docs.roxen.comView this page in a printer friendly mode
DocsRoxenWebServer 6.1Web Developer ManualDatabase Tags
Copyright  2018, Roxen Internet Software
Suggestions, comments & compliments
manuals@roxen.com
 DEMO  DOCS  PIKE
 COMMUNITY  DOWNLOAD
www.roxen.com



<ldap>
<sqlquery>
<sqltable>

<ldap/>

Provided by module: Tags: LDAP tags

Executes an LDAP operation that change the contents of the directory.

Add (adds an object):
<ldap server="ldap://ldap.foo.com/" op="add" binddn="cn=admin,dc=foo,dc=com" dn="cn=user,dc=foo,dc=edu" attr="(cn:'user')(sn:'surname')(objectClass:'req'd objectClass')" password="<password>" />

Delete (deletes an object):
<ldap server="ldap://ldap.foo.com/" op="delete" binddn="cn=admin,dc=foo,dc=com" dn="cn=user,dc=foo,dc=com" password="<password>" />

Replace (replaces a value of an attribute):
<ldap server="ldap://ldap.foo.com/" op="replace" binddn="cn=admin,dc=foo,dc=com" dn="cn=user,dc=foo,dc=com" attr="(sn:'new value')" password="<password>" />

Modify (adds a second value to an existing attribute):
<ldap server="ldap://ldap.foo.com/" op="modify" binddn="cn=admin,dc=foo,dc=com" dn="cn=user,dc=foo,dc=com" attr="(sn:'additional value')" password="<password>" />


Attributes

server="URL"(Server URL)

Connection LDAP URL. If omitted the "Default server URL" in the module configuration will be used.

URLs are written on the format: ldap[s]://hostname[:port]/base_DN[?[attribute_list][?[scope][?[filter][?extensions]]]]. For details, see RFC 2255.


min-tls="tls version"

Minimum version of TLS/SSL to support for LDAPS connections.


max-tls="tls version"

Maximum version of TLS/SSL to support for LDAPS connections.

Note: Some TLS 1.2 implementations (notably SCHANNEL) abort connections when their certificates don't match the set of signature algorithms provided by the client. In that case specifying TLS 1.1 or earlier with this attribute may resolve the problem.


binddn="distinguished name"

Applicable only if the "server" attribute is used. This is the bind DN for authentication in the directory server. If the LDAP URL contains a "bindname" extension, that one takes precedence.


password="password"

Applicable only if the "server" attribute is used. Password for authentication in the directory server. If omitted the empty string will be used.


dn="distinguished name"

Distinguished name of the object to operate on.


op="{add, delete, modify, replace}"

The actual LDAP operation:

add

Add a new object. The "attr" argument specifies the attributes for the new object. The "add-attr" argument also works for this.

delete

Delete an object.

modify

Modify an existing object. The "add-attr", "replace-attr", and "delete-attr" arguments specifies the attribute values to add, replace, and delete, respectively. The same attribute name may not occur in both "add-attr" and "delete-attr".

For compatibility, the "attr" argument is the same as "add-attr".

replace

This operation exists for compatibility only. It's the same as "modify" except that the "attr" argument is an alias for "replace-attr" instead.


attr="(attr:[val[,...]])[(attr:...)...]"

Specifies the attributes for the new object in the "add" operation.

The format consists of a series of parentheses on the form "(attr:values)" where attr is the attribute name and values a comma separated list of zero or more values to give it. Whitespace which is ignored may occur around the parentheses, the colon and the commas. Superfluous commas and empty parenthesis pairs are ignored.

Each value in the values list is either a string literal surrounded by double quotes (") or the name of an RXML variable (without the "&" and ";" around it). JavaScript-like quoting is used inside string literals, e.g. a " is written as \" and a \ is written as \\.

If an RXML variable has multiple values, i.e. is an array, then all its values are added one by one to the set of values for the attribute. (RXML variables with multiple values commonly occur in the form scope when the browser sends multiple values for the same form variable.)

For compatibility, string literals may also be surrounded by single quotes ('), but in that case there's no quoting mechanism, so a single quote cannot be written inside.

The same attribute name may occur in several parentheses. All the values from all the parentheses are simply joined in that case.

An example:
(sn: "Zappa") (givenName: form.givenName) (mail: "hello@nowhere.org", "athell@pandemonium.com")


add-attr="(attr:[val[,...]])[(attr:...)...]"

Specifies the attribute values to add to the object in a "modify" or "add" operation. These attribute values will be added to the existing values for the corresponding attributes in the object.

A new attribute is added to the object if it doesn't exist already.

See the description for "attr" for details about the format.


replace-attr="(attr:[val[,...]])[(attr:...)...]"

Specifies the attribute values to replace in the object in a "modify" operation. These attribute values will replace the existing values for the corresponding attributes in the object.

A new attribute is added to the object if it doesn't exist already and the list of values isn't empty. An attribute is removed completely if the list of values is empty and the attribute existed before.

See the description for "attr" for details about the format.


delete-attr="(attr:[val[,...]])[(attr:...)...]"

Specifies the attribute values to delete from the object in a "modify" operation.

An attribute is removed completely if the list of values is empty or if it specifies all the existing values for the attribute.

See the description for "attr" for details about the format.


parse

If specified, the content of attr will be parsed by the RXML parser.