InterSystems IRIS Data Platform 2020.4 > Class Reference > ENSLIB namespace > EnsLib.LDAP.Adapter.Common

EnsLib.LDAP.Adapter.Common

class EnsLib.LDAP.Adapter.Common extends Ens.Adapter

Ensemble base class for LDAP Adapter EnsLib.LDAP.Adapter.Outbound

Property Inventory

Method Inventory

Properties

property %CurrentCredentialsObject as Ens.Config.Credentials [ InitialExpression = $$$NULLOREF ];
Holds pointer to current credentials object used for bind calls.
Property methods: %CurrentCredentialsObjectGet(), %CurrentCredentialsObjectGetObject(), %CurrentCredentialsObjectGetObjectId(), %CurrentCredentialsObjectGetSwizzled(), %CurrentCredentialsObjectIsValid(), %CurrentCredentialsObjectNewObject(), %CurrentCredentialsObjectSet(), %CurrentCredentialsObjectSetObject(), %CurrentCredentialsObjectSetObjectId(), %CurrentCredentialsObjectUnSwizzle()
property %LDAPSession as EnsLib.LDAP.Client.Session;
This holds the LDAP Client session object.
This object is the entry point to the primary LDAP methods offered by %SYS.LDAP
Property methods: %LDAPSessionGet(), %LDAPSessionGetSwizzled(), %LDAPSessionIsValid(), %LDAPSessionNewObject(), %LDAPSessionSet()
property %SASLServerCredentials [ MultiDimensional ];
Multidimensional property to hold Server Credentials from SASLBinds call
Property methods: %SASLServerCredentialsDisplayToLogical(), %SASLServerCredentialsGet(), %SASLServerCredentialsIsValid(), %SASLServerCredentialsLogicalToDisplay(), %SASLServerCredentialsLogicalToOdbc(), %SASLServerCredentialsNormalize(), %SASLServerCredentialsSet()
property Authenticated as %Boolean [ InitialExpression = 0 , Transient ];
True if currently Authenticated to the LDAP server using binds
Property methods: AuthenticatedDisplayToLogical(), AuthenticatedGet(), AuthenticatedIsValid(), AuthenticatedLogicalToDisplay(), AuthenticatedNormalize(), AuthenticatedSet()
property BaseDN as %String (MAXLEN = 1000);
Distinguished Name to use a a base for operations on the directory such as searches, updates and deletes.
Property methods: BaseDNDisplayToLogical(), BaseDNGet(), BaseDNIsValid(), BaseDNLogicalToDisplay(), BaseDNLogicalToOdbc(), BaseDNNormalize(), BaseDNSet()
property Connected as %Boolean [ InitialExpression = 0 , Transient ];
True if currently connected to LDAP server
Property methods: ConnectedDisplayToLogical(), ConnectedGet(), ConnectedIsValid(), ConnectedLogicalToDisplay(), ConnectedNormalize(), ConnectedSet()
property Credentials as %String;
This is the ID name of the set of credentials values to be used to access the LDAP server.

The Username defined in your Credentials item may be either a fully qualified username, e.g. 'CUser@subdomain.mydomain.com', or an LDAP RDN (Relatively Distinguished Name) path to the user identity in the LDAP directory, e.g. 'CN=Carl User,OU=Users,OU=My Division,DC=subdomain,DC=mydomain,DC=com'

Property methods: CredentialsDisplayToLogical(), CredentialsGet(), CredentialsIsValid(), CredentialsLogicalToDisplay(), CredentialsLogicalToOdbc(), CredentialsNormalize(), CredentialsSet(), CredentialsUsernameIsDNDisplayToLogical(), CredentialsUsernameIsDNGet(), CredentialsUsernameIsDNIsValid(), CredentialsUsernameIsDNLogicalToDisplay(), CredentialsUsernameIsDNNormalize(), CredentialsUsernameIsDNSet()
property CredentialsUsernameIsDN as %Boolean [ InitialExpression = 1 ];
If the Username in the Credentials object is a Windows domain\username then set this to false
The default is true which indicates the Username in the Credentials object is the Distinguished Name of the user.
Property methods: CredentialsUsernameIsDNDisplayToLogical(), CredentialsUsernameIsDNGet(), CredentialsUsernameIsDNIsValid(), CredentialsUsernameIsDNLogicalToDisplay(), CredentialsUsernameIsDNNormalize(), CredentialsUsernameIsDNSet()
property LDAPCACertFile as %String (MAXLEN = 1000);
For a windows client, the certificate file should be loaded into the windows certificate registry. For a unix client, we need to specify where the file in PEM-format is.
Property methods: LDAPCACertFileDisplayToLogical(), LDAPCACertFileGet(), LDAPCACertFileIsValid(), LDAPCACertFileLogicalToDisplay(), LDAPCACertFileLogicalToOdbc(), LDAPCACertFileNormalize(), LDAPCACertFileSet()
property LDAPPort as %Integer [ InitialExpression = 389 ];
LDAP non SSL Port
Property methods: LDAPPortDisplayToLogical(), LDAPPortGet(), LDAPPortIsValid(), LDAPPortLogicalToDisplay(), LDAPPortNormalize(), LDAPPortSet()
property LDAPSSLPort as %Integer [ InitialExpression = 636 ];
LDAP SSL Port. Used if Windows client connecting to OpenLDAP
Property methods: LDAPSSLPortDisplayToLogical(), LDAPSSLPortGet(), LDAPSSLPortIsValid(), LDAPSSLPortLogicalToDisplay(), LDAPSSLPortNormalize(), LDAPSSLPortSet()
property LDAPServer as %String [ InitialExpression = "127.0.0.1" ];
Address of LDAP Server
Property methods: LDAPServerDisplayToLogical(), LDAPServerGet(), LDAPServerIsValid(), LDAPServerLogicalToDisplay(), LDAPServerLogicalToOdbc(), LDAPServerNormalize(), LDAPServerSet()
property SASLPrivateKeyFile as %String (MAXLEN = 1000);
For SASL Authentication the Private Key File location when Unix or VMS Server
Property methods: SASLPrivateKeyFileDisplayToLogical(), SASLPrivateKeyFileGet(), SASLPrivateKeyFileIsValid(), SASLPrivateKeyFileLogicalToDisplay(), SASLPrivateKeyFileLogicalToOdbc(), SASLPrivateKeyFileNormalize(), SASLPrivateKeyFileSet()
property SASLPublicKeyFile as %String (MAXLEN = 1000);
For SASL Authentication the Public Key File location when Unix or VMS Server
Property methods: SASLPublicKeyFileDisplayToLogical(), SASLPublicKeyFileGet(), SASLPublicKeyFileIsValid(), SASLPublicKeyFileLogicalToDisplay(), SASLPublicKeyFileLogicalToOdbc(), SASLPublicKeyFileNormalize(), SASLPublicKeyFileSet()
property SearchSizeLimit as %Numeric (MINVAL = 0) [ InitialExpression = 250 ];
A limit on the number of entries to return from the search. A value of zero means no limit. If you set this to some value, and the number of results returned by the search is more than this, then the search may return a size limit exceeded error. Note that the number of entries able to be returned is also controlled by a parameter on the LDAP server. If the search returns more than this limit, then a size limit exceeded error will also be returned.
Property methods: SearchSizeLimitDisplayToLogical(), SearchSizeLimitGet(), SearchSizeLimitIsValid(), SearchSizeLimitLogicalToDisplay(), SearchSizeLimitNormalize(), SearchSizeLimitSet()
property SearchTimeout as %Numeric (MINVAL = 0) [ InitialExpression = 5 ];
Number of seconds to wait on each Search attempt
Property methods: SearchTimeoutDisplayToLogical(), SearchTimeoutGet(), SearchTimeoutIsValid(), SearchTimeoutLogicalToDisplay(), SearchTimeoutNormalize(), SearchTimeoutSet()
property ThoughtToBeConnected as %Boolean [ InitialExpression = 0 , Transient ];
This is used to identify if a connection was reset
For example the LDAP Server was restarted in between requests or an idle connection was closed.
Its value is determined in HaveConnected().
It is used in methods Search(),SearchWithPages(), AddLDAPEntry(),DeleteLDAPEntry(),RenameLDAPEntry(), CompareLDAPEntryAttributeValue() to check for a stale connection and allow for a silent reconnect.
Property methods: ThoughtToBeConnectedDisplayToLogical(), ThoughtToBeConnectedGet(), ThoughtToBeConnectedIsValid(), ThoughtToBeConnectedLogicalToDisplay(), ThoughtToBeConnectedNormalize(), ThoughtToBeConnectedSet()
property UseSASLAuthentication as %Boolean [ InitialExpression = 0 ];
Use External SASL Authentication. This will ensure start TLS is also used
Property methods: UseSASLAuthenticationDisplayToLogical(), UseSASLAuthenticationGet(), UseSASLAuthenticationIsValid(), UseSASLAuthenticationLogicalToDisplay(), UseSASLAuthenticationNormalize(), UseSASLAuthenticationSet()
property UseSSL as %Boolean [ InitialExpression = 0 ];
Set to true to use SSL/TLS connection Make sure you have a valid certificate file loaded to make this work. When using/testing for the first time in your own environment, it is best to set this parameter to 0 so that any connection issues can be differentiated from SSL/certificate issues.
Property methods: UseSSLDisplayToLogical(), UseSSLGet(), UseSSLIsValid(), UseSSLLogicalToDisplay(), UseSSLNormalize(), UseSSLSet()
property WindowsActiveDirectoryServer as %Boolean [ InitialExpression = 0 ];
Enable this by setting to true if the LDAP Server is a Windows Active Directory LDAP Server
The default is false.
Property methods: WindowsActiveDirectoryServerDisplayToLogical(), WindowsActiveDirectoryServerGet(), WindowsActiveDirectoryServerIsValid(), WindowsActiveDirectoryServerLogicalToDisplay(), WindowsActiveDirectoryServerNormalize(), WindowsActiveDirectoryServerSet()

Methods

method AddLDAPEntry(pDN As %String = "", pAttributeChanges As %List) as %Status [ Language = objectscript ]
Adds a new entry to an LDAP Server after connection test.

See AddNewEntryParmArray() and AddNewEntry() which will generate the correct $LIST formats and then call this method.


Comments concerning this method's parameters are taken from %SYS.LDAP method AddExts.
Add an entry to the LDAP directory tree.

Parameters:

pDN - String that contains the distinguished name of the entry to add.

pAttributeChanges - $list formatted with attributes to add to the new entry.
Each element in the list is a separate attribute to be added to the new entry.
Attribute=$lb(op,type,vals)
op - For create, set to 0. However, if the vals parameter is to be treated as binary, then pass in 128 for this parameter.
type - Name of the attribute. Example="Telephone".
vals - $list of the values to assign to the attribute. If this is a single entry attribute, then $lb(Value), Example=$lb("617-621-0600"). If a multi-value entry, then $lb(Value1,Value2,...,Valuen). If the data is to be treated as binary (e.g. jpeg file), then make sure that 128 is passed for the op.

ServerControls - Ignored, pass as "".

ClientControls - Ignored, pass as "".

Return Values:

If the function succeeds, $$$LDAPSUCCESS is returned.
If the function fails, an error code is returned.

Examples:

s Attr1=$lb(0,"displayName",$lb(Jim Nilson))
s Attr2=$lb(0,"telephoneNumber",$lb("617-621-0600")
s Attr3=$lb(0,"objectClass",$lb("top","person","organizationalPerson","user")
s Attr4=$lb(128,"Picture",$lb(Jpegbitstring))
s Attributes=$lb(Attr1,Attr2,Attr3,Attr4)
; Note the special character identifier "\" which is needed before the "," in the name
s DN="CN=Nilson\, Jim,OU=Users,OU=England,DC=iscinternal,DC=com"
method AddNewEntry(pObjectClass As %String = "", pRDN As %String = "", pBase As %String = ..BaseDN, pAttributes...) as %Status [ Language = objectscript ]
Add a new entry to the LDAP server. This method will generated the correct list structures before it calls AddLDAPEntry()

To specify binary attributes use AddNewEntryParmArray()

pObjectClass - The LDAP objectclass of the item to be added (example: "person")
pRDN - The LDAP Relative Distinguished Name of the item to be added
example: "John Smith" or "cn=John Smith or ""ou=people". If no naming attribute is given cn will be used.
pBase - The LDAP DN (distinguished name) for the part of the LDAP tree that the new item will be created under. If not specified then the value of BaseDN is used.
Note: this part of the tree must already exist on the LDAP server
pAttributes - One or more strings defining attribute values for the item being added.
  Set tSC=..Adapter.AddNewEntry("person","John Smith","ou=people,dc=example,dc=com","sn=Smith","office=103B","mail=john.smith@example.org")
   /*
   This will add a new person object with a DN of:
    cn=John Smith,ou=people,dc=example,dc=com
  
   And the following attributes:
    SN (surname): Smith
    Office: 103B
    Mail: john.smith@example.org
   */
  
method AddNewEntryParmArray(pObjectClass As %String = "", pRDN As %String = "", pBase As %String = ..BaseDN, ByRef pAttributesArray=0) as %Status [ Language = objectscript ]
Add a new entry to the LDAP server. This method will generated the correct list structures before it calls AddLDAPEntry()

Same parameters as AddNewEntry() except last parameter is an array of attributes
pAttributesArray is a numbered array where the values are "attributeName=value".
pAttributesArray top node is set to the number in the array.
pObjectClass is an optional list comma list of Object Classes
To indicate if an Attribute is Binary set the subscript "IsBinary" to 1 e.g pAttributesArray(AttributeNumber,"IsBinary")=1
  Set pAttributesArray=4
  Set pAttributesArray(1)="sn=Smith"
  Set pAttributesArray(2)="office=103B"
  Set pAttributesArray(3)="mail=john.smith@example.org"
  Set pAttributesArray(4)="jpegPhoto="_tBinaryData
  Set pAttributesArray(4,"IsBinary") = 1
  Set tSC=..Adapter.AddNewEntryParmArray("person","John Smith","ou=people,dc=example,dc=com",.pAttributesArray)
   /*
   This will add a new person object with a DN of:
    cn=John Smith,ou=people,dc=example,dc=com
  
   And the following attributes:
    SN (surname): Smith
    Office: 103B
    Mail: john.smith@example.org
    jpegPhoto: binary data of tBinaryData
   */
  
method Authenticate(pBindAsUser As Ens.Config.Credentials = $$$NULLOREF) as %Status [ Language = objectscript ]
Authenticate via Binds/SimpleBinds/SASLBinds.
If we pass in a pBindAsUser Ens.Config.Credentials object then bind as that if different from current bind user.
If pBaindAsUser is an empty instantiated Ens.Config.Credentials object (Username and Password are blank) then we bind as anonymous.
We do not allow empty password and non empty Username as this can lead to misleading anonymous successful bind.
This method uses WindowsActiveDirectoryServer and CredentialsUsernameIsDN
method Binds(pBindAsUser As Ens.Config.Credentials = $$$NULLOREF) as %Status [ Language = objectscript ]
Binds to the LDAP Server using either passed in pBindAsUser or current ..%CredentialsObj
We do not allow empty password and non empty Username as this can lead to misleading anonymous successful bind
method CompareCurrentLDAPEntryAttributeValue(pAttribute As %String, pData As %String, Output pComparison As %Boolean, pConvertBinaryData As %Boolean = 0) as %Status [ Language = objectscript ]
Compares the value of Attribute with name pAttribute on the server with the value provided in pData
pAttribute is the name of the attribute.
pConvertBinaryData is a boolean to indicate if the value is binary
method CompareLDAPEntryAttributeValue(pCN As %String, pBase As %String = ..BaseDN, pAttribute As %String, pData As %String, Output pComparison As %Boolean, pConvertBinaryData As %Boolean = 0) as %Status [ Language = objectscript ]
Compares the value of Attribute with name pAttribute on the server for a Distinguish name pCN with the value provided in pData
pConvertBinaryData is a boolean to indicate if the value is binary
method Connect(pAuthenticate As %Boolean = 1, pBindAsUser As Ens.Config.Credentials = $$$NULLOREF) as %Status [ Language = objectscript ]
Connects to the LDAP Server by calling InitializeConnection and call Authenticate.
If already Connected and need to change binding call Authenticate directly.
Connection and Authentication can be managed using HaveConnected()
method ConnectedSet(pValue As %Boolean) as %Status [ Language = objectscript ]
method ConnectionIsValid() as %Boolean [ Language = objectscript ]
Used to test if really connected.
Rather than try a 'ping' call each time we are using the ThoughtToBeConnected property.
method CountResults(Output pTotal As %Integer) as %Status [ Language = objectscript ]
Method to call ldapCountEntries for current Results
method CreateResultsArray(Output pResultsArray As %String, pBinaryAttributes As %String = "") as %Status [ Language = objectscript ]
Create an array of data from the current %Results or %Page handle.
pBinaryAttributes is an optional comma separated list of Attribute names that require binary retrieval
Format of the pResultsArray is:
pResultsArray = Number of Results
pResultsArray(Result Number)=Distinguished Name
pResultsArray(Result Number ,Attribute Name)=Number of attribute values
pResultsArray(Result Number ,Attribute Name,Attribute Number)=Value
If an error then pResultsArray will be a StatusArray
method CreateStatusArray(pStatus As %Status, Output pStatusArray As %String) [ Language = objectscript ]
/ Return an array with information on last call and store the passed in pStatus as the "InternalStatus" subscript
The subscripts are: LastStatusText, LastStatusCode, LastStatusCategory, LastCall, InternalErrorStatus
method DeleteCurrentLDAPEntry() as %Status [ Language = objectscript ]
Delete current LDAP Entry
method DeleteLDAPEntry(pDN As %String = "") as %Status [ Language = objectscript ]
Delete an Entry on an LDAP server with Distinguished name of pDN after connection test.
method Disconnect() as %Status [ Language = objectscript ]
Disconnect from the LDAP Server and clean up.
method FirstEntryDN() as %Status [ Language = objectscript ]
Gets the first entry and populate %CurrentDN of the result. If status returns is OK and %CurrentDN is empty then no results.
method GetValues(pAttributeName As %String, Output pAttributeValues As %List, pAttributeIsBinary As %Boolean = 0) as %Status [ Language = objectscript ]
Return values for specified pAttributeName.
By specifying pAttributeIsBinary as false (the default) a string ldapGetValues will be called
By specifying pAttributeIsBinary as true a binary ldapGetValuesLen will be called
The default is not binary
method HaveConnected(Output pStatus As %Status, pAuthenticate As %Boolean = 1, pBindAsUser As Ens.Config.Credentials = ..%CurrentCredentialsObject) as %Boolean [ Language = objectscript ]
Returns true if Connected and Authentication status is same as requested.
On entry this method will try to connect if not connected using the requested authentication
If connected it attempts to change the authentication of the connection to that requested if different from current authentication.
It is intended to be called by LDAP operation methods that require connection and are the first (or only) method in a series of related LDAP operation calls
method InitializeConnection() as %Status [ Language = objectscript ]
Inits the connection if not already connected Starts TLS if UseSSL is true or UseSASLAuthentication is true.
Called from within Connect()
method ModifyCurrent(pAttributes...) as %Status [ Language = objectscript ]
Similar to ModifyEntry except the modification is made to current DN object
method ModifyCurrentParmArray(ByRef pAttributesArray=0) as %Status [ Language = objectscript ]
Similar to ModifyEntryParmArray except the modification is made to current DN object
method ModifyEntry(pRDN As %String = "", pBase As %String = ..BaseDN, pAttributes...) as %Status [ Language = objectscript ]
Add non binary Attributes to an existing entry. This method will generated the correct list structures before it calls ModifyLDAPEntry() To Add binary as well as non binary or to Delete or Replace attributes use ModifyEntryParmArray() ()

Parameters are:
pObjectClass - The LDAP objectclass of the item to be added (example: "person")
pRDN - The LDAP Relative Distinguished Name of the item to be added
example: "John Smith" or "cn=John Smith or ""ou=people". If no naming attribute is given cn will be used.
pBase - The LDAP DN (distinguished name) for the part of the LDAP tree that the new item will be created under. If not specified then the value of BaseDN is used.
Note: this part of the tree must already exist on the LDAP server
pRDN can also be a DN and pBase specified as ""
pAttributes - One or more strings defining attribute values for the item being modified.
  Set tSC=..Adapter.ModifyEntry("person","John Smith","ou=people,dc=example,dc=com","mail=john.smith@example.org")
   /*
   This will add to a DN of:
    cn=John Smith,ou=people,dc=example,dc=com
  
   attribute
    Mail: john.smith@example.org
   */
  
method ModifyEntryParmArray(pRDN As %String = "", pBase As %String = ..BaseDN, ByRef pAttributesArray=0) as %Status [ Language = objectscript ]
Add, Delete, Replace Attributes from a specified DN and also specify if an attribute value is Binary. .This method will generated the correct list structures before it calls ModifyLDAPEntry() Same parameters as ModifyEntry() except last parameter (pAttributesArray) is a numbered array with values using "attribute name=attribute value". Top level pAttributesArray is set to the number in the array.
Second level subscripts of pAttributesArray can be "Delete","Replace" or "IsBinary" the pObjectClass is a comma list of Object Classes Using this method to indicate if the Attribute is Binary by setting pAttributesArray(AttributeNumber,"IsBinary")=1
The default is to Add non binary.
  /*
  		pAttributesArray=3
  		pAttributesArray(1)="mail=john.smith@example.org"
  		pAttributesArray(2)=""office=1C"
  		pAttributesArray(2,"Replace")=1
  		pAttributesArray(3)="jpegPhoto="_tBinaryData
  		pAttributesArray(3,"IsBinary") = 1
  */
  
method ModifyLDAPEntry(pDN As %String = "", pAttributeChanges As %List) as %Status [ Language = objectscript ]
Modify LDAP Entry with distinguished name of pDN after connection test.

See ModifyEntryParmArray() and ModifyEntry() which will generate the correct $LIST formats and then call this method.


Comments concerning this method's parameters are taken from %SYS.LDAP method ModifyExts.
pAttributesChanges is a$list formatted with attributes to modify in the new entry.

Each element in the list is a separate attribute to be modified in the new entry.
Attribute=$lb(op,type,vals)
op - Operation to be performed as follows:
0 - Add - The given values are added to the entry, creating the attribute if necessary.
1 - Delete - The given values are deleted from the entry, removing the attribute if no values remain. If the entire attribute is to be deleted, the mod_values field should be set to NULL ($lb("")).
2 - Replace - The attribute will have the listed values after the modification, having been created if necessary. If set to null, then the attribute is deleted.
128 - This value should be combined (ORed) with the Add/Delete/Replace value if the data to be inserted is Binary (e.g. jpeg file.)
type - Name of the attribute. Example="Telephone".
vals - $list of the values to assign to the attribute. If this is a single entry attribute, then $lb(Value), Example=$lb("617-621-0600"). If a multi-value entry, then $lb(Value1,Value2,...,Valuen).

ServerControls - Ignored, pass as "".

ClientControls - Ignored, pass as "".

Return Values:

If the function succeeds, $$$LDAPSUCCESS is returned.
If the function fails, an error code is returned.

Examples:

s Attr1=$lb(0,"displayName",$lb(Jim Nilson))
s Attr2=$lb(0,"telephoneNumber",$lb("617-621-0600")
; Replace the Objectclass attribute
s Attr3=$lb(2,"objectClass",$lb("top","person","organizationalPerson","user")
;Replace Binary value for a jpeg photo
s Attr4=$lb(130,"Photo",$lb(jpegphoto))
; Delete Address2 attribute
a Attr5=$lb(1,"Address2","")
s Attributes=$lb(Attr1,Attr2,Attr3,Attr4,Attr5)
s DN="CN=Nilson\, Jim,OU=Users,OU=England,DC=iscinternal,DC=com"
Note:
Changing a password on a Windows Active Directory LDAP server.
The user must first be created before the password change can take place, and the password change must take place over an encrypted channel. The password is contained in the unicodePwd attribute, and must be formatted in a specific way. When initially creating the user, the unicodePwd attribute must not be specified, or the creation of the user will fail.
To format the password, a leading and trailing double quote must be added to it. Then it must be converted to unicode. Then when passed into the modify function, it must be passed in as a binary value, with the "Replace" operation. It must be the only operation contained in the modify call; No other attribute can be changed at the same time.

s password="NewPassword"
s ChangePassword=$zcvt(""""_password_"""","o","UnicodeLittle")
s Attr1=$lb(130,"unicodePwd",$lb(ChangePassword))
s Attributes=$lb(Attr1)
Note: In order to change a password, the user must have binded to the LDAP server with an account which has administrator privilege on the system. The password which is set must also pass any length or pattern requirements imposed by the security system on the LDAP server.

Changing your own password on a Windows Active Directory LDAP server is similar to above, except that you need to bind to the LDAP server using your own username, and must also pass in the old password with the delete attribute. These must also be the only two attributes passed in the modify method.

s oldpassword="OldPassword"
s password="NewPassword"
s ChangeOldPassword=$zcvt(""""_oldpassword_"""","o","UnicodeLittle")
s ChangeNewPassword=$zcvt(""""_password_"""","o","UnicodeLittle")
s Attr1=$lb(128,"unicodePwd",$lb(ChangeOldPassword))
s Attr2=$lb(129,"unicodePwd",$lb(ChangePassword))
s Attributes=$lb(Attr1,Attr2)
method NextEntryDN() as %Status [ Language = objectscript ]
Gets the Next entry and populate DN of the result. If status returns is OK and DN is empty then no more.
method OnInit() as %Status [ Language = objectscript ]
Inherited description: This user callback method is called just after %OnNew()
method OnTearDown() as %Status [ Language = objectscript ]
Ensure Disconnect
method RenameCurrentLDAPEntry(pNewRDN As %String, pNewParent As %String = "", pDeleteOld As %Boolean = 1, pEscapeNew As %Boolean = 1) as %Status [ Language = objectscript ]
Rename current entry using a Relative new entry value (pNewRDN)
pNewParent is an optional new parent to move the item to
pDeleteOld indicates if the entry that is being renamed or moved is to be deleted
pEscapeNew will Escape non empty values of pNewRDN and pNewParent. The default is True.
method RenameLDAPEntry(pRDN As %String, pNewRDN As %String = "", pNewParent As %String = "", pDeleteOld As %Boolean = 1, pBase As %String = ..BaseDN, pEscapeNew As %Boolean = 1) as %Status [ Language = objectscript ]
Rename or move an entry using a new relative distinguished name or a new parent.
Specify new parent if not using relative to existing.
pRDN is the relative distinguished name or the distinguished name to rename/move
pNewRDN is the new relative distinguished name.
pNewParent is an optional new parent to move the item to
pDeleteOld indicates if the entry that is being renamed or moved is to be deleted
pBase is the base to apply to pRDN. If not specified it defaults to the setting BaseDN
pEscapeNew will Escape non empty values of pNewRDN and pNewParent. The default is True.
method SASLBinds(pSASLPublicKeyFile As %String = ..SASLPublicKeyFile, pSASLPrivateKeyFile As %String = ..SASLPrivateKeyFile) as %Status [ Language = objectscript ]
SASLBinds to the LDAP Server.
Searches LDAP Server after connection test.
Call CreateResultsArray() to retrieve results.

Output pCountOfEntries - result of ldapCountEntries after search if pCountResults is true
pScope: 0=search base, 1=search one level, 2=search subtree. The default is sub tree
pFilter: the search criteria (see RFC2254).
pAttrs: list of attributes to return per found entry.
pAttributesOnly default is no
pSearchTimeout default to SearchTimeout
pMaxItems default to SearchSizeLimit
pBase default is the BaseDN
pCountResults Default is true
pAuthenticate - if true (default) use Credentials else use anonymous
method SearchWithPages(pScope As %Integer = $$$LDAPSCOPESUBTREE, pFilter As %String = "", pAttrs As %List = "", pAttributesOnly As %Boolean = 0, pSearchTimeout As %Integer = ..SearchTimeout, pPageSize As %Integer = 100, pBase As %String = ..BaseDN, pAuthenticate As %Boolean = 1) as %Status [ Language = objectscript ]
SearchWithPages only valid on a Windows instance
Call CreateResultsArray() to retrieve results.

Method to call ldapSearchInitPage after checking connected and cleans outstanding page search if there is one
pScope: 0=search base, 1=search one level, 2=search subtree. The default is sub tree
pFilter: the search criteria (see RFC2254).
pAttrs: list of attributes to return per found entry.
pAttributesOnly default is no
pSearchTimeout default to SearchTimeout
pPageSize - if specified a paged search will be initiated if supported by the platform (Windows only)
pBase default is the BaseDN
pCountResults Default is true
pAuthenticate - if true (default) use Credentials else use anonymous
method SessionHandleIsValid() as %Boolean [ Language = objectscript ]
method SimpleBinds(pBindAsUser As Ens.Config.Credentials = $$$NULLOREF) as %Status [ Language = objectscript ]
SimpleBinds to the LDAP Server using either passed in pBindAsUser or current ..%CredentialsObj We do not allow empty password and non empty Username as this can lead to misleading anonymous successful bind.

Inherited Members

Inherited Properties

Inherited Methods

Subclasses

Feedback