Syntax
string ldap_next_attribute(int ldapid, ldapentry entry[, boolean trace])
Description
ldap_next_attribute returns the next attribute name in the ldapentry returned by a previous call to ldap_first_entry or ldap_next_entry.
If the optional trace parameter is set to true, any errors or warnings from the LDAP function are written to stdout.
Example
str=ldap_first_attribute(ldapid, entry);
while (length(str) > 0) {
#process attribute
…
str=ldap_next_attribute(ldapid, entry);
}
Syntax
int ldap_next_entry(int ldapid, ldapentry entry[, boolean trace] )
Description
ldap_next_entry returns the next entry from the series of results returned by ldap_search, if present; otherwise it returns a NULL or empty entry.
If the optional trace parameter is set to true, any errors or warnings from the LDAP function are written to stdout.
Example
entry=ldap_first_entry(ldapid, searchresults);
while( entry) {
func_process_entry(entry);
entry=ldap_next_entry(ldapid, entry);
}
Syntax
ldapid ldap_open( string host [, int port [, boolean trace]] )
Description
ldap_open opens a connection to the LDAP server on the specified host (identified by hostname or IP address) and port number. The default port number is 389. Use the returned LDAP connection ID as the first parameter to the other LDAP functions.
If the optional trace parameter is set to true, any errors or warnings from the LDAP function are written to stdout.
If successful, it returns a valid LDAP connection ID; otherwise it returns an undefined variable.
The ldap_open library function has been deprecated in the open LDAP libraries. If supported by the installed LDAP library, the ldap_open policy function calls ldap_initialize in preference to ldap_open. However, ldap_initialize does not open the connection - the connection is opened by the first operation attempted, so ldap_initialize will succeed even if given an invalid host name. The ldap_open policy function displays the loaded LDAP library path if a value of 1 is passed as the trace parameter to ldap_open. This makes it easier to determine which LDAP library is used.
Example
ldap = ldap_open( 'ldap.host' );
if( !defined ldap ){
reject "Connection to LDAP server failed" ;
}
Syntax
ldapresult ldap_search(int ldapid, string basedn, string scope, string filter [, list attrList [, int attrOnly[, boolean trace]]] )
Description
ldap_search performs a search in the LDAP directory starting at the location identified by basedn. The ldapid is a valid connection ID returned by ldap_open.
The optional attrList parameter is the list of attributes to return in the results. This defaults to an empty list. The filter contains the LDAP search string, in the format described in RFC 4526.
The optional attrOnly parameter is a true or false value. When true, the results contain only the attribute; when false the results return attributes and values. Default setting is true.
Possible search scope:
-
"base" - returns only the entry specified at the DN specified by basedn.
-
"onelevel" - returns all matching entries from the next level down the directory.
-
"subtree" - returns all matching entries below the basedn in the tree.
If the optional trace parameter is set to true, any errors or warnings from the LDAP function are written to stdout.
Returns a special type ldapresult containing the results of the search in a format that you can pass to the ldap_first_entry and ldap_next_entry functions.
Example
#search for all Users at base level
searchresults= ldap_search( ldapid, "ou=Users,dn=ldap,dn=domain,dn=com",
'onelevel', '(objectClass=*)' );
if (ldap_count_results(ldapid, searchresults) == 0)
{
reject "Found no users";
}