The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.


Net::LDAP::Config - a simple wrapper for maintaining info related to LDAP connections


        my $config = Net::LDAP::Config->new('source' => 'default');
        $config->clauth(); # CLI authentation
                'dn' => $dn,
                'password' => $password
        ); # normal authentation


Net::LDAP::Config is a wrapper module originally written for ldapsh but which is useful for much more. It's not very well documented just yet, but here are the main uses:


The config file is a simple INI-style format. There is one special section, main, and the only option it recognizes is default, for specifying the default source. Any other sections specify an LDAP source.

For example: [ldap] servers:, base: dc=domain,dc=com ssl: require

        default: ldap

A main config file is looked for in /etc/ldapsh_config and /usr/local/etc/ldapsh_config, and then in the user's home directory, either in the file specified by $LDAP_CONFIG or ~/.ldapsh_config.


If you are building an interactive script, you'll want to use this method:

create the configuration object, which basically pulls the server configuration from the config file my $config = Net::LDAP::Config->new('source' => 'mysource');

and then get all of the necessary info this caches ldap UIDs in ~/.ldapuids



This is where you collect the DN and password and auth normally:

 my $config = Net::LDAP::Config->new('source' => 'mysource');
        'dn' => $dn,
        'password' => $password
 ); # normal authentation

If you don't want to authenticate, use connect:

 my $config = Net::LDAP::Config->new('source' => 'mysource');

Yes, it sucks that there's a difference. I'm still trying to clean up the API.

You should probably just use bind, as it behaves well either with or without auth information.


Here are the environment variables that Net::LDAP::Config uses:


The file in which to store LDAP DN's. Defaults to ~/.ldapuids. This file is maintained automatically by Net::LDAP::Config, although you can modify it if you like -- it just caches the searched-for DN so you don't have to specify your username each time.

Feel free to recommend a different design.


A user-specific config file; over-rides any information in the central file. Defaults to ~/.ldapsh_config.



Can be used to turn debugging on (debug("on")) or off (debug("off")), otherwise prints on STDERR anything passed to it if debugging is currently on.


Used to store and report errors on the shell. Any arguments passed to error are joined into a single error message and returned as an error any time error is called.


    if ( error() ) { warn error("There was a problem"); } else { dostuff(); }

    if (error()) { die error(); }


Connects to the first viable ldap server from a list or reference to a list.

1 POD Error

The following errors were encountered while parsing the POD:

Around line 106:

=over without closing =back