How do I make a complex query with Perl's Net::LDAP?

Question

I'm having trouble running a complex query against our company LDAP server. I'm using the following Perl script:

use Data::Dumper;
use Net::LDAP;

die "Can't connect to LDAP-Server: $@\n" 
    unless $ldap = Net::LDAP->new( 'xLDAPx' );


foreach my $filter ( 'ou=Personal', 'ou=BAR', 'ou=Personal,ou=BAR', 'ou=Personal,ou=FOO,o=FOO,dc=foo,dc=com' )
{ 
    $mesg = $ldap->search( base => "o=FOO,dc=foo,dc=com", filter => $filter );
    print Dumper($mesg), "\n\n";
}

While the first two filters work (as in returning the expected values) the last and complex one doesn't. It returns an empty array. What really puzzles me is that exactly the same query string works when I use it with a tool like the Softerra LDAP Browser.

I have also tried the same query using PHP's ldap_search & co, no avail.

Can somebody shed some light on this?

Thanks for reading

holli

Edit: This is the structure of the server:

Server
    ou=FOO
        ou=...
        ou=Personal
            uid=something

I need a list of uids.

Answer 1

I think you want it to be more like (&(ou=Personal)(ou=FOO)(o=FOO)(dc=foo)(dc=com)). But you are not clear at all on what you want exactly, so I can't make a filter for you.

Edited to add: I'm guessing this is what you want to do: (|(ou=Personal)(ou=FOO))

Answer 2

The reason is that you are not providing syntactically correct filter strings, but parts of a DN. I can't imagine this works in Ldap Browser - I just tried myself without success.

The first two are correct filter strings. They filter on a single object attribute in a "({attribute}={value})" fashion. The first ("ou=Personal") would return any OU named "Personal" within your search base.

If you explain in more detail what you are trying to find I can probably tell you what filter expression you need.