perlactive-directorynetldap

perl LDAP entry not recognised


We are writing a Perl code (to be run from Unix) which will reset the password of a Windows AD User. (We are not using powershell as we have been asked not to use Windows scripts).

With the following Perl code, we are able to connect to the AD User directory and query the correct user.

#!/usr/bin/perl -w
#########################
#This script resets the password in active user directory 
#########################

use strict;
use warnings;
use DBI;
use Net::LDAP;
use Net::LDAPS;
use Authen::SASL qw(Perl);
use Net::LDAP::Control::Paged;
use Time::Local;

my $CERTDIR     = "<cert path>";
my $AD_PASS     = "$CERTDIR/.VDIAD_pass";
my $sAN = "vahmed";

### Generate Random Password ###
my $randompass = askPasswd();
my $uninewpass;
my $mail;
my $fullname;
my $name;
my $distName;
my $finalresult;


my @AD_passwords = get_domain_pass();

my $result = reset_AD_Password();

#Reset AD user password
sub reset_AD_Password {                              
    my $ad = Net::LDAP->new($AD_passwords[0]);
    my $msg = $ad->bind(dn => "cn=$AD_passwords[2],$AD_passwords[1]",
                        password   => $AD_passwords[3],
                        version    => 3);

    if ($msg->code)
    {
            print "Error :" . $msg->error() . "\n";
            exit 2;
    }

    my $acc_name            = 'sAMAccountName';
    my $acc_fullname        = 'displayName';
    my $acc_base            = 'manager';
    my $acc_distName        = 'distinguishedName';
    my $acc_mail            = 'mail';

    my $act = $ad->search(
                        base    => "$AD_passwords[1]",
                        filter  => "(&(objectCategory=person)(sAMAccountName=$sAN))",
                        attrs   => [$acc_name, $acc_fullname, $acc_distName, $acc_mail]);
    die 1 if ($act->count() !=1 );
my $samdn = $act->entry(0)->dn;

$fullname = $samdn->get_value($acc_fullname);
$mail = $samdn->get_value($acc_mail);   

    }
}

However we get an error on the line:

$fullname = $samdn->get_value($acc_fullname);
    $mail = $samdn->get_value($acc_mail);

The error states "Can't locate object method "get_value" via package (distinguished Name) (perhaps you forgot to load (distinguished Name))"
However the code works correctly when we replace $samdn with the following code:

foreach my $entry ($act->entries){
        $name           = $entry->get_value($acc_name);
        $fullname       = $entry->get_value($acc_fullname);
        $distName       = $entry->get_value($acc_distName);
        $mail           = $entry->get_value($acc_mail);
    }

It would appear that the code is unable to identify $samdn as a Net::LDAP::Entry record.
We have tried typecasting $samdn but got the same error. Could someone help in resolving this issue as we would not prefer to use the for loop just in case more that one record is returned by the search? Thanks in advance.


Solution

  • You are not assigning a Net::LDAP::Entry to $samdn. You are assigning the dn of the first entry.

    #                         VVVV
    my $samdn = $act->entry(0)->dn;
    

    Get rid of that ->dn and it should work, if $act->entry(0) returns a Net::LDAP::Entry.