How to get all the members in user group by using LDAP in Perl?

About LDAP:

LDAP stands for Lightweight Directory Access Protocol. It is usually used to fetch (and sometimes update) data in a directory of people.

Using Net::LDAP module in Perl can provide a way to interact with this database.

 

Perl script to get this:

#! /usr/bin/perl

# Owner: Rebecca

# Creation date: 2014-12-29

# Usage:

# ./script.pl > yourfile.scv

 

use strict;

use Win32;

use Win32::OLE;

use Net::LDAP;

use warnings;

 

sub getmembersingroup

{

(my $subldap, my $groupname) = @_;

 

#************************************Get distinguished name by using group name*****************************************

my $mesg = $subldap->search(

base => "dc=global,dc=ds,dc=company,dc=com",

filter => "(&(CN=".$groupname."))",

);

 

if($mesg->code)

{

                print $mesg->error, "\n";

                exit;

}

 

my @entries = $mesg->entries;

my $distinguishedName;

foreach my $entry(@entries)

{

                $distinguishedName = $entry->get_value("distinguishedName");

}

 

#**********************Get members by using the newly got distinguished Name*********************************************

$mesg = $subldap->search(

             base => $distinguishedName,

             scope => "sub",

             filter => "(&(objectClass=*))",

         );

@entries = $mesg->entries;

 

my $entry;

foreach $entry(@entries)

{

                my @member = $entry->get_value("member");

 

                foreach (@member)

                {

                                my $line = $_;

                                my $para = $line;

 

                                my $string_dl = "OU=Distribution Lists";

                                 $line =~ /DC=(.*?),/;

                                my $str_domain = $1;

   

                                if (!/$string_dl/)

                                {

                                                #--------------get the account name and domain name---------------------

                                                my $str_obj = Win32::OLE->GetObject("LDAP://".$para) or die "$@";

                                                                                               

                                                my $status_able = "disabled";

                                                if ($str_obj->{accountdisabled} eq 0)

                                                {

                                                                $status_able = "enabled";

                                                }

                                               

                                                $str_obj->{displayName} =~ s/\,//g; # remove the , in the name

 

                                                print "$str_obj->{displayName},$str_obj->{sAMAccountName},$str_domain,$status_able \n" ;

                                }

                                else

                                {

                                                #it is a DL need to get the members inside

                                                $line = ~/CN=(.*?),/;

                                                my $sub_group_name = $1;

                                                &getmembersingroup($subldap,$sub_group_name);                   

                                }

                }

}

}

 

my $ldap = Net::LDAP->new('global.ds.company.com') or die "$@";

my $mesg = $ldap->bind('[email protected]',password =>"youraccountpassword");

 

if($mesg->code)

{

                print $mesg->error, "\n";

}

 

&getmembersingroup($ldap, "GroupName");