LDAP Control

Properties   Methods   Events   Config Settings   Errors  

The Lightweight Directory Access Protocol (LDAP) Control is used to search, manage, and maintain internet directory servers.

Syntax

LDAP

Remarks

The LDAP Control supports both plaintext and Secure Sockets Layer/Transport Layer Security (SSL/TLS) connections. When connecting over Secure Sockets Layer/Transport Layer Security (SSL/TLS) the SSLServerAuthentication event allows you to check the server identity and other security attributes. The SSLStatus event provides information about the SSL handshake. Additional SSL-related settings are also supported through the Config method.

The LDAP Control implements a standard LDAP client as specified in RFC 1777, 2251, and other LDAP RFCs. Support for both LDAP v2 and v3 is provided.

The first step in using the control is specifying the ServerName, a DN (distinguished name) to bind as, and optionally a Password. Then you can call one or more of the control methods to act upon the server. Server responses normally are received through the Result event. The only exceptions are search requests that result in one or more SearchResult events, followed by a final SearchComplete event.

Attributes are set and returned through the Attributes properties. Other command arguments are specified through other properties. These are specified in detail in each method.

Search filters are to be specified as string arguments to the Search method. The format must be a standard LDAP search string as specified in RFC 1558. Other search attributes are set in properties, such as SearchScope, SearchTimeLimit, SearchSizeLimit, SearchReturnValues, and SearchDerefAliases.

The control operates synchronously by default (waits for a response before returning control to the caller); however, the control also may operate asynchronously (return control immediately), by setting Timeout to 0. Please refer to the Timeout property for more information.

Property List

---

The following is the full list of the properties of the control with short descriptions. Click on the links for further details.

Method List

---

The following is the full list of the methods of the control with short descriptions. Click on the links for further details.

Event List

---

The following is the full list of the events fired by the control with short descriptions. Click on the links for further details.

Config Settings

---

The following is a list of config settings for the control with short descriptions. Click on the links for further details.

AcceptData Property (LDAP Control)

This property indicates whether data reception is currently enabled.

Syntax

ldapcontrol.AcceptData

Default Value

True

Remarks

This property indicates whether data reception is currently enabled. When , data reception is disabled. Use the PauseData and ProcessData methods to pause and resume data reception.

This property is read-only and not available at design time.

Data Type

Boolean

AttrCount Property (LDAP Control)

The number of records in the Attr arrays.

Syntax

ldapcontrol.AttrCount[=integer]

Default Value

0

Remarks

This property controls the size of the following arrays:

• AttrModOp
• AttrType
• AttrValue

The array indices start at 0 and end at AttrCount - 1.

This property is not available at design time.

Data Type

Integer

AttrType Property (LDAP Control)

This property contains the attribute type for the current entry.

Syntax

ldapcontrol.AttrType(AttrIndex)[=string]

Default Value

""

Remarks

This property contains the attribute type for the current entry.

If the value of AttributeType is an empty string, then the AttrValue that contains the corresponding value is part of a set of values, and the attribute type for the set is specified in the previous attribute of the properties with a nonempty AttributeType.

The AttrIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AttrCount property.

This property is not available at design time.

Data Type

String

AttrModOp Property (LDAP Control)

This property contains an operation to apply to attributes during a Lightweight Directory Access Protocol (LDAP) modify operation.

Syntax

ldapcontrol.AttrModOp(AttrIndex)[=integer]

Possible Values

amoAdd(0), 
amoDelete(1), 
amoReplace(2)

Default Value

0

Remarks

This property contains an operation to apply to attributes during a Lightweight Directory Access Protocol (LDAP) modify operation.

Possible values include the following:

The AttrIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AttrCount property.

This property is not available at design time.

Data Type

Integer

AttrValue Property (LDAP Control)

This property contains the attribute value for the current entry.

Syntax

ldapcontrol.AttrValue(AttrIndex)[=string]

Default Value

""

Remarks

This property contains the attribute value for the current entry.

If the value is part of a set of values, the AttributeType that contains the corresponding attribute type is an empty string, and the attribute type for the set is specified in the previous attribute of the properties with a nonempty AttributeType.

The AttrIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AttrCount property.

To read or write binary data to the property, a Variant (Byte Array) version is provided in .AttrValueB.

This property is not available at design time.

Data Type

Binary String

AuthMechanism Property (LDAP Control)

This property is the authentication mechanism to be used when connecting to the Lightweight Directory Access Protocol (LDAP) server.

Syntax

ldapcontrol.AuthMechanism[=integer]

Possible Values

lamSimple(0), 
lamDigestMD5(1), 
lamNegotiate(2), 
lamKerberos(6), 
lamSASLExternal(7)

Default Value

0

Remarks

This property specifies the authentication mechanism used. Possible values are as follows:

Data Type

Integer

Connected Property (LDAP Control)

This property shows whether the control is connected.

Syntax

ldapcontrol.Connected

Default Value

False

Remarks

This property is used to determine whether or not the control is connected to the remote host. Use the Bind and Unbind methods to manage the connection.

This property is read-only and not available at design time.

Data Type

Boolean

DeleteOldRDN Property (LDAP Control)

This property controls whether the old RDN (Relative Distinguished Name) should be deleted.

Syntax

ldapcontrol.DeleteOldRDN[=boolean]

Default Value

True

Remarks

This property controls whether the old RDN should be deleted. It is used when ModifyRDN is called. The default value is True, which instructs the server to delete the old RDN.

This property is not available at design time.

Data Type

Boolean

DN Property (LDAP Control)

This property includes the distinguished name used as the base for Lightweight Directory Access Protocol (LDAP) operations.

Syntax

ldapcontrol.DN[=string]

Default Value

""

Remarks

This also includes the base object during LDAP searches.

The distinguished name is provided in string format, as specified by RFC 1779. Example. Setting DN:

LDAPControl.DN = "uid=TThompson,ou=Employees,dc=server" LDAPControl.DN = "Domain\Username"

Data Type

String

FirewallAutoDetect Property (LDAP Control)

Whether to automatically detect and use firewall system settings, if available.

Syntax

ldapcontrol.FirewallAutoDetect[=boolean]

Default Value

False

Remarks

Whether to automatically detect and use firewall system settings, if available.

Data Type

Boolean

FirewallType Property (LDAP Control)

The type of firewall to connect through.

Syntax

ldapcontrol.FirewallType[=integer]

Possible Values

fwNone(0), 
fwTunnel(1), 
fwSOCKS4(2), 
fwSOCKS5(3), 
fwSOCKS4A(10)

Default Value

0

Remarks

The type of firewall to connect through. The applicable values are as follows:

Data Type

Integer

FirewallHost Property (LDAP Control)

The name or IP address of the firewall (optional).

Syntax

ldapcontrol.FirewallHost[=string]

Default Value

""

Remarks

The name or IP address of the firewall (optional). If a FirewallHost is given, the requested connections will be authenticated through the specified firewall when connecting.

If this property is set to a Domain Name, a DNS request is initiated. Upon successful termination of the request, this property is set to the corresponding address. If the search is not successful, the control fails with an error.

Data Type

String

FirewallPassword Property (LDAP Control)

A password if authentication is to be used when connecting through the firewall.

Syntax

ldapcontrol.FirewallPassword[=string]

Default Value

""

Remarks

A password if authentication is to be used when connecting through the firewall. If FirewallHost is specified, the FirewallUser and FirewallPassword properties are used to connect and authenticate to the given firewall. If the authentication fails, the control fails with an error.

Data Type

String

FirewallPort Property (LDAP Control)

The Transmission Control Protocol (TCP) port for the firewall Host .

Syntax

ldapcontrol.FirewallPort[=integer]

Default Value

0

Remarks

The Transmission Control Protocol (TCP) port for the firewall FirewallHost. See the description of the FirewallHost property for details.

Note: This property is set automatically when FirewallType is set to a valid value. See the description of the FirewallType property for details.

Data Type

Integer

FirewallUser Property (LDAP Control)

A username if authentication is to be used when connecting through a firewall.

Syntax

ldapcontrol.FirewallUser[=string]

Default Value

""

Remarks

A username if authentication is to be used when connecting through a firewall. If FirewallHost is specified, this property and the FirewallPassword property are used to connect and authenticate to the given Firewall. If the authentication fails, the control fails with an error.

Data Type

String

Idle Property (LDAP Control)

The current status of the control.

Syntax

ldapcontrol.Idle

Default Value

True

Remarks

This property will be False if the component is currently busy (communicating or waiting for an answer), and True at all other times.

This property is read-only.

Data Type

Boolean

LDAPVersion Property (LDAP Control)

The version of the Lightweight Directory Access Protocol (LDAP) used.

Syntax

ldapcontrol.LDAPVersion[=integer]

Default Value

3

Remarks

This property contains the version of LDAP used. The default value is 3 (for LDAPv3).

This property is not available at design time.

Data Type

Integer

LocalHost Property (LDAP Control)

The name of the local host or user-assigned IP interface through which connections are initiated or accepted.

Syntax

ldapcontrol.LocalHost[=string]

Default Value

""

Remarks

This property contains the name of the local host as obtained by the gethostname() system call, or if the user has assigned an IP address, the value of that address.

In multihomed hosts (machines with more than one IP interface) setting LocalHost to the IP address of an interface will make the control initiate connections (or accept in the case of server controls) only through that interface. It is recommended to provide an IP address rather than a hostname when setting this property to ensure the desired interface is used.

If the control is connected, the LocalHost property shows the IP address of the interface through which the connection is made in internet dotted format (aaa.bbb.ccc.ddd). In most cases, this is the address of the local host, except for multihomed hosts (machines with more than one IP interface).

Note: LocalHost is not persistent. You must always set it in code, and never in the property window.

Data Type

String

MessageId Property (LDAP Control)

This property includes the message identifier for the next Lightweight Directory Access Protocol (LDAP) request.

Syntax

ldapcontrol.MessageId[=integer]

Default Value

1

Remarks

This property contains the message identifier for the next LDAP request. If a custom value is needed, this property must be set before calling any other methods. The control increments this property automatically after each request.

This property is not available at design time.

Data Type

Integer

PageSize Property (LDAP Control)

This property includes the maximum number of results per page for the Search method.

Syntax

ldapcontrol.PageSize[=integer]

Default Value

0

Remarks

This property contains the maximum number of results per page for the Search method. The default value is 0 (no paging). If set to a value greater than zero, results will be paged, that is, returned in blocks of maximum PageSize results.

For each page sent by the server, a SearchPage event will fire. You may decide to cancel or continue displaying results from within this event.

Note: Lightweight Directory Access Protocol (LDAP) paging functionality is described by LDAP extension RFCs and may or may not be implemented by the LDAP server being accessed.

Data Type

Integer

Password Property (LDAP Control)

This property includes the password used to authenticate to the Lightweight Directory Access Protocol (LDAP) server.

Syntax

ldapcontrol.Password[=string]

Default Value

""

Remarks

This property contains the password used to authenticate to the LDAP server. Leave this value empty if no password is required.

This property is not available at design time.

Data Type

String

ReferenceCount Property (LDAP Control)

The number of records in the Reference arrays.

Syntax

ldapcontrol.ReferenceCount

Default Value

0

Remarks

This property controls the size of the following arrays:

• ReferenceURL

The array indices start at 0 and end at ReferenceCount - 1.

This property is read-only and not available at design time.

Data Type

Integer

ReferenceURL Property (LDAP Control)

The url of the LDAP reference.

Syntax

ldapcontrol.ReferenceURL(ReferenceIndex)

Default Value

""

Remarks

The url of the LDAP reference. If inside a SearchResult or SearchResultReference event, it represents a URL to contact to continue the search. If inside the Result event or SearchComplete event it represents the URL to contact in order to complete the requested operation.

The ReferenceIndex parameter specifies the index of the item in the array. The size of the array is controlled by the ReferenceCount property.

This property is read-only and not available at design time.

Data Type

String

ResultCode Property (LDAP Control)

This property includes the result code returned in the last server response.

Syntax

ldapcontrol.ResultCode

Default Value

0

Remarks

This property contains the result code returned in the last server response. This is identical to the corresponding parameter provided by the last Result, SearchResult, or SearchComplete event.

Possible result codes are as follows:

All the result codes with the exception of success, compareFalse and compareTrue are to be treated as meaning the operation could not be completed in its entirety. Result codes from 16 to 21 indicate an AttributeProblem; codes 32, 33, 34, and 36 indicate a NameProblem; codes 48, 49, and 50 indicate a SecurityProblem; codes 51 to 54 indicate a ServiceProblem; and codes 64 to 69 and 71 indicate an UpdateProblem.

This property is read-only.

Data Type

Integer

ResultDescription Property (LDAP Control)

This property includes the descriptive text returned in the last server response (if any).

Syntax

ldapcontrol.ResultDescription

Default Value

""

Remarks

This property contains the descriptive text returned in the last server response (if any). This is identical to the corresponding parameter provided by the last Result, SearchResult, or SearchComplete event.

This property is read-only.

Data Type

String

ResultDN Property (LDAP Control)

This property includes the distinguished name returned in the last server response (if any).

Syntax

ldapcontrol.ResultDN

Default Value

""

Remarks

This property contains the distinguished name returned in the last server response (if any). This is identical to the corresponding parameter provided by the last Result or SearchComplete event.

This property is read-only.

Data Type

String

SearchDerefAliases Property (LDAP Control)

This property controls alias dereferencing during searching.

Syntax

ldapcontrol.SearchDerefAliases[=integer]

Possible Values

sdaNever(0), 
sdaInSearching(1), 
sdaFindingBaseObject(2), 
sdaAlways(3)

Default Value

0

Remarks

This property controls the alias dereferencing during searching. The possible values are as follows:

The default is to never dereference aliases.

Data Type

Integer

SearchReturnValues Property (LDAP Control)

This property controls whether the search operation returns values of attributes or only types.

Syntax

ldapcontrol.SearchReturnValues[=boolean]

Default Value

True

Remarks

This property controls whether the search operation returns values of attributes or only types. If only attributes are needed, disabling the property to return values will enhance performance.

Data Type

Boolean

SearchScope Property (LDAP Control)

This property controls the scope of Lightweight Directory Access Protocol (LDAP) search operations.

Syntax

ldapcontrol.SearchScope[=integer]

Possible Values

ssBaseObject(0), 
ssSingleLevel(1), 
ssWholeSubtree(2)

Default Value

2

Remarks

This property controls the scope of LDAP search operations. Possible values are as follows:

The default is to search the whole subtree.

Data Type

Integer

SearchSizeLimit Property (LDAP Control)

This property includes the maximum number of entries that can be returned by the next search operation.

Syntax

ldapcontrol.SearchSizeLimit[=integer]

Default Value

0

Remarks

This property contains the maximum number of entries that can be returned by the next search operation. This limit is provided as a hint to the directory server. A value of 0 means that no size limits are in effect for the search.

Data Type

Integer

SearchTimeLimit Property (LDAP Control)

This property includes a time limit for the next search operation (in seconds).

Syntax

ldapcontrol.SearchTimeLimit[=integer]

Default Value

0

Remarks

This property contains a time limit for the next search operation (in seconds). This limit is provided as a hint to the directory server. A value of 0 means that no time limits are in effect for the search.

Data Type

Integer

ServerName Property (LDAP Control)

This property includes the name or address of the Lightweight Directory Access Protocol (LDAP) server.

Syntax

ldapcontrol.ServerName[=string]

Default Value

""

Remarks

This property specifies the IP address (IP number in dotted internet format) or the domain name of the directory server. It is set before a connection is attempted and cannot be changed once a connection is in progress.

If this property is set to a domain name, a DNS request is initiated, and upon successful termination of the request, this property is set to the corresponding address. If the search is not successful, an error is returned.

Data Type

String

ServerPort Property (LDAP Control)

This property includes the server port for the Lightweight Directory Access Protocol (LDAP) connection (the default is 389).

Syntax

ldapcontrol.ServerPort[=integer]

Default Value

389

Remarks

This property contains the server port for the LDAP connection (the default is 389).

For the implicit Secure Sockets Layer (SSL), use port 636 (please refer to the SSLStartMode property for more information).

A valid port number (a value between 1 and 65535) is required for the connection to take place. The property must be set before a connection is attempted and cannot be changed once a connection is established. Any attempt to change this property while connected will fail with an error.

This property is not available at design time.

Data Type

Integer

SortAttributes Property (LDAP Control)

This property includes a string of attribute names to sort on with optional relative matching rules.

Syntax

ldapcontrol.SortAttributes[=string]

Default Value

""

Remarks

This property contains a string of attribute names to sort on with optional relative matching rules. When set before a Search, entries returned by the server will be sorted according to SortAttributes. The format consists of one or more attribute names separated by spaces. Each attribute may be followed by an optional matching rule.

If matching rules are defined, they should be separated from the attribute names with a "/".

Normally, the values are returned in ascending order. If descending (reverse) order of sorting is desired, the attribute type must be preceded with a "-".

Following are examples:

LDAPControl.SortAttributes = "loginTime" LDAPControl.SortAttributes = "name/caseIgnoreSubstringsMatch age/numericStringSubstringsMatch" LDAPControl.SortAttributes = "cn age/1.3.6.1.4.1.1466.115.121.1.27" LDAPControl.SortAttributes = "-cn age/1.3.6.1.4.1.1466.115.121.1.27" Example 1. Matching Rules for Equality Filters:

Example 2. Matching Rules for Inequality Filters: Example 3. Matching Rules for Substring Filters: Example 4. Matching Rules for Subschema Attributes:

Data Type

String

SSLAcceptServerCertEffectiveDate Property (LDAP Control)

The date on which this certificate becomes valid.

Syntax

ldapcontrol.SSLAcceptServerCertEffectiveDate

Default Value

""

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only.

Data Type

String

SSLAcceptServerCertExpirationDate Property (LDAP Control)

The date on which the certificate expires.

Syntax

ldapcontrol.SSLAcceptServerCertExpirationDate

Default Value

""

Remarks

The date on which the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only.

Data Type

String

SSLAcceptServerCertExtendedKeyUsage Property (LDAP Control)

A comma-delimited list of extended key usage identifiers.

Syntax

ldapcontrol.SSLAcceptServerCertExtendedKeyUsage

Default Value

""

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only.

Data Type

String

SSLAcceptServerCertFingerprint Property (LDAP Control)

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Syntax

ldapcontrol.SSLAcceptServerCertFingerprint

Default Value

""

Remarks

The hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only.

Data Type

String

SSLAcceptServerCertFingerprintSHA1 Property (LDAP Control)

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Syntax

ldapcontrol.SSLAcceptServerCertFingerprintSHA1

Default Value

""

Remarks

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only.

Data Type

String

SSLAcceptServerCertFingerprintSHA256 Property (LDAP Control)

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Syntax

ldapcontrol.SSLAcceptServerCertFingerprintSHA256

Default Value

""

Remarks

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only.

Data Type

String

SSLAcceptServerCertIssuer Property (LDAP Control)

The issuer of the certificate.

Syntax

ldapcontrol.SSLAcceptServerCertIssuer

Default Value

""

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only.

Data Type

String

SSLAcceptServerCertPrivateKey Property (LDAP Control)

The private key of the certificate (if available).

Syntax

ldapcontrol.SSLAcceptServerCertPrivateKey

Default Value

""

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The SSLAcceptServerCertPrivateKey may be available but not exportable. In this case, SSLAcceptServerCertPrivateKey returns an empty string.

This property is read-only.

Data Type

String

SSLAcceptServerCertPrivateKeyAvailable Property (LDAP Control)

Whether a PrivateKey is available for the selected certificate.

Syntax

ldapcontrol.SSLAcceptServerCertPrivateKeyAvailable

Default Value

False

Remarks

Whether a SSLAcceptServerCertPrivateKey is available for the selected certificate. If SSLAcceptServerCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only.

Data Type

Boolean

SSLAcceptServerCertPrivateKeyContainer Property (LDAP Control)

The name of the PrivateKey container for the certificate (if available).

Syntax

ldapcontrol.SSLAcceptServerCertPrivateKeyContainer

Default Value

""

Remarks

The name of the SSLAcceptServerCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only.

Data Type

String

SSLAcceptServerCertPublicKey Property (LDAP Control)

The public key of the certificate.

Syntax

ldapcontrol.SSLAcceptServerCertPublicKey

Default Value

""

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only.

Data Type

String

SSLAcceptServerCertPublicKeyAlgorithm Property (LDAP Control)

The textual description of the certificate's public key algorithm.

Syntax

ldapcontrol.SSLAcceptServerCertPublicKeyAlgorithm

Default Value

""

Remarks

The textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLAcceptServerCertPublicKeyLength Property (LDAP Control)

The length of the certificate's public key (in bits).

Syntax

ldapcontrol.SSLAcceptServerCertPublicKeyLength

Default Value

0

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only.

Data Type

Integer

SSLAcceptServerCertSerialNumber Property (LDAP Control)

The serial number of the certificate encoded as a string.

Syntax

ldapcontrol.SSLAcceptServerCertSerialNumber

Default Value

""

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only.

Data Type

String

SSLAcceptServerCertSignatureAlgorithm Property (LDAP Control)

The text description of the certificate's signature algorithm.

Syntax

ldapcontrol.SSLAcceptServerCertSignatureAlgorithm

Default Value

""

Remarks

The text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLAcceptServerCertStore Property (LDAP Control)

The name of the certificate store for the client certificate.

Syntax

ldapcontrol.SSLAcceptServerCertStore[=string]

Default Value

"MY"

Remarks

The name of the certificate store for the client certificate.

The SSLAcceptServerCertStoreType property denotes the type of the certificate store specified by SSLAcceptServerCertStore. If the store is password-protected, specify the password in SSLAcceptServerCertStorePassword.

SSLAcceptServerCertStore is used in conjunction with the SSLAcceptServerCertSubject property to specify client certificates. If SSLAcceptServerCertStore has a value, and SSLAcceptServerCertSubject or SSLAcceptServerCertEncoded is set, a search for a certificate is initiated. Please see the SSLAcceptServerCertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

To read or write binary data to the property, a Variant (Byte Array) version is provided in .SSLAcceptServerCertStoreB.

Data Type

Binary String

SSLAcceptServerCertStorePassword Property (LDAP Control)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Syntax

ldapcontrol.SSLAcceptServerCertStorePassword[=string]

Default Value

""

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Data Type

String

SSLAcceptServerCertStoreType Property (LDAP Control)

The type of certificate store for this certificate.

Syntax

ldapcontrol.SSLAcceptServerCertStoreType[=integer]

Possible Values

cstUser(0), 
cstMachine(1), 
cstPFXFile(2), 
cstPFXBlob(3), 
cstJKSFile(4), 
cstJKSBlob(5), 
cstPEMKeyFile(6), 
cstPEMKeyBlob(7), 
cstPublicKeyFile(8), 
cstPublicKeyBlob(9), 
cstSSHPublicKeyBlob(10), 
cstP7BFile(11), 
cstP7BBlob(12), 
cstSSHPublicKeyFile(13), 
cstPPKFile(14), 
cstPPKBlob(15), 
cstXMLFile(16), 
cstXMLBlob(17), 
cstJWKFile(18), 
cstJWKBlob(19), 
cstSecurityKey(20), 
cstBCFKSFile(21), 
cstBCFKSBlob(22), 
cstPKCS11(23), 
cstAuto(99)

Default Value

0

Remarks

The type of certificate store for this certificate.

The control supports both public and private keys in a variety of formats. When the cstAuto value is used, the control will automatically determine the type. This property can take one of the following values:

Data Type

Integer

SSLAcceptServerCertSubjectAltNames Property (LDAP Control)

Comma-separated lists of alternative subject names for the certificate.

Syntax

ldapcontrol.SSLAcceptServerCertSubjectAltNames

Default Value

""

Remarks

Comma-separated lists of alternative subject names for the certificate.

This property is read-only.

Data Type

String

SSLAcceptServerCertThumbprintMD5 Property (LDAP Control)

The MD5 hash of the certificate.

Syntax

ldapcontrol.SSLAcceptServerCertThumbprintMD5

Default Value

""

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLAcceptServerCertThumbprintSHA1 Property (LDAP Control)

The SHA-1 hash of the certificate.

Syntax

ldapcontrol.SSLAcceptServerCertThumbprintSHA1

Default Value

""

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLAcceptServerCertThumbprintSHA256 Property (LDAP Control)

The SHA-256 hash of the certificate.

Syntax

ldapcontrol.SSLAcceptServerCertThumbprintSHA256

Default Value

""

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLAcceptServerCertUsage Property (LDAP Control)

The text description of UsageFlags .

Syntax

ldapcontrol.SSLAcceptServerCertUsage

Default Value

""

Remarks

The text description of SSLAcceptServerCertUsageFlags.

This value will be one or more of the following strings and will be separated by commas:

• Digital Signature
• Non-Repudiation
• Key Encipherment
• Data Encipherment
• Key Agreement
• Certificate Signing
• CRL Signing
• Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only.

Data Type

String

SSLAcceptServerCertUsageFlags Property (LDAP Control)

The flags that show intended use for the certificate.

Syntax

ldapcontrol.SSLAcceptServerCertUsageFlags

Default Value

0

Remarks

The flags that show intended use for the certificate. The value of SSLAcceptServerCertUsageFlags is a combination of the following flags:

Please see the SSLAcceptServerCertUsage property for a text representation of SSLAcceptServerCertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only.

Data Type

Integer

SSLAcceptServerCertVersion Property (LDAP Control)

The certificate's version number.

Syntax

ldapcontrol.SSLAcceptServerCertVersion

Default Value

""

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only.

Data Type

String

SSLAcceptServerCertSubject Property (LDAP Control)

The subject of the certificate used for client authentication.

Syntax

ldapcontrol.SSLAcceptServerCertSubject[=string]

Default Value

""

Remarks

The subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

If a field value contains a comma, it must be quoted.

Data Type

String

SSLAcceptServerCertEncoded Property (LDAP Control)

The certificate (PEM/Base64 encoded).

Syntax

ldapcontrol.SSLAcceptServerCertEncoded[=string]

Default Value

""

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The SSLAcceptServerCertStore and SSLAcceptServerCertSubject properties also may be used to specify a certificate.

When SSLAcceptServerCertEncoded is set, a search is initiated in the current SSLAcceptServerCertStore for the private key of the certificate. If the key is found, SSLAcceptServerCertSubject is updated to reflect the full subject of the selected certificate; otherwise, SSLAcceptServerCertSubject is set to an empty string.

To read or write binary data to the property, a Variant (Byte Array) version is provided in .SSLAcceptServerCertEncodedB.

This property is not available at design time.

Data Type

Binary String

SSLCertEffectiveDate Property (LDAP Control)

The date on which this certificate becomes valid.

Syntax

ldapcontrol.SSLCertEffectiveDate

Default Value

""

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only.

Data Type

String

SSLCertExpirationDate Property (LDAP Control)

The date on which the certificate expires.

Syntax

ldapcontrol.SSLCertExpirationDate

Default Value

""

Remarks

The date on which the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only.

Data Type

String

SSLCertExtendedKeyUsage Property (LDAP Control)

A comma-delimited list of extended key usage identifiers.

Syntax

ldapcontrol.SSLCertExtendedKeyUsage

Default Value

""

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only.

Data Type

String

SSLCertFingerprint Property (LDAP Control)

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Syntax

ldapcontrol.SSLCertFingerprint

Default Value

""

Remarks

The hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only.

Data Type

String

SSLCertFingerprintSHA1 Property (LDAP Control)

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Syntax

ldapcontrol.SSLCertFingerprintSHA1

Default Value

""

Remarks

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only.

Data Type

String

SSLCertFingerprintSHA256 Property (LDAP Control)

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Syntax

ldapcontrol.SSLCertFingerprintSHA256

Default Value

""

Remarks

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only.

Data Type

String

SSLCertIssuer Property (LDAP Control)

The issuer of the certificate.

Syntax

ldapcontrol.SSLCertIssuer

Default Value

""

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only.

Data Type

String

SSLCertPrivateKey Property (LDAP Control)

The private key of the certificate (if available).

Syntax

ldapcontrol.SSLCertPrivateKey

Default Value

""

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The SSLCertPrivateKey may be available but not exportable. In this case, SSLCertPrivateKey returns an empty string.

This property is read-only.

Data Type

String

SSLCertPrivateKeyAvailable Property (LDAP Control)

Whether a PrivateKey is available for the selected certificate.

Syntax

ldapcontrol.SSLCertPrivateKeyAvailable

Default Value

False

Remarks

Whether a SSLCertPrivateKey is available for the selected certificate. If SSLCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only.

Data Type

Boolean

SSLCertPrivateKeyContainer Property (LDAP Control)

The name of the PrivateKey container for the certificate (if available).

Syntax

ldapcontrol.SSLCertPrivateKeyContainer

Default Value

""

Remarks

The name of the SSLCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only.

Data Type

String

SSLCertPublicKey Property (LDAP Control)

The public key of the certificate.

Syntax

ldapcontrol.SSLCertPublicKey

Default Value

""

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only.

Data Type

String

SSLCertPublicKeyAlgorithm Property (LDAP Control)

The textual description of the certificate's public key algorithm.

Syntax

ldapcontrol.SSLCertPublicKeyAlgorithm

Default Value

""

Remarks

The textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLCertPublicKeyLength Property (LDAP Control)

The length of the certificate's public key (in bits).

Syntax

ldapcontrol.SSLCertPublicKeyLength

Default Value

0

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only.

Data Type

Integer

SSLCertSerialNumber Property (LDAP Control)

The serial number of the certificate encoded as a string.

Syntax

ldapcontrol.SSLCertSerialNumber

Default Value

""

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only.

Data Type

String

SSLCertSignatureAlgorithm Property (LDAP Control)

The text description of the certificate's signature algorithm.

Syntax

ldapcontrol.SSLCertSignatureAlgorithm

Default Value

""

Remarks

The text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLCertStore Property (LDAP Control)

The name of the certificate store for the client certificate.

Syntax

ldapcontrol.SSLCertStore[=string]

Default Value

"MY"

Remarks

The name of the certificate store for the client certificate.

The SSLCertStoreType property denotes the type of the certificate store specified by SSLCertStore. If the store is password-protected, specify the password in SSLCertStorePassword.

SSLCertStore is used in conjunction with the SSLCertSubject property to specify client certificates. If SSLCertStore has a value, and SSLCertSubject or SSLCertEncoded is set, a search for a certificate is initiated. Please see the SSLCertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

To read or write binary data to the property, a Variant (Byte Array) version is provided in .SSLCertStoreB.

Data Type

Binary String

SSLCertStorePassword Property (LDAP Control)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Syntax

ldapcontrol.SSLCertStorePassword[=string]

Default Value

""

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Data Type

String

SSLCertStoreType Property (LDAP Control)

The type of certificate store for this certificate.

Syntax

ldapcontrol.SSLCertStoreType[=integer]

Possible Values

cstUser(0), 
cstMachine(1), 
cstPFXFile(2), 
cstPFXBlob(3), 
cstJKSFile(4), 
cstJKSBlob(5), 
cstPEMKeyFile(6), 
cstPEMKeyBlob(7), 
cstPublicKeyFile(8), 
cstPublicKeyBlob(9), 
cstSSHPublicKeyBlob(10), 
cstP7BFile(11), 
cstP7BBlob(12), 
cstSSHPublicKeyFile(13), 
cstPPKFile(14), 
cstPPKBlob(15), 
cstXMLFile(16), 
cstXMLBlob(17), 
cstJWKFile(18), 
cstJWKBlob(19), 
cstSecurityKey(20), 
cstBCFKSFile(21), 
cstBCFKSBlob(22), 
cstPKCS11(23), 
cstAuto(99)

Default Value

0

Remarks

The type of certificate store for this certificate.

The control supports both public and private keys in a variety of formats. When the cstAuto value is used, the control will automatically determine the type. This property can take one of the following values:

Data Type

Integer

SSLCertSubjectAltNames Property (LDAP Control)

Comma-separated lists of alternative subject names for the certificate.

Syntax

ldapcontrol.SSLCertSubjectAltNames

Default Value

""

Remarks

Comma-separated lists of alternative subject names for the certificate.

This property is read-only.

Data Type

String

SSLCertThumbprintMD5 Property (LDAP Control)

The MD5 hash of the certificate.

Syntax

ldapcontrol.SSLCertThumbprintMD5

Default Value

""

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLCertThumbprintSHA1 Property (LDAP Control)

The SHA-1 hash of the certificate.

Syntax

ldapcontrol.SSLCertThumbprintSHA1

Default Value

""

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLCertThumbprintSHA256 Property (LDAP Control)

The SHA-256 hash of the certificate.

Syntax

ldapcontrol.SSLCertThumbprintSHA256

Default Value

""

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLCertUsage Property (LDAP Control)

The text description of UsageFlags .

Syntax

ldapcontrol.SSLCertUsage

Default Value

""

Remarks

The text description of SSLCertUsageFlags.

This value will be one or more of the following strings and will be separated by commas:

• Digital Signature
• Non-Repudiation
• Key Encipherment
• Data Encipherment
• Key Agreement
• Certificate Signing
• CRL Signing
• Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only.

Data Type

String

SSLCertUsageFlags Property (LDAP Control)

The flags that show intended use for the certificate.

Syntax

ldapcontrol.SSLCertUsageFlags

Default Value

0

Remarks

The flags that show intended use for the certificate. The value of SSLCertUsageFlags is a combination of the following flags:

Please see the SSLCertUsage property for a text representation of SSLCertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only.

Data Type

Integer

SSLCertVersion Property (LDAP Control)

The certificate's version number.

Syntax

ldapcontrol.SSLCertVersion

Default Value

""

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only.

Data Type

String

SSLCertSubject Property (LDAP Control)

The subject of the certificate used for client authentication.

Syntax

ldapcontrol.SSLCertSubject[=string]

Default Value

""

Remarks

The subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

If a field value contains a comma, it must be quoted.

Data Type

String

SSLCertEncoded Property (LDAP Control)

The certificate (PEM/Base64 encoded).

Syntax

ldapcontrol.SSLCertEncoded[=string]

Default Value

""

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The SSLCertStore and SSLCertSubject properties also may be used to specify a certificate.

When SSLCertEncoded is set, a search is initiated in the current SSLCertStore for the private key of the certificate. If the key is found, SSLCertSubject is updated to reflect the full subject of the selected certificate; otherwise, SSLCertSubject is set to an empty string.

To read or write binary data to the property, a Variant (Byte Array) version is provided in .SSLCertEncodedB.

This property is not available at design time.

Data Type

Binary String

SSLEnabled Property (LDAP Control)

This property indicates whether Transport Layer Security/Secure Sockets Layer (TLS/SSL) is enabled.

Syntax

ldapcontrol.SSLEnabled[=boolean]

Default Value

False

Remarks

This property specifies whether TLS/SSL is enabled in the control. When False (default), the control operates in plaintext mode. When True, TLS/SSL is enabled.

TLS/SSL may also be enabled by setting SSLStartMode. Setting SSLStartMode will automatically update this property value.

This property is not available at design time.

Data Type

Boolean

SSLProvider Property (LDAP Control)

The Secure Sockets Layer/Transport Layer Security (SSL/TLS) implementation to use.

Syntax

ldapcontrol.SSLProvider[=integer]

Possible Values

sslpAutomatic(0), 
sslpPlatform(1), 
sslpInternal(2)

Default Value

0

Remarks

This property specifies the SSL/TLS implementation to use. In most cases the default value of 0 (Automatic) is recommended and should not be changed. When set to 0 (Automatic), the control will select whether to use the platform implementation or the internal implementation depending on the operating system as well as the TLS version being used.

Possible values are as follows:

Additional Notes

In most cases using the default value (Automatic) is recommended. The control will select a provider depending on the current platform.

When Automatic is selected, the platform implementation is used by default. When TLS 1.3 is enabled via SSLEnabledProtocols, the internal implementation is used.

Data Type

Integer

SSLServerCertEffectiveDate Property (LDAP Control)

The date on which this certificate becomes valid.

Syntax

ldapcontrol.SSLServerCertEffectiveDate

Default Value

""

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only.

Data Type

String

SSLServerCertExpirationDate Property (LDAP Control)

The date on which the certificate expires.

Syntax

ldapcontrol.SSLServerCertExpirationDate

Default Value

""

Remarks

The date on which the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only.

Data Type

String

SSLServerCertExtendedKeyUsage Property (LDAP Control)

A comma-delimited list of extended key usage identifiers.

Syntax

ldapcontrol.SSLServerCertExtendedKeyUsage

Default Value

""

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only.

Data Type

String

SSLServerCertFingerprint Property (LDAP Control)

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Syntax

ldapcontrol.SSLServerCertFingerprint

Default Value

""

Remarks

The hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only.

Data Type

String

SSLServerCertFingerprintSHA1 Property (LDAP Control)

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Syntax

ldapcontrol.SSLServerCertFingerprintSHA1

Default Value

""

Remarks

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only.

Data Type

String

SSLServerCertFingerprintSHA256 Property (LDAP Control)

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Syntax

ldapcontrol.SSLServerCertFingerprintSHA256

Default Value

""

Remarks

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only.

Data Type

String

SSLServerCertIssuer Property (LDAP Control)

The issuer of the certificate.

Syntax

ldapcontrol.SSLServerCertIssuer

Default Value

""

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only.

Data Type

String

SSLServerCertPrivateKey Property (LDAP Control)

The private key of the certificate (if available).

Syntax

ldapcontrol.SSLServerCertPrivateKey

Default Value

""

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The SSLServerCertPrivateKey may be available but not exportable. In this case, SSLServerCertPrivateKey returns an empty string.

This property is read-only.

Data Type

String

SSLServerCertPrivateKeyAvailable Property (LDAP Control)

Whether a PrivateKey is available for the selected certificate.

Syntax

ldapcontrol.SSLServerCertPrivateKeyAvailable

Default Value

False

Remarks

Whether a SSLServerCertPrivateKey is available for the selected certificate. If SSLServerCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only.

Data Type

Boolean

SSLServerCertPrivateKeyContainer Property (LDAP Control)

The name of the PrivateKey container for the certificate (if available).

Syntax

ldapcontrol.SSLServerCertPrivateKeyContainer

Default Value

""

Remarks

The name of the SSLServerCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only.

Data Type

String

SSLServerCertPublicKey Property (LDAP Control)

The public key of the certificate.

Syntax

ldapcontrol.SSLServerCertPublicKey

Default Value

""

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only.

Data Type

String

SSLServerCertPublicKeyAlgorithm Property (LDAP Control)

The textual description of the certificate's public key algorithm.

Syntax

ldapcontrol.SSLServerCertPublicKeyAlgorithm

Default Value

""

Remarks

The textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLServerCertPublicKeyLength Property (LDAP Control)

The length of the certificate's public key (in bits).

Syntax

ldapcontrol.SSLServerCertPublicKeyLength

Default Value

0

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only.

Data Type

Integer

SSLServerCertSerialNumber Property (LDAP Control)

The serial number of the certificate encoded as a string.

Syntax

ldapcontrol.SSLServerCertSerialNumber

Default Value

""

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only.

Data Type

String

SSLServerCertSignatureAlgorithm Property (LDAP Control)

The text description of the certificate's signature algorithm.

Syntax

ldapcontrol.SSLServerCertSignatureAlgorithm

Default Value

""

Remarks

The text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLServerCertStore Property (LDAP Control)

The name of the certificate store for the client certificate.

Syntax

ldapcontrol.SSLServerCertStore

Default Value

"MY"

Remarks

The name of the certificate store for the client certificate.

The SSLServerCertStoreType property denotes the type of the certificate store specified by SSLServerCertStore. If the store is password-protected, specify the password in SSLServerCertStorePassword.

SSLServerCertStore is used in conjunction with the SSLServerCertSubject property to specify client certificates. If SSLServerCertStore has a value, and SSLServerCertSubject or SSLServerCertEncoded is set, a search for a certificate is initiated. Please see the SSLServerCertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

To read or write binary data to the property, a Variant (Byte Array) version is provided in .SSLServerCertStoreB.

This property is read-only.

Data Type

Binary String

SSLServerCertStorePassword Property (LDAP Control)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Syntax

ldapcontrol.SSLServerCertStorePassword

Default Value

""

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

This property is read-only.

Data Type

String

SSLServerCertStoreType Property (LDAP Control)

The type of certificate store for this certificate.

Syntax

ldapcontrol.SSLServerCertStoreType

Possible Values

cstUser(0), 
cstMachine(1), 
cstPFXFile(2), 
cstPFXBlob(3), 
cstJKSFile(4), 
cstJKSBlob(5), 
cstPEMKeyFile(6), 
cstPEMKeyBlob(7), 
cstPublicKeyFile(8), 
cstPublicKeyBlob(9), 
cstSSHPublicKeyBlob(10), 
cstP7BFile(11), 
cstP7BBlob(12), 
cstSSHPublicKeyFile(13), 
cstPPKFile(14), 
cstPPKBlob(15), 
cstXMLFile(16), 
cstXMLBlob(17), 
cstJWKFile(18), 
cstJWKBlob(19), 
cstSecurityKey(20), 
cstBCFKSFile(21), 
cstBCFKSBlob(22), 
cstPKCS11(23), 
cstAuto(99)

Default Value

0

Remarks

The type of certificate store for this certificate.

The control supports both public and private keys in a variety of formats. When the cstAuto value is used, the control will automatically determine the type. This property can take one of the following values:

This property is read-only.

Data Type

Integer

SSLServerCertSubjectAltNames Property (LDAP Control)

Comma-separated lists of alternative subject names for the certificate.

Syntax

ldapcontrol.SSLServerCertSubjectAltNames

Default Value

""

Remarks

Comma-separated lists of alternative subject names for the certificate.

This property is read-only.

Data Type

String

SSLServerCertThumbprintMD5 Property (LDAP Control)

The MD5 hash of the certificate.

Syntax

ldapcontrol.SSLServerCertThumbprintMD5

Default Value

""

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLServerCertThumbprintSHA1 Property (LDAP Control)

The SHA-1 hash of the certificate.

Syntax

ldapcontrol.SSLServerCertThumbprintSHA1

Default Value

""

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLServerCertThumbprintSHA256 Property (LDAP Control)

The SHA-256 hash of the certificate.

Syntax

ldapcontrol.SSLServerCertThumbprintSHA256

Default Value

""

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLServerCertUsage Property (LDAP Control)

The text description of UsageFlags .

Syntax

ldapcontrol.SSLServerCertUsage

Default Value

""

Remarks

The text description of SSLServerCertUsageFlags.

This value will be one or more of the following strings and will be separated by commas:

• Digital Signature
• Non-Repudiation
• Key Encipherment
• Data Encipherment
• Key Agreement
• Certificate Signing
• CRL Signing
• Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only.

Data Type

String

SSLServerCertUsageFlags Property (LDAP Control)

The flags that show intended use for the certificate.

Syntax

ldapcontrol.SSLServerCertUsageFlags

Default Value

0

Remarks

The flags that show intended use for the certificate. The value of SSLServerCertUsageFlags is a combination of the following flags:

Please see the SSLServerCertUsage property for a text representation of SSLServerCertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only.

Data Type

Integer

SSLServerCertVersion Property (LDAP Control)

The certificate's version number.

Syntax

ldapcontrol.SSLServerCertVersion

Default Value

""

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only.

Data Type

String

SSLServerCertSubject Property (LDAP Control)

The subject of the certificate used for client authentication.

Syntax

ldapcontrol.SSLServerCertSubject

Default Value

""

Remarks

The subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

If a field value contains a comma, it must be quoted.

This property is read-only.

Data Type

String

SSLServerCertEncoded Property (LDAP Control)

The certificate (PEM/Base64 encoded).

Syntax

ldapcontrol.SSLServerCertEncoded

Default Value

""

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The SSLServerCertStore and SSLServerCertSubject properties also may be used to specify a certificate.

When SSLServerCertEncoded is set, a search is initiated in the current SSLServerCertStore for the private key of the certificate. If the key is found, SSLServerCertSubject is updated to reflect the full subject of the selected certificate; otherwise, SSLServerCertSubject is set to an empty string.

To read or write binary data to the property, a Variant (Byte Array) version is provided in .SSLServerCertEncodedB.

This property is read-only and not available at design time.

Data Type

Binary String

SSLStartMode Property (LDAP Control)

This property determines how the control starts the Secure Sockets Layer (SSL) negotiation.

Syntax

ldapcontrol.SSLStartMode[=integer]

Possible Values

sslAutomatic(0), 
sslImplicit(1), 
sslExplicit(2), 
sslNone(3)

Default Value

3

Remarks

The SSLStartMode property may have one of the following values:

Data Type

Integer

Timeout Property (LDAP Control)

This property includes the timeout for the control.

Syntax

ldapcontrol.Timeout[=integer]

Default Value

60

Remarks

If the Timeout property is set to 0, all operations return immediately, potentially failing with a WOULDBLOCK error if data cannot be sent immediately.

If Timeout is set to a positive value, data is sent in a blocking manner and the control will wait for the operation to complete before returning control. The control will handle any potential WOULDBLOCK errors internally and automatically retry the operation for a maximum of Timeout seconds.

The control will use DoEvents to enter an efficient wait loop during any potential waiting period, making sure that all system events are processed immediately as they arrive. This ensures that the host application does not freeze and remains responsive.

If Timeout expires, and the operation is not yet complete, the control fails with an error.

Note: By default, all timeouts are inactivity timeouts, that is, the timeout period is extended by Timeout seconds when any amount of data is successfully sent or received.

The default value for the Timeout property is 60 seconds.

Data Type

Integer

Abandon Method (LDAP Control)

This method asks the server to abandon a request.

Syntax

ldapcontrol.Abandon MessageId

Remarks

This method asks the server to abandon the request specified by MessageId. The result of the operation is returned through the Result event.

Add Method (LDAP Control)

This method adds an entry specified by DN to the directory server using the type and value attributes defined in the Attributes properties.

Syntax

ldapcontrol.Add 

Remarks

This method adds the entry specified by DN to the directory. All entries are required to have an objectClass attribute.

To add a new entry, first Bind with credentials that will allow you to perform the new addition. To add attributes instead of entries, use the Modify method instead. When specifying multivalued attributes, specify the attribute type only in the first occurrence of that attribute type in the Attributes properties. Additional instances of the same attribute type should specify an attribute type of an empty string.

The result of the operation is returned through the Result event.

Example. Add a New Entry (including the multivalued objectClass attribute):

LDAPControl.DN = "uid=NewUser,ou=Employees,dc=server" LDAPControl.AttributeCount = 7 LDAPControl.AttributeType(0) = "objectClass" LDAPControl.AttributeValue(0) = "top" LDAPControl.AttributeType(1) = "" LDAPControl.AttributeValue(1) = "person" LDAPControl.AttributeType(2) = "" LDAPControl.AttributeValue(2) = "organizationalPerson" LDAPControl.AttributeType(3) = "" LDAPControl.AttributeValue(3) = "inetOrgPerson" LDAPControl.AttributeType(4) = "sn" LDAPControl.AttributeValue(4) = "UserName" LDAPControl.AttributeType(5) = "cn" LDAPControl.AttributeValue(5) = "New S. UserName" LDAPControl.AttributeType(6) = "uid" LDAPControl.AttributeValue(6) = "NewUser" LDAPControl.Add()

Attr Method (LDAP Control)

This method returns the value of the specified Lightweight Directory Access Protocol (LDAP) attribute.

Syntax

ldapcontrol.Attr AttrType

Remarks

This method returns the value of the specified LDAP attribute. If the attribute does not exist, an empty string is returned.

Please refer to the Attributes properties for more information.

Bind Method (LDAP Control)

This method connects and binds to the directory server.

Syntax

ldapcontrol.Bind 

Remarks

This method connects and binds to the directory server. If the Password property has a value, it is used for authentication. If not, the bind is performed anonymously. Binding is often required on some directory servers, like Active Directory. The result of the operation is returned through the Result event.

Example. Binding:

LDAPControl.DN = "uid=TThompson,ou=Employees,dc=server" LDAPControl.Password = "mypassword" LDAPControl.Bind() LDAPControl.DN = "Domain/Username" LDAPControl.Password = "mypassword" LDAPControl.Bind()

ChangePassword Method (LDAP Control)

This method changes the password for the specified user.

Syntax

ldapcontrol.ChangePassword user, oldPassword, newPassword

Remarks

This method changes the password for the specified user.

The User parameter is the name of the user for which the password will be changed. OldPassword specifies the current password and NewPassword specifies the new password.

Note: This operation can be performed only over the Secure Sockets Layer (SSL) port. Set ServerPort to the SSL port of the server (typically 636) before calling this method.

Note: If the user is an administrator, the old password is not required.

Compare Method (LDAP Control)

This method compares attributes and values with those of the entry specified by DN .

Syntax

ldapcontrol.Compare 

Remarks

This method compares attribute types and values specified via the Attributes properties, with the values in the directory for the entry specified by DN. The result of the operation is returned through the Result event.

Config Method (LDAP Control)

Sets or retrieves a configuration setting.

Syntax

ldapcontrol.Config ConfigurationString

Remarks

Config is a generic method available in every control. It is used to set and retrieve configuration settings for the control.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the control, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

Connect Method (LDAP Control)

This method connects to the directory server without performing any action.

Syntax

ldapcontrol.Connect 

Remarks

This method establishes a connection with the directory server specified by ServerName. In most cases, it is recommended to use the Bind method, which will both establish a connection and bind to the directory server.

This method may be useful in cases in which it is desirable to establish a connection without performing any operation (e.g., when testing connectivity).

Delete Method (LDAP Control)

Deletes an entry specified by DN from the directory server.

Syntax

ldapcontrol.Delete 

Remarks

This method deletes the entry specified by DN from the directory. The result of the operation is returned through the Result event.

DoEvents Method (LDAP Control)

This method processes events from the internal message queue.

Syntax

ldapcontrol.DoEvents 

Remarks

When DoEvents is called, the control processes any available events. If no events are available, it waits for a preset period of time, and then returns.

ExtendedRequest Method (LDAP Control)

This method performs a Lightweight Directory Access Protocol (LDAP) V3 extended operation.

Syntax

ldapcontrol.ExtendedRequest RequestName, RequestValue

Remarks

This method performs an LDAP V3 extended operation. RequestName must contain the object identifier of the operation, and RequestValue may contain an optional value.

Interrupt Method (LDAP Control)

This method interrupts the current method.

Syntax

ldapcontrol.Interrupt 

Remarks

If there is no method in progress, Interrupt simply returns, doing nothing.

ListComputers Method (LDAP Control)

This method lists all computers in the directory.

Syntax

ldapcontrol.ListComputers 

Remarks

This method lists all computers in the directory. The ComputerList event will be fired once for each computer returned.

ListGroupMembers Method (LDAP Control)

This method lists all members of a group.

Syntax

ldapcontrol.ListGroupMembers group

Remarks

This method lists all members of the specified group. The UserList event will be fired once for each member returned.

ListGroups Method (LDAP Control)

This method list all groups in the directory.

Syntax

ldapcontrol.ListGroups 

Remarks

This method lists all groups in the directory. The GroupList event will be fired once for each group returned.

ListUserGroups Method (LDAP Control)

This method lists all groups a user is a part of.

Syntax

ldapcontrol.ListUserGroups user

Remarks

This method lists all groups that the user specified by user is a part of. The GroupList event will fire once for each group the user is a part of.

Modify Method (LDAP Control)

This method performs a Lightweight Directory Access Protocol (LDAP) modify operation on the entry specified by DN .

Syntax

ldapcontrol.Modify 

Remarks

This method performs an LDAP modify operation on the entry specified by DN. The attributes to modify should be set via the Attributes properties. When specifying multivalued attributes, specify the attribute type only in the first occurrence of that attribute type in the Attributes properties. Additional instances of the same attribute type should specify an attribute type of an empty string.

The modification can be a replacement, an addition, or a deletion, depending on the ModOp field of the attribute;. The result of the operation is returned through the Result event.

Example. Modify an Entry (Replace an Attribute Value):

LDAPControl.DN = "uid=TThompson,ou=Employees,dc=server" LDAPControl.AttributeCount = 2 LDAPControl.AttributeType(0) = "url" LDAPControl.AttributeValue(0) = "www.url1.net" LDAPControl.AttributeModOp(0) = amoReplace LDAPControl.AttributeType(0) = "" LDAPControl.AttributeValue(0) = "www.url2.net" LDAPControl.AttributeModOp(0) = amoReplace LDAPControl.Modify()

ModifyRDN Method (LDAP Control)

This method performs a Lightweight Directory Access Protocol (LDAP) modify RDN operation on an entry specified by DN .

Syntax

ldapcontrol.ModifyRDN NewRDN

Remarks

This method performs an LDAP modify RDN operation on the entry specified by DN.

NewRDN is the new RDN for the entry specified by DN

The result of the operation is returned through the Result event.

MoveToDN Method (LDAP Control)

This method performs a Lightweight Directory Access Protocol (LDAP) modify operation on the entry specified by DN by changing its superior.

Syntax

ldapcontrol.MoveToDN NewSuperior

Remarks

This method performs an LDAP modify operation on the entry specified by DN by changing its superior.

Note: None of the entry's attributes will change. DeleteOldRDN property will be set to True to delete the old entry. The result of the operation is returned through the Result event.

PauseData Method (LDAP Control)

This method pauses data reception.

Syntax

ldapcontrol.PauseData 

Remarks

This method pauses data reception when called. While data reception is paused, incoming data will not be processed and events will not fire. Call ProcessData to re-enable data reception.

ProcessData Method (LDAP Control)

This method re-enables data reception after a call to PauseData .

Syntax

ldapcontrol.ProcessData 

Remarks

This method re-enables data reception after a previous call to PauseData. Call this method to re-enable data reception and allow IPPacket to fire.

Note: This method is used only after previously calling PauseData. It does not need to be called to process data by default.

Reset Method (LDAP Control)

This method will reset the control.

Syntax

ldapcontrol.Reset 

Remarks

This method will reset the control's properties to their default values.

Search Method (LDAP Control)

This method searches the directory server using the base object specified in DN and the search filter SearchFilter .

Syntax

ldapcontrol.Search SearchFilter

Remarks

This method searches the directory server using the base object specified in the DN and the search filter specified in the SearchFilter parameter. Additional search parameters are specified through the SearchScope, SearchDerefAliases, SearchSizeLimit, SearchTimeLimit, and SearchReturnValues properties.

If Attributes are specified before starting a search, the server will return only those results that contain a value for the specified attributes.

Results are returned through zero or more SearchResult events, after which a SearchComplete event is fired.

Example 1. Searching for a User:

LDAPControl.DN = "ou=Employees,dc=server" LDAPControl.Search("uid=TThompson")

A Directory-Specific Entries (DSE) search will search for the attributes of the server. Example 2. DSE Search:

LDAPControl.DN = "" LDAPControl.SearchScope = 0 LDAPControl.Search("objectClass=*")

SearchFilter is a string representation of the Lightweight Directory Access Protocol (LDAP) search filter used for the search.

The format of the search filter is specified by RFC 1558 and is identical to the format used by most LDAP applications.

The following are examples of search filters, as provided in the RFC:

Example 3. Search Filters:

     (cn=Babs Jensen)
     (!(cn=Tim Howes))
     (&(objectClass=Person)(|(sn=Jensen)(cn=Babs J*)))
     (o=univ*of*mich*)

The complete specification is given by the following BNF:

     <filter> ::= "(" <filtercomp> ")"
     <filtercomp> ::= <and> | <or> | <not> | <item>
     <and> ::= "&" <filterlist>
     <or> ::= "|" <filterlist>
     <not> ::= "!" <filter>
     <filterlist> ::= <filter> | <filter> <filterlist>
     <item> ::= <simple> | <present> | <substring>
     <simple> ::= <attr> <filtertype> <value>
     <filtertype> ::= <equal> | <approx> | <greater> | <less>
     <equal> ::= "="
     <approx> ::= "~="
     <greater> ::= ">="
     <less> ::= "<="
     <present> ::= <attr> "=*"
     <substring> ::= <attr> "=" <initial> <any> <final>
     <initial> ::= NULL | <value>
     <any> ::= "*" <starval>
     <starval> ::= NULL | <value> "*" <starval>
     <final> ::= NULL | <value>

<attr> is a string representing an attribute type as defined in RFC 1777. <value> is a string representing an attribute value, or part of one, and has the form defined in RFC 1779. If a <value> must contain one of the characters '*' or '(' or ')', these should be escaped by preceding them with the backslash '\' character.

Unbind Method (LDAP Control)

This method unbinds from the directory server.

Syntax

ldapcontrol.Unbind 

Remarks

This method unbinds from the directory server and breaks the connection.

ComputerList Event (LDAP Control)

This event is fired for each computer entry returned.

Syntax

Sub ldapcontrol_ComputerList(name As String, operatingSystem As String, lastLogon As String, logonCount As Integer, dn As String)

Remarks

This event is fired once for each computer returned when the ListComputers method is called.

Connected Event (LDAP Control)

Fired immediately after a connection completes (or fails).

Syntax

Sub ldapcontrol_Connected(StatusCode As Integer, Description As String)

Remarks

If the connection is made normally, StatusCode is 0 and Description is "OK".

If the connection fails, StatusCode has the error code returned by the Transmission Control Protocol (TCP)/IP stack. Description contains a description of this code. The value of StatusCode is equal to the value of the error. The corresponding Visual Basic error code can be obtained by adding 15001 to this value.

Please refer to the Error Codes section for more information.

ConnectionStatus Event (LDAP Control)

Fired to indicate changes in the connection state.

Syntax

Sub ldapcontrol_ConnectionStatus(ConnectionEvent As String, StatusCode As Integer, Description As String)

Remarks

This event is fired when the connection state changes: for example, completion of a firewall or proxy connection or completion of a security handshake.

The ConnectionEvent parameter indicates the type of connection event. Values may include the following:

StatusCode has the error code returned by the Transmission Control Protocol (TCP)/IP stack. Description contains a description of this code. The value of StatusCode is equal to the value of the error. The corresponding Visual Basic error code can be obtained by adding 15001 to this value.

Disconnected Event (LDAP Control)

Fired when a connection is closed.

Syntax

Sub ldapcontrol_Disconnected(StatusCode As Integer, Description As String)

Remarks

If the connection is broken normally, StatusCode is 0 and Description is "OK".

If the connection is broken for any other reason, StatusCode has the error code returned by the Transmission Control Protocol (TCP/IP) subsystem. Description contains a description of this code. The value of StatusCode is equal to the value of the TCP/IP error. The corresponding Visual Basic error code can be obtained by adding 15001 to this value.

Please refer to the Error Codes section for more information.

Error Event (LDAP Control)

Fired when information is available about errors during data delivery.

Syntax

Sub ldapcontrol_Error(ErrorCode As Integer, Description As String)

Remarks

The Error event is fired in case of exceptional conditions during message processing. Normally the control fails with an error.

The ErrorCode parameter contains an error code, and the Description parameter contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

ExtendedResponse Event (LDAP Control)

This event is fired for Lightweight Directory Access Protocol (LDAP) V3 extended responses.

Syntax

Sub ldapcontrol_ExtendedResponse(MessageId As Integer, DN As String, ResultCode As Integer, ResultDescription As String, ResponseName As String, ResponseValue As String)

Remarks

The first four parameters are the same as the parameters of the Result event. ResponseName and ResponseValue are related to the corresponding parameters of the call to ExtendedRequest.

GroupList Event (LDAP Control)

This event is fired for each group entry returned.

Syntax

Sub ldapcontrol_GroupList(name As String, description As String, dn As String)

Remarks

This event is fired once for each group entry returned when either of the ListGroups or ListUserGroups methods are called.

PITrail Event (LDAP Control)

This event provides detailed information about the interaction with the server.

Syntax

Sub ldapcontrol_PITrail(Direction As Integer, Description As String, Message As String)

Remarks

The PITrail event provides detailed information about all communication with the server. This is useful for debugging purposes.

Direction specifies the origin of the data. Possible values are as follows:

• 0 - Client
• 1 - Server

Description is a short description of the current packet. This is human readable and useful for informational logging.

Message contains a hex-encoded version of the raw message. This represents the exact value sent over the wire.

Result Event (LDAP Control)

This event is fired for every server response, except for search responses.

Syntax

Sub ldapcontrol_Result(MessageId As Integer, DN As String, ResultCode As Integer, ResultDescription As String)

Remarks

The MessageId parameter identifies the corresponding request. ResultCode and ResultDescription show whether or not the operation was successful (on a successful operation, the ResultCode is 0). For a full list of possible result codes, see the ResultCode property.

SearchComplete Event (LDAP Control)

This event is fired upon completion of a search operation.

Syntax

Sub ldapcontrol_SearchComplete(MessageId As Integer, DN As String, ResultCode As Integer, ResultDescription As String)

Remarks

The MessageId parameter identifies the corresponding request. ResultCode and ResultDescription show whether the operation was successful (on a successful operation, the ResultCode is 0).

SearchPage Event (LDAP Control)

This event is fired for every page returned from a search operation.

Syntax

Sub ldapcontrol_SearchPage(MessageId As Integer, DN As String, ResultCode As Integer, ResultDescription As String, CancelSearch As Boolean)

Remarks

This event is fired so the client can decide whether or not to continue with the Search operation. The signature is very similar to the SearchComplete event, with the addition of a CancelSearch parameter. If the search should be canceled (no more pages), the CancelSearch parameter should be set to True.

SearchResult Event (LDAP Control)

This event is fired for every entry returned from a search operation.

Syntax

Sub ldapcontrol_SearchResult(MessageId As Integer, DN As String)

Remarks

MessageId identifies the corresponding search request. DN contains the distinguished name of the entry. The attribute type and value provided in the Attributes properties show the list of retrieved attributes for the entry.

Every search operation results in a sequence of 0 or more SearchResult events and a sequence of 0 or more SearchResultReference events, which are followed by a SearchComplete event.

SearchResultReference Event (LDAP Control)

This event is fired for every result reference returned from a search operation.

Syntax

Sub ldapcontrol_SearchResultReference(MessageId As Integer, LdapUrl As String)

Remarks

MessageId identifies the corresponding search request. LdapUrl contains a URL reference to a server that can be used for continuing the search operation.

Every search operation results in a sequence of 0 or more SearchResult events and a sequence of 0 or more SearchResultReference events, which are followed by a SearchComplete event.

SSLServerAuthentication Event (LDAP Control)

Fired after the server presents its certificate to the client.

Syntax

Sub ldapcontrol_SSLServerAuthentication(CertEncoded As String, CertSubject As String, CertIssuer As String, Status As String, Accept As Boolean)

Remarks

During this event, the client can decide whether or not to continue with the connection process. The Accept parameter is a recommendation on whether to continue or close the connection. This is just a suggestion: application software must use its own logic to determine whether or not to continue.

When Accept is False, Status shows why the verification failed (otherwise, Status contains the string OK). If it is decided to continue, you can override and accept the certificate by setting the Accept parameter to True.

SSLStatus Event (LDAP Control)

Fired when secure connection progress messages are available.

Syntax

Sub ldapcontrol_SSLStatus(Message As String)

Remarks

The event is fired for informational and logging purposes only. This event tracks the progress of the connection.

UserList Event (LDAP Control)

This event is fired once for each user entry returned.

Syntax

Sub ldapcontrol_UserList(name As String, description As String, lastLogon As String, memberOf As String, dn As String)

Remarks

This event is fired once for each user entry returned when the ListGroupMembers method is called.

Config Settings (LDAP Control)

The control accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the control, access to these internal properties is provided through the Config method.

LDAP Config Settings

TCPClient Config Settings

Socket Config Settings

Base Config Settings

Trappable Errors (LDAP Control)

LDAP Errors

The control may also return one of the following error codes, which are inherited from other controls.

TCPClient Errors

TCP/IP Errors