LDAP Component

Properties   Methods   Events   Config Settings   Errors  

The Lightweight Directory Access Protocol (LDAP) Component is used to search, manage, and maintain internet directory servers.

Syntax

IPWorks.Ldap

Remarks

The LDAP Component supports both plaintext and Secure Sockets Layer/Transport Layer Security (SSL/TLS) connections. When connecting over SSL/TLS the SSLServerAuthentication event allows you to check the server identity and other security attributes. The SSLStatus event provides information about the SSL handshake. Additional SSL related settings are also supported via the Config method.

The LDAP Component implements a standard LDAP client as specified in RFC 1777, 2251, and other LDAP RFCs. Support for both LDAP v2 and v3 is provided.

The first step in using the component is specifying the ServerName, a DN (distinguished name) to bind as, and optionally a Password. Then you can call one or more of the component methods to act upon the server. Server responses normally are received through the Result event. The only exceptions are search requests that result in one or more SearchResult events, followed by a final SearchComplete event.

Attributes are set and returned through the Attributes collection. Other command arguments are specified through other properties. These are specified in detail in each method.

Search filters are to be specified as string arguments to the Search method. The format must be a standard LDAP search string as specified in RFC 1558. Other search attributes are set in properties, such as SearchScope, SearchTimeLimit, SearchSizeLimit, SearchReturnValues, and SearchDerefAliases.

The component operates synchronously by default (waits for a response before returning control to the caller); however, the component also may operate asynchronously (return control immediately), by setting Timeout to 0. Please refer to the Timeout property for more information.

Property List

The following is the full list of the properties of the component with short descriptions. Click on the links for further details.

Method List

The following is the full list of the methods of the component with short descriptions. Click on the links for further details.

Event List

The following is the full list of the events fired by the component with short descriptions. Click on the links for further details.

Config Settings

The following is a list of config settings for the component with short descriptions. Click on the links for further details.

AcceptData Property (LDAP Component)

This property enables or disables data reception from the server.

Syntax

public boolean isAcceptData();


public void setAcceptData(boolean acceptData);

Default Value

True

Remarks

This property enables or disables data reception from the server. Setting the property to False, temporarily disables data reception. Setting the property to True, reenables data reception.

Note: It is recommended to use the PauseData or ProcessData method instead of setting this property.

This property is not available at design time.

Attributes Property (LDAP Component)

This property includes the attributes for the current entry.

Syntax

public LDAPAttributeList getAttributes();


public void setAttributes(LDAPAttributeList attributes);

Remarks

This property contains a collection of all of the attributes for the current entry. Each attribute's details are found in the fields of the LDAPAttribute type.

After a Search, this property will be populated with the attributes of each search result and can be read within the SearchResult event (one event for each resulting DN).

During a Lightweight Directory Access Protocol (LDAP) Modify operation, this property describes the modifications that are to be made to the attributes. You may specify the attribute, the new value, and the operation to be executed by the server in this property.

This collection is indexed from 0 to size -1.

This property is not available at design time.

AuthMechanism Property (LDAP Component)

This property is the authentication mechanism to be used when connecting to the Lightweight Directory Access Protocol (LDAP) server.

Syntax

public int getAuthMechanism();


public void setAuthMechanism(int authMechanism);

Enumerated values:
  public final static int lamSimple = 0;

  public final static int lamDigestMD5 = 1;

  public final static int lamNegotiate = 2;

  public final static int lamKerberos = 6;

  public final static int lamSASLExternal = 7;

Default Value

0

Remarks

This property specifies the authentication mechanism used. Possible values are as follows:

Connected Property (LDAP Component)

This shows whether the component is connected.

Syntax

public boolean isConnected();


public void setConnected(boolean connected);

Default Value

False

Remarks

This property is used to determine whether or not the component is connected to the remote host.

Note: It is recommended to use the Connect or Disconnect method instead of setting this property.

This property is not available at design time.

DeleteOldRDN Property (LDAP Component)

This property controls whether the old RDN (Relative Distinguished Name) should be deleted.

Syntax

public boolean isDeleteOldRDN();


public void setDeleteOldRDN(boolean deleteOldRDN);

Default Value

True

Remarks

This property controls whether the old RDN should be deleted. It is used when ModifyRDN is called. The default value is True, which instructs the server to delete the old RDN.

This property is not available at design time.

DN Property (LDAP Component)

This property includes the distinguished name used as the base for Lightweight Directory Access Protocol (LDAP) operations.

Syntax

public String getDN();


public void setDN(String DN);

Default Value

""

Remarks

This also includes the base object during LDAP searches.

The distinguished name is provided in string format, as specified by RFC 1779. Example. Setting DN:

LDAPControl.DN = "uid=TThompson,ou=Employees,dc=server" LDAPControl.DN = "Domain\Username"

Firewall Property (LDAP Component)

A set of properties related to firewall access.

Syntax

public Firewall getFirewall();


public void setFirewall(Firewall firewall);

Remarks

This is a Firewall type property which contains fields describing the firewall through which the component will attempt to connect.

Idle Property (LDAP Component)

The current status of the component.

Syntax

public boolean isIdle();

Default Value

True

Remarks

Idle will be False if the component is currently busy (communicating and/or waiting for an answer), and True at all other times.

This property is read-only.

LDAPVersion Property (LDAP Component)

The version of the Lightweight Directory Access Protocol (LDAP) used.

Syntax

public int getLDAPVersion();


public void setLDAPVersion(int LDAPVersion);

Default Value

3

Remarks

This property contains the version of LDAP used. The default value is 3 (for LDAPv3).

This property is not available at design time.

LocalHost Property (LDAP Component)

The name of the local host or user-assigned IP interface through which connections are initiated or accepted.

Syntax

public String getLocalHost();


public void setLocalHost(String localHost);

Default Value

""

Remarks

The LocalHost property contains the name of the local host as obtained by the gethostname() system call, or if the user has assigned an IP address, the value of that address.

In multi-homed hosts (machines with more than one IP interface) setting LocalHost to the value of an interface will make the component initiate connections (or accept in the case of server components) only through that interface.

If the component is connected, the LocalHost property shows the IP address of the interface through which the connection is made in internet dotted format (aaa.bbb.ccc.ddd). In most cases, this is the address of the local host, except for multi-homed hosts (machines with more than one IP interface).

NOTE: LocalHost is not persistent. You must always set it in code, and never in the property window.

MessageId Property (LDAP Component)

This property includes the message identifier for the next Lightweight Directory Access Protocol (LDAP) request.

Syntax

public int getMessageId();


public void setMessageId(int messageId);

Default Value

1

Remarks

This property contains the message identifier for the next LDAP request. If a custom value is needed, this property must be set before calling any other methods. The component increments this property automatically after each request.

This property is not available at design time.

PageSize Property (LDAP Component)

This property includes the maximum number of results per page for the Search method.

Syntax

public int getPageSize();


public void setPageSize(int pageSize);

Default Value

0

Remarks

This property contains the maximum number of results per page for the Search method. The default value is 0 (no paging). If set to a value greater than zero, results will be paged, that is, returned in blocks of maximum PageSize results.

For each page sent by the server, a SearchPage event will fire. You may decide to cancel or continue displaying results from within this event.

Note: Lightweight Directory Access Protocol (LDAP) paging functionality is described by LDAP extension RFCs and may or may not be implemented by the LDAP server being accessed.

Password Property (LDAP Component)

This property includes the password used to authenticate to the Lightweight Directory Access Protocol (LDAP) server.

Syntax

public String getPassword();


public void setPassword(String password);

Default Value

""

Remarks

This property contains the password used to authenticate to the LDAP server. Leave this value empty if no password is required.

This property is not available at design time.

References Property (LDAP Component)

This property includes a collection of references returned from the server.

Syntax

public LDAPReferenceList getReferences();

Remarks

This property contains a collection of references returned from the server. References will be SearchResult references if inside a SearchResult or SearchResultReference event. In this case, they represent URLs to contact to continue the search. References will be regular result references if inside the Result event or SearchComplete event. In this case, they represent the URLs to contact to complete the requested operation.

This collection is indexed from 0 to size -1.

This property is read-only and not available at design time.

ResultCode Property (LDAP Component)

This property includes the result code returned in the last server response.

Syntax

public int getResultCode();

Default Value

0

Remarks

This property contains the result code returned in the last server response. This is identical to the corresponding parameter provided by the last Result, SearchResult, or SearchComplete event.

Possible result codes are as follows:

All the result codes with the exception of success, compareFalse and compareTrue are to be treated as meaning the operation could not be completed in its entirety. Result codes from 16 to 21 indicate an AttributeProblem; codes 32, 33, 34, and 36 indicate a NameProblem; codes 48, 49, and 50 indicate a SecurityProblem; codes 51 to 54 indicate a ServiceProblem; and codes 64 to 69 and 71 indicate an UpdateProblem.

This property is read-only.

ResultDescription Property (LDAP Component)

This property includes the descriptive text returned in the last server response (if any).

Syntax

public String getResultDescription();

Default Value

""

Remarks

This property contains the descriptive text returned in the last server response (if any). This is identical to the corresponding parameter provided by the last Result, SearchResult, or SearchComplete event.

This property is read-only.

ResultDN Property (LDAP Component)

This property includes the distinguished name returned in the last server response (if any).

Syntax

public String getResultDN();

Default Value

""

Remarks

This property contains the distinguished name returned in the last server response (if any). This is identical to the corresponding parameter provided by the last Result or SearchComplete event.

This property is read-only.

SearchDerefAliases Property (LDAP Component)

This property controls alias dereferencing during searching.

Syntax

public int getSearchDerefAliases();


public void setSearchDerefAliases(int searchDerefAliases);

Enumerated values:
  public final static int sdaNever = 0;

  public final static int sdaInSearching = 1;

  public final static int sdaFindingBaseObject = 2;

  public final static int sdaAlways = 3;

Default Value

0

Remarks

This property controls the alias dereferencing during searching. The possible values are as follows:

The default is to never dereference aliases.

SearchReturnValues Property (LDAP Component)

This property controls whether the search operation returns values of attributes or only types.

Syntax

public boolean isSearchReturnValues();


public void setSearchReturnValues(boolean searchReturnValues);

Default Value

True

Remarks

This property controls whether the search operation returns values of attributes or only types. If only attributes are needed, disabling the property to return values will enhance performance.

SearchScope Property (LDAP Component)

This property controls the scope of Lightweight Directory Access Protocol (LDAP) search operations.

Syntax

public int getSearchScope();


public void setSearchScope(int searchScope);

Enumerated values:
  public final static int ssBaseObject = 0;

  public final static int ssSingleLevel = 1;

  public final static int ssWholeSubtree = 2;

Default Value

2

Remarks

This property controls the scope of LDAP search operations. Possible values are as follows:

The default is to search the whole subtree.

SearchSizeLimit Property (LDAP Component)

This property includes the maximum number of entries that can be returned by the next search operation.

Syntax

public int getSearchSizeLimit();


public void setSearchSizeLimit(int searchSizeLimit);

Default Value

0

Remarks

This property contains the maximum number of entries that can be returned by the next search operation. This limit is provided as a hint to the directory server. A value of 0 means that no size limits are in effect for the search.

SearchTimeLimit Property (LDAP Component)

This property includes a time limit for the next search operation (in seconds).

Syntax

public int getSearchTimeLimit();


public void setSearchTimeLimit(int searchTimeLimit);

Default Value

0

Remarks

This property contains a time limit for the next search operation (in seconds). This limit is provided as a hint to the directory server. A value of 0 means that no time limits are in effect for the search.

ServerName Property (LDAP Component)

This property includes the name or address of the Lightweight Directory Access Protocol (LDAP) server.

Syntax

public String getServerName();


public void setServerName(String serverName);

Default Value

""

Remarks

This property specifies the IP address (IP number in dotted internet format) or the domain name of the directory server. It is set before a connection is attempted and cannot be changed once a connection is in progress.

If this property is set to a domain name, a DNS request is initiated, and upon successful termination of the request, this property is set to the corresponding address. If the search is not successful, an error is returned.

ServerPort Property (LDAP Component)

This property includes the server port for the Lightweight Directory Access Protocol (LDAP) connection (the default is 389).

Syntax

public int getServerPort();


public void setServerPort(int serverPort);

Default Value

389

Remarks

This property contains the server port for the LDAP connection (the default is 389).

For the implicit Secure Sockets Layer (SSL), use port 636 (please refer to the SSLStartMode property for more information).

A valid port number (a value between 1 and 65535) is required for the connection to take place. The property must be set before a connection is attempted and cannot be changed once a connection is established. Any attempt to change this property while connected will fail with an error.

This property is not available at design time.

SortAttributes Property (LDAP Component)

This property includes a string of attribute names to sort on with optional relative matching rules.

Syntax

public String getSortAttributes();


public void setSortAttributes(String sortAttributes);

Default Value

""

Remarks

This property contains a string of attribute names to sort on with optional relative matching rules. When set before a Search, entries returned by the server will be sorted according to SortAttributes. The format consists of one or more attribute names separated by spaces. Each attribute may be followed by an optional matching rule.

If matching rules are defined, they should be separated from the attribute names with a "/".

Normally, the values are returned in ascending order. If descending (reverse) order of sorting is desired, the attribute type must be preceded with a "-".

Following are examples:

LDAPControl.SortAttributes = "loginTime" LDAPControl.SortAttributes = "name/caseIgnoreSubstringsMatch age/numericStringSubstringsMatch" LDAPControl.SortAttributes = "cn age/1.3.6.1.4.1.1466.115.121.1.27" LDAPControl.SortAttributes = "-cn age/1.3.6.1.4.1.1466.115.121.1.27" Example 1. Matching Rules for Equality Filters:

SSLAcceptServerCert Property (LDAP Component)

Instructs the component to unconditionally accept the server certificate that matches the supplied certificate.

Syntax

public Certificate getSSLAcceptServerCert();


public void setSSLAcceptServerCert(Certificate SSLAcceptServerCert);

Remarks

If it finds any issues with the certificate presented by the server, the component will normally terminate the connection with an error.

You may override this behavior by supplying a value for SSLAcceptServerCert. If the certificate supplied in SSLAcceptServerCert is the same as the certificate presented by the server, then the server certificate is accepted unconditionally, and the connection will continue normally.

Please note that this functionality is provided only for cases where you otherwise know that you are communicating with the right server. If used improperly, this property may create a security breach. Use it at your own risk.

SSLCert Property (LDAP Component)

The certificate to be used during SSL negotiation.

Syntax

public Certificate getSSLCert();


public void setSSLCert(Certificate SSLCert);

Remarks

The digital certificate that the component will use during SSL negotiation. Set this property to a valid certificate before starting SSL negotiation. To set a certificate, you may set the Encoded field to the encoded certificate. To select a certificate, use the store and subject fields.

SSLEnabled Property (LDAP Component)

Whether TLS/SSL is enabled.

Syntax

public boolean isSSLEnabled();


public void setSSLEnabled(boolean SSLEnabled);

Default Value

False

Remarks

This setting specifies whether TLS/SSL is enabled in the component. When False (default) the component operates in plaintext mode. When True TLS/SSL is enabled.

TLS/SSL may also be enabled by setting SSLStartMode. Setting SSLStartMode will automatically update this property value.

This property is not available at design time.

SSLProvider Property (LDAP Component)

This specifies the SSL/TLS implementation to use.

Syntax

public int getSSLProvider();


public void setSSLProvider(int SSLProvider);

Enumerated values:
  public final static int sslpAutomatic = 0;

  public final static int sslpPlatform = 1;

  public final static int sslpInternal = 2;

Default Value

0

Remarks

This property specifies the SSL/TLS implementation to use. In most cases the default value of 0 (Automatic) is recommended and should not be changed. When set to 0 (Automatic) the component will select whether to use the platform implementation or the internal implementation depending on the operating system as well as the TLS version being used.

Possible values are:

In most cases using the default value (Automatic) is recommended. The component will select a provider depending on the current platform.

When Automatic is selected the platform implementation is used by default. When TLS 1.3 is enabled via SSLEnabledProtocols the internal implementation is used.

SSLServerCert Property (LDAP Component)

The server certificate for the last established connection.

Syntax

public Certificate getSSLServerCert();

Remarks

SSLServerCert contains the server certificate for the last established connection.

SSLServerCert is reset every time a new connection is attempted.

This property is read-only.

SSLStartMode Property (LDAP Component)

Determines how the component starts the SSL negotiation.

Syntax

public int getSSLStartMode();


public void setSSLStartMode(int SSLStartMode);

Enumerated values:
  public final static int sslAutomatic = 0;

  public final static int sslImplicit = 1;

  public final static int sslExplicit = 2;

  public final static int sslNone = 3;

Default Value

3

Remarks

The SSLStartMode property may have one of the following values:

Timeout Property (LDAP Component)

A timeout for the component.

Syntax

public int getTimeout();


public void setTimeout(int timeout);

Default Value

60

Remarks

If the Timeout property is set to 0, all operations return immediately, potentially failing with a WOULDBLOCK error if data cannot be sent immediately.

If Timeout is set to a positive value, data is sent in a blocking manner and the component will wait for the operation to complete before returning control. The component will handle any potential WOULDBLOCK errors internally and automatically retry the operation for a maximum of Timeout seconds.

The component will use DoEvents to enter an efficient wait loop during any potential waiting period, making sure that all system events are processed immediately as they arrive. This ensures that the host application does not "freeze" and remains responsive.

If Timeout expires, and the operation is not yet complete, the component throws an exception.

Please note that by default, all timeouts are inactivity timeouts, i.e. the timeout period is extended by Timeout seconds when any amount of data is successfully sent or received.

The default value for the Timeout property is 60 seconds.

Abandon Method (Ldap Component)

This method asks the server to abandon a request.

Syntax

public void abandon(int messageId);

Remarks

This method asks the server to abandon the request specified by MessageId. The result of the operation is returned through the Result event.

Add Method (Ldap Component)

This method adds an entry specified by DN to the directory server using the type and value attributes defined in the Attributes properties.

Syntax

public void add();

Remarks

This method adds the entry specified by DN to the directory. All entries are required to have an objectClass attribute.

To add a new entry, first Bind with credentials that will allow you to perform the new addition. To add attributes instead of entries, use the Modify method instead. When specifying multivalued attributes, specify the attribute type only in the first occurrence of that attribute type in the Attributes collection. Additional instances of the same attribute type should specify an attribute type of an empty string.

The result of the operation is returned through the Result event.

Example. Add a New Entry (including the multivalued objectClass attribute):

LDAPControl.DN = "uid=NewUser,ou=Employees,dc=server" LDAPControl.Attributes.Add(new LDAPAttribute("objectClass", "top")) LDAPControl.Attributes.Add(new LDAPAttribute("", "person")) LDAPControl.Attributes.Add(new LDAPAttribute("", "organizationalPerson")) LDAPControl.Attributes.Add(new LDAPAttribute("", "inetorgperson")) LDAPControl.Attributes.Add(new LDAPAttribute("sn", "UserName")) LDAPControl.Attributes.Add(new LDAPAttribute("cn", "New S. UserName")) LDAPControl.Attributes.Add(new LDAPAttribute("uid", "NewUser")) LDAPControl.Add()

Attr Method (Ldap Component)

This method returns the value of the specified Lightweight Directory Access Protocol (LDAP) attribute.

Syntax

public String attr(String attrType);

Remarks

This method returns the value of the specified LDAP attribute. If the attribute does not exist, an empty string is returned.

Please refer to the Attributes collection for more information.

Bind Method (Ldap Component)

This method connects and binds to the directory server.

Syntax

public void bind();

Remarks

This method connects and binds to the directory server. If the Password property has a value, it is used for authentication. If not, the bind is performed anonymously. Binding is often required on some directory servers, like Active Directory. The result of the operation is returned through the Result event.

Example. Binding:

LDAPControl.DN = "uid=TThompson,ou=Employees,dc=server" LDAPControl.Password = "mypassword" LDAPControl.Bind() LDAPControl.DN = "Domain/Username" LDAPControl.Password = "mypassword" LDAPControl.Bind()

ChangePassword Method (Ldap Component)

This method changes the password for the specified user.

Syntax

public void changePassword(String user, String oldPassword, String newPassword);

Remarks

This method changes the password for the specified user.

The User parameter is the name of the user for which the password will be changed. OldPassword specifies the current password and NewPassword specifies the new password.

Note: This operation can be performed only over the Secure Sockets Layer (SSL) port. Set ServerPort to the SSL port of the server (typically 636) before calling this method.

Note: If the user is an administrator, the old password is not required.

Compare Method (Ldap Component)

This method compares attributes and values with those of the entry specified by DN .

Syntax

public void compare();

Remarks

This method compares attribute types and values specified via the Attributes collection, with the values in the directory for the entry specified by DN. The result of the operation is returned through the Result event.

Config Method (Ldap Component)

Sets or retrieves a configuration setting.

Syntax

public String config(String configurationString);

Remarks

Config is a generic method available in every component. It is used to set and retrieve configuration settings for the component.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

Connect Method (Ldap Component)

This method connects to the remote host without performing any action.

Syntax

public void connect();

Remarks

This method establishes a connection with the remote host specified by URL, but it does not send a request. In most cases, it is recommended to use the appropriate method, such as Get or Post, which will both establish a connection and send a request.

This method may be useful in cases in which it is desirable to establish a connection without performing any operation (e.g., when testing connectivity).

Delete Method (Ldap Component)

Deletes an entry specified by DN from the directory server.

Syntax

public void delete();

Remarks

This method deletes the entry specified by DN from the directory. The result of the operation is returned through the Result event.

DoEvents Method (Ldap Component)

Processes events from the internal message queue.

Syntax

public void doEvents();

Remarks

When DoEvents is called, the component processes any available events. If no events are available, it waits for a preset period of time, and then returns.

ExtendedRequest Method (Ldap Component)

This method performs a Lightweight Directory Access Protocol (LDAP) V3 extended operation.

Syntax

public void extendedRequest(String requestName, byte[] requestValue);

Remarks

This method performs an LDAP V3 extended operation. RequestName must contain the object identifier of the operation, and RequestValue may contain an optional value.

Interrupt Method (Ldap Component)

Interrupt the current method.

Syntax

public void interrupt();

Remarks

If there is no method in progress, Interrupt simply returns, doing nothing.

ListComputers Method (Ldap Component)

This method lists all computers in the directory.

Syntax

public void listComputers();

Remarks

This method lists all computers in the directory. The ComputerList event will be fired once for each computer returned.

ListGroupMembers Method (Ldap Component)

This method lists all members of a group.

Syntax

public void listGroupMembers(String group);

Remarks

This method lists all members of the specified group. The UserList event will be fired once for each member returned.

ListGroups Method (Ldap Component)

This method list all groups in the directory.

Syntax

public void listGroups();

Remarks

This method lists all groups in the directory. The GroupList event will be fired once for each group returned.

ListUserGroups Method (Ldap Component)

This method lists all groups a user is a part of.

Syntax

public void listUserGroups(String user);

Remarks

This method lists all groups that the user specified by user is a part of. The GroupList event will fire once for each group the user is a part of.

Modify Method (Ldap Component)

This method performs a Lightweight Directory Access Protocol (LDAP) modify operation on the entry specified by DN .

Syntax

public void modify();

Remarks

This method performs an LDAP modify operation on the entry specified by DN. The attributes to modify should be set via the Attributes collection. When specifying multivalued attributes, specify the attribute type only in the first occurrence of that attribute type in the Attributes collection. Additional instances of the same attribute type should specify an attribute type of an empty string.

The modification can be a replacement, an addition, or a deletion, depending on the ModOp field of the attribute;. The result of the operation is returned through the Result event.

Example. Modify an Entry (Replace an Attribute Value):

LDAPControl.DN = "uid=TThompson,ou=Employees,dc=server" LDAPControl.Attributes.Add(New LDAPAttribute("url", "www.url1.net", LDAPAttributeModOps.amoReplace)) LDAPControl.Attributes.Add(New LDAPAttribute("", "www.url2.net", LDAPAttributeModOps.amoReplace)) LDAPControl.Modify()

ModifyRDN Method (Ldap Component)

This method performs a Lightweight Directory Access Protocol (LDAP) modify RDN operation on an entry specified by DN .

Syntax

public void modifyRDN(String newRDN);

Remarks

This method performs an LDAP modify RDN operation on the entry specified by DN.

NewRDN is the new RDN for the entry specified by DN

The result of the operation is returned through the Result event.

MoveToDN Method (Ldap Component)

This method performs a Lightweight Directory Access Protocol (LDAP) modify operation on the entry specified by DN by changing its superior.

Syntax

public void moveToDN(String newSuperior);

Remarks

This method performs an LDAP modify operation on the entry specified by DN by changing its superior.

Note: None of the entry's attributes will change. DeleteOldRDN property will be set to True to delete the old entry. The result of the operation is returned through the Result event.

PauseData Method (Ldap Component)

This method pauses data reception.

Syntax

public void pauseData();

Remarks

This method pauses data reception when called. While data reception is paused, incoming data will not be processed and events will not fire. Call ProcessData to reenable data reception.

ProcessData Method (Ldap Component)

This method reenables data reception after a call to PauseData .

Syntax

public void processData();

Remarks

This method reenables data reception after a previous call to PauseData. Call this method to reenable data reception and allow IPPacket to fire.

Note: This method is used only after previously calling PauseData. It does not need to be called to process data by default.

Reset Method (Ldap Component)

Reset the component.

Syntax

public void reset();

Remarks

This method will reset the component's properties to their default values.

Search Method (Ldap Component)

This method searches the directory server using the base object specified in DN and the search filter SearchFilter .

Syntax

public void search(String searchFilter);

Remarks

This method searches the directory server using the base object specified in the DN and the search filter specified in the SearchFilter parameter. Additional search parameters are specified through the SearchScope, SearchDerefAliases, SearchSizeLimit, SearchTimeLimit, and SearchReturnValues properties.

If Attributes are specified before starting a search, the server will return only those results that contain a value for the specified attributes.

Results are returned through zero or more SearchResult events, after which a SearchComplete event is fired.

Example 1. Searching for a User:

LDAPControl.DN = "ou=Employees,dc=server" LDAPControl.Search("uid=TThompson")

A Directory-Specific Entries (DSE) search will search for the attributes of the server. Example 2. DSE Search:

LDAPControl.DN = "" LDAPControl.SearchScope = 0 LDAPControl.Search("objectClass=*")

SearchFilter is a string representation of the Lightweight Directory Access Protocol (LDAP) search filter used for the search.

The format of the search filter is specified by RFC 1558 and is identical to the format used by most LDAP applications.

The following are examples of search filters, as provided in the RFC:

Example 3. Search Filters:

     (cn=Babs Jensen)
     (!(cn=Tim Howes))
     (&(objectClass=Person)(|(sn=Jensen)(cn=Babs J*)))
     (o=univ*of*mich*)

The complete specification is given by the following BNF:

     <filter> ::= "(" <filtercomp> ")"
     <filtercomp> ::= <and> | <or> | <not> | <item>
     <and> ::= "&" <filterlist>
     <or> ::= "|" <filterlist>
     <not> ::= "!" <filter>
     <filterlist> ::= <filter> | <filter> <filterlist>
     <item> ::= <simple> | <present> | <substring>
     <simple> ::= <attr> <filtertype> <value>
     <filtertype> ::= <equal> | <approx> | <greater> | <less>
     <equal> ::= "="
     <approx> ::= "~="
     <greater> ::= ">="
     <less> ::= "<="
     <present> ::= <attr> "=*"
     <substring> ::= <attr> "=" <initial> <any> <final>
     <initial> ::= NULL | <value>
     <any> ::= "*" <starval>
     <starval> ::= NULL | <value> "*" <starval>
     <final> ::= NULL | <value>

<attr> is a string representing an attribute type as defined in RFC 1777. <value> is a string representing an attribute value, or part of one, and has the form defined in RFC 1779. If a <value> must contain one of the characters '*' or '(' or ')', these should be escaped by preceding them with the backslash '\' character.

Unbind Method (Ldap Component)

This method unbinds from the directory server.

Syntax

public void unbind();

Remarks

This method unbinds from the directory server and breaks the connection.

ComputerList Event (Ldap Component)

This event is fired for each computer entry returned.

Syntax

public class DefaultLdapEventListener implements LdapEventListener {
  ...
  public void computerList(LdapComputerListEvent e) {}
  ...
}

public class LdapComputerListEvent {
  public String name;

  public String operatingSystem;

  public String lastLogon;

  public int logonCount;

  public String dn;

}

Remarks

This event is fired once for each computer returned when the ListComputers method is called.

Connected Event (Ldap Component)

This event is fired immediately after a connection completes (or fails).

Syntax

public class DefaultLdapEventListener implements LdapEventListener {
  ...
  public void connected(LdapConnectedEvent e) {}
  ...
}

public class LdapConnectedEvent {
  public int statusCode;

  public String description;

}

Remarks

If the connection is made normally, StatusCode is 0 and Description is "OK".

If the connection fails, StatusCode has the error code returned by the Transmission Control Protocol (TCP)/IP stack. Description contains a description of this code. The value of StatusCode is equal to the value of the error.

Please refer to the Error Codes section for more information.

ConnectionStatus Event (Ldap Component)

This event is fired to indicate changes in the connection state.

Syntax

public class DefaultLdapEventListener implements LdapEventListener {
  ...
  public void connectionStatus(LdapConnectionStatusEvent e) {}
  ...
}

public class LdapConnectionStatusEvent {
  public String connectionEvent;

  public int statusCode;

  public String description;

}

Remarks

The ConnectionStatus event is fired when the connection state changes: for example, completion of a firewall or proxy connection or completion of a security handshake.

The ConnectionEvent parameter indicates the type of connection event. Values may include the following:

Disconnected Event (Ldap Component)

This event is fired when a connection is closed.

Syntax

public class DefaultLdapEventListener implements LdapEventListener {
  ...
  public void disconnected(LdapDisconnectedEvent e) {}
  ...
}

public class LdapDisconnectedEvent {
  public int statusCode;

  public String description;

}

Remarks

If the connection is broken normally, StatusCode is 0 and Description is "OK".

If the connection is broken for any other reason, StatusCode has the error code returned by the Transmission Control Protocol (TCP/IP) subsystem. Description contains a description of this code. The value of StatusCode is equal to the value of the TCP/IP error.

Please refer to the Error Codes section for more information.

Error Event (Ldap Component)

Information about errors during data delivery.

Syntax

public class DefaultLdapEventListener implements LdapEventListener {
  ...
  public void error(LdapErrorEvent e) {}
  ...
}

public class LdapErrorEvent {
  public int errorCode;

  public String description;

}

Remarks

The Error event is fired in case of exceptional conditions during message processing. Normally the component throws an exception.

ErrorCode contains an error code and Description contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

ExtendedResponse Event (Ldap Component)

This event is fired for Lightweight Directory Access Protocol (LDAP) V3 extended responses.

Syntax

public class DefaultLdapEventListener implements LdapEventListener {
  ...
  public void extendedResponse(LdapExtendedResponseEvent e) {}
  ...
}

public class LdapExtendedResponseEvent {
  public int messageId;

  public String DN;

  public int resultCode;

  public String resultDescription;

  public String responseName;

  public byte[] responseValue;

}

Remarks

The first four parameters are the same as the parameters of the Result event. ResponseName and ResponseValue are related to the corresponding parameters of the call to ExtendedRequest.

GroupList Event (Ldap Component)

This event is fired for each group entry returned.

Syntax

public class DefaultLdapEventListener implements LdapEventListener {
  ...
  public void groupList(LdapGroupListEvent e) {}
  ...
}

public class LdapGroupListEvent {
  public String name;

  public String description;

  public String dn;

}

Remarks

This event is fired once for each group entry returned when either of the ListGroups or ListUserGroups methods are called.

PITrail Event (Ldap Component)

This event provides detailed information about the interaction with the server.

Syntax

public class DefaultLdapEventListener implements LdapEventListener {
  ...
  public void PITrail(LdapPITrailEvent e) {}
  ...
}

public class LdapPITrailEvent {
  public int direction;

  public String description;

  public String message;

}

Remarks

The PITrail event provides detailed information about all communication with the server. This is useful for debugging purposes.

Direction specifies the origin of the data. Possible values are as follows:

• 0 - Client
• 1 - Server

Description is a short description of the current packet. This is human readable and useful for informational logging.

Message contains a hex-encoded version of the raw message. This represents the exact value sent over the wire.

Result Event (Ldap Component)

This event is fired for every server response, except for search responses.

Syntax

public class DefaultLdapEventListener implements LdapEventListener {
  ...
  public void result(LdapResultEvent e) {}
  ...
}

public class LdapResultEvent {
  public int messageId;

  public String DN;

  public int resultCode;

  public String resultDescription;

}

Remarks

The MessageId parameter identifies the corresponding request. ResultCode and ResultDescription show whether or not the operation was successful (on a successful operation, the ResultCode is 0). For a full list of possible result codes, see the ResultCode property.

SearchComplete Event (Ldap Component)

This event is fired upon completion of a search operation.

Syntax

public class DefaultLdapEventListener implements LdapEventListener {
  ...
  public void searchComplete(LdapSearchCompleteEvent e) {}
  ...
}

public class LdapSearchCompleteEvent {
  public int messageId;

  public String DN;

  public int resultCode;

  public String resultDescription;

}

Remarks

The MessageId parameter identifies the corresponding request. ResultCode and ResultDescription show whether the operation was successful (on a successful operation, the ResultCode is 0).

SearchPage Event (Ldap Component)

This event is fired for every page returned from a search operation.

Syntax

public class DefaultLdapEventListener implements LdapEventListener {
  ...
  public void searchPage(LdapSearchPageEvent e) {}
  ...
}

public class LdapSearchPageEvent {
  public int messageId;

  public String DN;

  public int resultCode;

  public String resultDescription;

  public boolean cancelSearch;

}

Remarks

This event is fired so the client can decide whether or not to continue with the Search operation. The signature is very similar to the SearchComplete event, with the addition of a CancelSearch parameter. If the search should be canceled (no more pages), the CancelSearch parameter should be set to True.

SearchResult Event (Ldap Component)

This event is fired for every entry returned from a search operation.

Syntax

public class DefaultLdapEventListener implements LdapEventListener {
  ...
  public void searchResult(LdapSearchResultEvent e) {}
  ...
}

public class LdapSearchResultEvent {
  public int messageId;

  public String DN;

}

Remarks

MessageId identifies the corresponding search request. DN contains the distinguished name of the entry. The attribute type and value provided in the Attributes collection show the list of retrieved attributes for the entry.

Every search operation results in a sequence of 0 or more SearchResult events and a sequence of 0 or more SearchResultReference events, which are followed by a SearchComplete event.

SearchResultReference Event (Ldap Component)

This event is fired for every result reference returned from a search operation.

Syntax

public class DefaultLdapEventListener implements LdapEventListener {
  ...
  public void searchResultReference(LdapSearchResultReferenceEvent e) {}
  ...
}

public class LdapSearchResultReferenceEvent {
  public int messageId;

  public String ldapUrl;

}

Remarks

MessageId identifies the corresponding search request. LdapUrl contains a URL reference to a server that can be used for continuing the search operation.

Every search operation results in a sequence of 0 or more SearchResult events and a sequence of 0 or more SearchResultReference events, which are followed by a SearchComplete event.

SSLServerAuthentication Event (Ldap Component)

Fired after the server presents its certificate to the client.

Syntax

public class DefaultLdapEventListener implements LdapEventListener {
  ...
  public void SSLServerAuthentication(LdapSSLServerAuthenticationEvent e) {}
  ...
}

public class LdapSSLServerAuthenticationEvent {
  public byte[] certEncoded;

  public String certSubject;

  public String certIssuer;

  public String status;

  public boolean accept;

}

Remarks

This event is where the client can decide whether to continue with the connection process or not. The Accept parameter is a recommendation on whether to continue or close the connection. This is just a suggestion: application software must use its own logic to determine whether to continue or not.

When Accept is False, Status shows why the verification failed (otherwise, Status contains the string "OK"). If it is decided to continue, you can override and accept the certificate by setting the Accept parameter to True.

SSLStatus Event (Ldap Component)

Shows the progress of the secure connection.

Syntax

public class DefaultLdapEventListener implements LdapEventListener {
  ...
  public void SSLStatus(LdapSSLStatusEvent e) {}
  ...
}

public class LdapSSLStatusEvent {
  public String message;

}

Remarks

The event is fired for informational and logging purposes only. Used to track the progress of the connection.

UserList Event (Ldap Component)

This event is fired once for each user entry returned.

Syntax

public class DefaultLdapEventListener implements LdapEventListener {
  ...
  public void userList(LdapUserListEvent e) {}
  ...
}

public class LdapUserListEvent {
  public String name;

  public String description;

  public String lastLogon;

  public String memberOf;

  public String dn;

}

Remarks

This event is fired once for each user entry returned when the ListGroupMembers method is called.

Certificate Type

This is the digital certificate being used.

Remarks

This type describes the current digital certificate. The certificate may be a public or private key. The fields are used to identify or select certificates.

Fields

Constructors

public Certificate();

Creates a Certificate instance whose properties can be set. This is useful for use with CERTMGR when generating new certificates.

public Certificate( certificateFile);

Opens CertificateFile and reads out the contents as an X509 public key.

public Certificate( certificateData);

Parses CertificateData as an X509 public key.

public Certificate( certStoreType,  store,  storePassword,  subject);

CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. Store is a file containing the certificate store. StorePassword is the password used to protect the store. After the store has been successfully opened, the component will attempt to find the certificate identified by Subject . This can be either a complete or a substring match of the X509 certificate's subject Distinguished Name (DN).

public Certificate( certStoreType,  store,  storePassword,  subject,  configurationString);

CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. Store is a file containing the certificate store. StorePassword is the password used to protect the store. ConfigurationString is a newline separated list of name-value pairs that may be used to modify the default behavior. Possible values include "PersistPFXKey", which shows whether or not the PFX key is persisted after performing operations with the private key. This correlates to the PKCS12_NO_PERSIST_KEY CyrptoAPI option. The default value is True (the key is persisted). "Thumbprint" - a MD5, SHA1, or SHA256 thumbprint of the certificate to load. When specified, this value is used to select the certificate in the store. This is applicable to cstUser, cstMachine, cstPublicKeyFile, and cstPFXFile store types. "UseInternalSecurityAPI" shows whether the platform (default) or the internal security API is used when performing certificate-related operations. After the store has been successfully opened, the component will attempt to find the certificate identified by Subject . This can be either a complete or a substring match of the X509 certificate's subject Distinguished Name (DN).

public Certificate( certStoreType,  store,  storePassword,  encoded);

CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. Store is a file containing the certificate store. StorePassword is the password used to protect the store. After the store has been successfully opened, the component will load Encoded as an X509 certificate and search the opened store for a corresponding private key.

public Certificate( certStoreType,  storeBlob,  storePassword,  subject);

CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. StoreBlob is a string (binary- or base64-encoded) containing the certificate data. StorePassword is the password used to protect the store. After the store has been successfully opened, the component will attempt to find the certificate identified by Subject . This can be either a complete or a substring match of the X509 certificate's subject Distinguished Name (DN).

public Certificate( certStoreType,  storeBlob,  storePassword,  subject,  configurationString);

CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. StoreBlob is a string (binary- or base64-encoded) containing the certificate data. StorePassword is the password used to protect the store. After the store has been successfully opened, the component will attempt to find the certificate identified by Subject . This can be either a complete or a substring match of the X509 certificate's subject Distinguished Name (DN).

public Certificate( certStoreType,  storeBlob,  storePassword,  encoded);

CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. Store is a string (binary- or base64-encoded) containing the certificate store. StorePassword is the password used to protect the store. After the store has been successfully opened, the component will load Encoded as an X509 certificate and search the opened store for a corresponding private key.

Firewall Type

This is the firewall the component will connect through.

Remarks

When connecting through a firewall, this type is used to specify different properties of the firewall, such as the firewall Host and the FirewallType.

Fields

Constructors

public Firewall();

LDAPAttribute Type

This types describes an attribute for the current entry.

Remarks

This type describes an attribute for the current Lightweight Directory Access Protocol (LDAP) entry. The ModOp field is used only in Modify operations.

Fields

Constructors

public LDAPAttribute();

public LDAPAttribute( attributeType);

public LDAPAttribute( attributeType,  value);

public LDAPAttribute( attributeType,  value,  LDAPAttributeModOp);

LDAPReference Type

This type includes a reference returned from the server.

Remarks

This type describes a Lightweight Directory Access Protocol (LDAP) reference, which may be queried inside the SearchResult, SearchResultReference, Result, or SearchComplete events.

When inside a SearchResult or SearchResultReference event, references will be a search result reference (that is, a continuation reference), in which case they represent the URLs to contact to continue the search.

When inside a Result or SearchComplete event, a reference will be a regular referral, in which case it represents the URL to contact to complete the requested operation.

Fields

Constructors

public LDAPReference();

Config Settings (Ldap Component)

LDAP Config Settings

TCPClient Config Settings

SSL Config Settings

-----BEGIN CERTIFICATE-----
MIIEKzCCAxOgAwIBAgIRANTET4LIkxdH6P+CFIiHvTowDQYJKoZIhvcNAQELBQAw
...
eWHV5OW1K53o/atv59sOiW5K3crjFhsBOd5Q+cJJnU+SWinPKtANXMht+EDvYY2w
F0I1XhM+pKj7FjDr+XNj
-----END CERTIFICATE-----
\r \n
-----BEGIN CERTIFICATE-----
MIIEFjCCAv6gAwIBAgIQetu1SMxpnENAnnOz1P+PtTANBgkqhkiG9w0BAQUFADBp
..
d8q23djXZbVYiIfE9ebr4g3152BlVCHZ2GyPdjhIuLeH21VbT/dyEHHA
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIEKzCCAxOgAwIBAgIRANTET4LIkxdH6P+CFIiHvTowDQYJKoZIhvcNAQELBQAw
...
eWHV5OW1K53o/atv59sOiW5K3crjFhsBOd5Q+cJJnU+SWinPKtANXMht+EDvYY2w
F0I1XhM+pKj7FjDr+XNj
-----END CERTIFICATE-----
\r \n
-----BEGIN CERTIFICATE-----
MIIEFjCCAv6gAwIBAgIQetu1SMxpnENAnnOz1P+PtTANBgkqhkiG9w0BAQUFADBp
..
d8q23djXZbVYiIfE9ebr4g3152BlVCHZ2GyPdjhIuLeH21VbT/dyEHHA
-----END CERTIFICATE-----

Socket Config Settings

Base Config Settings

Trappable Errors (Ldap Component)

LDAP Errors

TCPClient Errors

SSL Errors

TCP/IP Errors