relevant part of Perl code: #!/usr/bin/perl use Net::LDAP; use Net::LDAP::Filter; $filter =3D = '(&(objectCategory=3Dperson)(userAccountControl:1.2.840.113556.1.4.803:=3D= 2))'; #$filter =3D '(objectCategory=3Dperson)'; $f =3D new Net::LDAP::Filter; $f->parse($filter); $f->print(); #exit; my $ldap =3D Net::LDAP->new('acutex-dc01'); my $mesg =3D $...

RE: :LDAP, Active Directory and Disabled Users
Do some testing - query userAccountControl for an active user - then disable the user and query userAccountControl again. The result will = be the what you should use in your query. In my case all inactive users are 514 .... Best of luck ... HTH -----Original Message----- From: Steenhagen, Jacob [mailto:Jacob.Steenhagen@us.hilite.com] Sent: Monday, September 29, 2003 4:50 PM To: perl-ldap@perl.org Subject: Net::LDAP, Active Directory and Disabled Users I've been trying to write a simple perl script that will query the active directory via LDAP and give me a list o...

RE: :LDAP, Active Directory and Disabled Users #3
I apologize for the repost on this... I originally tried posting it via = NNTP and didn't see it show up so I thought (incorrectly) that NNTP was = read-only and to get the message through I had to send it via the = mailing list. -- "Outlook not so good." That magic 8-ball knows everything! I'll ask = about Exchange Server next.=20 -----Original Message----- From: Jake [mailto:jacob.NOSPAM.steenhagen@us.hilite.BYEBYE.com] Sent: Monday, September 29, 2003 4:17 PM To: perl-ldap@perl.org Subject: Net::LDAP, Active Directory and Disabled Users I've been...

RE: :LDAP, Active Directory and Disabled Users #2
Useraccountcontrol is a bit flag attribute. You get 514 because a disabled user account has the following properties: 2 : disabled 512 : normal account (not a special account) You can get the list of flags here: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/adsi /ads_user_flag_enum.asp You can use 2 or 514 to find disabled users. This filter will match disabled users: (&(objectCategory=person)(objectclass=user)(userAccountControl:1.2.840.11355 6.1.4.803:=2)) Without objectclass, the filter could also match computer objects. You can f...

Getting User List from Active Directory using LDAP with Asp.Net
Dear All, Did any body worked on the below process? Getting User List from Active Directory using LDAP with Asp.Net. If Yes, Can u pls guide me to proceed? warm regards, Minor. Not sure if that was supposed to be a hyperlink or not in your post.  However, you should start with the first post in this forum for common patterns.  You are looking for all users, so you can use "(&(objectClass=user)(objectCategory=person))" as your search filter.  Ryan DunnWeblog The BookLDAP Programming Help...

Return All Users with User Groups from Active Directory with LDAP
Hello.  I am trying to write a report that pulls information in from Active Directory.  I have a view created that gets a listing of users and a view that creates a listing of user groups, but I can't seem to figure out how to get all user groups that are associated with the users.  This is what I have. SELECT     *FROM         OPENQUERY(ADSI, 'SELECT objectSid, samAccountName, distinguishedName FROM ''LDAP://wmdomain.local''WHERE objectClass = ''User''')    ...

iFolder and Active Directory LDAPS (LDAP over SSL)
I am looking for some insight in getting my iFolder server communicating with an Active directory server over SSL for user Authentication. I am using iFolder 2.1.3 and Windows 2003SP1 on the servers for both iFolder server OS and Active Directory OS. I have installed the root cert for the domain on the iFolder server. When I use the iFolder installer I can extend the schema of the directory structure over 636 using SSL without any problems, it connects and looks good. When iFolder starts the logfile has the following entries Starting iFolder server, version 2.1.3 [04/06/01] Conf...

4 issues with Net::LDAP and Active Directory
------_=_NextPart_001_01C74A47.D441C220 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I have 4 issues which I do not understand and I have searched the Net::LDAP documentation up and down and cannot figure it out. =20 1. pwdLastSet is only available for the DN of the user who is logged in. (That seems a little odd, why is that?) and yes I logged in as another user using LDAP and it was available for them and not me. =20 2. pwdLastSet is some Active Directory timestamp (Why oh why cant Microsoft just use utc like ev...

make Net::LDAP::LDIF more similar to Net::LDAP
Hi Graham, hi Chris, hi list, I would like to rework Net::LDAP::LDIF a bit so that its API resembles that of Net::LDAP a bit more while still keeping the traditional API. The reason for this is that in application I often need to distinguish between Net::LDAP and Net::LDAP::LDIF because some methods are only implemented on one side. I\'d like to start with a code() method that tries to mimic the Net::LDAP one and I\'d like to extend the Net::LDAP::Entry->update() method so that it takes a Net::LDAP::LDIF object as an argument. The latter one requires a...

[Fwd: make Net::LDAP::LDIF more similar to Net::LDAP]
--------------95D5815B06BDC2BD1A0ABFEB Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit --------------95D5815B06BDC2BD1A0ABFEB Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Mozilla-Status2: 00000000 Message-ID: <40C7B13E.8864E5A0@cs.adelaide.edu.au> Date: Thu, 10 Jun 2004 10:54:22 +1000 From: Sion Camilleri <sion@cs.adelaide.edu.au> Reply-To: sion@cs.adelaide.edu.au X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Graham Barr <gbarr@pobox.com>...

Active directory groups are not listed for a user (at times ) using LDAP
Hi All, I am using LDAP to get active directroy groups for a given user.  I am able to see the AD gorups list some times. But it is not consistent.  Some times I get empty list. If any one can help in this regard, It would be great. If you have any other way of getting AD groups Please let me know.  This is the code I am using Public Shared Function GetADUserGroups(ByVal UserName As String) As String Dim grouplist As New StringBuilder() Dim result As SearchResult Dim groupcount As Integer = 0 Dim counter As Integer = 0 Dim pos As Integer Dim search As New Dire...

User Managment for WORKGROUPS, or Without using LDAP & Active Directory.
Hello Guys, I am very new to this forum objective. here i have one query which is related to the Windows User Management (e.g. User Creation, Resetting Password's, unlocking the user etc.) I am creating a console which will be used to monitor & administer the Windows. now my host server & destination servers are in WORKGROUP, so i am not able to communicate with this server using Active Directory or LDAP for user management.To get the information i am using WMI.As per my knowledge, we can use ACTIVE Directory or LDAP only within domain. So, to resolve this what ...

Net::LDAP -> Active Directory password change attribute failure
Okay, even using the code chunk from "the FAQ"(tm), trying to have a user change their own password results in the error message: 0000052D: AtrErr: DSID-03190F00, #1: 0: 0000052D: DSID-03190F00, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd) from the $ldap->modify( changes=>{delect,add} ) operation. Have tried numerous methods of encoding the password unicode (which all end up the same result) as well as base64 encoding. Strangely, if I use a "replace" operation instead of changes=>{delect,add}, it is accepted (tho i g...

Web resources about - Net::LDAP, Active Directory and Disabled Users - perl.ldap

Resources last updated: 12/2/2015 8:41:29 AM