1

I'm trying to implement a simple LDAP query in Perl. I want to retrieve the 'dc' attribute from all the 'dnsZone' objects from the domain. I first wrote it using dsquery and it works perfectly:

dsquery * "DC=iii,DC=hogent,DC=be" -attr dc -scope subtree -filter "(objectClass=dnsZone)"

Now when I try to implement this in Perl, I receive the following error when I just query for the 'dc' attribute. When I query for the 'dc' and the 'name' attribute (which look the same) I don't have problems.

OLE exception from "ADODB.Fields":

Item cannot be found in the collection corresponding to the requested name or ordinal.

I was thinking in the direction of the property cache, maybe the property is not yet available. But I don't know how i should refresh the property cache using an LDAP query. Maybe it has a getInfoEx([...], 0) variant?

my $rootDSE = bind_object('RootDSE');

my $base = bind_object($rootDSE->Get('defaultNamingContext'))->{ADsPath};
my $filter = "(objectClass=dnsZone)";
my $attrs = 'dc'; #No error when i change this into 'dc,name'
my $scope = 'subTree';

my $connection = Win32::OLE->CreateObject('ADODB.Connection');
   $connection->{Provider} = 'ADsDSOObject';
   $connection->Open();

my $command = Win32::OLE->CreateObject('ADODB.Command');
   $command->{ActiveConnection} = $connection;
   $command->{CommandText} = "<$base>;$filter;$attrs;$scope;";

my $resultSet = $command->Execute();

until($resultSet->{EOF}) {
    my $fields = $resultSet->{Fields};
    print $fields->{dc}->{Value}."\n";
    $resultSet->MoveNext();
}

Does someone see what I am doing wrong?

wardva
  • 624
  • 9
  • 28

1 Answers1

0

This kind of issue can occur with ldap client failing to lookup results when a query matches one entry (or more) that does not have any of the requested attributes.

Removing attributes from the query and using dc as a filter may help to check whether or not you are in that situation:

  • remove $attrs from the query, run the query and check the results count.
  • make the filter match only entries having a dc: "(&(objectClass=dnsZone)(dc=*))", run the query (no $attrs) and check the results count.
  • compare the results count.

If the 2nd query brings fewer results than the previous one, it means the original query matches entries that have no dc (error when requesting dc only, no error with both attributes).

That also means the objectClass dnsZone does not make mandatory the DomainComponent attribute as you might expect when using it as a filter to read dc's.

EricLavault
  • 12,130
  • 3
  • 23
  • 45