<emit source="ldap"></emit>

Provided by module: Tags: LDAP tags

Use this source to search LDAP directory for information. The result will be available in variables named like the returned LDAP attributes.

<emit source="ldap" server="ldap://ldap.foo.com/dc=foo,dc=com?cn,sn,mail?sub?(sn=john)"> </emit>

<emit source="ldap" server="ldap://ldap.foo.com/?cn,sn,mail" basedn="dc=foo,dc=com" search-scope="sub" search-filter="(sn=john)" > </emit>

Attributes

server="URL" (Server URL)

Connection LDAP URL. If omitted the "Default server URL" in the module configuration will be used.

URLs are written on the format: ldap[s]://hostname[:port]/base_DN[?[attribute_list][?[scope][?[filter][?extensions]]]]. For details, see RFC 2255.

min-tls="tls version"

Minimum version of TLS/SSL to support for LDAPS connections.

max-tls="tls version"

Maximum version of TLS/SSL to support for LDAPS connections.

Note: Some TLS 1.2 implementations (notably SCHANNEL) abort connections when their certificates don't match the set of signature algorithms provided by the client. In that case specifying TLS 1.1 or earlier with this attribute may resolve the problem.

binddn="distinguished name"

Applicable only if the "server" attribute is used. This is the bind DN for authentication in the directory server. If the LDAP URL contains a "bindname" extension, that one takes precedence.

password="password"

Applicable only if the "server" attribute is used. Password for authentication in the directory server. If omitted the empty string will be used.

search-filter="search filter"

Filter of an LDAP search operation. This value will override the corresponding part of the URL. If the URL doesn't specify a filter then this attribute is required.

basedn="distinguished name"

Base DN of an LDAP search operation. This value will override the corresponding part of the URL.

search-scope="{base, one, sub}"

Scope of an LDAP search operation. This value will override the corresponding part of the URL.

attrs="attr[,...]"

Comma-separated list of attributes to retrieve. This value will override the corresponding part of the URL.

lower-attrs

If specified, all attribute names will be converted to lowercase in the result. This is useful to access specific attributes reliably through the scope variables since LDAP attributes are case insensitive and different servers might return them with different casing.

split="string"

This string is used as a separator between multiple values for the same attribute when they are concatenated together to a single string. The default string is a NUL character (&#0;).

array-values

If specified, multiple values aren't concatenated together using the "split" argument for attributes that aren't single-valued. Instead, the values for such attributes are returned as arrays so that they can be processed accurately with e.g. <insert source="values" ...>.

no-values

If specified, no values will be queried, just the attribute names for which values would be returned otherwise. The value for each attribute is instead the name of the same attribute.

&_._attributes; (provided by Tags: LDAP tags)

List of the attributes returned by the server. This is affected by the "split" and "array-values" arguments just like a multi-valued attribute value. It's however not affected by "no-values".

&_.dn; (provided by Tags: LDAP tags)

The distinguished name of the object for this entry. Note that this field is not affected by "no-values".

&_.labeledurilabel; (provided by Tags: LDAP tags)

If there's a labeledURI attribute in the result then this is set to the label part of it. See RFC 2079 for details about labeledURI.

&_.labeleduriuri; (provided by Tags: LDAP tags)

If there's a labeledURI attribute in the result then this is set to the URI part of it. See RFC 2079 for details about labeledURI.