Introduction to Perl Net::LDAP

Net::LDAP
Clément OUDOT
FOSDEM 2014

Clément::OUDOT
Work
10
Free software

2

Table::of::contents
●
●
●

LDAP protocol
Net::LDAP
Usage examples

3

LDAP::protocol
●
●
●
●

●

●

Defined by standards (RFC)
LDAPv2 in 1995, LDAPv3 in 1997
TCP/IP, LBER, ASN1
9 core operations, and extended
operations
Schema define object classes, attributes,
syntaxes and matching rules
Data organized hierarchically (tree)

5

Directory::Information::Tree
dc=linid,dc=org

ou=people

uid=coudot

ou=structures

ou=groups

cn=admin

6

Entry::Attribute::Value
Entry
Attribute

Attribute
Attribute

Attribute

Attribute
Value
Value

Value

LDIF
●

LDAP Data Interchange Format
dn: uid=coudot,ou=users,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
uid: coudot
mail: coudot@linagora.com
cn: Clément OUDOT
sn: OUDOY
givenName: Clément

Tips::Devel::LDAP
●

●
●
●
●
●
●

LDAP is a connected protocol: 1 connection,
several operations
For each operation, a return code: test it!
LDAPS is deprecated, use startTLS
Use LDAPv3
Say hello! (BIND)
Say goodbye! (UNBIND)
Use search parameters to improve
performances

A module with modules
●
●
●
●
●
●
●

Net::LDAP: main module
Net::LDAP::LDIF: manipulate LDIF files
Net::LDAP::RFC: list of RFC (POD)
Net::LDAP::Schema: parse schema
Net::LDAP::Extensions::*
Net::LDAP::Control::*
And many others...

11

Credits
●
●
●

Graham Barr <gbarr@pobox.com>
Peter Marschall <peter@adpm.de>
Chris Ridd <chris.ridd@isode.com>

12

Create a connection
●
●
●

Create a new Net::LDAP object
Specify host, port, scheme
Other options:
●

dsebug

●

IO::Socket options

●

async

●

version (v3 is the default)

●

onerror

13

Authentication
●
●
●
●

Bind with a DN and a password
Bind anonymously
Bind with SASL
Client certificate with startTLS

14

Search
●

You need to provide:
●
●

Scope

●

Filter

●

●

Base

Attributes

Search can return 0 entries and be
successful

15

Entry
●

●

Entries object are returned by search or
generated from LDIF, or generated from
scratch
Methods to:
●

browse attributes and values

●

to add/modify/delete values

●

export to LDIF

16

Add and delete
●

Add method parameters:
●
●

●

Net::LDAP::Entry
DN and list of attributes

Delete method parameters:
●

Net::LDAP::Entry

●

DN

17

Modification
●
●

Add, replace, delete values
Modification applies to one entry:
●
●

●

Net::LDAP::Entry
DN

To rename/move an entry, use moddn:
●

Define a new RDN

●

Define a new superior

18

Password::Policy
●

●

Password policy controls password quality
at modification, and prevent brute force
attack at authentication
Net::LDAP::Control::PasswordPolicy:
●

Sent by client

●

Sent back by server

19

Apache::Session::LDAP
●
●
●

Implements Apache::Session interface
Store sessions as entries in LDAP
See also
Apache::Session::Browseable::LDAP for
indexed sessions

21

Scripts
●

Provided by LDAP Tool Box project:
●

Monitoring scripts:
–
–

Check OpenLDAP syncrepl status

–
●

Check LDAP response time
Check OpenLDAP monitor data

Data manipulation:
–

CSV to LDIF or LDIF to LDIF

–

Convert data from SUN/Oracle to OpenLDAP

22

LemonLDAP::NG
●

●
●
●
●
●
●

WebSSO, Access Control and Identity
Federation free software
Authentication against LDAP
Password modification in LDAP
Session storage in LDAP
Configuration storage in LDAP
Notification storage in LDAP
Implements Password Policy

23

Thanks
●

Special thanks to:
●
●

Company LINAGORA

●

●

FOSDEM and their organizers
All Perl developers

Keep in touch:
●

Twitter: @clementoudot

●

IRC: KPTN #linagora@freenode

●

Web: http://coudot.blogs.linagora.com

25

Thanks for your attention
http://www.linid.org

Logiciels et services Open Source
80 rue Roque de Fillol l 92800 PUTEAUX
Tel : 0810 251 251 l Fax : +33 1 46 96 63 64
www.linagora.com

Introduction to Perl Net::LDAP

More Related Content

What's hot

Similar to Introduction to Perl Net::LDAP

More from Clément OUDOT

Recently uploaded

Introduction to Perl Net::LDAP