#!/usr/bin/perluse strict;use autodie;use warnings;use Data::Dumper;use Ne

1. #!/usr/bin/perl
2.  
3. use strict;
4. use autodie;
5. use warnings;
6. use Data::Dumper;
7. use Net::LDAP;
8.  
9. my $uid = 'some.user' ;
10. my $upass = 'nonono';
11. my $host = "ldap.host.site.com";
12. my $user = "uid=appuser,ou=ldapapps,dc=host,dc=site,dc=com";
13. my $pass = "hostpass";
14. my $dn = "uid=" . $uid . ",ou=people,dc=host,dc=site,dc=com";
15. my $opts = { port => 389 };
16. my $groupdn = 'cn=appgroup,ou=Group,dc=host,dc=site,dc=com';
17.  
18. # connect to ldap
19. my $ldap = Net::LDAP->new( $host, %$opts )
20. or die "Couldn't connect to LDAP server: $@";
21.  
22. # bind to ldap as application
23. my $bindResult = $ldap->bind( $user, password => $pass );
24. $bindResult->code() && die "Couldn't bind to LDAP server: " . $bindResult->error();
25.  
26. # bind to ldap as user to validate password
27. my $bindUser = $ldap->bind( $dn, password => $upass );
28. $bindUser->code() && die "Couldn't bind to LDAP server: " . $bindUser->error();
29.  
30. # search for user as application
31. my $userSearch = $ldap->search( base => $dn, filter => '(objectclass=*)' );
32. $userSearch->code() && $userSearch->code() != 32 && die "Couldn't find user: " . $userSearch->error();
33. die "user not found" if ($userSearch->count() == 0);
34.  
35. # find group as application
36. my $groupResult = $ldap->search( base=>$groupdn,filter=>'(objectclass=*)',attrs=>['memberUid']);
37. $groupResult->code() && die "Couldn't find group: " . $groupResult->error();
38. die "group not found" if ($groupResult->count() == 0);
39.  
40. # get group entry
41. my $entry = $groupResult->shift_entry();
42.  
43. # get members of the group
44. my @members = $entry->get('memberUid');
45.  
46. print "user not in group\n" unless $uid ~~ @members;