As pointed out in my previous article, using the CFLDAP tag
provided in ColdFusion we can add, modify, and delete entries as well as
attributes in a LDAP directory.
Adding an Entry
To add an entry to the LDAP directory, we need to specify
the entry's distinguished name. We also need to specify the entry's object
class along with all the required attributes and can also specify the optional
attributes.
Suppose that we have a form with inputs for providing the entry's
details that need to be added to the LDAP directory. When the form is
submitted, we can retrieve the form data and set the attributes list variable
for the entry from the form data as shown below.
Listing 1
<cfset attributelist="objectclass=the object class of the entry; ou=organizational
unit; uid=the id of the entry; cn=the full name for the entry; sn=the surname of
the entry; mail=entry’s email id;">
<cfldap action="add"
attributes="#attributeList#"
dn="the distinguished name for the entry"
server=LDAP sever name
username=username to access the server
password=password to access the server>
Updating an Entry
Using the CFLDAP tag, we can modify the values of the
attributes of an entry. For doing this, we need to specify the DN of the entry
in the DN attribute, list the attributes whose values we want to change along
with the new values of the attributes.
Suppose we want to modify the commonname, surname and email
of an entry. So we set the attributes list as below.
Listing 2
<cfset attributelist="cn=the full name for the entry; sn=the surname of the entry;
mail=entry’s email id;">
<cfldap action="modify"
modifytype="replace"
attributes="#attributeList#"
dn="the distinguished name for the entry"
server=LDAP sever name
username=username to access the server
password=password to access the server>
Deleting an Entry
For deleting an entry in a CFLDAP directory, we need to
specify only the DN of the entry.
Listing 3
<cfldap action="delete"
dn="the distinguished name for the entry"
server=LDAP sever name
username=username to access the server
password=password to access the server>
Adding attributes to an Entry
Using CFLDAP tag we can add multiple attributes in just one
statement by providing the attributes separated by semicolons in the attribute string.
The syntax for specifying that is:
Listing 4
Attributes="attribute name1=attribute value1;attribute name2=attribute value2"
It is also possible to modify the character used to separate
values of multivalued attributes in an attribute string and also the character
used to separate attributes when a string contains multiple attributes. Here
the modify type needs to be specified as "add."
Listing 5
<cfldap action="modify"
modifytype="add"
attributes="attributes list to modify"
dn="the distinguished name for the entry"
server=LDAP sever name
username=username to access the server
password=password to access the server>
Deleting attributes to an Entry
The same rule applies to deleting and for adding. The syntax
for providing multiple attributes are:
Listing 6
Attributes="attribute name1;attribute name2"
But it should be kept in mind that an attribute of an entry
can only be deleted if the attributes are specified as the optional attributes
for the entry's object class in the directory schema.
Listing 7
<cfldap action="modify"
modifytype="delete"
attributes="attributes list to modify"
dn="the distinguished name for the entry"
server=LDAP sever name
username=username to access the server
password=password to access the server>
Changing a directory entry's DN
For changing the DN of an entry, the syntax is:
Listing 8
<cfldap action="modifyDN"
modifytype="add"
attributes="dn=the new distinguished name for the entry"
dn="the original distinguished name for the entry"
server=LDAP sever name
username=username to access the server
password=password to access the server>
The new DN and the entry attributes must conform to the
directory schema, so it is not possible to move the entries arbitrarily in a
directory tree. Only a leaf can be modified.
Specifying an attribute containing commas or semicolons
It is possible for LDAP attributes to contain comma or a
semicolon. Usually comma is used to separate values of an attribute in a value
list and semicolon is used to separate attributes in an attribute list. For
overriding the default delimiter or separator characters, the
"delimiter" and "separator" attributes of CFLDAP can be
used.
For adding an attribute as specified below:
Listing 9
cn=NamePart1, NamePart2, and NamePart3
description=DescPart1; DescPart2
Use the CFLDAP tag in the following way:
Listing 10
<cfldap action="modify"
modifytype="add"
attributes="cn=NamePart1, NamePart2, and NamePart3: description=DescPart1; DescPart2"
dn="the distinguished name for the entry"
separator="&"
delimiter=":"
server=LDAP sever name
username=username to access the server
password=password to access the server>
Using the result of CFLDAP
It is possible to build a searchable Verity collection from
LDAP data. Also we can generate queries from other queries when cfldap queries
return complex data.