Advanced LDAP
page 2 of 6
by Debjani Mallick
Feedback
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 26694/ 54

Manipulating LDAP Directories

As pointed out in my previous article, using the CFLDAP tag provided in ColdFusion we can add, modify, and delete entries as well as attributes in a LDAP directory.

Adding an Entry

To add an entry to the LDAP directory, we need to specify the entry's distinguished name. We also need to specify the entry's object class along with all the required attributes and can also specify the optional attributes.

Suppose that we have a form with inputs for providing the entry's details that need to be added to the LDAP directory. When the form is submitted, we can retrieve the form data and set the attributes list variable for the entry from the form data as shown below.

Listing 1

<cfset attributelist="objectclass=the object class of the entry; ou=organizational 
unit; uid=the id of the entry; cn=the full name for the entry; sn=the surname of 
the entry; mail=entry’s email id;">
<cfldap action="add" 
attributes="#attributeList#" 
dn="the distinguished name for the entry" 
server=LDAP sever name
username=username to access the server 
password=password to access the server>

Updating an Entry

Using the CFLDAP tag, we can modify the values of the attributes of an entry. For doing this, we need to specify the DN of the entry in the DN attribute, list the attributes whose values we want to change along with the new values of the attributes.

Suppose we want to modify the commonname, surname and email of an entry. So we set the attributes list as below.

Listing 2

<cfset attributelist="cn=the full name for the entry; sn=the surname of the entry; 
mail=entry’s email id;">
<cfldap action="modify" 
modifytype="replace"
attributes="#attributeList#" 
dn="the distinguished name for the entry" 
server=LDAP sever name
username=username to access the server 
password=password to access the server>

Deleting an Entry

For deleting an entry in a CFLDAP directory, we need to specify only the DN of the entry.

Listing 3

<cfldap action="delete" 
dn="the distinguished name for the entry" 
server=LDAP sever name
username=username to access the server
password=password to access the server>

Adding attributes to an Entry

Using CFLDAP tag we can add multiple attributes in just one statement by providing the attributes separated by semicolons in the attribute string. The syntax for specifying that is:

Listing 4

Attributes="attribute name1=attribute value1;attribute name2=attribute value2"

It is also possible to modify the character used to separate values of multivalued attributes in an attribute string and also the character used to separate attributes when a string contains multiple attributes.  Here the modify type needs to be specified as "add."

Listing 5

<cfldap action="modify" 
modifytype="add"
attributes="attributes list to modify" 
dn="the distinguished name for the entry" 
server=LDAP sever name
username=username to access the server 
password=password to access the server>

Deleting attributes to an Entry

The same rule applies to deleting and for adding. The syntax for providing multiple attributes are:

Listing 6

Attributes="attribute name1;attribute name2"

But it should be kept in mind that an attribute of an entry can only be deleted if the attributes are specified as the optional attributes for the entry's object class in the directory schema.

Listing 7

<cfldap action="modify" 
modifytype="delete"
attributes="attributes list to modify" 
dn="the distinguished name for the entry" 
server=LDAP sever name
username=username to access the server 
password=password to access the server>

Changing a directory entry's DN

For changing the DN of an entry, the syntax is:

Listing 8

<cfldap action="modifyDN" 
modifytype="add"
attributes="dn=the new distinguished name for the entry" 
dn="the original distinguished name for the entry" 
server=LDAP sever name
username=username to access the server 
password=password to access the server>

The new DN and the entry attributes must conform to the directory schema, so it is not possible to move the entries arbitrarily in a directory tree. Only a leaf can be modified.

Specifying an attribute containing commas or semicolons

It is possible for LDAP attributes to contain comma or a semicolon. Usually comma is used to separate values of an attribute in a value list and semicolon is used to separate attributes in an attribute list. For overriding the default delimiter or separator characters, the "delimiter" and "separator" attributes of CFLDAP can be used.

For adding an attribute as specified below:

Listing 9

cn=NamePart1, NamePart2, and NamePart3
description=DescPart1; DescPart2

Use the CFLDAP tag in the following way:

Listing 10

<cfldap action="modify" 
modifytype="add" 
attributes="cn=NamePart1, NamePart2, and NamePart3: description=DescPart1; DescPart2" 
dn="the distinguished name for the entry"
separator="&"  
delimiter=":"
server=LDAP sever name
username=username to access the server 
password=password to access the server>

Using the result of CFLDAP

It is possible to build a searchable Verity collection from LDAP data. Also we can generate queries from other queries when cfldap queries return complex data.


View Entire Article

User Comments

Title: Nice article   
Name: Rahul
Date: 2008-12-06 12:02:24 PM
Comment:
Good simple article

Product Spotlight
Product Spotlight 





Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2024 ASPAlliance.com  |  Page Processed at 2024-02-22 3:54:25 PM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search