LDAP Class

Properties   Methods   Events   Config Settings   Errors  

The Lightweight Directory Access Protocol (LDAP) Class is used to search, manage, and maintain internet directory servers.

Syntax

ipworks.ldap()

Remarks

The LDAP Class supports both plaintext and Secure Sockets Layer/Transport Layer Security (SSL/TLS) connections. When connecting over SSL/TLS the SSLServerAuthentication event allows you to check the server identity and other security attributes. The SSLStatus event provides information about the SSL handshake. Additional SSL related settings are also supported via the Config method.

The LDAP Class implements a standard LDAP client as specified in RFC 1777, 2251, and other LDAP RFCs. Support for both LDAP v2 and v3 is provided.

The first step in using the class is specifying the ServerName, a DN (distinguished name) to bind as, and optionally a Password. Then you can call one or more of the class methods to act upon the server. Server responses normally are received through the Result event. The only exceptions are search requests that result in one or more SearchResult events, followed by a final SearchComplete event.

Attributes are set and returned through the Attributes properties. Other command arguments are specified through other properties. These are specified in detail in each method.

Search filters are to be specified as string arguments to the Search method. The format must be a standard LDAP search string as specified in RFC 1558. Other search attributes are set in properties, such as SearchScope, SearchTimeLimit, SearchSizeLimit, SearchReturnValues, and SearchDerefAliases.

The class operates synchronously by default (waits for a response before returning control to the caller); however, the class also may operate asynchronously (return control immediately), by setting Timeout to 0. Please refer to the Timeout property for more information.

Property List

The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

Method List

The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

Event List

The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

Config Settings

The following is a list of config settings for the class with short descriptions. Click on the links for further details.

LDAP.AcceptData Property

This property enables or disables data reception from the server.

Syntax

isAcceptData(): boolean;

Default Value

TRUE

Remarks

This property enables or disables data reception from the server. Setting the property to False, temporarily disables data reception. Setting the property to True, reenables data reception.

Note: It is recommended to use the PauseData or ProcessData method instead of setting this property.

This property is not available at design time.

LDAP.Attributes Property

This property includes the attributes for the current entry.

Syntax

getAttributes(): LDAPAttributeList;
setAttributes(attributes: LDAPAttributeList): void;

Default Value

Remarks

This property contains a collection of all of the attributes for the current entry. Each attribute's details are found in the fields of the LDAPAttribute type.

After a Search, this property will be populated with the attributes of each search result and can be read within the SearchResult event (one event for each resulting DN).

During a Lightweight Directory Access Protocol (LDAP) Modify operation, this property describes the modifications that are to be made to the attributes. You may specify the attribute, the new value, and the operation to be executed by the server in this property.

This property is not available at design time.

LDAP.AuthMechanism Property

This property is the authentication mechanism to be used when connecting to the Lightweight Directory Access Protocol (LDAP) server.

Syntax

getAuthMechanism(): LdapAuthMechanisms;
setAuthMechanism(authMechanism: LdapAuthMechanisms): void;

enum LdapAuthMechanisms {
  lamSimple,
  lamDigestMD5,
  lamNegotiate,
  lamKerberos,
  lamSASLExternal
}

Default Value

0

Remarks

This property specifies the authentication mechanism used. Possible values are as follows:

LDAP.Connected Property

This shows whether the class is connected.

Syntax

isConnected(): boolean;

Default Value

FALSE

Remarks

This property is used to determine whether or not the class is connected to the remote host.

Note: It is recommended to use the Connect or Disconnect method instead of setting this property.

This property is not available at design time.

LDAP.DeleteOldRDN Property

This property controls whether the old RDN (Relative Distinguished Name) should be deleted.

Syntax

isDeleteOldRDN(): boolean;
setDeleteOldRDN(deleteOldRDN: boolean): void;

Default Value

TRUE

Remarks

This property controls whether the old RDN should be deleted. It is used when ModifyRDN is called. The default value is True, which instructs the server to delete the old RDN.

This property is not available at design time.

LDAP.DN Property

This property includes the distinguished name used as the base for Lightweight Directory Access Protocol (LDAP) operations.

Syntax

getDN(): string;
setDN(DN: string): void;

Default Value

""

Remarks

This also includes the base object during LDAP searches.

The distinguished name is provided in string format, as specified by RFC 1779. Example. Setting DN:

LDAPControl.DN = "uid=TThompson,ou=Employees,dc=server" LDAPControl.DN = "Domain\Username"

LDAP.Firewall Property

A set of properties related to firewall access.

Syntax

getFirewall(): Firewall;
setFirewall(firewall: Firewall): void;

Default Value

Remarks

This is a Firewall type property which contains fields describing the firewall through which the class will attempt to connect.

LDAP.Idle Property

The current status of the class.

Syntax

isIdle(): boolean;

Default Value

TRUE

Remarks

Idle will be False if the component is currently busy (communicating and/or waiting for an answer), and True at all other times.

This property is read-only.

LDAP.LDAPVersion Property

The version of the Lightweight Directory Access Protocol (LDAP) used.

Syntax

getLDAPVersion(): number;
setLDAPVersion(LDAPVersion: number): void;

Default Value

3

Remarks

This property contains the version of LDAP used. The default value is 3 (for LDAPv3).

This property is not available at design time.

LDAP.LocalHost Property

The name of the local host or user-assigned IP interface through which connections are initiated or accepted.

Syntax

getLocalHost(): string;
setLocalHost(localHost: string): void;

Default Value

""

Remarks

The LocalHost property contains the name of the local host as obtained by the gethostname() system call, or if the user has assigned an IP address, the value of that address.

In multi-homed hosts (machines with more than one IP interface) setting LocalHost to the value of an interface will make the class initiate connections (or accept in the case of server classs) only through that interface.

If the class is connected, the LocalHost property shows the IP address of the interface through which the connection is made in internet dotted format (aaa.bbb.ccc.ddd). In most cases, this is the address of the local host, except for multi-homed hosts (machines with more than one IP interface).

NOTE: LocalHost is not persistent. You must always set it in code, and never in the property window.

LDAP.MessageId Property

This property includes the message identifier for the next Lightweight Directory Access Protocol (LDAP) request.

Syntax

getMessageId(): number;
setMessageId(messageId: number): void;

Default Value

1

Remarks

This property contains the message identifier for the next LDAP request. If a custom value is needed, this property must be set before calling any other methods. The class increments this property automatically after each request.

This property is not available at design time.

LDAP.PageSize Property

This property includes the maximum number of results per page for the Search method.

Syntax

getPageSize(): number;
setPageSize(pageSize: number): void;

Default Value

0

Remarks

This property contains the maximum number of results per page for the Search method. The default value is 0 (no paging). If set to a value greater than zero, results will be paged, that is, returned in blocks of maximum PageSize results.

For each page sent by the server, a SearchPage event will fire. You may decide to cancel or continue displaying results from within this event.

Note: Lightweight Directory Access Protocol (LDAP) paging functionality is described by LDAP extension RFCs and may or may not be implemented by the LDAP server being accessed.

LDAP.Password Property

This property includes the password used to authenticate to the Lightweight Directory Access Protocol (LDAP) server.

Syntax

getPassword(): string;
setPassword(password: string): void;

Default Value

""

Remarks

This property contains the password used to authenticate to the LDAP server. Leave this value empty if no password is required.

This property is not available at design time.

LDAP.References Property

This property includes a collection of references returned from the server.

Syntax

getReferences(): LDAPReferenceList;

Default Value

Remarks

This property contains a collection of references returned from the server. References will be SearchResult references if inside a SearchResult or SearchResultReference event. In this case, they represent URLs to contact to continue the search. References will be regular result references if inside the Result event or SearchComplete event. In this case, they represent the URLs to contact to complete the requested operation.

This property is read-only and not available at design time.

LDAP.ResultCode Property

This property includes the result code returned in the last server response.

Syntax

getResultCode(): number;

Default Value

0

Remarks

This property contains the result code returned in the last server response. This is identical to the corresponding parameter provided by the last Result, SearchResult, or SearchComplete event.

Possible result codes are as follows:

All the result codes with the exception of success, compareFalse and compareTrue are to be treated as meaning the operation could not be completed in its entirety. Result codes from 16 to 21 indicate an AttributeProblem; codes 32, 33, 34, and 36 indicate a NameProblem; codes 48, 49, and 50 indicate a SecurityProblem; codes 51 to 54 indicate a ServiceProblem; and codes 64 to 69 and 71 indicate an UpdateProblem.

This property is read-only.

LDAP.ResultDescription Property

This property includes the descriptive text returned in the last server response (if any).

Syntax

getResultDescription(): string;

Default Value

""

Remarks

This property contains the descriptive text returned in the last server response (if any). This is identical to the corresponding parameter provided by the last Result, SearchResult, or SearchComplete event.

This property is read-only.

LDAP.ResultDN Property

This property includes the distinguished name returned in the last server response (if any).

Syntax

getResultDN(): string;

Default Value

""

Remarks

This property contains the distinguished name returned in the last server response (if any). This is identical to the corresponding parameter provided by the last Result or SearchComplete event.

This property is read-only.

LDAP.SearchDerefAliases Property

This property controls alias dereferencing during searching.

Syntax

getSearchDerefAliases(): LdapSearchDerefAliases;
setSearchDerefAliases(searchDerefAliases: LdapSearchDerefAliases): void;

enum LdapSearchDerefAliases {
  sdaNever,
  sdaInSearching,
  sdaFindingBaseObject,
  sdaAlways
}

Default Value

0

Remarks

This property controls the alias dereferencing during searching. The possible values are as follows:

The default is to never dereference aliases.

LDAP.SearchReturnValues Property

This property controls whether the search operation returns values of attributes or only types.

Syntax

isSearchReturnValues(): boolean;
setSearchReturnValues(searchReturnValues: boolean): void;

Default Value

TRUE

Remarks

This property controls whether the search operation returns values of attributes or only types. If only attributes are needed, disabling the property to return values will enhance performance.

LDAP.SearchScope Property

This property controls the scope of Lightweight Directory Access Protocol (LDAP) search operations.

Syntax

getSearchScope(): LdapSearchScopes;
setSearchScope(searchScope: LdapSearchScopes): void;

enum LdapSearchScopes {
  ssBaseObject,
  ssSingleLevel,
  ssWholeSubtree
}

Default Value

2

Remarks

This property controls the scope of LDAP search operations. Possible values are as follows:

The default is to search the whole subtree.

LDAP.SearchSizeLimit Property

This property includes the maximum number of entries that can be returned by the next search operation.

Syntax

getSearchSizeLimit(): number;
setSearchSizeLimit(searchSizeLimit: number): void;

Default Value

0

Remarks

This property contains the maximum number of entries that can be returned by the next search operation. This limit is provided as a hint to the directory server. A value of 0 means that no size limits are in effect for the search.

LDAP.SearchTimeLimit Property

This property includes a time limit for the next search operation (in seconds).

Syntax

getSearchTimeLimit(): number;
setSearchTimeLimit(searchTimeLimit: number): void;

Default Value

0

Remarks

This property contains a time limit for the next search operation (in seconds). This limit is provided as a hint to the directory server. A value of 0 means that no time limits are in effect for the search.

LDAP.ServerName Property

This property includes the name or address of the Lightweight Directory Access Protocol (LDAP) server.

Syntax

getServerName(): string;
setServerName(serverName: string): void;

Default Value

""

Remarks

This property specifies the IP address (IP number in dotted internet format) or the domain name of the directory server. It is set before a connection is attempted and cannot be changed once a connection is in progress.

If this property is set to a domain name, a DNS request is initiated, and upon successful termination of the request, this property is set to the corresponding address. If the search is not successful, an error is returned.

LDAP.ServerPort Property

This property includes the server port for the Lightweight Directory Access Protocol (LDAP) connection (the default is 389).

Syntax

getServerPort(): number;
setServerPort(serverPort: number): void;

Default Value

389

Remarks

This property contains the server port for the LDAP connection (the default is 389).

For the implicit Secure Sockets Layer (SSL), use port 636 (please refer to the SSLStartMode property for more information).

A valid port number (a value between 1 and 65535) is required for the connection to take place. The property must be set before a connection is attempted and cannot be changed once a connection is established. Any attempt to change this property while connected will fail with an error.

This property is not available at design time.

LDAP.SortAttributes Property

This property includes a string of attribute names to sort on with optional relative matching rules.

Syntax

getSortAttributes(): string;
setSortAttributes(sortAttributes: string): void;

Default Value

""

Remarks

This property contains a string of attribute names to sort on with optional relative matching rules. When set before a Search, entries returned by the server will be sorted according to SortAttributes. The format consists of one or more attribute names separated by spaces. Each attribute may be followed by an optional matching rule.

If matching rules are defined, they should be separated from the attribute names with a "/".

Normally, the values are returned in ascending order. If descending (reverse) order of sorting is desired, the attribute type must be preceded with a "-".

Following are examples:

LDAPControl.SortAttributes = "loginTime" LDAPControl.SortAttributes = "name/caseIgnoreSubstringsMatch age/numericStringSubstringsMatch" LDAPControl.SortAttributes = "cn age/1.3.6.1.4.1.1466.115.121.1.27" LDAPControl.SortAttributes = "-cn age/1.3.6.1.4.1.1466.115.121.1.27" Example 1. Matching Rules for Equality Filters:

LDAP.SSLAcceptServerCert Property

Instructs the class to unconditionally accept the server certificate that matches the supplied certificate.

Syntax

getSSLAcceptServerCert(): Certificate;
setSSLAcceptServerCert(SSLAcceptServerCert: Certificate): void;

Default Value

Remarks

If it finds any issues with the certificate presented by the server, the class will normally terminate the connection with an error.

You may override this behavior by supplying a value for SSLAcceptServerCert. If the certificate supplied in SSLAcceptServerCert is the same as the certificate presented by the server, then the server certificate is accepted unconditionally, and the connection will continue normally.

Please note that this functionality is provided only for cases where you otherwise know that you are communicating with the right server. If used improperly, this property may create a security breach. Use it at your own risk.

LDAP.SSLCert Property

The certificate to be used during SSL negotiation.

Syntax

getSSLCert(): Certificate;
setSSLCert(SSLCert: Certificate): void;

Default Value

Remarks

The digital certificate that the class will use during SSL negotiation. Set this property to a valid certificate before starting SSL negotiation. To set a certificate, you may set the field to the encoded certificate. To select a certificate, use the store and subject fields.

LDAP.SSLEnabled Property

Whether TLS/SSL is enabled.

Syntax

isSSLEnabled(): boolean;
setSSLEnabled(SSLEnabled: boolean): void;

Default Value

FALSE

Remarks

This setting specifies whether TLS/SSL is enabled in the class. When False (default) the class operates in plaintext mode. When True TLS/SSL is enabled.

TLS/SSL may also be enabled by setting SSLStartMode. Setting SSLStartMode will automatically update this property value.

This property is not available at design time.

LDAP.SSLProvider Property

This specifies the SSL/TLS implementation to use.

Syntax

getSSLProvider(): LdapSSLProviders;
setSSLProvider(SSLProvider: LdapSSLProviders): void;

enum LdapSSLProviders {
  sslpAutomatic,
  sslpPlatform,
  sslpInternal
}

Default Value

0

Remarks

This property specifies the SSL/TLS implementation to use. In most cases the default value of 0 (Automatic) is recommended and should not be changed. When set to 0 (Automatic) the class will select whether to use the platform implementation or the internal implementation depending on the operating system as well as the TLS version being used.

Possible values are:

In most cases using the default value (Automatic) is recommended. The class will select a provider depending on the current platform.

When Automatic is selected the platform implementation will be used by default in all cases in the JavaScript edition.

Note: The Internal provider is not support at this time.

LDAP.SSLServerCert Property

The server certificate for the last established connection.

Syntax

getSSLServerCert(): Certificate;

Default Value

Remarks

SSLServerCert contains the server certificate for the last established connection.

SSLServerCert is reset every time a new connection is attempted.

This property is read-only.

LDAP.SSLStartMode Property

Determines how the class starts the SSL negotiation.

Syntax

getSSLStartMode(): LdapSSLStartModes;
setSSLStartMode(SSLStartMode: LdapSSLStartModes): void;

enum LdapSSLStartModes {
  sslAutomatic,
  sslImplicit,
  sslExplicit,
  sslNone
}

Default Value

3

Remarks

The SSLStartMode property may have one of the following values:

LDAP.Timeout Property

A timeout for the class.

Syntax

getTimeout(): number;
setTimeout(timeout: number): void;

Default Value

60

Remarks

If the Timeout property is set to 0, all operations return immediately, potentially failing with a WOULDBLOCK error if data cannot be sent immediately.

If Timeout is set to a positive value, data is sent in a blocking manner and the class will wait for the operation to complete before returning control. The class will handle any potential WOULDBLOCK errors internally and automatically retry the operation for a maximum of Timeout seconds.

The class will use DoEvents to enter an efficient wait loop during any potential waiting period, making sure that all system events are processed immediately as they arrive. This ensures that the host application does not "freeze" and remains responsive.

If Timeout expires, and the operation is not yet complete, the class .

Please note that by default, all timeouts are inactivity timeouts, i.e. the timeout period is extended by Timeout seconds when any amount of data is successfully sent or received.

The default value for the Timeout property is 60 seconds.

LDAP.abandon Method

This method asks the server to abandon a request.

Syntax

async ldap.abandon(messageId : number): Promise<void>

Remarks

This method asks the server to abandon the request specified by MessageId. The result of the operation is returned through the Result event.

LDAP.add Method

This method adds an entry specified by DN to the directory server using the type and value attributes defined in the Attributes properties.

Syntax

async ldap.add(): Promise<void>

Remarks

This method adds the entry specified by DN to the directory. All entries are required to have an objectClass attribute.

To add a new entry, first Bind with credentials that will allow you to perform the new addition. To add attributes instead of entries, use the Modify method instead. When specifying multivalued attributes, specify the attribute type only in the first occurrence of that attribute type in the Attributes properties. Additional instances of the same attribute type should specify an attribute type of an empty string.

The result of the operation is returned through the Result event.

Example. Add a New Entry (including the multivalued objectClass attribute):

LDAPControl.DN = "uid=NewUser,ou=Employees,dc=server" LDAPControl.AttributeCount = 7 LDAPControl.AttributeType(0) = "objectClass" LDAPControl.AttributeValue(0) = "top" LDAPControl.AttributeType(1) = "" LDAPControl.AttributeValue(1) = "person" LDAPControl.AttributeType(2) = "" LDAPControl.AttributeValue(2) = "organizationalPerson" LDAPControl.AttributeType(3) = "" LDAPControl.AttributeValue(3) = "inetOrgPerson" LDAPControl.AttributeType(4) = "sn" LDAPControl.AttributeValue(4) = "UserName" LDAPControl.AttributeType(5) = "cn" LDAPControl.AttributeValue(5) = "New S. UserName" LDAPControl.AttributeType(6) = "uid" LDAPControl.AttributeValue(6) = "NewUser" LDAPControl.Add()

LDAP.attr Method

This method returns the value of the specified Lightweight Directory Access Protocol (LDAP) attribute.

Syntax

async ldap.attr(attrType : string): Promise<string>

Remarks

This method returns the value of the specified LDAP attribute. If the attribute does not exist, an empty string is returned.

Please refer to the Attributes properties for more information.

LDAP.bind Method

This method connects and binds to the directory server.

Syntax

async ldap.bind(): Promise<void>

Remarks

This method connects and binds to the directory server. If the Password property has a value, it is used for authentication. If not, the bind is performed anonymously. Binding is often required on some directory servers, like Active Directory. The result of the operation is returned through the Result event.

Example. Binding:

LDAPControl.DN = "uid=TThompson,ou=Employees,dc=server" LDAPControl.Password = "mypassword" LDAPControl.Bind() LDAPControl.DN = "Domain/Username" LDAPControl.Password = "mypassword" LDAPControl.Bind()

LDAP.changePassword Method

This method changes the password for the specified user.

Syntax

async ldap.changePassword(user : string, oldPassword : string, newPassword : string): Promise<void>

Remarks

This method changes the password for the specified user.

The User parameter is the name of the user for which the password will be changed. OldPassword specifies the current password and NewPassword specifies the new password.

Note: This operation can be performed only over the Secure Sockets Layer (SSL) port. Set ServerPort to the SSL port of the server (typically 636) before calling this method.

Note: If the user is an administrator, the old password is not required.

LDAP.compare Method

This method compares attributes and values with those of the entry specified by DN .

Syntax

async ldap.compare(): Promise<void>

Remarks

This method compares attribute types and values specified via the Attributes properties, with the values in the directory for the entry specified by DN. The result of the operation is returned through the Result event.

LDAP.config Method

Sets or retrieves a configuration setting.

Syntax

async ldap.config(configurationString : string): Promise<string>

Remarks

Config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

LDAP.connect Method

This method connects to the remote host without performing any action.

Syntax

async ldap.connect(): Promise<void>

Remarks

This method establishes a connection with the remote host specified by URL, but it does not send a request. In most cases, it is recommended to use the appropriate method, such as Get or Post, which will both establish a connection and send a request.

This method may be useful in cases in which it is desirable to establish a connection without performing any operation (e.g., when testing connectivity).

LDAP.delete Method

Deletes an entry specified by DN from the directory server.

Syntax

async ldap.delete(): Promise<void>

Remarks

This method deletes the entry specified by DN from the directory. The result of the operation is returned through the Result event.

LDAP.doEvents Method

Processes events from the internal message queue.

Syntax

async ldap.doEvents(): Promise<void>

Remarks

When DoEvents is called, the class processes any available events. If no events are available, it waits for a preset period of time, and then returns.

LDAP.extendedRequest Method

This method performs a Lightweight Directory Access Protocol (LDAP) V3 extended operation.

Syntax

async ldap.extendedRequest(requestName : string, requestValue : Uint8Array): Promise<void>

Remarks

This method performs an LDAP V3 extended operation. RequestName must contain the object identifier of the operation, and RequestValue may contain an optional value.

LDAP.interrupt Method

Interrupt the current method.

Syntax

async ldap.interrupt(): Promise<void>

Remarks

If there is no method in progress, Interrupt simply returns, doing nothing.

LDAP.listComputers Method

This method lists all computers in the directory.

Syntax

async ldap.listComputers(): Promise<void>

Remarks

This method lists all computers in the directory. The ComputerList event will be fired once for each computer returned.

LDAP.listGroupMembers Method

This method lists all members of a group.

Syntax

async ldap.listGroupMembers(group : string): Promise<void>

Remarks

This method lists all members of the specified group. The UserList event will be fired once for each member returned.

LDAP.listGroups Method

This method list all groups in the directory.

Syntax

async ldap.listGroups(): Promise<void>

Remarks

This method lists all groups in the directory. The GroupList event will be fired once for each group returned.

LDAP.listUserGroups Method

This method lists all groups a user is a part of.

Syntax

async ldap.listUserGroups(user : string): Promise<void>

Remarks

This method lists all groups that the user specified by user is a part of. The GroupList event will fire once for each group the user is a part of.

LDAP.modify Method

This method performs a Lightweight Directory Access Protocol (LDAP) modify operation on the entry specified by DN .

Syntax

async ldap.modify(): Promise<void>

Remarks

This method performs an LDAP modify operation on the entry specified by DN. The attributes to modify should be set via the Attributes properties. When specifying multivalued attributes, specify the attribute type only in the first occurrence of that attribute type in the Attributes properties. Additional instances of the same attribute type should specify an attribute type of an empty string.

The modification can be a replacement, an addition, or a deletion, depending on the ModOp field of the attribute;. The result of the operation is returned through the Result event.

Example. Modify an Entry (Replace an Attribute Value):

LDAPControl.DN = "uid=TThompson,ou=Employees,dc=server" LDAPControl.AttributeCount = 2 LDAPControl.AttributeType(0) = "url" LDAPControl.AttributeValue(0) = "www.url1.net" LDAPControl.AttributeModOp(0) = amoReplace LDAPControl.AttributeType(0) = "" LDAPControl.AttributeValue(0) = "www.url2.net" LDAPControl.AttributeModOp(0) = amoReplace LDAPControl.Modify()

LDAP.modifyRDN Method

This method performs a Lightweight Directory Access Protocol (LDAP) modify RDN operation on an entry specified by DN .

Syntax

async ldap.modifyRDN(newRDN : string): Promise<void>

Remarks

This method performs an LDAP modify RDN operation on the entry specified by DN.

NewRDN is the new RDN for the entry specified by DN

The result of the operation is returned through the Result event.

LDAP.moveToDN Method

This method performs a Lightweight Directory Access Protocol (LDAP) modify operation on the entry specified by DN by changing its superior.

Syntax

async ldap.moveToDN(newSuperior : string): Promise<void>

Remarks

This method performs an LDAP modify operation on the entry specified by DN by changing its superior.

Note: None of the entry's attributes will change. DeleteOldRDN property will be set to True to delete the old entry. The result of the operation is returned through the Result event.

LDAP.pauseData Method

This method pauses data reception.

Syntax

async ldap.pauseData(): Promise<void>

Remarks

This method pauses data reception when called. While data reception is paused, incoming data will not be processed and events will not fire. Call ProcessData to reenable data reception.

LDAP.processData Method

This method reenables data reception after a call to PauseData .

Syntax

async ldap.processData(): Promise<void>

Remarks

This method reenables data reception after a previous call to PauseData. Call this method to reenable data reception and allow IPPacket to fire.

Note: This method is used only after previously calling PauseData. It does not need to be called to process data by default.

LDAP.reset Method

Reset the class.

Syntax

async ldap.reset(): Promise<void>

Remarks

This method will reset the class's properties to their default values.

LDAP.search Method

This method searches the directory server using the base object specified in DN and the search filter SearchFilter .

Syntax

async ldap.search(searchFilter : string): Promise<void>

Remarks

This method searches the directory server using the base object specified in the DN and the search filter specified in the SearchFilter parameter. Additional search parameters are specified through the SearchScope, SearchDerefAliases, SearchSizeLimit, SearchTimeLimit, and SearchReturnValues properties.

If Attributes are specified before starting a search, the server will return only those results that contain a value for the specified attributes.

Results are returned through zero or more SearchResult events, after which a SearchComplete event is fired.

Example 1. Searching for a User:

LDAPControl.DN = "ou=Employees,dc=server" LDAPControl.Search("uid=TThompson")

A Directory-Specific Entries (DSE) search will search for the attributes of the server. Example 2. DSE Search:

LDAPControl.DN = "" LDAPControl.SearchScope = 0 LDAPControl.Search("objectClass=*")

SearchFilter is a string representation of the Lightweight Directory Access Protocol (LDAP) search filter used for the search.

The format of the search filter is specified by RFC 1558 and is identical to the format used by most LDAP applications.

The following are examples of search filters, as provided in the RFC:

Example 3. Search Filters:

     (cn=Babs Jensen)
     (!(cn=Tim Howes))
     (&(objectClass=Person)(|(sn=Jensen)(cn=Babs J*)))
     (o=univ*of*mich*)

The complete specification is given by the following BNF:

     <filter> ::= "(" <filtercomp> ")"
     <filtercomp> ::= <and> | <or> | <not> | <item>
     <and> ::= "&" <filterlist>
     <or> ::= "|" <filterlist>
     <not> ::= "!" <filter>
     <filterlist> ::= <filter> | <filter> <filterlist>
     <item> ::= <simple> | <present> | <substring>
     <simple> ::= <attr> <filtertype> <value>
     <filtertype> ::= <equal> | <approx> | <greater> | <less>
     <equal> ::= "="
     <approx> ::= "~="
     <greater> ::= ">="
     <less> ::= "<="
     <present> ::= <attr> "=*"
     <substring> ::= <attr> "=" <initial> <any> <final>
     <initial> ::= NULL | <value>
     <any> ::= "*" <starval>
     <starval> ::= NULL | <value> "*" <starval>
     <final> ::= NULL | <value>

<attr> is a string representing an attribute type as defined in RFC 1777. <value> is a string representing an attribute value, or part of one, and has the form defined in RFC 1779. If a <value> must contain one of the characters '*' or '(' or ')', these should be escaped by preceding them with the backslash '\' character.

LDAP.unbind Method

This method unbinds from the directory server.

Syntax

async ldap.unbind(): Promise<void>

Remarks

This method unbinds from the directory server and breaks the connection.

LDAP.ComputerList Event

This event is fired for each computer entry returned.

Syntax

ldap.on('ComputerList', listener: (e: {readonly name: string, readonly operatingSystem: string, readonly lastLogon: string, readonly logonCount: number, readonly dn: string}) => void )

Remarks

This event is fired once for each computer returned when the ListComputers method is called.

LDAP.Connected Event

This event is fired immediately after a connection completes (or fails).

Syntax

ldap.on('Connected', listener: (e: {readonly statusCode: number, readonly description: string}) => void )

Remarks

If the connection is made normally, StatusCode is 0 and Description is "OK".

If the connection fails, StatusCode has the error code returned by the Transmission Control Protocol (TCP)/IP stack. Description contains a description of this code. The value of StatusCode is equal to the value of the error.

Please refer to the Error Codes section for more information.

LDAP.ConnectionStatus Event

This event is fired to indicate changes in the connection state.

Syntax

ldap.on('ConnectionStatus', listener: (e: {readonly connectionEvent: string, readonly statusCode: number, readonly description: string}) => void )

Remarks

The ConnectionStatus event is fired when the connection state changes: for example, completion of a firewall or proxy connection or completion of a security handshake.

The ConnectionEvent parameter indicates the type of connection event. Values may include the following:

LDAP.Disconnected Event

This event is fired when a connection is closed.

Syntax

ldap.on('Disconnected', listener: (e: {readonly statusCode: number, readonly description: string}) => void )

Remarks

If the connection is broken normally, StatusCode is 0 and Description is "OK".

If the connection is broken for any other reason, StatusCode has the error code returned by the Transmission Control Protocol (TCP/IP) subsystem. Description contains a description of this code. The value of StatusCode is equal to the value of the TCP/IP error.

Please refer to the Error Codes section for more information.

LDAP.Error Event

Information about errors during data delivery.

Syntax

ldap.on('Error', listener: (e: {readonly errorCode: number, readonly description: string}) => void )

Remarks

The Error event is fired in case of exceptional conditions during message processing. Normally the class .

ErrorCode contains an error code and Description contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

LDAP.ExtendedResponse Event

This event is fired for Lightweight Directory Access Protocol (LDAP) V3 extended responses.

Syntax

ldap.on('ExtendedResponse', listener: (e: {readonly messageId: number, readonly DN: string, readonly resultCode: number, readonly resultDescription: string, readonly responseName: string, readonly responseValue: string, readonly responseValueB: Uint8Array}) => void )

Remarks

The first four parameters are the same as the parameters of the Result event. ResponseName and ResponseValue are related to the corresponding parameters of the call to ExtendedRequest.

LDAP.GroupList Event

This event is fired for each group entry returned.

Syntax

ldap.on('GroupList', listener: (e: {readonly name: string, readonly description: string, readonly dn: string}) => void )

Remarks

This event is fired once for each group entry returned when either of the ListGroups or ListUserGroups methods are called.

LDAP.PITrail Event

This event provides detailed information about the interaction with the server.

Syntax

ldap.on('PITrail', listener: (e: {readonly direction: number, readonly description: string, readonly message: string}) => void )

Remarks

The PITrail event provides detailed information about all communication with the server. This is useful for debugging purposes.

Direction specifies the origin of the data. Possible values are as follows:

• 0 - Client
• 1 - Server

Description is a short description of the current packet. This is human readable and useful for informational logging.

Message contains a hex-encoded version of the raw message. This represents the exact value sent over the wire.

LDAP.Result Event

This event is fired for every server response, except for search responses.

Syntax

ldap.on('Result', listener: (e: {readonly messageId: number, readonly DN: string, readonly resultCode: number, readonly resultDescription: string}) => void )

Remarks

The MessageId parameter identifies the corresponding request. ResultCode and ResultDescription show whether or not the operation was successful (on a successful operation, the ResultCode is 0). For a full list of possible result codes, see the ResultCode property.

LDAP.SearchComplete Event

This event is fired upon completion of a search operation.

Syntax

ldap.on('SearchComplete', listener: (e: {readonly messageId: number, readonly DN: string, readonly resultCode: number, readonly resultDescription: string}) => void )

Remarks

The MessageId parameter identifies the corresponding request. ResultCode and ResultDescription show whether the operation was successful (on a successful operation, the ResultCode is 0).

LDAP.SearchPage Event

This event is fired for every page returned from a search operation.

Syntax

ldap.on('SearchPage', listener: (e: {readonly messageId: number, readonly DN: string, readonly resultCode: number, readonly resultDescription: string, cancelSearch: boolean}) => void )

Remarks

This event is fired so the client can decide whether or not to continue with the Search operation. The signature is very similar to the SearchComplete event, with the addition of a CancelSearch parameter. If the search should be canceled (no more pages), the CancelSearch parameter should be set to True.

LDAP.SearchResult Event

This event is fired for every entry returned from a search operation.

Syntax

ldap.on('SearchResult', listener: (e: {readonly messageId: number, readonly DN: string}) => void )

Remarks

MessageId identifies the corresponding search request. DN contains the distinguished name of the entry. The attribute type and value provided in the Attributes properties show the list of retrieved attributes for the entry.

Every search operation results in a sequence of 0 or more SearchResult events and a sequence of 0 or more SearchResultReference events, which are followed by a SearchComplete event.

LDAP.SearchResultReference Event

This event is fired for every result reference returned from a search operation.

Syntax

ldap.on('SearchResultReference', listener: (e: {readonly messageId: number, readonly ldapUrl: string}) => void )

Remarks

MessageId identifies the corresponding search request. LdapUrl contains a URL reference to a server that can be used for continuing the search operation.

Every search operation results in a sequence of 0 or more SearchResult events and a sequence of 0 or more SearchResultReference events, which are followed by a SearchComplete event.

LDAP.SSLServerAuthentication Event

Fired after the server presents its certificate to the client.

Syntax

ldap.on('SSLServerAuthentication', listener: (e: {readonly certEncoded: string, readonly certEncodedB: Uint8Array, readonly certSubject: string, readonly certIssuer: string, readonly status: string, accept: boolean}) => void )

Remarks

This event fires with information about the server certificate. The Status property shows why verification failed (otherwise, Status contains the string "OK"). To manually accept an untrusted certificate, the SSLAcceptAnyServerCert setting must be set to True before intiating the connection.

LDAP.SSLStatus Event

Shows the progress of the secure connection.

Syntax

ldap.on('SSLStatus', listener: (e: {readonly message: string}) => void )

Remarks

The event is fired for informational and logging purposes only. Used to track the progress of the connection.

LDAP.UserList Event

This event is fired once for each user entry returned.

Syntax

ldap.on('UserList', listener: (e: {readonly name: string, readonly description: string, readonly lastLogon: string, readonly memberOf: string, readonly dn: string}) => void )

Remarks

This event is fired once for each user entry returned when the ListGroupMembers method is called.

Certificate Type

This is the digital certificate being used.

Remarks

This type describes the current digital certificate. The certificate may be a public or private key. The fields are used to identify or select certificates.

Fields

Constructors

public Certificate();

Creates a Certificate instance whose properties can be set. This is useful for use with CERTMGR when generating new certificates.

public Certificate(String certificateFile);

Opens CertificateFile and reads out the contents as an X509 public key.

public Certificate(byte[] certificateData);

Parses CertificateData as an X509 public key.

public Certificate(int certStoreType, String store, String storePassword, String subject);

CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. Store is a file containing the certificate store. StorePassword is the password used to protect the store. After the store has been successfully opened, the class will attempt to find the certificate identified by Subject . This can be either a complete or a substring match of the X509 certificate's subject Distinguished Name (DN).

public Certificate(int certStoreType, String store, String storePassword, String subject, String configurationString);

CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. Store is a file containing the certificate store. StorePassword is the password used to protect the store. ConfigurationString is a newline separated list of name-value pairs that may be used to modify the default behavior. Possible values include "PersistPFXKey", which shows whether or not the PFX key is persisted after performing operations with the private key. This correlates to the PKCS12_NO_PERSIST_KEY CyrptoAPI option. The default value is True (the key is persisted). "Thumbprint" - a MD5, SHA1, or SHA256 thumbprint of the certificate to load. When specified, this value is used to select the certificate in the store. This is applicable to cstUser, cstMachine, cstPublicKeyFile, and cstPFXFile store types. "UseInternalSecurityAPI" shows whether the platform (default) or the internal security API is used when performing certificate-related operations. After the store has been successfully opened, the class will attempt to find the certificate identified by Subject . This can be either a complete or a substring match of the X509 certificate's subject Distinguished Name (DN).

public Certificate(int certStoreType, String store, String storePassword, byte[] encoded);

CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. Store is a file containing the certificate store. StorePassword is the password used to protect the store. After the store has been successfully opened, the class will load Encoded as an X509 certificate and search the opened store for a corresponding private key.

public Certificate(int certStoreType, byte[] storeBlob, String storePassword, String subject);

CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. StoreBlob is a string (binary- or base64-encoded) containing the certificate data. StorePassword is the password used to protect the store. After the store has been successfully opened, the class will attempt to find the certificate identified by Subject . This can be either a complete or a substring match of the X509 certificate's subject Distinguished Name (DN).

public Certificate(int certStoreType, byte[] storeBlob, String storePassword, String subject, String configurationString);

CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. StoreBlob is a string (binary- or base64-encoded) containing the certificate data. StorePassword is the password used to protect the store. After the store has been successfully opened, the class will attempt to find the certificate identified by Subject . This can be either a complete or a substring match of the X509 certificate's subject Distinguished Name (DN).

public Certificate(int certStoreType, byte[] storeBlob, String storePassword, byte[] encoded);

CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. Store is a string (binary- or base64-encoded) containing the certificate store. StorePassword is the password used to protect the store. After the store has been successfully opened, the class will load Encoded as an X509 certificate and search the opened store for a corresponding private key.

Firewall Type

This is the firewall the class will connect through.

Remarks

When connecting through a firewall, this type is used to specify different properties of the firewall, such as the firewall and the .

Fields

Constructors

public Firewall();

LDAPAttribute Type

This types describes an attribute for the current entry.

Remarks

This type describes an attribute for the current Lightweight Directory Access Protocol (LDAP) entry. The field is used only in Modify operations.

Fields

Constructors

public LDAPAttribute();

public LDAPAttribute(String attributeType);

public LDAPAttribute(String attributeType, String value);

public LDAPAttribute(String attributeType, String value, int LDAPAttributeModOp);

LDAPReference Type

This type includes a reference returned from the server.

Remarks

This type describes a Lightweight Directory Access Protocol (LDAP) reference, which may be queried inside the SearchResult, SearchResultReference, Result, or SearchComplete events.

When inside a SearchResult or SearchResultReference event, references will be a search result reference (that is, a continuation reference), in which case they represent the URLs to contact to continue the search.

When inside a Result or SearchComplete event, a reference will be a regular referral, in which case it represents the URL to contact to complete the requested operation.

Fields

Constructors

public LDAPReference();

Config Settings (class ipworks.ldap)

LDAP Config Settings

TCPClient Config Settings

SSL Config Settings

-----BEGIN CERTIFICATE-----
MIIEKzCCAxOgAwIBAgIRANTET4LIkxdH6P+CFIiHvTowDQYJKoZIhvcNAQELBQAw
...
eWHV5OW1K53o/atv59sOiW5K3crjFhsBOd5Q+cJJnU+SWinPKtANXMht+EDvYY2w
F0I1XhM+pKj7FjDr+XNj
-----END CERTIFICATE-----
\r \n
-----BEGIN CERTIFICATE-----
MIIEFjCCAv6gAwIBAgIQetu1SMxpnENAnnOz1P+PtTANBgkqhkiG9w0BAQUFADBp
..
d8q23djXZbVYiIfE9ebr4g3152BlVCHZ2GyPdjhIuLeH21VbT/dyEHHA
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIEKzCCAxOgAwIBAgIRANTET4LIkxdH6P+CFIiHvTowDQYJKoZIhvcNAQELBQAw
...
eWHV5OW1K53o/atv59sOiW5K3crjFhsBOd5Q+cJJnU+SWinPKtANXMht+EDvYY2w
F0I1XhM+pKj7FjDr+XNj
-----END CERTIFICATE-----
\r \n
-----BEGIN CERTIFICATE-----
MIIEFjCCAv6gAwIBAgIQetu1SMxpnENAnnOz1P+PtTANBgkqhkiG9w0BAQUFADBp
..
d8q23djXZbVYiIfE9ebr4g3152BlVCHZ2GyPdjhIuLeH21VbT/dyEHHA
-----END CERTIFICATE-----

Socket Config Settings

Base Config Settings

Trappable Errors (class ipworks.ldap)

LDAP Errors

TCPClient Errors

SSL Errors

TCP/IP Errors