LDAP Class

Properties   Methods   Events   Config Settings   Errors  

The Lightweight Directory Access Protocol (LDAP) Class is used to search, manage, and maintain internet directory servers.

Class Name

IPWorks_LDAP

Procedural Interface

 ipworks_ldap_open();
 ipworks_ldap_close($res);
 ipworks_ldap_register_callback($res, $id, $function);
 ipworks_ldap_get_last_error($res);
 ipworks_ldap_get_last_error_code($res);
 ipworks_ldap_set($res, $id, $index, $value);
 ipworks_ldap_get($res, $id, $index);
 ipworks_ldap_do_abandon($res, $messageid);
 ipworks_ldap_do_add($res);
 ipworks_ldap_do_attr($res, $attrtype);
 ipworks_ldap_do_bind($res);
 ipworks_ldap_do_changepassword($res, $user, $oldpassword, $newpassword);
 ipworks_ldap_do_compare($res);
 ipworks_ldap_do_config($res, $configurationstring);
 ipworks_ldap_do_connect($res);
 ipworks_ldap_do_delete($res);
 ipworks_ldap_do_doevents($res);
 ipworks_ldap_do_extendedrequest($res, $requestname, $requestvalue);
 ipworks_ldap_do_interrupt($res);
 ipworks_ldap_do_listcomputers($res);
 ipworks_ldap_do_listgroupmembers($res, $group);
 ipworks_ldap_do_listgroups($res);
 ipworks_ldap_do_listusergroups($res, $user);
 ipworks_ldap_do_modify($res);
 ipworks_ldap_do_modifyrdn($res, $newrdn);
 ipworks_ldap_do_movetodn($res, $newsuperior);
 ipworks_ldap_do_pausedata($res);
 ipworks_ldap_do_processdata($res);
 ipworks_ldap_do_reset($res);
 ipworks_ldap_do_search($res, $searchfilter);
 ipworks_ldap_do_unbind($res);

Remarks

The LDAP Class supports both plaintext and Secure Sockets Layer/Transport Layer Security (SSL/TLS) connections. When connecting over Secure Sockets Layer/Transport Layer Security (SSL/TLS) the SSLServerAuthentication event allows you to check the server identity and other security attributes. The SSLStatus event provides information about the SSL handshake. Additional SSL-related settings are also supported through the Config method.

The LDAP Class implements a standard LDAP client as specified in RFC 1777, 2251, and other LDAP RFCs. Support for both LDAP v2 and v3 is provided.

The first step in using the class is specifying the ServerName, a DN (distinguished name) to bind as, and optionally a Password. Then you can call one or more of the class methods to act upon the server. Server responses normally are received through the Result event. The only exceptions are search requests that result in one or more SearchResult events, followed by a final SearchComplete event.

Attributes are set and returned through the Attributes properties. Other command arguments are specified through other properties. These are specified in detail in each method.

Search filters are to be specified as string arguments to the Search method. The format must be a standard LDAP search string as specified in RFC 1558. Other search attributes are set in properties, such as SearchScope, SearchTimeLimit, SearchSizeLimit, SearchReturnValues, and SearchDerefAliases.

The class operates synchronously by default (waits for a response before returning control to the caller); however, the class also may operate asynchronously (return control immediately), by setting Timeout to 0. Please refer to the Timeout property for more information.

Property List

The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

Method List

The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

Event List

The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

Config Settings

The following is a list of config settings for the class with short descriptions. Click on the links for further details.

AcceptData Property (IPWorks_LDAP Class)

This property indicates whether data reception is currently enabled.

Object Oriented Interface

public function getAcceptData();

Procedural Interface

ipworks_ldap_get($res, 1 );

Default Value

true

Remarks

This property indicates whether data reception is currently enabled. When false, data reception is disabled. Use the PauseData and ProcessData methods to pause and resume data reception.

This property is read-only and not available at design time.

Data Type

Boolean

AttrCount Property (IPWorks_LDAP Class)

The number of records in the Attr arrays.

Object Oriented Interface

public function getAttrCount();
public function setAttrCount($value);

Procedural Interface

ipworks_ldap_get($res, 2 );
ipworks_ldap_set($res, 2, $value );

Default Value

0

Remarks

This property controls the size of the following arrays:

• AttrModOp
• AttrType
• AttrValue

The array indices start at 0 and end at AttrCount - 1.

This property is not available at design time.

Data Type

Integer

AttrType Property (IPWorks_LDAP Class)

This property contains the attribute type for the current entry.

Object Oriented Interface

public function getAttrType($attrindex);
public function setAttrType($attrindex, $value);

Procedural Interface

ipworks_ldap_get($res, 3 , $attrindex);
ipworks_ldap_set($res, 3, $value , $attrindex);

Default Value

''

Remarks

This property contains the attribute type for the current entry.

If the value of AttributeType is an empty string, then the AttrValue that contains the corresponding value is part of a set of values, and the attribute type for the set is specified in the previous attribute of the properties with a nonempty AttributeType.

The $attrindex parameter specifies the index of the item in the array. The size of the array is controlled by the AttrCount property.

This property is not available at design time.

Data Type

String

AttrModOp Property (IPWorks_LDAP Class)

This property contains an operation to apply to attributes during a Lightweight Directory Access Protocol (LDAP) modify operation.

Object Oriented Interface

public function getAttrModOp($attrindex);
public function setAttrModOp($attrindex, $value);

Procedural Interface

ipworks_ldap_get($res, 4 , $attrindex);
ipworks_ldap_set($res, 4, $value , $attrindex);

Default Value

0

Remarks

This property contains an operation to apply to attributes during a Lightweight Directory Access Protocol (LDAP) modify operation.

Possible values include the following:

The $attrindex parameter specifies the index of the item in the array. The size of the array is controlled by the AttrCount property.

This property is not available at design time.

Data Type

Integer

AttrValue Property (IPWorks_LDAP Class)

This property contains the attribute value for the current entry.

Object Oriented Interface

public function getAttrValue($attrindex);
public function setAttrValue($attrindex, $value);

Procedural Interface

ipworks_ldap_get($res, 5 , $attrindex);
ipworks_ldap_set($res, 5, $value , $attrindex);

Default Value

''

Remarks

This property contains the attribute value for the current entry.

If the value is part of a set of values, the AttributeType that contains the corresponding attribute type is an empty string, and the attribute type for the set is specified in the previous attribute of the properties with a nonempty AttributeType.

The $attrindex parameter specifies the index of the item in the array. The size of the array is controlled by the AttrCount property.

This property is not available at design time.

Data Type

Binary String

AuthMechanism Property (IPWorks_LDAP Class)

This property is the authentication mechanism to be used when connecting to the Lightweight Directory Access Protocol (LDAP) server.

Object Oriented Interface

public function getAuthMechanism();
public function setAuthMechanism($value);

Procedural Interface

ipworks_ldap_get($res, 6 );
ipworks_ldap_set($res, 6, $value );

Default Value

0

Remarks

This property specifies the authentication mechanism used. Possible values are as follows:

Data Type

Integer

Connected Property (IPWorks_LDAP Class)

This property shows whether the class is connected.

Object Oriented Interface

public function getConnected();

Procedural Interface

ipworks_ldap_get($res, 7 );

Default Value

false

Remarks

This property is used to determine whether or not the class is connected to the remote host. Use the Bind and Unbind methods to manage the connection.

This property is read-only and not available at design time.

Data Type

Boolean

DeleteOldRDN Property (IPWorks_LDAP Class)

This property controls whether the old RDN (Relative Distinguished Name) should be deleted.

Object Oriented Interface

public function getDeleteOldRDN();
public function setDeleteOldRDN($value);

Procedural Interface

ipworks_ldap_get($res, 8 );
ipworks_ldap_set($res, 8, $value );

Default Value

true

Remarks

This property controls whether the old RDN should be deleted. It is used when ModifyRDN is called. The default value is True, which instructs the server to delete the old RDN.

This property is not available at design time.

Data Type

Boolean

DN Property (IPWorks_LDAP Class)

This property includes the distinguished name used as the base for Lightweight Directory Access Protocol (LDAP) operations.

Object Oriented Interface

public function getDN();
public function setDN($value);

Procedural Interface

ipworks_ldap_get($res, 9 );
ipworks_ldap_set($res, 9, $value );

Default Value

''

Remarks

This also includes the base object during LDAP searches.

The distinguished name is provided in string format, as specified by RFC 1779. Example. Setting DN:

LDAPControl.DN = "uid=TThompson,ou=Employees,dc=server" LDAPControl.DN = "Domain\Username"

Data Type

String

FirewallAutoDetect Property (IPWorks_LDAP Class)

Whether to automatically detect and use firewall system settings, if available.

Object Oriented Interface

public function getFirewallAutoDetect();
public function setFirewallAutoDetect($value);

Procedural Interface

ipworks_ldap_get($res, 10 );
ipworks_ldap_set($res, 10, $value );

Default Value

false

Remarks

Whether to automatically detect and use firewall system settings, if available.

Data Type

Boolean

FirewallType Property (IPWorks_LDAP Class)

The type of firewall to connect through.

Object Oriented Interface

public function getFirewallType();
public function setFirewallType($value);

Procedural Interface

ipworks_ldap_get($res, 11 );
ipworks_ldap_set($res, 11, $value );

Default Value

0

Remarks

The type of firewall to connect through. The applicable values are as follows:

Data Type

Integer

FirewallHost Property (IPWorks_LDAP Class)

The name or IP address of the firewall (optional).

Object Oriented Interface

public function getFirewallHost();
public function setFirewallHost($value);

Procedural Interface

ipworks_ldap_get($res, 12 );
ipworks_ldap_set($res, 12, $value );

Default Value

''

Remarks

The name or IP address of the firewall (optional). If a FirewallHost is given, the requested connections will be authenticated through the specified firewall when connecting.

If this property is set to a Domain Name, a DNS request is initiated. Upon successful termination of the request, this property is set to the corresponding address. If the search is not successful, the class fails with an error.

Data Type

String

FirewallPassword Property (IPWorks_LDAP Class)

A password if authentication is to be used when connecting through the firewall.

Object Oriented Interface

public function getFirewallPassword();
public function setFirewallPassword($value);

Procedural Interface

ipworks_ldap_get($res, 13 );
ipworks_ldap_set($res, 13, $value );

Default Value

''

Remarks

A password if authentication is to be used when connecting through the firewall. If FirewallHost is specified, the FirewallUser and FirewallPassword properties are used to connect and authenticate to the given firewall. If the authentication fails, the class fails with an error.

Data Type

String

FirewallPort Property (IPWorks_LDAP Class)

The Transmission Control Protocol (TCP) port for the firewall Host .

Object Oriented Interface

public function getFirewallPort();
public function setFirewallPort($value);

Procedural Interface

ipworks_ldap_get($res, 14 );
ipworks_ldap_set($res, 14, $value );

Default Value

0

Remarks

The Transmission Control Protocol (TCP) port for the firewall FirewallHost. See the description of the FirewallHost property for details.

Note: This property is set automatically when FirewallType is set to a valid value. See the description of the FirewallType property for details.

Data Type

Integer

FirewallUser Property (IPWorks_LDAP Class)

A username if authentication is to be used when connecting through a firewall.

Object Oriented Interface

public function getFirewallUser();
public function setFirewallUser($value);

Procedural Interface

ipworks_ldap_get($res, 15 );
ipworks_ldap_set($res, 15, $value );

Default Value

''

Remarks

A username if authentication is to be used when connecting through a firewall. If FirewallHost is specified, this property and the FirewallPassword property are used to connect and authenticate to the given Firewall. If the authentication fails, the class fails with an error.

Data Type

String

Idle Property (IPWorks_LDAP Class)

The current status of the class.

Object Oriented Interface

public function getIdle();

Procedural Interface

ipworks_ldap_get($res, 16 );

Default Value

true

Remarks

This property will be False if the component is currently busy (communicating or waiting for an answer), and True at all other times.

This property is read-only.

Data Type

Boolean

LDAPVersion Property (IPWorks_LDAP Class)

The version of the Lightweight Directory Access Protocol (LDAP) used.

Object Oriented Interface

public function getLDAPVersion();
public function setLDAPVersion($value);

Procedural Interface

ipworks_ldap_get($res, 17 );
ipworks_ldap_set($res, 17, $value );

Default Value

3

Remarks

This property contains the version of LDAP used. The default value is 3 (for LDAPv3).

This property is not available at design time.

Data Type

Integer

LocalHost Property (IPWorks_LDAP Class)

The name of the local host or user-assigned IP interface through which connections are initiated or accepted.

Object Oriented Interface

public function getLocalHost();
public function setLocalHost($value);

Procedural Interface

ipworks_ldap_get($res, 18 );
ipworks_ldap_set($res, 18, $value );

Default Value

''

Remarks

This property contains the name of the local host as obtained by the gethostname() system call, or if the user has assigned an IP address, the value of that address.

In multihomed hosts (machines with more than one IP interface) setting LocalHost to the IP address of an interface will make the class initiate connections (or accept in the case of server classs) only through that interface. It is recommended to provide an IP address rather than a hostname when setting this property to ensure the desired interface is used.

If the class is connected, the LocalHost property shows the IP address of the interface through which the connection is made in internet dotted format (aaa.bbb.ccc.ddd). In most cases, this is the address of the local host, except for multihomed hosts (machines with more than one IP interface).

Note: LocalHost is not persistent. You must always set it in code, and never in the property window.

Data Type

String

MessageId Property (IPWorks_LDAP Class)

This property includes the message identifier for the next Lightweight Directory Access Protocol (LDAP) request.

Object Oriented Interface

public function getMessageId();
public function setMessageId($value);

Procedural Interface

ipworks_ldap_get($res, 19 );
ipworks_ldap_set($res, 19, $value );

Default Value

1

Remarks

This property contains the message identifier for the next LDAP request. If a custom value is needed, this property must be set before calling any other methods. The class increments this property automatically after each request.

This property is not available at design time.

Data Type

Integer

PageSize Property (IPWorks_LDAP Class)

This property includes the maximum number of results per page for the Search method.

Object Oriented Interface

public function getPageSize();
public function setPageSize($value);

Procedural Interface

ipworks_ldap_get($res, 20 );
ipworks_ldap_set($res, 20, $value );

Default Value

0

Remarks

This property contains the maximum number of results per page for the Search method. The default value is 0 (no paging). If set to a value greater than zero, results will be paged, that is, returned in blocks of maximum PageSize results.

For each page sent by the server, a SearchPage event will fire. You may decide to cancel or continue displaying results from within this event.

Note: Lightweight Directory Access Protocol (LDAP) paging functionality is described by LDAP extension RFCs and may or may not be implemented by the LDAP server being accessed.

Data Type

Integer

Password Property (IPWorks_LDAP Class)

This property includes the password used to authenticate to the Lightweight Directory Access Protocol (LDAP) server.

Object Oriented Interface

public function getPassword();
public function setPassword($value);

Procedural Interface

ipworks_ldap_get($res, 21 );
ipworks_ldap_set($res, 21, $value );

Default Value

''

Remarks

This property contains the password used to authenticate to the LDAP server. Leave this value empty if no password is required.

This property is not available at design time.

Data Type

String

ReferenceCount Property (IPWorks_LDAP Class)

The number of records in the Reference arrays.

Object Oriented Interface

public function getReferenceCount();

Procedural Interface

ipworks_ldap_get($res, 22 );

Default Value

0

Remarks

This property controls the size of the following arrays:

• ReferenceURL

The array indices start at 0 and end at ReferenceCount - 1.

This property is read-only and not available at design time.

Data Type

Integer

ReferenceURL Property (IPWorks_LDAP Class)

The url of the LDAP reference.

Object Oriented Interface

public function getReferenceURL($referenceindex);

Procedural Interface

ipworks_ldap_get($res, 23 , $referenceindex);

Default Value

''

Remarks

The url of the LDAP reference. If inside a SearchResult or SearchResultReference event, it represents a URL to contact to continue the search. If inside the Result event or SearchComplete event it represents the URL to contact in order to complete the requested operation.

The $referenceindex parameter specifies the index of the item in the array. The size of the array is controlled by the ReferenceCount property.

This property is read-only and not available at design time.

Data Type

String

ResultCode Property (IPWorks_LDAP Class)

This property includes the result code returned in the last server response.

Object Oriented Interface

public function getResultCode();

Procedural Interface

ipworks_ldap_get($res, 24 );

Default Value

0

Remarks

This property contains the result code returned in the last server response. This is identical to the corresponding parameter provided by the last Result, SearchResult, or SearchComplete event.

Possible result codes are as follows:

All the result codes with the exception of success, compareFalse and compareTrue are to be treated as meaning the operation could not be completed in its entirety. Result codes from 16 to 21 indicate an AttributeProblem; codes 32, 33, 34, and 36 indicate a NameProblem; codes 48, 49, and 50 indicate a SecurityProblem; codes 51 to 54 indicate a ServiceProblem; and codes 64 to 69 and 71 indicate an UpdateProblem.

This property is read-only.

Data Type

Integer

ResultDescription Property (IPWorks_LDAP Class)

This property includes the descriptive text returned in the last server response (if any).

Object Oriented Interface

public function getResultDescription();

Procedural Interface

ipworks_ldap_get($res, 25 );

Default Value

''

Remarks

This property contains the descriptive text returned in the last server response (if any). This is identical to the corresponding parameter provided by the last Result, SearchResult, or SearchComplete event.

This property is read-only.

Data Type

String

ResultDN Property (IPWorks_LDAP Class)

This property includes the distinguished name returned in the last server response (if any).

Object Oriented Interface

public function getResultDN();

Procedural Interface

ipworks_ldap_get($res, 26 );

Default Value

''

Remarks

This property contains the distinguished name returned in the last server response (if any). This is identical to the corresponding parameter provided by the last Result or SearchComplete event.

This property is read-only.

Data Type

String

SearchDerefAliases Property (IPWorks_LDAP Class)

This property controls alias dereferencing during searching.

Object Oriented Interface

public function getSearchDerefAliases();
public function setSearchDerefAliases($value);

Procedural Interface

ipworks_ldap_get($res, 27 );
ipworks_ldap_set($res, 27, $value );

Default Value

0

Remarks

This property controls the alias dereferencing during searching. The possible values are as follows:

The default is to never dereference aliases.

Data Type

Integer

SearchReturnValues Property (IPWorks_LDAP Class)

This property controls whether the search operation returns values of attributes or only types.

Object Oriented Interface

public function getSearchReturnValues();
public function setSearchReturnValues($value);

Procedural Interface

ipworks_ldap_get($res, 28 );
ipworks_ldap_set($res, 28, $value );

Default Value

true

Remarks

This property controls whether the search operation returns values of attributes or only types. If only attributes are needed, disabling the property to return values will enhance performance.

Data Type

Boolean

SearchScope Property (IPWorks_LDAP Class)

This property controls the scope of Lightweight Directory Access Protocol (LDAP) search operations.

Object Oriented Interface

public function getSearchScope();
public function setSearchScope($value);

Procedural Interface

ipworks_ldap_get($res, 29 );
ipworks_ldap_set($res, 29, $value );

Default Value

2

Remarks

This property controls the scope of LDAP search operations. Possible values are as follows:

The default is to search the whole subtree.

Data Type

Integer

SearchSizeLimit Property (IPWorks_LDAP Class)

This property includes the maximum number of entries that can be returned by the next search operation.

Object Oriented Interface

public function getSearchSizeLimit();
public function setSearchSizeLimit($value);

Procedural Interface

ipworks_ldap_get($res, 30 );
ipworks_ldap_set($res, 30, $value );

Default Value

0

Remarks

This property contains the maximum number of entries that can be returned by the next search operation. This limit is provided as a hint to the directory server. A value of 0 means that no size limits are in effect for the search.

Data Type

Integer

SearchTimeLimit Property (IPWorks_LDAP Class)

This property includes a time limit for the next search operation (in seconds).

Object Oriented Interface

public function getSearchTimeLimit();
public function setSearchTimeLimit($value);

Procedural Interface

ipworks_ldap_get($res, 31 );
ipworks_ldap_set($res, 31, $value );

Default Value

0

Remarks

This property contains a time limit for the next search operation (in seconds). This limit is provided as a hint to the directory server. A value of 0 means that no time limits are in effect for the search.

Data Type

Integer

ServerName Property (IPWorks_LDAP Class)

This property includes the name or address of the Lightweight Directory Access Protocol (LDAP) server.

Object Oriented Interface

public function getServerName();
public function setServerName($value);

Procedural Interface

ipworks_ldap_get($res, 32 );
ipworks_ldap_set($res, 32, $value );

Default Value

''

Remarks

This property specifies the IP address (IP number in dotted internet format) or the domain name of the directory server. It is set before a connection is attempted and cannot be changed once a connection is in progress.

If this property is set to a domain name, a DNS request is initiated, and upon successful termination of the request, this property is set to the corresponding address. If the search is not successful, an error is returned.

Data Type

String

ServerPort Property (IPWorks_LDAP Class)

This property includes the server port for the Lightweight Directory Access Protocol (LDAP) connection (the default is 389).

Object Oriented Interface

public function getServerPort();
public function setServerPort($value);

Procedural Interface

ipworks_ldap_get($res, 33 );
ipworks_ldap_set($res, 33, $value );

Default Value

389

Remarks

This property contains the server port for the LDAP connection (the default is 389).

For the implicit Secure Sockets Layer (SSL), use port 636 (please refer to the SSLStartMode property for more information).

A valid port number (a value between 1 and 65535) is required for the connection to take place. The property must be set before a connection is attempted and cannot be changed once a connection is established. Any attempt to change this property while connected will fail with an error.

This property is not available at design time.

Data Type

Integer

SortAttributes Property (IPWorks_LDAP Class)

This property includes a string of attribute names to sort on with optional relative matching rules.

Object Oriented Interface

public function getSortAttributes();
public function setSortAttributes($value);

Procedural Interface

ipworks_ldap_get($res, 34 );
ipworks_ldap_set($res, 34, $value );

Default Value

''

Remarks

This property contains a string of attribute names to sort on with optional relative matching rules. When set before a Search, entries returned by the server will be sorted according to SortAttributes. The format consists of one or more attribute names separated by spaces. Each attribute may be followed by an optional matching rule.

If matching rules are defined, they should be separated from the attribute names with a "/".

Normally, the values are returned in ascending order. If descending (reverse) order of sorting is desired, the attribute type must be preceded with a "-".

Following are examples:

LDAPControl.SortAttributes = "loginTime" LDAPControl.SortAttributes = "name/caseIgnoreSubstringsMatch age/numericStringSubstringsMatch" LDAPControl.SortAttributes = "cn age/1.3.6.1.4.1.1466.115.121.1.27" LDAPControl.SortAttributes = "-cn age/1.3.6.1.4.1.1466.115.121.1.27" Example 1. Matching Rules for Equality Filters:

Data Type

String

SSLAcceptServerCertEffectiveDate Property (IPWorks_LDAP Class)

The date on which this certificate becomes valid.

Object Oriented Interface

public function getSSLAcceptServerCertEffectiveDate();

Procedural Interface

ipworks_ldap_get($res, 35 );

Default Value

''

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only.

Data Type

String

SSLAcceptServerCertExpirationDate Property (IPWorks_LDAP Class)

The date on which the certificate expires.

Object Oriented Interface

public function getSSLAcceptServerCertExpirationDate();

Procedural Interface

ipworks_ldap_get($res, 36 );

Default Value

''

Remarks

The date on which the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only.

Data Type

String

SSLAcceptServerCertExtendedKeyUsage Property (IPWorks_LDAP Class)

A comma-delimited list of extended key usage identifiers.

Object Oriented Interface

public function getSSLAcceptServerCertExtendedKeyUsage();

Procedural Interface

ipworks_ldap_get($res, 37 );

Default Value

''

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only.

Data Type

String

SSLAcceptServerCertFingerprint Property (IPWorks_LDAP Class)

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Object Oriented Interface

public function getSSLAcceptServerCertFingerprint();

Procedural Interface

ipworks_ldap_get($res, 38 );

Default Value

''

Remarks

The hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only.

Data Type

String

SSLAcceptServerCertFingerprintSHA1 Property (IPWorks_LDAP Class)

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Object Oriented Interface

public function getSSLAcceptServerCertFingerprintSHA1();

Procedural Interface

ipworks_ldap_get($res, 39 );

Default Value

''

Remarks

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only.

Data Type

String

SSLAcceptServerCertFingerprintSHA256 Property (IPWorks_LDAP Class)

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Object Oriented Interface

public function getSSLAcceptServerCertFingerprintSHA256();

Procedural Interface

ipworks_ldap_get($res, 40 );

Default Value

''

Remarks

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only.

Data Type

String

SSLAcceptServerCertIssuer Property (IPWorks_LDAP Class)

The issuer of the certificate.

Object Oriented Interface

public function getSSLAcceptServerCertIssuer();

Procedural Interface

ipworks_ldap_get($res, 41 );

Default Value

''

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only.

Data Type

String

SSLAcceptServerCertPrivateKey Property (IPWorks_LDAP Class)

The private key of the certificate (if available).

Object Oriented Interface

public function getSSLAcceptServerCertPrivateKey();

Procedural Interface

ipworks_ldap_get($res, 42 );

Default Value

''

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The SSLAcceptServerCertPrivateKey may be available but not exportable. In this case, SSLAcceptServerCertPrivateKey returns an empty string.

This property is read-only.

Data Type

String

SSLAcceptServerCertPrivateKeyAvailable Property (IPWorks_LDAP Class)

Whether a PrivateKey is available for the selected certificate.

Object Oriented Interface

public function getSSLAcceptServerCertPrivateKeyAvailable();

Procedural Interface

ipworks_ldap_get($res, 43 );

Default Value

false

Remarks

Whether a SSLAcceptServerCertPrivateKey is available for the selected certificate. If SSLAcceptServerCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only.

Data Type

Boolean

SSLAcceptServerCertPrivateKeyContainer Property (IPWorks_LDAP Class)

The name of the PrivateKey container for the certificate (if available).

Object Oriented Interface

public function getSSLAcceptServerCertPrivateKeyContainer();

Procedural Interface

ipworks_ldap_get($res, 44 );

Default Value

''

Remarks

The name of the SSLAcceptServerCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only.

Data Type

String

SSLAcceptServerCertPublicKey Property (IPWorks_LDAP Class)

The public key of the certificate.

Object Oriented Interface

public function getSSLAcceptServerCertPublicKey();

Procedural Interface

ipworks_ldap_get($res, 45 );

Default Value

''

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only.

Data Type

String

SSLAcceptServerCertPublicKeyAlgorithm Property (IPWorks_LDAP Class)

The textual description of the certificate's public key algorithm.

Object Oriented Interface

public function getSSLAcceptServerCertPublicKeyAlgorithm();

Procedural Interface

ipworks_ldap_get($res, 46 );

Default Value

''

Remarks

The textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLAcceptServerCertPublicKeyLength Property (IPWorks_LDAP Class)

The length of the certificate's public key (in bits).

Object Oriented Interface

public function getSSLAcceptServerCertPublicKeyLength();

Procedural Interface

ipworks_ldap_get($res, 47 );

Default Value

0

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only.

Data Type

Integer

SSLAcceptServerCertSerialNumber Property (IPWorks_LDAP Class)

The serial number of the certificate encoded as a string.

Object Oriented Interface

public function getSSLAcceptServerCertSerialNumber();

Procedural Interface

ipworks_ldap_get($res, 48 );

Default Value

''

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only.

Data Type

String

SSLAcceptServerCertSignatureAlgorithm Property (IPWorks_LDAP Class)

The text description of the certificate's signature algorithm.

Object Oriented Interface

public function getSSLAcceptServerCertSignatureAlgorithm();

Procedural Interface

ipworks_ldap_get($res, 49 );

Default Value

''

Remarks

The text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLAcceptServerCertStore Property (IPWorks_LDAP Class)

The name of the certificate store for the client certificate.

Object Oriented Interface

public function getSSLAcceptServerCertStore();
public function setSSLAcceptServerCertStore($value);

Procedural Interface

ipworks_ldap_get($res, 50 );
ipworks_ldap_set($res, 50, $value );

Default Value

'MY'

Remarks

The name of the certificate store for the client certificate.

The SSLAcceptServerCertStoreType property denotes the type of the certificate store specified by SSLAcceptServerCertStore. If the store is password-protected, specify the password in SSLAcceptServerCertStorePassword.

SSLAcceptServerCertStore is used in conjunction with the SSLAcceptServerCertSubject property to specify client certificates. If SSLAcceptServerCertStore has a value, and SSLAcceptServerCertSubject or SSLAcceptServerCertEncoded is set, a search for a certificate is initiated. Please see the SSLAcceptServerCertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

Data Type

Binary String

SSLAcceptServerCertStorePassword Property (IPWorks_LDAP Class)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Object Oriented Interface

public function getSSLAcceptServerCertStorePassword();
public function setSSLAcceptServerCertStorePassword($value);

Procedural Interface

ipworks_ldap_get($res, 51 );
ipworks_ldap_set($res, 51, $value );

Default Value

''

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Data Type

String

SSLAcceptServerCertStoreType Property (IPWorks_LDAP Class)

The type of certificate store for this certificate.

Object Oriented Interface

public function getSSLAcceptServerCertStoreType();
public function setSSLAcceptServerCertStoreType($value);

Procedural Interface

ipworks_ldap_get($res, 52 );
ipworks_ldap_set($res, 52, $value );

Default Value

0

Remarks

The type of certificate store for this certificate.

The class supports both public and private keys in a variety of formats. When the cstAuto value is used, the class will automatically determine the type. This property can take one of the following values:

Data Type

Integer

SSLAcceptServerCertSubjectAltNames Property (IPWorks_LDAP Class)

Comma-separated lists of alternative subject names for the certificate.

Object Oriented Interface

public function getSSLAcceptServerCertSubjectAltNames();

Procedural Interface

ipworks_ldap_get($res, 53 );

Default Value

''

Remarks

Comma-separated lists of alternative subject names for the certificate.

This property is read-only.

Data Type

String

SSLAcceptServerCertThumbprintMD5 Property (IPWorks_LDAP Class)

The MD5 hash of the certificate.

Object Oriented Interface

public function getSSLAcceptServerCertThumbprintMD5();

Procedural Interface

ipworks_ldap_get($res, 54 );

Default Value

''

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLAcceptServerCertThumbprintSHA1 Property (IPWorks_LDAP Class)

The SHA-1 hash of the certificate.

Object Oriented Interface

public function getSSLAcceptServerCertThumbprintSHA1();

Procedural Interface

ipworks_ldap_get($res, 55 );

Default Value

''

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLAcceptServerCertThumbprintSHA256 Property (IPWorks_LDAP Class)

The SHA-256 hash of the certificate.

Object Oriented Interface

public function getSSLAcceptServerCertThumbprintSHA256();

Procedural Interface

ipworks_ldap_get($res, 56 );

Default Value

''

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLAcceptServerCertUsage Property (IPWorks_LDAP Class)

The text description of UsageFlags .

Object Oriented Interface

public function getSSLAcceptServerCertUsage();

Procedural Interface

ipworks_ldap_get($res, 57 );

Default Value

''

Remarks

The text description of SSLAcceptServerCertUsageFlags.

This value will be one or more of the following strings and will be separated by commas:

• Digital Signature
• Non-Repudiation
• Key Encipherment
• Data Encipherment
• Key Agreement
• Certificate Signing
• CRL Signing
• Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only.

Data Type

String

SSLAcceptServerCertUsageFlags Property (IPWorks_LDAP Class)

The flags that show intended use for the certificate.

Object Oriented Interface

public function getSSLAcceptServerCertUsageFlags();

Procedural Interface

ipworks_ldap_get($res, 58 );

Default Value

0

Remarks

The flags that show intended use for the certificate. The value of SSLAcceptServerCertUsageFlags is a combination of the following flags:

Please see the SSLAcceptServerCertUsage property for a text representation of SSLAcceptServerCertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only.

Data Type

Integer

SSLAcceptServerCertVersion Property (IPWorks_LDAP Class)

The certificate's version number.

Object Oriented Interface

public function getSSLAcceptServerCertVersion();

Procedural Interface

ipworks_ldap_get($res, 59 );

Default Value

''

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only.

Data Type

String

SSLAcceptServerCertSubject Property (IPWorks_LDAP Class)

The subject of the certificate used for client authentication.

Object Oriented Interface

public function getSSLAcceptServerCertSubject();
public function setSSLAcceptServerCertSubject($value);

Procedural Interface

ipworks_ldap_get($res, 60 );
ipworks_ldap_set($res, 60, $value );

Default Value

''

Remarks

The subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

If a field value contains a comma, it must be quoted.

Data Type

String

SSLAcceptServerCertEncoded Property (IPWorks_LDAP Class)

The certificate (PEM/Base64 encoded).

Object Oriented Interface

public function getSSLAcceptServerCertEncoded();
public function setSSLAcceptServerCertEncoded($value);

Procedural Interface

ipworks_ldap_get($res, 61 );
ipworks_ldap_set($res, 61, $value );

Default Value

''

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The SSLAcceptServerCertStore and SSLAcceptServerCertSubject properties also may be used to specify a certificate.

When SSLAcceptServerCertEncoded is set, a search is initiated in the current SSLAcceptServerCertStore for the private key of the certificate. If the key is found, SSLAcceptServerCertSubject is updated to reflect the full subject of the selected certificate; otherwise, SSLAcceptServerCertSubject is set to an empty string.

This property is not available at design time.

Data Type

Binary String

SSLCertEffectiveDate Property (IPWorks_LDAP Class)

The date on which this certificate becomes valid.

Object Oriented Interface

public function getSSLCertEffectiveDate();

Procedural Interface

ipworks_ldap_get($res, 62 );

Default Value

''

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only.

Data Type

String

SSLCertExpirationDate Property (IPWorks_LDAP Class)

The date on which the certificate expires.

Object Oriented Interface

public function getSSLCertExpirationDate();

Procedural Interface

ipworks_ldap_get($res, 63 );

Default Value

''

Remarks

The date on which the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only.

Data Type

String

SSLCertExtendedKeyUsage Property (IPWorks_LDAP Class)

A comma-delimited list of extended key usage identifiers.

Object Oriented Interface

public function getSSLCertExtendedKeyUsage();

Procedural Interface

ipworks_ldap_get($res, 64 );

Default Value

''

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only.

Data Type

String

SSLCertFingerprint Property (IPWorks_LDAP Class)

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Object Oriented Interface

public function getSSLCertFingerprint();

Procedural Interface

ipworks_ldap_get($res, 65 );

Default Value

''

Remarks

The hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only.

Data Type

String

SSLCertFingerprintSHA1 Property (IPWorks_LDAP Class)

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Object Oriented Interface

public function getSSLCertFingerprintSHA1();

Procedural Interface

ipworks_ldap_get($res, 66 );

Default Value

''

Remarks

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only.

Data Type

String

SSLCertFingerprintSHA256 Property (IPWorks_LDAP Class)

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Object Oriented Interface

public function getSSLCertFingerprintSHA256();

Procedural Interface

ipworks_ldap_get($res, 67 );

Default Value

''

Remarks

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only.

Data Type

String

SSLCertIssuer Property (IPWorks_LDAP Class)

The issuer of the certificate.

Object Oriented Interface

public function getSSLCertIssuer();

Procedural Interface

ipworks_ldap_get($res, 68 );

Default Value

''

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only.

Data Type

String

SSLCertPrivateKey Property (IPWorks_LDAP Class)

The private key of the certificate (if available).

Object Oriented Interface

public function getSSLCertPrivateKey();

Procedural Interface

ipworks_ldap_get($res, 69 );

Default Value

''

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The SSLCertPrivateKey may be available but not exportable. In this case, SSLCertPrivateKey returns an empty string.

This property is read-only.

Data Type

String

SSLCertPrivateKeyAvailable Property (IPWorks_LDAP Class)

Whether a PrivateKey is available for the selected certificate.

Object Oriented Interface

public function getSSLCertPrivateKeyAvailable();

Procedural Interface

ipworks_ldap_get($res, 70 );

Default Value

false

Remarks

Whether a SSLCertPrivateKey is available for the selected certificate. If SSLCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only.

Data Type

Boolean

SSLCertPrivateKeyContainer Property (IPWorks_LDAP Class)

The name of the PrivateKey container for the certificate (if available).

Object Oriented Interface

public function getSSLCertPrivateKeyContainer();

Procedural Interface

ipworks_ldap_get($res, 71 );

Default Value

''

Remarks

The name of the SSLCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only.

Data Type

String

SSLCertPublicKey Property (IPWorks_LDAP Class)

The public key of the certificate.

Object Oriented Interface

public function getSSLCertPublicKey();

Procedural Interface

ipworks_ldap_get($res, 72 );

Default Value

''

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only.

Data Type

String

SSLCertPublicKeyAlgorithm Property (IPWorks_LDAP Class)

The textual description of the certificate's public key algorithm.

Object Oriented Interface

public function getSSLCertPublicKeyAlgorithm();

Procedural Interface

ipworks_ldap_get($res, 73 );

Default Value

''

Remarks

The textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLCertPublicKeyLength Property (IPWorks_LDAP Class)

The length of the certificate's public key (in bits).

Object Oriented Interface

public function getSSLCertPublicKeyLength();

Procedural Interface

ipworks_ldap_get($res, 74 );

Default Value

0

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only.

Data Type

Integer

SSLCertSerialNumber Property (IPWorks_LDAP Class)

The serial number of the certificate encoded as a string.

Object Oriented Interface

public function getSSLCertSerialNumber();

Procedural Interface

ipworks_ldap_get($res, 75 );

Default Value

''

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only.

Data Type

String

SSLCertSignatureAlgorithm Property (IPWorks_LDAP Class)

The text description of the certificate's signature algorithm.

Object Oriented Interface

public function getSSLCertSignatureAlgorithm();

Procedural Interface

ipworks_ldap_get($res, 76 );

Default Value

''

Remarks

The text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLCertStore Property (IPWorks_LDAP Class)

The name of the certificate store for the client certificate.

Object Oriented Interface

public function getSSLCertStore();
public function setSSLCertStore($value);

Procedural Interface

ipworks_ldap_get($res, 77 );
ipworks_ldap_set($res, 77, $value );

Default Value

'MY'

Remarks

The name of the certificate store for the client certificate.

The SSLCertStoreType property denotes the type of the certificate store specified by SSLCertStore. If the store is password-protected, specify the password in SSLCertStorePassword.

SSLCertStore is used in conjunction with the SSLCertSubject property to specify client certificates. If SSLCertStore has a value, and SSLCertSubject or SSLCertEncoded is set, a search for a certificate is initiated. Please see the SSLCertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

Data Type

Binary String

SSLCertStorePassword Property (IPWorks_LDAP Class)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Object Oriented Interface

public function getSSLCertStorePassword();
public function setSSLCertStorePassword($value);

Procedural Interface

ipworks_ldap_get($res, 78 );
ipworks_ldap_set($res, 78, $value );

Default Value

''

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Data Type

String

SSLCertStoreType Property (IPWorks_LDAP Class)

The type of certificate store for this certificate.

Object Oriented Interface

public function getSSLCertStoreType();
public function setSSLCertStoreType($value);

Procedural Interface

ipworks_ldap_get($res, 79 );
ipworks_ldap_set($res, 79, $value );

Default Value

0

Remarks

The type of certificate store for this certificate.

The class supports both public and private keys in a variety of formats. When the cstAuto value is used, the class will automatically determine the type. This property can take one of the following values:

Data Type

Integer

SSLCertSubjectAltNames Property (IPWorks_LDAP Class)

Comma-separated lists of alternative subject names for the certificate.

Object Oriented Interface

public function getSSLCertSubjectAltNames();

Procedural Interface

ipworks_ldap_get($res, 80 );

Default Value

''

Remarks

Comma-separated lists of alternative subject names for the certificate.

This property is read-only.

Data Type

String

SSLCertThumbprintMD5 Property (IPWorks_LDAP Class)

The MD5 hash of the certificate.

Object Oriented Interface

public function getSSLCertThumbprintMD5();

Procedural Interface

ipworks_ldap_get($res, 81 );

Default Value

''

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLCertThumbprintSHA1 Property (IPWorks_LDAP Class)

The SHA-1 hash of the certificate.

Object Oriented Interface

public function getSSLCertThumbprintSHA1();

Procedural Interface

ipworks_ldap_get($res, 82 );

Default Value

''

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLCertThumbprintSHA256 Property (IPWorks_LDAP Class)

The SHA-256 hash of the certificate.

Object Oriented Interface

public function getSSLCertThumbprintSHA256();

Procedural Interface

ipworks_ldap_get($res, 83 );

Default Value

''

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLCertUsage Property (IPWorks_LDAP Class)

The text description of UsageFlags .

Object Oriented Interface

public function getSSLCertUsage();

Procedural Interface

ipworks_ldap_get($res, 84 );

Default Value

''

Remarks

The text description of SSLCertUsageFlags.

This value will be one or more of the following strings and will be separated by commas:

• Digital Signature
• Non-Repudiation
• Key Encipherment
• Data Encipherment
• Key Agreement
• Certificate Signing
• CRL Signing
• Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only.

Data Type

String

SSLCertUsageFlags Property (IPWorks_LDAP Class)

The flags that show intended use for the certificate.

Object Oriented Interface

public function getSSLCertUsageFlags();

Procedural Interface

ipworks_ldap_get($res, 85 );

Default Value

0

Remarks

The flags that show intended use for the certificate. The value of SSLCertUsageFlags is a combination of the following flags:

Please see the SSLCertUsage property for a text representation of SSLCertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only.

Data Type

Integer

SSLCertVersion Property (IPWorks_LDAP Class)

The certificate's version number.

Object Oriented Interface

public function getSSLCertVersion();

Procedural Interface

ipworks_ldap_get($res, 86 );

Default Value

''

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only.

Data Type

String

SSLCertSubject Property (IPWorks_LDAP Class)

The subject of the certificate used for client authentication.

Object Oriented Interface

public function getSSLCertSubject();
public function setSSLCertSubject($value);

Procedural Interface

ipworks_ldap_get($res, 87 );
ipworks_ldap_set($res, 87, $value );

Default Value

''

Remarks

The subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

If a field value contains a comma, it must be quoted.

Data Type

String

SSLCertEncoded Property (IPWorks_LDAP Class)

The certificate (PEM/Base64 encoded).

Object Oriented Interface

public function getSSLCertEncoded();
public function setSSLCertEncoded($value);

Procedural Interface

ipworks_ldap_get($res, 88 );
ipworks_ldap_set($res, 88, $value );

Default Value

''

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The SSLCertStore and SSLCertSubject properties also may be used to specify a certificate.

When SSLCertEncoded is set, a search is initiated in the current SSLCertStore for the private key of the certificate. If the key is found, SSLCertSubject is updated to reflect the full subject of the selected certificate; otherwise, SSLCertSubject is set to an empty string.

This property is not available at design time.

Data Type

Binary String

SSLEnabled Property (IPWorks_LDAP Class)

This property indicates whether Transport Layer Security/Secure Sockets Layer (TLS/SSL) is enabled.

Object Oriented Interface

public function getSSLEnabled();
public function setSSLEnabled($value);

Procedural Interface

ipworks_ldap_get($res, 89 );
ipworks_ldap_set($res, 89, $value );

Default Value

false

Remarks

This property specifies whether TLS/SSL is enabled in the class. When False (default), the class operates in plaintext mode. When True, TLS/SSL is enabled.

TLS/SSL may also be enabled by setting SSLStartMode. Setting SSLStartMode will automatically update this property value.

This property is not available at design time.

Data Type

Boolean

SSLProvider Property (IPWorks_LDAP Class)

The Secure Sockets Layer/Transport Layer Security (SSL/TLS) implementation to use.

Object Oriented Interface

public function getSSLProvider();
public function setSSLProvider($value);

Procedural Interface

ipworks_ldap_get($res, 90 );
ipworks_ldap_set($res, 90, $value );

Default Value

0

Remarks

This property specifies the SSL/TLS implementation to use. In most cases the default value of 0 (Automatic) is recommended and should not be changed. When set to 0 (Automatic), the class will select whether to use the platform implementation or the internal implementation depending on the operating system as well as the TLS version being used.

Possible values are as follows:

In most cases using the default value (Automatic) is recommended. The class will select a provider depending on the current platform.

When Automatic is selected, on Windows, the class will use the platform implementation. On Linux/macOS, the class will use the internal implementation. When TLS 1.3 is enabled via SSLEnabledProtocols, the internal implementation is used on all platforms.

Data Type

Integer

SSLServerCertEffectiveDate Property (IPWorks_LDAP Class)

The date on which this certificate becomes valid.

Object Oriented Interface

public function getSSLServerCertEffectiveDate();

Procedural Interface

ipworks_ldap_get($res, 91 );

Default Value

''

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only.

Data Type

String

SSLServerCertExpirationDate Property (IPWorks_LDAP Class)

The date on which the certificate expires.

Object Oriented Interface

public function getSSLServerCertExpirationDate();

Procedural Interface

ipworks_ldap_get($res, 92 );

Default Value

''

Remarks

The date on which the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only.

Data Type

String

SSLServerCertExtendedKeyUsage Property (IPWorks_LDAP Class)

A comma-delimited list of extended key usage identifiers.

Object Oriented Interface

public function getSSLServerCertExtendedKeyUsage();

Procedural Interface

ipworks_ldap_get($res, 93 );

Default Value

''

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only.

Data Type

String

SSLServerCertFingerprint Property (IPWorks_LDAP Class)

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Object Oriented Interface

public function getSSLServerCertFingerprint();

Procedural Interface

ipworks_ldap_get($res, 94 );

Default Value

''

Remarks

The hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only.

Data Type

String

SSLServerCertFingerprintSHA1 Property (IPWorks_LDAP Class)

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Object Oriented Interface

public function getSSLServerCertFingerprintSHA1();

Procedural Interface

ipworks_ldap_get($res, 95 );

Default Value

''

Remarks

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only.

Data Type

String

SSLServerCertFingerprintSHA256 Property (IPWorks_LDAP Class)

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Object Oriented Interface

public function getSSLServerCertFingerprintSHA256();

Procedural Interface

ipworks_ldap_get($res, 96 );

Default Value

''

Remarks

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only.

Data Type

String

SSLServerCertIssuer Property (IPWorks_LDAP Class)

The issuer of the certificate.

Object Oriented Interface

public function getSSLServerCertIssuer();

Procedural Interface

ipworks_ldap_get($res, 97 );

Default Value

''

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only.

Data Type

String

SSLServerCertPrivateKey Property (IPWorks_LDAP Class)

The private key of the certificate (if available).

Object Oriented Interface

public function getSSLServerCertPrivateKey();

Procedural Interface

ipworks_ldap_get($res, 98 );

Default Value

''

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The SSLServerCertPrivateKey may be available but not exportable. In this case, SSLServerCertPrivateKey returns an empty string.

This property is read-only.

Data Type

String

SSLServerCertPrivateKeyAvailable Property (IPWorks_LDAP Class)

Whether a PrivateKey is available for the selected certificate.

Object Oriented Interface

public function getSSLServerCertPrivateKeyAvailable();

Procedural Interface

ipworks_ldap_get($res, 99 );

Default Value

false

Remarks

Whether a SSLServerCertPrivateKey is available for the selected certificate. If SSLServerCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only.

Data Type

Boolean

SSLServerCertPrivateKeyContainer Property (IPWorks_LDAP Class)

The name of the PrivateKey container for the certificate (if available).

Object Oriented Interface

public function getSSLServerCertPrivateKeyContainer();

Procedural Interface

ipworks_ldap_get($res, 100 );

Default Value

''

Remarks

The name of the SSLServerCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only.

Data Type

String

SSLServerCertPublicKey Property (IPWorks_LDAP Class)

The public key of the certificate.

Object Oriented Interface

public function getSSLServerCertPublicKey();

Procedural Interface

ipworks_ldap_get($res, 101 );

Default Value

''

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only.

Data Type

String

SSLServerCertPublicKeyAlgorithm Property (IPWorks_LDAP Class)

The textual description of the certificate's public key algorithm.

Object Oriented Interface

public function getSSLServerCertPublicKeyAlgorithm();

Procedural Interface

ipworks_ldap_get($res, 102 );

Default Value

''

Remarks

The textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLServerCertPublicKeyLength Property (IPWorks_LDAP Class)

The length of the certificate's public key (in bits).

Object Oriented Interface

public function getSSLServerCertPublicKeyLength();

Procedural Interface

ipworks_ldap_get($res, 103 );

Default Value

0

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only.

Data Type

Integer

SSLServerCertSerialNumber Property (IPWorks_LDAP Class)

The serial number of the certificate encoded as a string.

Object Oriented Interface

public function getSSLServerCertSerialNumber();

Procedural Interface

ipworks_ldap_get($res, 104 );

Default Value

''

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only.

Data Type

String

SSLServerCertSignatureAlgorithm Property (IPWorks_LDAP Class)

The text description of the certificate's signature algorithm.

Object Oriented Interface

public function getSSLServerCertSignatureAlgorithm();

Procedural Interface

ipworks_ldap_get($res, 105 );

Default Value

''

Remarks

The text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLServerCertStore Property (IPWorks_LDAP Class)

The name of the certificate store for the client certificate.

Object Oriented Interface

public function getSSLServerCertStore();

Procedural Interface

ipworks_ldap_get($res, 106 );

Default Value

'MY'

Remarks

The name of the certificate store for the client certificate.

The SSLServerCertStoreType property denotes the type of the certificate store specified by SSLServerCertStore. If the store is password-protected, specify the password in SSLServerCertStorePassword.

SSLServerCertStore is used in conjunction with the SSLServerCertSubject property to specify client certificates. If SSLServerCertStore has a value, and SSLServerCertSubject or SSLServerCertEncoded is set, a search for a certificate is initiated. Please see the SSLServerCertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

This property is read-only.

Data Type

Binary String

SSLServerCertStorePassword Property (IPWorks_LDAP Class)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Object Oriented Interface

public function getSSLServerCertStorePassword();

Procedural Interface

ipworks_ldap_get($res, 107 );

Default Value

''

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

This property is read-only.

Data Type

String

SSLServerCertStoreType Property (IPWorks_LDAP Class)

The type of certificate store for this certificate.

Object Oriented Interface

public function getSSLServerCertStoreType();

Procedural Interface

ipworks_ldap_get($res, 108 );

Default Value

0

Remarks

The type of certificate store for this certificate.

The class supports both public and private keys in a variety of formats. When the cstAuto value is used, the class will automatically determine the type. This property can take one of the following values:

This property is read-only.

Data Type

Integer

SSLServerCertSubjectAltNames Property (IPWorks_LDAP Class)

Comma-separated lists of alternative subject names for the certificate.

Object Oriented Interface

public function getSSLServerCertSubjectAltNames();

Procedural Interface

ipworks_ldap_get($res, 109 );

Default Value

''

Remarks

Comma-separated lists of alternative subject names for the certificate.

This property is read-only.

Data Type

String

SSLServerCertThumbprintMD5 Property (IPWorks_LDAP Class)

The MD5 hash of the certificate.

Object Oriented Interface

public function getSSLServerCertThumbprintMD5();

Procedural Interface

ipworks_ldap_get($res, 110 );

Default Value

''

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLServerCertThumbprintSHA1 Property (IPWorks_LDAP Class)

The SHA-1 hash of the certificate.

Object Oriented Interface

public function getSSLServerCertThumbprintSHA1();

Procedural Interface

ipworks_ldap_get($res, 111 );

Default Value

''

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLServerCertThumbprintSHA256 Property (IPWorks_LDAP Class)

The SHA-256 hash of the certificate.

Object Oriented Interface

public function getSSLServerCertThumbprintSHA256();

Procedural Interface

ipworks_ldap_get($res, 112 );

Default Value

''

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLServerCertUsage Property (IPWorks_LDAP Class)

The text description of UsageFlags .

Object Oriented Interface

public function getSSLServerCertUsage();

Procedural Interface

ipworks_ldap_get($res, 113 );

Default Value

''

Remarks

The text description of SSLServerCertUsageFlags.

This value will be one or more of the following strings and will be separated by commas:

• Digital Signature
• Non-Repudiation
• Key Encipherment
• Data Encipherment
• Key Agreement
• Certificate Signing
• CRL Signing
• Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only.

Data Type

String

SSLServerCertUsageFlags Property (IPWorks_LDAP Class)

The flags that show intended use for the certificate.

Object Oriented Interface

public function getSSLServerCertUsageFlags();

Procedural Interface

ipworks_ldap_get($res, 114 );

Default Value

0

Remarks

The flags that show intended use for the certificate. The value of SSLServerCertUsageFlags is a combination of the following flags:

Please see the SSLServerCertUsage property for a text representation of SSLServerCertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only.

Data Type

Integer

SSLServerCertVersion Property (IPWorks_LDAP Class)

The certificate's version number.

Object Oriented Interface

public function getSSLServerCertVersion();

Procedural Interface

ipworks_ldap_get($res, 115 );

Default Value

''

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only.

Data Type

String

SSLServerCertSubject Property (IPWorks_LDAP Class)

The subject of the certificate used for client authentication.

Object Oriented Interface

public function getSSLServerCertSubject();

Procedural Interface

ipworks_ldap_get($res, 116 );

Default Value

''

Remarks

The subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

If a field value contains a comma, it must be quoted.

This property is read-only.

Data Type

String

SSLServerCertEncoded Property (IPWorks_LDAP Class)

The certificate (PEM/Base64 encoded).

Object Oriented Interface

public function getSSLServerCertEncoded();

Procedural Interface

ipworks_ldap_get($res, 117 );

Default Value

''

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The SSLServerCertStore and SSLServerCertSubject properties also may be used to specify a certificate.

When SSLServerCertEncoded is set, a search is initiated in the current SSLServerCertStore for the private key of the certificate. If the key is found, SSLServerCertSubject is updated to reflect the full subject of the selected certificate; otherwise, SSLServerCertSubject is set to an empty string.

This property is read-only and not available at design time.

Data Type

Binary String

SSLStartMode Property (IPWorks_LDAP Class)

This property determines how the class starts the Secure Sockets Layer (SSL) negotiation.

Object Oriented Interface

public function getSSLStartMode();
public function setSSLStartMode($value);

Procedural Interface

ipworks_ldap_get($res, 118 );
ipworks_ldap_set($res, 118, $value );

Default Value

3

Remarks

The SSLStartMode property may have one of the following values:

Data Type

Integer

Timeout Property (IPWorks_LDAP Class)

This property includes the timeout for the class.

Object Oriented Interface

public function getTimeout();
public function setTimeout($value);

Procedural Interface

ipworks_ldap_get($res, 119 );
ipworks_ldap_set($res, 119, $value );

Default Value

60

Remarks

If the Timeout property is set to 0, all operations return immediately, potentially failing with a WOULDBLOCK error if data cannot be sent immediately.

If Timeout is set to a positive value, data is sent in a blocking manner and the class will wait for the operation to complete before returning control. The class will handle any potential WOULDBLOCK errors internally and automatically retry the operation for a maximum of Timeout seconds.

The class will use DoEvents to enter an efficient wait loop during any potential waiting period, making sure that all system events are processed immediately as they arrive. This ensures that the host application does not freeze and remains responsive.

If Timeout expires, and the operation is not yet complete, the class fails with an error.

Note: By default, all timeouts are inactivity timeouts, that is, the timeout period is extended by Timeout seconds when any amount of data is successfully sent or received.

The default value for the Timeout property is 60 seconds.

Data Type

Integer

Abandon Method (IPWorks_LDAP Class)

This method asks the server to abandon a request.

Object Oriented Interface

public function doAbandon($messageid);

Procedural Interface

ipworks_ldap_do_abandon($res, $messageid);

Remarks

This method asks the server to abandon the request specified by MessageId. The result of the operation is returned through the Result event.

Add Method (IPWorks_LDAP Class)

This method adds an entry specified by DN to the directory server using the type and value attributes defined in the Attributes properties.

Object Oriented Interface

public function doAdd();

Procedural Interface

ipworks_ldap_do_add($res);

Remarks

This method adds the entry specified by DN to the directory. All entries are required to have an objectClass attribute.

To add a new entry, first Bind with credentials that will allow you to perform the new addition. To add attributes instead of entries, use the Modify method instead. When specifying multivalued attributes, specify the attribute type only in the first occurrence of that attribute type in the Attributes properties. Additional instances of the same attribute type should specify an attribute type of an empty string.

The result of the operation is returned through the Result event.

Example. Add a New Entry (including the multivalued objectClass attribute):

LDAPControl.DN = "uid=NewUser,ou=Employees,dc=server" LDAPControl.AttributeCount = 7 LDAPControl.AttributeType(0) = "objectClass" LDAPControl.AttributeValue(0) = "top" LDAPControl.AttributeType(1) = "" LDAPControl.AttributeValue(1) = "person" LDAPControl.AttributeType(2) = "" LDAPControl.AttributeValue(2) = "organizationalPerson" LDAPControl.AttributeType(3) = "" LDAPControl.AttributeValue(3) = "inetOrgPerson" LDAPControl.AttributeType(4) = "sn" LDAPControl.AttributeValue(4) = "UserName" LDAPControl.AttributeType(5) = "cn" LDAPControl.AttributeValue(5) = "New S. UserName" LDAPControl.AttributeType(6) = "uid" LDAPControl.AttributeValue(6) = "NewUser" LDAPControl.Add()

Attr Method (IPWorks_LDAP Class)

This method returns the value of the specified Lightweight Directory Access Protocol (LDAP) attribute.

Object Oriented Interface

public function doAttr($attrtype);

Procedural Interface

ipworks_ldap_do_attr($res, $attrtype);

Remarks

This method returns the value of the specified LDAP attribute. If the attribute does not exist, an empty string is returned.

Please refer to the Attributes properties for more information.

Bind Method (IPWorks_LDAP Class)

This method connects and binds to the directory server.

Object Oriented Interface

public function doBind();

Procedural Interface

ipworks_ldap_do_bind($res);

Remarks

This method connects and binds to the directory server. If the Password property has a value, it is used for authentication. If not, the bind is performed anonymously. Binding is often required on some directory servers, like Active Directory. The result of the operation is returned through the Result event.

Example. Binding:

LDAPControl.DN = "uid=TThompson,ou=Employees,dc=server" LDAPControl.Password = "mypassword" LDAPControl.Bind() LDAPControl.DN = "Domain/Username" LDAPControl.Password = "mypassword" LDAPControl.Bind()

ChangePassword Method (IPWorks_LDAP Class)

This method changes the password for the specified user.

Object Oriented Interface

public function doChangePassword($user, $oldpassword, $newpassword);

Procedural Interface

ipworks_ldap_do_changepassword($res, $user, $oldpassword, $newpassword);

Remarks

This method changes the password for the specified user.

The User parameter is the name of the user for which the password will be changed. OldPassword specifies the current password and NewPassword specifies the new password.

Note: This operation can be performed only over the Secure Sockets Layer (SSL) port. Set ServerPort to the SSL port of the server (typically 636) before calling this method.

Note: If the user is an administrator, the old password is not required.

Compare Method (IPWorks_LDAP Class)

This method compares attributes and values with those of the entry specified by DN .

Object Oriented Interface

public function doCompare();

Procedural Interface

ipworks_ldap_do_compare($res);

Remarks

This method compares attribute types and values specified via the Attributes properties, with the values in the directory for the entry specified by DN. The result of the operation is returned through the Result event.

Config Method (IPWorks_LDAP Class)

Sets or retrieves a configuration setting.

Object Oriented Interface

public function doConfig($configurationstring);

Procedural Interface

ipworks_ldap_do_config($res, $configurationstring);

Remarks

Config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

Connect Method (IPWorks_LDAP Class)

This method connects to the directory server without performing any action.

Object Oriented Interface

public function doConnect();

Procedural Interface

ipworks_ldap_do_connect($res);

Remarks

This method establishes a connection with the directory server specified by ServerName. In most cases, it is recommended to use the Bind method, which will both establish a connection and bind to the directory server.

This method may be useful in cases in which it is desirable to establish a connection without performing any operation (e.g., when testing connectivity).

Delete Method (IPWorks_LDAP Class)

Deletes an entry specified by DN from the directory server.

Object Oriented Interface

public function doDelete();

Procedural Interface

ipworks_ldap_do_delete($res);

Remarks

This method deletes the entry specified by DN from the directory. The result of the operation is returned through the Result event.

DoEvents Method (IPWorks_LDAP Class)

This method processes events from the internal message queue.

Object Oriented Interface

public function doEvents();

Procedural Interface

ipworks_ldap_do_doevents($res);

Remarks

When DoEvents is called, the class processes any available events. If no events are available, it waits for a preset period of time, and then returns.

ExtendedRequest Method (IPWorks_LDAP Class)

This method performs a Lightweight Directory Access Protocol (LDAP) V3 extended operation.

Object Oriented Interface

public function doExtendedRequest($requestname, $requestvalue);

Procedural Interface

ipworks_ldap_do_extendedrequest($res, $requestname, $requestvalue);

Remarks

This method performs an LDAP V3 extended operation. RequestName must contain the object identifier of the operation, and RequestValue may contain an optional value.

Interrupt Method (IPWorks_LDAP Class)

This method interrupts the current method.

Object Oriented Interface

public function doInterrupt();

Procedural Interface

ipworks_ldap_do_interrupt($res);

Remarks

If there is no method in progress, Interrupt simply returns, doing nothing.

ListComputers Method (IPWorks_LDAP Class)

This method lists all computers in the directory.

Object Oriented Interface

public function doListComputers();

Procedural Interface

ipworks_ldap_do_listcomputers($res);

Remarks

This method lists all computers in the directory. The ComputerList event will be fired once for each computer returned.

ListGroupMembers Method (IPWorks_LDAP Class)

This method lists all members of a group.

Object Oriented Interface

public function doListGroupMembers($group);

Procedural Interface

ipworks_ldap_do_listgroupmembers($res, $group);

Remarks

This method lists all members of the specified group. The UserList event will be fired once for each member returned.

ListGroups Method (IPWorks_LDAP Class)

This method list all groups in the directory.

Object Oriented Interface

public function doListGroups();

Procedural Interface

ipworks_ldap_do_listgroups($res);

Remarks

This method lists all groups in the directory. The GroupList event will be fired once for each group returned.

ListUserGroups Method (IPWorks_LDAP Class)

This method lists all groups a user is a part of.

Object Oriented Interface

public function doListUserGroups($user);

Procedural Interface

ipworks_ldap_do_listusergroups($res, $user);

Remarks

This method lists all groups that the user specified by user is a part of. The GroupList event will fire once for each group the user is a part of.

Modify Method (IPWorks_LDAP Class)

This method performs a Lightweight Directory Access Protocol (LDAP) modify operation on the entry specified by DN .

Object Oriented Interface

public function doModify();

Procedural Interface

ipworks_ldap_do_modify($res);

Remarks

This method performs an LDAP modify operation on the entry specified by DN. The attributes to modify should be set via the Attributes properties. When specifying multivalued attributes, specify the attribute type only in the first occurrence of that attribute type in the Attributes properties. Additional instances of the same attribute type should specify an attribute type of an empty string.

The modification can be a replacement, an addition, or a deletion, depending on the ModOp field of the attribute;. The result of the operation is returned through the Result event.

Example. Modify an Entry (Replace an Attribute Value):

LDAPControl.DN = "uid=TThompson,ou=Employees,dc=server" LDAPControl.AttributeCount = 2 LDAPControl.AttributeType(0) = "url" LDAPControl.AttributeValue(0) = "www.url1.net" LDAPControl.AttributeModOp(0) = amoReplace LDAPControl.AttributeType(0) = "" LDAPControl.AttributeValue(0) = "www.url2.net" LDAPControl.AttributeModOp(0) = amoReplace LDAPControl.Modify()

ModifyRDN Method (IPWorks_LDAP Class)

This method performs a Lightweight Directory Access Protocol (LDAP) modify RDN operation on an entry specified by DN .

Object Oriented Interface

public function doModifyRDN($newrdn);

Procedural Interface

ipworks_ldap_do_modifyrdn($res, $newrdn);

Remarks

This method performs an LDAP modify RDN operation on the entry specified by DN.

NewRDN is the new RDN for the entry specified by DN

The result of the operation is returned through the Result event.

MoveToDN Method (IPWorks_LDAP Class)

This method performs a Lightweight Directory Access Protocol (LDAP) modify operation on the entry specified by DN by changing its superior.

Object Oriented Interface

public function doMoveToDN($newsuperior);

Procedural Interface

ipworks_ldap_do_movetodn($res, $newsuperior);

Remarks

This method performs an LDAP modify operation on the entry specified by DN by changing its superior.

Note: None of the entry's attributes will change. DeleteOldRDN property will be set to True to delete the old entry. The result of the operation is returned through the Result event.

PauseData Method (IPWorks_LDAP Class)

This method pauses data reception.

Object Oriented Interface

public function doPauseData();

Procedural Interface

ipworks_ldap_do_pausedata($res);

Remarks

This method pauses data reception when called. While data reception is paused, incoming data will not be processed and events will not fire. Call ProcessData to re-enable data reception.

ProcessData Method (IPWorks_LDAP Class)

This method re-enables data reception after a call to PauseData .

Object Oriented Interface

public function doProcessData();

Procedural Interface

ipworks_ldap_do_processdata($res);

Remarks

This method re-enables data reception after a previous call to PauseData. Call this method to re-enable data reception and allow IPPacket to fire.

Note: This method is used only after previously calling PauseData. It does not need to be called to process data by default.

Reset Method (IPWorks_LDAP Class)

This method will reset the class.

Object Oriented Interface

public function doReset();

Procedural Interface

ipworks_ldap_do_reset($res);

Remarks

This method will reset the class's properties to their default values.

Search Method (IPWorks_LDAP Class)

This method searches the directory server using the base object specified in DN and the search filter SearchFilter .

Object Oriented Interface

public function doSearch($searchfilter);

Procedural Interface

ipworks_ldap_do_search($res, $searchfilter);

Remarks

This method searches the directory server using the base object specified in the DN and the search filter specified in the SearchFilter parameter. Additional search parameters are specified through the SearchScope, SearchDerefAliases, SearchSizeLimit, SearchTimeLimit, and SearchReturnValues properties.

If Attributes are specified before starting a search, the server will return only those results that contain a value for the specified attributes.

Results are returned through zero or more SearchResult events, after which a SearchComplete event is fired.

Example 1. Searching for a User:

LDAPControl.DN = "ou=Employees,dc=server" LDAPControl.Search("uid=TThompson")

A Directory-Specific Entries (DSE) search will search for the attributes of the server. Example 2. DSE Search:

LDAPControl.DN = "" LDAPControl.SearchScope = 0 LDAPControl.Search("objectClass=*")

SearchFilter is a string representation of the Lightweight Directory Access Protocol (LDAP) search filter used for the search.

The format of the search filter is specified by RFC 1558 and is identical to the format used by most LDAP applications.

The following are examples of search filters, as provided in the RFC:

Example 3. Search Filters:

     (cn=Babs Jensen)
     (!(cn=Tim Howes))
     (&(objectClass=Person)(|(sn=Jensen)(cn=Babs J*)))
     (o=univ*of*mich*)

The complete specification is given by the following BNF:

     <filter> ::= "(" <filtercomp> ")"
     <filtercomp> ::= <and> | <or> | <not> | <item>
     <and> ::= "&" <filterlist>
     <or> ::= "|" <filterlist>
     <not> ::= "!" <filter>
     <filterlist> ::= <filter> | <filter> <filterlist>
     <item> ::= <simple> | <present> | <substring>
     <simple> ::= <attr> <filtertype> <value>
     <filtertype> ::= <equal> | <approx> | <greater> | <less>
     <equal> ::= "="
     <approx> ::= "~="
     <greater> ::= ">="
     <less> ::= "<="
     <present> ::= <attr> "=*"
     <substring> ::= <attr> "=" <initial> <any> <final>
     <initial> ::= NULL | <value>
     <any> ::= "*" <starval>
     <starval> ::= NULL | <value> "*" <starval>
     <final> ::= NULL | <value>

<attr> is a string representing an attribute type as defined in RFC 1777. <value> is a string representing an attribute value, or part of one, and has the form defined in RFC 1779. If a <value> must contain one of the characters '*' or '(' or ')', these should be escaped by preceding them with the backslash '\' character.

Unbind Method (IPWorks_LDAP Class)

This method unbinds from the directory server.

Object Oriented Interface

public function doUnbind();

Procedural Interface

ipworks_ldap_do_unbind($res);

Remarks

This method unbinds from the directory server and breaks the connection.

ComputerList Event (IPWorks_LDAP Class)

This event is fired for each computer entry returned.

Object Oriented Interface

public function fireComputerList($param);

Procedural Interface

ipworks_ldap_register_callback($res, 1, array($this, 'fireComputerList'));

Parameter List

 'name'
 'operatingsystem'
 'lastlogon'
 'logoncount'
 'dn'

Remarks

This event is fired once for each computer returned when the ListComputers method is called.

Connected Event (IPWorks_LDAP Class)

Fired immediately after a connection completes (or fails).

Object Oriented Interface

public function fireConnected($param);

Procedural Interface

ipworks_ldap_register_callback($res, 2, array($this, 'fireConnected'));

Parameter List

 'statuscode'
 'description'

Remarks

If the connection is made normally, StatusCode is 0 and Description is "OK".

If the connection fails, StatusCode has the error code returned by the Transmission Control Protocol (TCP)/IP stack. Description contains a description of this code. The value of StatusCode is equal to the value of the error.

Please refer to the Error Codes section for more information.

ConnectionStatus Event (IPWorks_LDAP Class)

Fired to indicate changes in the connection state.

Object Oriented Interface

public function fireConnectionStatus($param);

Procedural Interface

ipworks_ldap_register_callback($res, 3, array($this, 'fireConnectionStatus'));

Parameter List

 'connectionevent'
 'statuscode'
 'description'

Remarks

This event is fired when the connection state changes: for example, completion of a firewall or proxy connection or completion of a security handshake.

The ConnectionEvent parameter indicates the type of connection event. Values may include the following:

Disconnected Event (IPWorks_LDAP Class)

Fired when a connection is closed.

Object Oriented Interface

public function fireDisconnected($param);

Procedural Interface

ipworks_ldap_register_callback($res, 4, array($this, 'fireDisconnected'));

Parameter List

 'statuscode'
 'description'

Remarks

If the connection is broken normally, StatusCode is 0 and Description is "OK".

If the connection is broken for any other reason, StatusCode has the error code returned by the Transmission Control Protocol (TCP/IP) subsystem. Description contains a description of this code. The value of StatusCode is equal to the value of the TCP/IP error.

Please refer to the Error Codes section for more information.

Error Event (IPWorks_LDAP Class)

Fired when information is available about errors during data delivery.

Object Oriented Interface

public function fireError($param);

Procedural Interface

ipworks_ldap_register_callback($res, 5, array($this, 'fireError'));

Parameter List

 'errorcode'
 'description'

Remarks

The Error event is fired in case of exceptional conditions during message processing. Normally the class fails with an error.

The ErrorCode parameter contains an error code, and the Description parameter contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

ExtendedResponse Event (IPWorks_LDAP Class)

This event is fired for Lightweight Directory Access Protocol (LDAP) V3 extended responses.

Object Oriented Interface

public function fireExtendedResponse($param);

Procedural Interface

ipworks_ldap_register_callback($res, 6, array($this, 'fireExtendedResponse'));

Parameter List

 'messageid'
 'dn'
 'resultcode'
 'resultdescription'
 'responsename'
 'responsevalue'

Remarks

The first four parameters are the same as the parameters of the Result event. ResponseName and ResponseValue are related to the corresponding parameters of the call to ExtendedRequest.

GroupList Event (IPWorks_LDAP Class)

This event is fired for each group entry returned.

Object Oriented Interface

public function fireGroupList($param);

Procedural Interface

ipworks_ldap_register_callback($res, 7, array($this, 'fireGroupList'));

Parameter List

 'name'
 'description'
 'dn'

Remarks

This event is fired once for each group entry returned when either of the ListGroups or ListUserGroups methods are called.

PITrail Event (IPWorks_LDAP Class)

This event provides detailed information about the interaction with the server.

Object Oriented Interface

public function firePITrail($param);

Procedural Interface

ipworks_ldap_register_callback($res, 8, array($this, 'firePITrail'));

Parameter List

 'direction'
 'description'
 'message'

Remarks

The PITrail event provides detailed information about all communication with the server. This is useful for debugging purposes.

Direction specifies the origin of the data. Possible values are as follows:

• 0 - Client
• 1 - Server

Description is a short description of the current packet. This is human readable and useful for informational logging.

Message contains a hex-encoded version of the raw message. This represents the exact value sent over the wire.

Result Event (IPWorks_LDAP Class)

This event is fired for every server response, except for search responses.

Object Oriented Interface

public function fireResult($param);

Procedural Interface

ipworks_ldap_register_callback($res, 9, array($this, 'fireResult'));

Parameter List

 'messageid'
 'dn'
 'resultcode'
 'resultdescription'

Remarks

The MessageId parameter identifies the corresponding request. ResultCode and ResultDescription show whether or not the operation was successful (on a successful operation, the ResultCode is 0). For a full list of possible result codes, see the ResultCode property.

SearchComplete Event (IPWorks_LDAP Class)

This event is fired upon completion of a search operation.

Object Oriented Interface

public function fireSearchComplete($param);

Procedural Interface

ipworks_ldap_register_callback($res, 10, array($this, 'fireSearchComplete'));

Parameter List

 'messageid'
 'dn'
 'resultcode'
 'resultdescription'

Remarks

The MessageId parameter identifies the corresponding request. ResultCode and ResultDescription show whether the operation was successful (on a successful operation, the ResultCode is 0).

SearchPage Event (IPWorks_LDAP Class)

This event is fired for every page returned from a search operation.

Object Oriented Interface

public function fireSearchPage($param);

Procedural Interface

ipworks_ldap_register_callback($res, 11, array($this, 'fireSearchPage'));

Parameter List

 'messageid'
 'dn'
 'resultcode'
 'resultdescription'
 'cancelsearch'

Remarks

This event is fired so the client can decide whether or not to continue with the Search operation. The signature is very similar to the SearchComplete event, with the addition of a CancelSearch parameter. If the search should be canceled (no more pages), the CancelSearch parameter should be set to True.

SearchResult Event (IPWorks_LDAP Class)

This event is fired for every entry returned from a search operation.

Object Oriented Interface

public function fireSearchResult($param);

Procedural Interface

ipworks_ldap_register_callback($res, 12, array($this, 'fireSearchResult'));

Parameter List

 'messageid'
 'dn'

Remarks

MessageId identifies the corresponding search request. DN contains the distinguished name of the entry. The attribute type and value provided in the Attributes properties show the list of retrieved attributes for the entry.

Every search operation results in a sequence of 0 or more SearchResult events and a sequence of 0 or more SearchResultReference events, which are followed by a SearchComplete event.

SearchResultReference Event (IPWorks_LDAP Class)

This event is fired for every result reference returned from a search operation.

Object Oriented Interface

public function fireSearchResultReference($param);

Procedural Interface

ipworks_ldap_register_callback($res, 13, array($this, 'fireSearchResultReference'));

Parameter List

 'messageid'
 'ldapurl'

Remarks

MessageId identifies the corresponding search request. LdapUrl contains a URL reference to a server that can be used for continuing the search operation.

Every search operation results in a sequence of 0 or more SearchResult events and a sequence of 0 or more SearchResultReference events, which are followed by a SearchComplete event.

SSLServerAuthentication Event (IPWorks_LDAP Class)

Fired after the server presents its certificate to the client.

Object Oriented Interface

public function fireSSLServerAuthentication($param);

Procedural Interface

ipworks_ldap_register_callback($res, 14, array($this, 'fireSSLServerAuthentication'));

Parameter List

 'certencoded'
 'certsubject'
 'certissuer'
 'status'
 'accept'

Remarks

During this event, the client can decide whether or not to continue with the connection process. The Accept parameter is a recommendation on whether to continue or close the connection. This is just a suggestion: application software must use its own logic to determine whether or not to continue.

When Accept is False, Status shows why the verification failed (otherwise, Status contains the string OK). If it is decided to continue, you can override and accept the certificate by setting the Accept parameter to True.

SSLStatus Event (IPWorks_LDAP Class)

Fired when secure connection progress messages are available.

Object Oriented Interface

public function fireSSLStatus($param);

Procedural Interface

ipworks_ldap_register_callback($res, 15, array($this, 'fireSSLStatus'));

Parameter List

 'message'

Remarks

The event is fired for informational and logging purposes only. This event tracks the progress of the connection.

UserList Event (IPWorks_LDAP Class)

This event is fired once for each user entry returned.

Object Oriented Interface

public function fireUserList($param);

Procedural Interface

ipworks_ldap_register_callback($res, 16, array($this, 'fireUserList'));

Parameter List

 'name'
 'description'
 'lastlogon'
 'memberof'
 'dn'

Remarks

This event is fired once for each user entry returned when the ListGroupMembers method is called.

Config Settings (LDAP Class)

LDAP Config Settings

TCPClient Config Settings

SSL Config Settings

-----BEGIN CERTIFICATE-----
MIIEKzCCAxOgAwIBAgIRANTET4LIkxdH6P+CFIiHvTowDQYJKoZIhvcNAQELBQAw
... Intermediate Cert ...
eWHV5OW1K53o/atv59sOiW5K3crjFhsBOd5Q+cJJnU+SWinPKtANXMht+EDvYY2w
F0I1XhM+pKj7FjDr+XNj
-----END CERTIFICATE-----
\r \n
-----BEGIN CERTIFICATE-----
MIIEFjCCAv6gAwIBAgIQetu1SMxpnENAnnOz1P+PtTANBgkqhkiG9w0BAQUFADBp
... Root Cert ...
d8q23djXZbVYiIfE9ebr4g3152BlVCHZ2GyPdjhIuLeH21VbT/dyEHHA
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIEKzCCAxOgAwIBAgIRANTET4LIkxdH6P+CFIiHvTowDQYJKoZIhvcNAQELBQAw
... Intermediate Cert ...
eWHV5OW1K53o/atv59sOiW5K3crjFhsBOd5Q+cJJnU+SWinPKtANXMht+EDvYY2w
F0I1XhM+pKj7FjDr+XNj
-----END CERTIFICATE-----
\r \n
-----BEGIN CERTIFICATE-----
MIIEFjCCAv6gAwIBAgIQetu1SMxpnENAnnOz1P+PtTANBgkqhkiG9w0BAQUFADBp
... Root Cert ...
d8q23djXZbVYiIfE9ebr4g3152BlVCHZ2GyPdjhIuLeH21VbT/dyEHHA
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIEKzCCAxOgAwIBAgIRANTET4LIkxdH6P+CFIiHvTowDQYJKoZIhvcNAQELBQAw
... Intermediate Cert...
eWHV5OW1K53o/atv59sOiW5K3crjFhsBOd5Q+cJJnU+SWinPKtANXMht+EDvYY2w
F0I1XhM+pKj7FjDr+XNj
-----END CERTIFICATE-----
\r \n
-----BEGIN CERTIFICATE-----
MIIEFjCCAv6gAwIBAgIQetu1SMxpnENAnnOz1P+PtTANBgkqhkiG9w0BAQUFADBp
... Root Cert...
d8q23djXZbVYiIfE9ebr4g3152BlVCHZ2GyPdjhIuLeH21VbT/dyEHHA
-----END CERTIFICATE-----

Socket Config Settings

Base Config Settings

Trappable Errors (LDAP Class)

LDAP Errors

The class may also return one of the following error codes, which are inherited from other classes.

TCPClient Errors

SSL Errors

TCP/IP Errors