These are the built-in LDAP functions available to use within the pmpolicy file.
Name | Description |
---|---|
ldap_ bind | Bind an LDAP connection to the given credentials. |
ldap_count_entries | Count the number of entries returned by ldap_search. |
ldap_dn2ufn | Convert a DN to a user-friendly format. |
ldap_explode_dn | Return the elements of a DN. |
ldap_first_attribute | Obtain the first attribute in an LDAP entry. |
ldap_first_entry | Obtain the first entry returned by ldap_search. |
ldap_get_attributes | Return all attribute names in an LDAP entry. |
ldap_get_dn | Return the DN of an entry. |
ldap_get_values | Return a list of the values for an attribute. |
ldap_next_attribute | Return the next attribute in an LDAP entry. |
ldap_next_entry | Return the next entry returned by ldap_search. |
ldap_open | Open a connection to an LDAP server. |
ldap_search | Search the LDAP directory. |
Close the LDAP connection. |
int ldap_bind(integer ldapid, string userdn [, string password [, boolean trace]] )
ldap_ bind binds an LDAP connection to the specified credentials. The LDAP ID must be a valid LDAP connection ID returned by ldap_open. You can require an optional password.
If the optional trace parameter is set to true, any errors or warnings from the LDAP function are written to stdout.
If successful, it returns 0; otherwise it returns non-zero or an undefined variable.
rc=ldap_bind(ldapid, "cn=admin", "Secretpassword"); if ((!defined rc) || (rc != 0)) { reject "Bind to ldap directory failed"; }
int ldap_count_entries(int ldapid, ldapresult searchresult[, boolean trace] )
ldap_count_entries returns the number of LDAP entries found by a previous call to ldap_search.
If the optional trace parameter is set to true, any errors or warnings from the LDAP function are written to stdout.
# search for all Users at base level searchresults= ldap_search( ldapid, 'ou=Users,dn=ldap,dn=domain,dn=com', 'onelevel', '(objectClass=*)' ); if (ldap_count_entries(ldapid, searchresults) == 0) { reject "Found no users"; }
string ldap_dn2ufn(string dnstr[, boolean trace])
ldap_dn2ufn converts a DN formatted string to a more user friendly format returned as a string.
If the optional trace parameter is set to true, any errors and warnings from the LDAP function are written to stdout.
ufn=ldap_dn2ufn("uid=jsmith,ou=Users,dn=directory,dn=ourdomain,dn=com"); print(ufn); #prints the output: #jsmith, Users, directory, ourdomain, com
© 2025 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center