0

I want to check if a given DN exists in the LDAP directory, using Perl and Net::LDAP. So, I figured I'd do something like this:

my $dn = 'uid=foo,ou=bar,ou=baz';
$ldap->search(base => $dn, scope => 'base', attrs => ['dn']);

However, that results in a Bad filter error. I can get it to work by adding filter => '(objectClass=*)', but that seems a little klugey.

Is this how I'm supposed to do this, or have I missed something? I'm new to Net::LDAP.

derobert
  • 49,731
  • 15
  • 94
  • 124
  • Why is that "kludgey"? LDAP clients must supply a valid filter for a search request. – Terry Gardner Jun 12 '13 at 16:50
  • @TerryGardner I guess that'd be saying its supposed to be like that. But, e.g., with the OpenLDAP `ldapsearch` command-line tool, you don't have to specify the filter (it defaults it for you). And it seems like the error message would say something about the filter being required if it were. – derobert Jun 12 '13 at 16:52
  • What filter is actually transmitted to the server in the search request when you do not supply a filter in your code? – Terry Gardner Jun 12 '13 at 16:57
  • @TerryGardner Wireshark tells me it doesn't actually send a search to the server. So I think you're right, adding the explicit filter for objectClass=* is required, and it could use a better error message. I'd be happy to accept an answer saying that. – derobert Jun 12 '13 at 17:01

1 Answers1

2

An LDAP client must supply a valid search filter to a search request. Try using (&) for the filter. Note that some broken directory servers do not accept the legal filter (&). If your server is broken in this way, use the present filter (objectClass=*) instead.

Terry Gardner
  • 10,957
  • 2
  • 28
  • 38