you're reading...
howto, OpenSource, scripting, security, Solutions, SSO

How to fetch user’s SMIME cerificate (Public Key) from Active Directory (eponymous bind) using Perl


use Net::LDAP;

use IO::File;

binmode STDOUT;

my $CREATE_CERT = new IO::File “> /tmp/mycert.cer”;

$ldap = Net::LDAP->new(‘’) or die “Could not connect: $@”;

$result = $ldap->bind(‘CN= bind_usr ,OU=System Administrators,OU=Project Management & Support Dpt,OU=Systems Technical Division,OU=EMPLOYEES,DC=CONTOSO,DC=MSFT’,password =>’mypass’);

die $result->error if $result->code;

# do stuff

$search = $ldap->search(base=>’OU=EMPLOYEES,DC=CONTOSO,DC=MSFT‘,scope=>’subtree’,filter=>'(&(objectclass=user)(objectcategory=Person))’);

die $search->error if $search->code;

print “Total entries returned: “,$search->count,”\n”;

foreach $entry($search->entries){

if ($entry->get_value(‘cn’) =~ m/.*iliopoulos.*/i){

print $entry->get_value(‘userCertificate’);

print $CREATE_CERT $entry->get_value(‘userCertificate’);




$ldap->unbind; # tear down the connection



Comments are closed.

%d bloggers like this: