|
|
<ldap/>
Provided by module: Tags: LDAP tags
Executes an LDAP operation that change the contents of the
directory.
Add (adds an object):
<ldap server="ldap://ldap.foo.com/"
op="add"
binddn="cn=admin,dc=foo,dc=com"
dn="cn=user,dc=foo,dc=edu"
attr="(cn:'user')(sn:'surname')(objectClass:'req'd objectClass')"
password="<password>" /> |
Delete (deletes an object):
<ldap server="ldap://ldap.foo.com/"
op="delete"
binddn="cn=admin,dc=foo,dc=com"
dn="cn=user,dc=foo,dc=com"
password="<password>" /> |
Replace (replaces a value of an attribute):
<ldap server="ldap://ldap.foo.com/"
op="replace"
binddn="cn=admin,dc=foo,dc=com"
dn="cn=user,dc=foo,dc=com"
attr="(sn:'new value')"
password="<password>" /> |
Modify (adds a second value to an existing attribute):
<ldap server="ldap://ldap.foo.com/"
op="modify"
binddn="cn=admin,dc=foo,dc=com"
dn="cn=user,dc=foo,dc=com"
attr="(sn:'additional value')"
password="<password>" /> |
Attributes
- server="URL" (Server URL)
-
Connection LDAP URL. If omitted the "Default server URL" in the
module configuration will be used.
URLs are written on the format:
ldap[s]://hostname[:port]/base_DN[?[attribute_list][?[scope][?[filter][?extensions]]]].
For details, see RFC 2255.
- min-tls="tls version"
-
Minimum version of TLS/SSL to support for LDAPS connections.
- max-tls="tls version"
-
Maximum version of TLS/SSL to support for LDAPS connections.
Note: Some TLS 1.2 implementations (notably SCHANNEL) abort connections
when their certificates don't match the set of signature algorithms provided
by the client. In that case specifying TLS 1.1 or earlier with this attribute
may resolve the problem.
- binddn="distinguished name"
-
Applicable only if the "server" attribute is used. This is the bind
DN for authentication in the directory server. If the LDAP URL
contains a "bindname" extension, that one takes precedence.
- password="password"
-
Applicable only if the "server" attribute is used. Password for
authentication in the directory server. If omitted the empty string
will be used.
- dn="distinguished name"
-
Distinguished name of the object to operate on.
- op="{add, delete, modify, replace}"
-
The actual LDAP operation:
- add
-
Add a new object. The "attr" argument specifies the
attributes for the new object. The "add-attr" argument also
works for this.
- delete
-
Delete an object.
- modify
-
Modify an existing object. The "add-attr",
"replace-attr", and "delete-attr" arguments specifies the
attribute values to add, replace, and delete, respectively. The
same attribute name may not occur in both "add-attr" and
"delete-attr".
For compatibility, the "attr" argument is the same as
"add-attr".
- replace
-
This operation exists for compatibility only. It's the
same as "modify" except that the "attr" argument is an alias
for "replace-attr" instead.
- attr="(attr:[val[,...]])[(attr:...)...]"
-
Specifies the attributes for the new object in the "add" operation.
The format consists of a series of parentheses on the form
"(attr:values)"
where attr is the attribute name and values a comma
separated list of zero or more values to give it. Whitespace which is
ignored may occur around the parentheses, the colon and the commas.
Superfluous commas and empty parenthesis pairs are ignored.
Each value in the values list is either a string literal
surrounded by double quotes (") or the name of an RXML variable
(without the "&" and ";" around it). JavaScript-like quoting
is used inside string literals, e.g. a " is written as \" and a \
is written as \\.
If an RXML variable has multiple values, i.e. is an array, then
all its values are added one by one to the set of values for the
attribute. (RXML variables with multiple values commonly occur in the
form scope when the browser sends multiple values for the same form
variable.)
For compatibility, string literals may also be surrounded by
single quotes ('), but in that case there's no quoting mechanism, so
a single quote cannot be written inside.
The same attribute name may occur in several parentheses. All the
values from all the parentheses are simply joined in that case.
An example:
(sn: "Zappa")
(givenName: form.givenName)
(mail: "hello@nowhere.org", "athell@pandemonium.com") |
- add-attr="(attr:[val[,...]])[(attr:...)...]"
-
Specifies the attribute values to add to the object in a "modify"
or "add" operation. These attribute values will be added to the
existing values for the corresponding attributes in the object.
A new attribute is added to the object if it doesn't exist
already.
See the description for "attr" for details about the format.
- replace-attr="(attr:[val[,...]])[(attr:...)...]"
-
Specifies the attribute values to replace in the object in a
"modify" operation. These attribute values will replace the
existing values for the corresponding attributes in the object.
A new attribute is added to the object if it doesn't exist already
and the list of values isn't empty. An attribute is removed
completely if the list of values is empty and the attribute existed
before.
See the description for "attr" for details about the format.
- delete-attr="(attr:[val[,...]])[(attr:...)...]"
-
Specifies the attribute values to delete from the object in a
"modify" operation.
An attribute is removed completely if the list of values is empty
or if it specifies all the existing values for the attribute.
See the description for "attr" for details about the format.
- parse
-
If specified, the content of attr will be parsed
by the RXML parser.
|
|