5. Querying Oak LDAP From Perl

The instructions in this section assume that you have configured your system according to Common Client Configuration.

5.1. Using Standard CPAN Modules

If you are using a Debian-based distribution, install these packages:

  • libnet-ldap-perl 0.36-1 or later (available since Debian Lenny and Ubuntu Intrepid Ibex)
  • libauthen-sasl-perl
  • libgssapi-perl

For other distributions, use the appropriate method to install these CPAN modules:

(An alternative to the native Perl GSSAPI module is Authen::SASL::Cyrus which is based on the SASL libraries described above in section 2.2, but in our tests there appeared to be some problems with its handling of the round-robin DNS hostname of the Oak LDAP service.)

You will also need be running with access to suitable Kerberos credentials (eg by running kinit as described in the introductory documentation above).

Sample Perl code to bind to the Oak LDAP service and retrieve information about a user:

    use strict;
    use warnings;
    # Need Net::LDAP 0.37 or above
    use Net::LDAP;
    # Replace Perl with Cyrus below to use Authen::SASL::Cyrus
    use Authen::SASL qw( Perl );
    use Readonly;
    Readonly my $base => 'ou=people,dc=oak,dc=ox,dc=ac,dc=uk';
    Readonly my $cafile =>
    my $sasl = Authen::SASL->new( mechanism => 'GSSAPI' );

    my $ldap = Net::LDAP->new(
        onerror               => 'die',
        multihomed            => 1

    $ldap->start_tls( verify => 'require', cafile => $cafile );
    $ldap->bind( sasl => $sasl );
    my $search = $ldap->search( base => $base, filter => '(sn=hargreaves)' );
    foreach my $entry ( $search->entries ) {

Note that, for Perl, we recommend the use of TLS rather than SSL, (ldap:// rather than ldaps://) since IO::Socket::SSL does not support round-robin addresses correctly.

5.2. Using Oak::LDAP

We hope to provide a simplified object-oriented interface to Oak LDAP from Perl; this is not yet available.

Up: Contents Previous: 4. Querying Oak LDAP from mod_webauthldap Next: 6. Querying Oak LDAP from PHP