{
    "content": [
        {
            "type": "text",
            "text": "# Net::LDAP (info)\n\n## NAME\n\nNet::LDAP - Lightweight Directory Access Protocol\n\n## SYNOPSIS\n\nuse Net::LDAP;\n$ldap = Net::LDAP->new( 'ldap.example.com' )  or  die \"$@\";\n$mesg = $ldap->bind;                         # anonymous bind\n$mesg->code  and  die $mesg->error;          # check for errors\n$srch = $ldap->search( base   => \"c=US\",     # perform a search\nfilter => \"(&(sn=Barr)(o=Texas Instruments))\"\n);\n$srch->code  and  die $srch->error;          # check for errors\nforeach $entry ($srch->entries) { $entry->dump; }\n$mesg = $ldap->unbind;                       # take down session\n$ldap = Net::LDAP->new( 'ldaps://ldap.example.com' )  or  die \"$@\";\n# simple bind with DN and password\n$mesg = $ldap->bind( 'cn=root, o=University of Michigan, c=us',\npassword => 'secret'\n);\n$mesg->code  and  die $mesg->error;          # check for errors\n$result = $ldap->add( 'cn=Barbara Jensen, o=University of Michigan, c=US',\nattrs => [\ncn          => ['Barbara Jensen', 'Barbs Jensen'],\nsn          => 'Jensen',\nmail        => 'b.jensen@umich.edu',\nobjectclass => ['top', 'person',\n'organizationalPerson',\n'inetOrgPerson' ],\n]\n);\n$result->code  and  warn \"failed to add entry: \", $result->error;\n$mesg = $ldap->unbind;                       # take down session\n\n## DESCRIPTION\n\nNet::LDAP is a collection of modules that implements a LDAP services\nAPI for Perl programs. The module may be used to search directories or\nperform maintenance functions such as adding, deleting or modifying\nentries.\n\n## Sections\n\n- **NAME**\n- **SYNOPSIS**\n- **DESCRIPTION**\n- **CONSTRUCTOR**\n- **METHODS**\n- **CONTROLS**\n- **CALLBACKS**\n- **LDAP ERROR CODES**\n- **SEE ALSO**\n- **ACKNOWLEDGEMENTS**\n- **MAILING LIST**\n- **BUGS**\n- **AUTHOR**\n- **COPYRIGHT**\n\nUse structuredContent.sections for detailed options, examples, and full documentation.\n"
        }
    ],
    "structuredContent": {
        "command": "Net::LDAP",
        "section": "",
        "mode": "info",
        "summary": "Net::LDAP - Lightweight Directory Access Protocol",
        "synopsis": "use Net::LDAP;\n$ldap = Net::LDAP->new( 'ldap.example.com' )  or  die \"$@\";\n$mesg = $ldap->bind;                         # anonymous bind\n$mesg->code  and  die $mesg->error;          # check for errors\n$srch = $ldap->search( base   => \"c=US\",     # perform a search\nfilter => \"(&(sn=Barr)(o=Texas Instruments))\"\n);\n$srch->code  and  die $srch->error;          # check for errors\nforeach $entry ($srch->entries) { $entry->dump; }\n$mesg = $ldap->unbind;                       # take down session\n$ldap = Net::LDAP->new( 'ldaps://ldap.example.com' )  or  die \"$@\";\n# simple bind with DN and password\n$mesg = $ldap->bind( 'cn=root, o=University of Michigan, c=us',\npassword => 'secret'\n);\n$mesg->code  and  die $mesg->error;          # check for errors\n$result = $ldap->add( 'cn=Barbara Jensen, o=University of Michigan, c=US',\nattrs => [\ncn          => ['Barbara Jensen', 'Barbs Jensen'],\nsn          => 'Jensen',\nmail        => 'b.jensen@umich.edu',\nobjectclass => ['top', 'person',\n'organizationalPerson',\n'inetOrgPerson' ],\n]\n);\n$result->code  and  warn \"failed to add entry: \", $result->error;\n$mesg = $ldap->unbind;                       # take down session",
        "tldr_summary": null,
        "tldr_examples": [],
        "tldr_source": null,
        "flags": [],
        "examples": [],
        "see_also": [],
        "section_outline": [
            {
                "name": "NAME",
                "lines": 2,
                "subsections": []
            },
            {
                "name": "SYNOPSIS",
                "lines": 42,
                "subsections": []
            },
            {
                "name": "DESCRIPTION",
                "lines": 8,
                "subsections": []
            },
            {
                "name": "CONSTRUCTOR",
                "lines": 119,
                "subsections": []
            },
            {
                "name": "METHODS",
                "lines": 720,
                "subsections": []
            },
            {
                "name": "CONTROLS",
                "lines": 23,
                "subsections": []
            },
            {
                "name": "CALLBACKS",
                "lines": 16,
                "subsections": []
            },
            {
                "name": "LDAP ERROR CODES",
                "lines": 3,
                "subsections": []
            },
            {
                "name": "SEE ALSO",
                "lines": 7,
                "subsections": []
            },
            {
                "name": "ACKNOWLEDGEMENTS",
                "lines": 6,
                "subsections": []
            },
            {
                "name": "MAILING LIST",
                "lines": 3,
                "subsections": []
            },
            {
                "name": "BUGS",
                "lines": 6,
                "subsections": []
            },
            {
                "name": "AUTHOR",
                "lines": 2,
                "subsections": []
            },
            {
                "name": "COPYRIGHT",
                "lines": 5,
                "subsections": []
            }
        ],
        "sections": {
            "NAME": {
                "content": "Net::LDAP - Lightweight Directory Access Protocol\n",
                "subsections": []
            },
            "SYNOPSIS": {
                "content": "use Net::LDAP;\n\n$ldap = Net::LDAP->new( 'ldap.example.com' )  or  die \"$@\";\n\n$mesg = $ldap->bind;                         # anonymous bind\n\n$mesg->code  and  die $mesg->error;          # check for errors\n\n$srch = $ldap->search( base   => \"c=US\",     # perform a search\nfilter => \"(&(sn=Barr)(o=Texas Instruments))\"\n);\n\n$srch->code  and  die $srch->error;          # check for errors\n\nforeach $entry ($srch->entries) { $entry->dump; }\n\n$mesg = $ldap->unbind;                       # take down session\n\n$ldap = Net::LDAP->new( 'ldaps://ldap.example.com' )  or  die \"$@\";\n\n# simple bind with DN and password\n$mesg = $ldap->bind( 'cn=root, o=University of Michigan, c=us',\npassword => 'secret'\n);\n\n$mesg->code  and  die $mesg->error;          # check for errors\n\n$result = $ldap->add( 'cn=Barbara Jensen, o=University of Michigan, c=US',\nattrs => [\ncn          => ['Barbara Jensen', 'Barbs Jensen'],\nsn          => 'Jensen',\nmail        => 'b.jensen@umich.edu',\nobjectclass => ['top', 'person',\n'organizationalPerson',\n'inetOrgPerson' ],\n]\n);\n\n$result->code  and  warn \"failed to add entry: \", $result->error;\n\n$mesg = $ldap->unbind;                       # take down session\n",
                "subsections": []
            },
            "DESCRIPTION": {
                "content": "Net::LDAP is a collection of modules that implements a LDAP services\nAPI for Perl programs. The module may be used to search directories or\nperform maintenance functions such as adding, deleting or modifying\nentries.\n\nThis document assumes that the reader has some knowledge of the LDAP\nprotocol.\n",
                "subsections": []
            },
            "CONSTRUCTOR": {
                "content": "new ( HOST, OPTIONS )\nCreates a new Net::LDAP object and opens a connection to the named\nhost.\n\n\"HOST\" may be a host name or an IP address. TCP port may be\nspecified after the host name followed by a colon (such as\nlocalhost:10389). The default TCP port for LDAP is 389.\n\nYou can also specify a URI, such as 'ldaps://127.0.0.1:666' or\n'ldapi://%2fvar%2flib%2fldapsock'. Note that '%2f's in the LDAPI\nsocket path will be translated into '/'. This is to support LDAP\nquery options like base, search etc. although the query part of the\nURI will be ignored in this context. If port was not specified in\nthe URI, the default is either 389 or 636 for 'LDAP' and 'LDAPS'\nschemes respectively.\n\n\"HOST\" may also be a reference to an array of hosts, host-port\npairs or URIs to try. Each will be tried in order until a\nconnection is made. Only when all have failed will the result of\n\"undef\" be returned.\n\nport => N\nPort to connect to on the remote server. May be overridden by\n\"HOST\".\n\nscheme => 'ldap' | 'ldaps' | 'ldapi'\nConnection scheme to use when not using an URI as \"HOST\".\n(Default: ldap)\n\nkeepalive => 1\nIf given, set the socket's SOKEEPALIVE option depending on the\nBoolean value of the option.  (Default: use system default)\n\nFailures in changing the socket's SOKEEPALIVE option are\nignored.\n\ntimeout => N\nTimeout passed to IO::Socket when connecting the remote server.\n(Default: 120)\n\nmultihomed => N\nWill be passed to IO::Socket as the \"MultiHomed\" parameter when\nconnecting to the remote server\n\nlocaladdr => HOST\nWill be passed to IO::Socket as the \"LocalAddr\" parameter,\nwhich sets the client's IP address (as opposed to the server's\nIP address.)\n\ndebug => N\nSet the debug level. See the debug method for details.\n\nasync => 1\nPerform all operations asynchronously.\n\nonerror => 'die' | 'warn' | 'undef' | sub { ... }\nIn synchronous mode, change what happens when an error is\ndetected.\n\n'die'\nNet::LDAP will croak whenever an error is detected.\n\n'warn'\nNet::LDAP will warn whenever an error is detected.\n\n'undef'\nNet::LDAP will warn whenever an error is detected and \"-w\"\nis in effect. The method that was called will return\n\"undef\".\n\nNote this value is the string 'undef', not the \"undef\"\nvalue.\n\nsub { ... }\nThe given sub will be called in a scalar context with a\nsingle argument, the result message. The value returned\nwill be the return value for the method that was called.\n\nversion => N\nSet the protocol version being used (default is LDAPv3). This\nis useful if you want to talk to an old server and therefore\nhave to use LDAPv2.\n\nraw => REGEX\nUse REGEX to denote the names of attributes that are to be\nconsidered binary in search results.\n\nWhen this option is given, Net::LDAP converts all values of\nattributes not matching this REGEX into Perl UTF-8 strings so\nthat the regular Perl operators (pattern matching, ...) can\noperate as one expects even on strings with international\ncharacters.\n\nIf this option is not given, attribute values are treated as\nbyte strings.\n\nExample: raw => qr/(?i:^jpegPhoto|;binary)/\n\ninet4 => N\ninet6 => N\nTry to connect to the server using the specified IP protocol\nonly, i.e. either IPv4 or IPv6.  If the protocol selected is\nnot supported, connecting will fail.\n\nThe default is to use any of the two protocols.\n\nExample\n\n$ldap = Net::LDAP->new( 'remote.host', async => 1 );\n\nLDAPS connections have some extra valid options, see the starttls\nmethod for details. Note the default port for LDAPS is 636, and the\ndefault value for 'sslversion' is the value used as default by\nIO::Socket::SSL.\n\nFor LDAPI connections, HOST is actually the location of a UNIX\ndomain socket to connect to. The default location is\n'/var/run/ldapi'.\n",
                "subsections": []
            },
            "METHODS": {
                "content": "Each of the following methods take as arguments some number of fixed\nparameters followed by options, these options are passed in a named\nfashion, for example\n\n$mesg = $ldap->bind( \"cn=me,o=example\", password => \"mypasswd\");\n\nThe return value from these methods is an object derived from the\nNet::LDAP::Message class. The methods of this class allow you to\nexamine the status of the request.\n\nabandon ( ID, OPTIONS )\nAbandon a previously issued request. \"ID\" may be a number or an\nobject which is a sub-class of Net::LDAP::Message, returned from a\nprevious method call.\n\ncontrol => CONTROL\ncontrol => [ CONTROL, ... ]\nSee \"CONTROLS\" below\n\ncallback => CALLBACK\nSee \"CALLBACKS\" below\n\nExample\n\n$res = $ldap->search( @searchargs );\n\n$mesg = $ldap->abandon( $res ); # This could be written as $res->abandon\n\nadd ( DN, OPTIONS )\nAdd a new entry to the directory. \"DN\" can be either a\nNet::LDAP::Entry object or a string.\n\nattrs => [ ATTR => VALUE, ... ]\n\"VALUE\" should be a string if only a single value is wanted, or\na reference to an array of strings if multiple values are\nwanted.\n\nThis argument is not used if \"DN\" is a Net::LDAP::Entry object.\n\ncontrol => CONTROL\ncontrol => [ CONTROL, ... ]\nSee \"CONTROLS\" below\n\ncallback => CALLBACK\nSee \"CALLBACKS\" below\n\nExample\n\n# $entry is an object of class Net::LDAP::Entry\n$mesg = $ldap->add( $entry );\n\n$mesg = $ldap->add( $dn,\nattrs => [\nname  => 'Graham Barr',\nattr  => 'value1',\nattr  => 'value2',\nmulti => [qw(value1 value2)]\n]\n);\n\nbind ( DN, OPTIONS )\nBind (log in) to the server. \"DN\" is the DN to bind with. An\nanonymous bind may be done by calling bind without any arguments.\n\ncontrol => CONTROL\ncontrol => [ CONTROL, ... ]\nSee \"CONTROLS\" below\n\ncallback => CALLBACK\nSee \"CALLBACKS\" below\n\nnoauth | anonymous => 1\nBind without any password. The value passed with this option is\nignored.\n\npassword => PASSWORD\nBind with the given password.\n\nsasl => SASLOBJ\nBind using a SASL mechanism. The argument given should be a\nsub-class of Authen::SASL or an Authen::SASL client connection\nby calling \"clientnew\" on an Authen::SASL object.\n\nIf passed an Authen::SASL object then \"clientnew\" will be\ncalled to create a client connection object.  The hostname\npassed by \"Net::LDAP\" to \"clientnew\" can be set using the\n\"saslhost\" option below.  If this is not correct for your\nenvironment, consider calling \"clientnew\" yourself and passing\nthe client connection object as \"SASLOBJ\".\n\nsaslhost => SASLHOST\nWhen binding using SASL, allow the hostname used in the SASL\ncommunication to differ from the hostname connected to.\n\nIf \"SASLHOST\" evaluates to TRUE, then it is used as the SASL\nhostname.\n\nIf it evaluates to FALSE, then the value is determined by\ncalling \"peerhost\" on the socket.  In older versions of\nNet::LDAP this was the standard behaviour, but it turned out to\ncause more trouble than it fixed.\n\nWhen the option is not given, the SASL host name used defaults\nto the host name / IP address taken from the \"HOST\" parameter\nwhen connecting.\n\nExample\n\n$mesg = $ldap->bind; # Anonymous bind\n\n$mesg = $ldap->bind( $dn, password => $password );\n\n# $sasl is an object of class Authen::SASL\n$mesg = $ldap->bind( $dn, sasl => $sasl, version => 3 );\n\ncompare ( DN, OPTIONS )\nCompare values in an attribute in the entry given by \"DN\" on the\nserver. \"DN\" may be a string or a Net::LDAP::Entry object.\n\nattr => ATTR\nThe name of the attribute to compare.\n\nvalue => VALUE\nThe value to compare with.\n\ncontrol => CONTROL\ncontrol => [ CONTROL, ... ]\nSee \"CONTROLS\" below.\n\ncallback => CALLBACK\nSee \"CALLBACKS\" below.\n\nExample\n\n$mesg = $ldap->compare( $dn,\nattr  => 'cn',\nvalue => 'Graham Barr'\n);\n\ndelete ( DN, OPTIONS )\nDelete the entry given by \"DN\" from the server. \"DN\" may be a\nstring or a Net::LDAP::Entry object.\n\ncontrol => CONTROL\ncontrol => [ CONTROL, ... ]\nSee \"CONTROLS\" below.\n\ncallback => CALLBACK\nSee \"CALLBACKS\" below.\n\nExample\n\n$mesg = $ldap->delete( $dn );\n\nmoddn ( DN, OPTIONS )\nRename the entry given by \"DN\" on the server. \"DN\" may be a string\nor a Net::LDAP::Entry object.\n\nnewrdn => RDN\nThis value should be a new RDN to assign to \"DN\".\n\ndeleteoldrdn => 1\nThis option should be passed if the existing RDN is to be\ndeleted.\n\nnewsuperior => NEWDN\nIf given this value should be the DN of the new superior for\n\"DN\".\n\ncontrol => CONTROL\ncontrol => [ CONTROL, ... ]\nSee \"CONTROLS\" below.\n\ncallback => CALLBACK\nSee \"CALLBACKS\" below.\n\nExample\n\n$mesg = $ldap->moddn( $dn, newrdn => 'cn=Graham Barr' );\n\nmodify ( DN, OPTIONS )\nModify the contents of the entry given by \"DN\" on the server. \"DN\"\nmay be a string or a Net::LDAP::Entry object.\n\nadd => { ATTR => VALUE, ... }\nAdd more attributes or values to the entry. \"VALUE\" should be a\nstring if only a single value is wanted in the attribute, or a\nreference to an array of strings if multiple values are wanted.\n\n$mesg = $ldap->modify( $dn,\nadd => {\ndescription => 'List of members',    # Add description attribute\nmember      => [\n'cn=member1,ou=people,dc=example,dc=com',    # Add to attribute\n'cn=member2,ou=people,dc=example,dc=com',\n]\n}\n);\n\ndelete => [ ATTR, ... ]\nDelete complete attributes from the entry.\n\n$mesg = $ldap->modify( $dn,\ndelete => ['member','description'] # Delete attributes\n);\n\ndelete => { ATTR => VALUE, ... }\nDelete individual values from an attribute. \"VALUE\" should be a\nstring if only a single value is being deleted from the\nattribute, or a reference to an array of strings if multiple\nvalues are being deleted.\n\nIf \"VALUE\" is a reference to an empty array or all existing\nvalues of the attribute are being deleted, then the attribute\nwill be deleted from the entry.\n\n$mesg = $ldap->modify( $dn,\ndelete => {\ndescription => 'List of members',\nmember      => [\n'cn=member1,ou=people,dc=example,dc=com',    # Remove members\n'cn=member2,ou=people,dc=example,dc=com',\n],\nseeAlso => [],   # Remove attribute\n}\n);\n\nreplace => { ATTR => VALUE, ... }\nReplace any existing values in each given attribute with\n\"VALUE\". \"VALUE\" should be a string if only a single value is\nwanted in the attribute, or a reference to an array of strings\nif multiple values are wanted. A reference to an empty array\nwill remove the entire attribute. If the attribute does not\nalready exist in the entry, it will be created.\n\n$mesg = $ldap->modify( $dn,\nreplace => {\ndescription => 'New List of members', # Change the description\nmember      => [ # Replace whole list with these\n'cn=member1,ou=people,dc=example,dc=com',\n'cn=member2,ou=people,dc=example,dc=com',\n],\nseeAlso => [],   # Remove attribute\n}\n);\n\nincrement => { ATTR => VALUE, ... }\nAtomically increment the existing value in each given attribute\nby the provided \"VALUE\". The attributes need to have integer\nsyntax, or be otherwise \"incrementable\". Note this will only\nwork if the server advertises support for\nLDAPFEATUREMODIFYINCREMENT. Use \"supportedfeature\" in\nNet::LDAP::RootDSE to check this.\n\n$mesg = $ldap->modify( $dn,\nincrement => {\nuidNumber => 1 # increment uidNumber by 1\n}\n);\n\nchanges => [ OP => [ ATTR => VALUE ], ... ]\nThis is an alternative to add, delete, replace and increment\nwhere the whole operation can be given in a single argument.\n\"OP\" should be add, delete, replace or increment. \"VALUE\"\nshould be either a string or a reference to an array of\nstrings, as before.\n\nUse this form if you want to control the order in which the\noperations will be performed.\n\n$mesg = $ldap->modify( $dn,\nchanges => [\nadd => [\ndescription => 'A description',\nmember      => $newMember,\n],\ndelete => [\nseeAlso => [],\n],\nadd => [\nanotherAttribute => $value,\n],\n]\n);\n\ncontrol => CONTROL\ncontrol => [ CONTROL, ... ]\nSee \"CONTROLS\" below.\n\ncallback => CALLBACK\nSee \"CALLBACKS\" below.\n\nExample\n\n$mesg = $ldap->modify( $dn, add => { sn => 'Barr' } );\n\n$mesg = $ldap->modify( $dn, delete => [qw(faxNumber)] );\n\n$mesg = $ldap->modify( $dn, delete => { 'telephoneNumber' => '911' } );\n\n$mesg = $ldap->modify( $dn, replace => { 'mail' => 'gbarr@pobox.com' } );\n\n$mesg = $ldap->modify( $dn,\nchanges => [\n# add sn=Barr\nadd     => [ sn => 'Barr' ],\n# delete all fax numbers\ndelete  => [ faxNumber => []],\n# delete phone number 911\ndelete  => [ telephoneNumber => ['911']],\n# change email address\nreplace => [ mail => 'gbarr@pobox.com']\n]\n);\n\nsearch ( OPTIONS )\nSearch the directory using a given filter.  This can be used to\nread attributes from a single entry, from entries immediately below\na particular entry, or a whole subtree of entries.\n\nThe result is an object of class Net::LDAP::Search.\n\nbase => DN\nThe DN that is the base object entry relative to which the\nsearch is to be performed.\n\nscope => 'base' | 'one' | 'sub' | 'subtree' | 'children'\nBy default the search is performed on the whole tree below the\nspecified base object. This maybe changed by specifying a\n\"scope\" parameter with one of the following values:\n\nbase\nSearch only the base object.\n\none Search the entries immediately below the base object.\n\nsub\nsubtree\nSearch the whole tree below (and including) the base\nobject. This is the default.\n\nchildren\nSearch the whole subtree below the base object, excluding\nthe base object itself.\n\nNote: children scope requires LDAPv3 subordinate feature\nextension.\n\nderef => 'never' | 'search' | 'find' | 'always'\nBy default aliases are dereferenced to locate the base object\nfor the search, but not when searching subordinates of the base\nobject. This may be changed by specifying a \"deref\" parameter\nwith one of the following values:\n\nnever\nDo not dereference aliases in searching or in locating the\nbase object of the search.\n\nsearch\nDereference aliases in subordinates of the base object in\nsearching, but not in locating the base object of the\nsearch.\n\nfind\nDereference aliases in locating the base object of the\nsearch, but not when searching subordinates of the base\nobject. This is the default.\n\nalways\nDereference aliases both in searching and in locating the\nbase object of the search.\n\nsizelimit => N\nA sizelimit that restricts the maximum number of entries to be\nreturned as a result of the search. A value of 0, and the\ndefault, means that no restriction is requested.  Servers may\nenforce a maximum number of entries to return.\n\ntimelimit => N\nA timelimit that restricts the maximum time (in seconds)\nallowed for a search. A value of 0 (the default), means that no\ntimelimit will be requested.\n\ntypesonly => 1\nOnly attribute types (no values) should be returned. Normally\nattribute types and values are returned.\n\nfilter => FILTER\nA filter that defines the conditions an entry in the directory\nmust meet in order for it to be returned by the search. This\nmay be a string or a Net::LDAP::Filter object. Values inside\nfilters may need to be escaped to avoid security problems; see\nNet::LDAP::Filter for a definition of the filter format,\nincluding the escaping rules.\n\nattrs => [ ATTR, ... ]\nA list of attributes to be returned for each entry that matches\nthe search filter.\n\nIf not specified, then the server will return the attributes\nthat are specified as accessible by default given your bind\ncredentials.\n\nCertain additional attributes such as \"createTimestamp\" and\nother operational attributes may also be available for the\nasking:\n\n$mesg = $ldap->search( ... ,\nattrs => ['createTimestamp']\n);\n\nTo retrieve the default attributes and additional ones, use\n'*'.\n\n$mesg = $ldap->search( ... ,\nattrs => ['*', 'createTimestamp']\n);\n\nTo retrieve no attributes (the server only returns the DNs of\nmatching entries), use '1.1':\n\n$mesg = $ldap->search( ... ,\nattrs => ['1.1']\n);\n\ncontrol => CONTROL\ncontrol => [ CONTROL, ... ]\nSee \"CONTROLS\" below.\n\ncallback => CALLBACK\nSee \"CALLBACKS\" below.\n\nraw => REGEX\nUse REGEX to denote the names of attributes that are to be\nconsidered binary in search results.\n\nWhen this option is given, Net::LDAP converts all values of\nattributes not matching this REGEX into Perl UTF-8 strings so\nthat the regular Perl operators (pattern matching, ...) can\noperate as one expects even on strings with international\ncharacters.\n\nIf this option is not given, attribute values are treated as\nbyte strings.\n\nThe value provided here overwrites the value inherited from the\nconstructor.\n\nExample: raw => qr/(?i:^jpegPhoto|;binary)/\n\nExample\n\n$mesg = $ldap->search(\nbase   => $basedn,\nscope  => 'sub',\nfilter => '(|(objectclass=rfc822mailgroup)(sn=jones))'\n);\n\nNet::LDAP::LDIF->new( \\*STDOUT,\"w\" )->write( $mesg->entries );\n\nstarttls ( OPTIONS )\nCalling this method will convert the existing connection to using\nTransport Layer Security (TLS), which provides an encrypted\nconnection. This is only possible if the connection uses LDAPv3,\nand requires that the server advertises support for\nLDAPEXTENSIONSTARTTLS. Use \"supportedextension\" in\nNet::LDAP::RootDSE to check this.\n\nverify => 'none' | 'optional' | 'require'\nHow to verify the server's certificate:\n\nnone\nThe server may provide a certificate but it will not be\nchecked - this may mean you are be connected to the wrong\nserver\n\noptional\nVerify only when the server offers a certificate\n\nrequire\nThe server must provide a certificate, and it must be\nvalid.\n\nIf you set verify to optional or require, you must also set\neither cafile or capath. The most secure option is require.\n\nsslversion => 'sslv2' | 'sslv3' | 'sslv23' | 'tlsv1' | 'tlsv11' |\n'tlsv12'\nThis defines the version of the SSL/TLS protocol to use.\nDefault is to use the value that IO::Socket::SSL uses as\ndefault.\n\nSee \"SSLversion\" in IO::Socket::SSL for more details.\n\nsslserver => SSLHOST\nAllow changing the server name to use in certificate hostname\nverification in case the target hostname does not match the\nLDAP server's certificate.  If not given it defaults to the\nname of the HOST connected to.\n\nSee \"SSLverifycnname\" in IO::Socket::SSL for more details.\n\nciphers => CIPHERS\nSpecify which subset of cipher suites are permissible for this\nconnection, using the standard OpenSSL string format. The\ndefault behavior is to keep the decision on the underlying\ncryptographic library.\n\nclientcert => '/path/to/cert.pem'\nclientkey => '/path/to/key.pem'\nkeydecrypt => sub { ... }\nIf you want to use the client to offer a certificate to the\nserver for SSL authentication (which is not the same as for the\nLDAP Bind operation) then set clientcert to the user's\ncertificate file, and clientkey to the user's private key file.\nThese files must be in PEM format.\n\nIf the private key is encrypted (highly recommended) then\nkeydecrypt should be a subroutine that returns the decrypting\nkey. For example:\n\n$ldap = Net::LDAP->new( 'myhost.example.com', version => 3 );\n$mesg = $ldap->starttls(\nverify => 'require',\nclientcert => 'mycert.pem',\nclientkey => 'mykey.pem',\nkeydecrypt => sub { 'secret'; },\ncapath => '/usr/local/cacerts/'\n);\n\ncapath => '/path/to/servercerts/'\ncafile => '/path/to/servercert.pem'\nWhen verifying the server's certificate, either set capath to\nthe pathname of the directory containing CA certificates, or\nset cafile to the filename containing the certificate of the CA\nwho signed the server's certificate. These certificates must\nall be in PEM format.\n\nThe directory in 'capath' must contain certificates named using\nthe hash value of the certificates' subject names. To generate\nthese names, use OpenSSL like this in Unix:\n\nln -s cacert.pem `openssl x509 -hash -noout < cacert.pem`.0\n\n(assuming that the certificate of the CA is in cacert.pem.)\n\ncheckcrl => 1\nIf capath has been configured, then it will also be searched\nfor certificate revocation lists (CRLs) when verifying the\nserver's certificate.  The CRLs' names must follow the form\nhash.rnum where hash is the hash over the issuer's DN and num\nis a number starting with 0.\n\nSee \"SSLcheckcrl\" in IO::Socket::SSL for further information.\n\nunbind ( )\nThe unbind method does not take any parameters and will unbind you\nfrom the server. Some servers may allow you to re-bind or perform\nother operations after unbinding. If you wish to switch to another\nset of credentials while continuing to use the same connection, re-\nbinding with another DN and password, without unbind-ing, will\ngenerally work.\n\nExample\n\n$mesg = $ldap->unbind;\n\ndone ( )\nConvenience alias for \"unbind()\", named after the clean-up method\nof Net::LDAP::LDIF.\n\nThe following methods are for convenience, and do not return\n\"Net::LDAP::Message\" objects.\n\nasync ( VALUE )\nIf \"VALUE\" is given the async mode will be set. The previous value\nwill be returned. The value is true if LDAP operations are being\nperformed asynchronously.\n\ncertificate ( )\nReturns an X509Certificate object containing the server's\ncertificate. See the IO::Socket::SSL documentation for information\nabout this class.\n\nFor example, to get the subject name (in a peculiar OpenSSL-\nspecific format, different from RFC 1779 and RFC 4514) from the\nserver's certificate, do this:\n\nprint \"Subject DN: \" . $ldaps->certificate->subjectname . \"\\n\";\n\ncipher ( )\nReturns the cipher mode being used by the connection, in the string\nformat used by OpenSSL.\n\ndebug ( VALUE )\nIf \"VALUE\" is given the debug bit-value will be set. The previous\nvalue will be returned. Debug output will be sent to \"STDERR\". The\nbits of this value are:\n\n1   Show outgoing packets (using asnhexdump).\n2   Show incoming packets (using asnhexdump).\n4   Show outgoing packets (using asndump).\n8   Show incoming packets (using asndump).\n\nThe default value is 0.\n\ndisconnect ( )\nDisconnect from the server\n\nrootdse ( OPTIONS )\nThe rootdse method retrieves cached information from the server's\nrootDSE.\n\nattrs => [ ATTR, ... ]\nA reference to a list of attributes to be returned.  If not\nspecified, then the following attributes will be requested\n\nsubschemaSubentry\nnamingContexts\naltServer\nsupportedExtension\nsupportedFeatures\nsupportedControl\nsupportedSASLMechanisms\nsupportedLDAPVersion\n\nThe result is an object of class Net::LDAP::RootDSE.\n\nExample\n\nmy $root = $ldap->rootdse;\n# get naming Context\n$root->getvalue( 'namingContexts', asref => 1 );\n# get supported LDAP versions\n$root->supportedversion;\n\nAs the root DSE may change in certain circumstances - for instance\nwhen you change the connection using starttls - you should always\nuse the rootdse method to return the most up-to-date copy of the\nroot DSE.\n\nschema ( OPTIONS )\nRead schema information from the server.\n\nThe result is an object of class Net::LDAP::Schema.  Read this\ndocumentation for further information about methods that can be\nperformed with this object.\n\ndn => DN\nIf a DN is supplied, it will become the base object entry from\nwhich the search for schema information will be conducted.  If\nno DN is supplied the base object entry will be determined from\nthe rootDSE entry.\n\nExample\n\nmy $schema = $ldap->schema;\n# get objectClasses\n@ocs = $schema->allobjectclasses;\n# Get the attributes\n@atts = $schema->allattributes;\n\nsasl ( )\nReturns the \"Authen::SASL\" object associated with the LDAP object,\nor \"undef\" if there isn't.\n\nsocket ( OPTIONS )\nReturns the underlying socket object being used.\n\nThe exact object type returned depends on whether SASL layers are\nestablished.  Without SASL layers the result is always an\n\"IO::Socket\" object; with SASL layers the outcome depends on the\noptions given:\n\nsasllayer => FLAG\nThis option is only relevant if SASL layers are established.\n\nIf it it missing or if is set to a TRUE value, then the SASL\nlayer handle is returned. Depending on the SASL library used,\nthe object returned is not necessarily an \"IO::Socket\" object.\n\nIf it exists, but is set to a value evaluating to FALSE, then\nthe base \"IO::Socket\" object underneath the SASL layer is\nreturned.\n\nhost ( )\nReturns the host to which the connection was established.  For\nLDAPI connections the socket path is returned.\n\nport ( )\nReturns the port connected to or \"undef\" in case of LDAPI\nconnections.\n\nuri ( )\nReturns the URI connected to.\n\nAs the value returned is that element of the constructor's HOST\nargument with which the connection was established this may or may\nnot be a legal URI.\n\nscheme ( )\nReturns the scheme of the connection. One of ldap, ldaps or ldapi.\n\nsync ( MESG )\nWait for a given \"MESG\" request to be completed by the server. If\nno \"MESG\" is given, then wait for all outstanding requests to be\ncompleted.\n\nReturns an error code defined in Net::LDAP::Constant.\n\nprocess ( MESG )\nProcess any messages that the server has sent, but do not block. If\n\"MESG\" is specified then return as soon as \"MESG\" has been\nprocessed.\n\nReturns an error code defined in Net::LDAP::Constant.\n\nversion ( )\nReturns the version of the LDAP protocol that is being used.\n",
                "subsections": []
            },
            "CONTROLS": {
                "content": "Many of the methods described above accept a control option.  This\nallows the user to pass controls to the server as described in LDAPv3.\n\nA control is a reference to a HASH and should contain the three\nelements below. If any of the controls are blessed then the method\n\"toasn\" will be called which should return a reference to a HASH\ncontaining the three elements described below.\n\nFor most purposes Net::LDAP::Control objects are the easiest way to\ngenerate controls.\n\ntype => OID\nThis element must be present and is the name of the type of control\nbeing requested.\n\ncritical => FLAG\ncritical is optional and should be a Boolean value, if it is not\nspecified then it is assumed to be false.\n\nvalue => VALUE\nIf the control being requested requires a value then this element\nshould hold the value for the server.\n",
                "subsections": []
            },
            "CALLBACKS": {
                "content": "Most of the above commands accept a callback option. This option should\nbe a reference to a subroutine. This subroutine will be called for each\npacket received from the server as a response to the request sent.\n\nWhen the subroutine is called the first argument will be the\nNet::LDAP::Message object which was returned from the method.\n\nIf the request is a search then multiple packets can be received from\nthe server. Each entry is received as a separate packet. For each of\nthese the subroutine will be called with a Net::LDAP::Entry object as\nthe second argument.\n\nDuring a search the server may also send a list of references. When\nsuch a list is received then the subroutine will be called with a\nNet::LDAP::Reference object as the second argument.\n",
                "subsections": []
            },
            "LDAP ERROR CODES": {
                "content": "Net::LDAP also exports constants for the error codes that can be\nreceived from the server, see Net::LDAP::Constant.\n",
                "subsections": []
            },
            "SEE ALSO": {
                "content": "Net::LDAP::Constant, Net::LDAP::Control, Net::LDAP::Entry,\nNet::LDAP::Filter, Net::LDAP::Message, Net::LDAP::Reference,\nNet::LDAP::Search, Net::LDAP::RFC\n\nThe homepage for the perl-ldap modules can be found at\nhttp://ldap.perl.org/.\n",
                "subsections": []
            },
            "ACKNOWLEDGEMENTS": {
                "content": "This document is based on a document originally written by Russell\nFulton <r.fulton@auckland.ac.nz>.\n\nChris Ridd <chris.ridd@isode.com> for the many hours spent testing and\ncontribution of the ldap* command line utilities.\n",
                "subsections": []
            },
            "MAILING LIST": {
                "content": "A discussion mailing list is hosted by the Perl Foundation at\n<perl-ldap@perl.org> No subscription is necessary!\n",
                "subsections": []
            },
            "BUGS": {
                "content": "We hope you do not find any, but if you do please report them to the\nmailing list.\n\nIf you have a patch, please send it as an attachment to the mailing\nlist.\n",
                "subsections": []
            },
            "AUTHOR": {
                "content": "Graham Barr <gbarr@pobox.com>\n",
                "subsections": []
            },
            "COPYRIGHT": {
                "content": "Copyright (c) 1997-2004 Graham Barr. All rights reserved. This program\nis free software; you can redistribute it and/or modify it under the\nsame terms as Perl itself.\n\nperl v5.32.0                      2021-01-03                    Net::LDAP(3pm)",
                "subsections": []
            }
        }
    }
}