2.2.6 Manipulating directory information
Using the $LDAPACS embedded function, you can perform operations such as authenticating connections to a directory service, searching directory information, and acquiring entries and attributes.
This subsection lists the functions that can be used by the $LDAPACS embedded function and explains the rules for manipulating objects.
- Organization of this subsection
(1) Functions that can be used by the $LDAPACS embedded function
The following table lists the functions that can be used by the $LDAPACS function, with their descriptions.
Function name |
Description |
---|---|
CONNECT |
Authenticates a connection to a directory service. |
CONVERT |
Converts a character string to one that can be used for searching directory information. |
DISCONNECT |
Releases a connection to directory services. |
FIRSTENTRY |
Acquires the first entry found. |
FREEENTRY |
Releases an entry. |
FREERESULT |
Releases the search results. |
GETDN |
Acquires the DN of an entry. |
NEXTENTRY |
Acquires the second and subsequent entries found. |
SEARCH |
Searches a directory service. |
SELECTVALUE |
Acquires an attribute value. |
For details about the descriptions, formats, parameters, and return values of these functions, see $LDAPACS (access directory) in 5. Embedded Functions Used in Access Definition Files.
(2) Rules for manipulating objects
- Acquiring entries
-
-
You cannot acquire the second and subsequent found entries without first acquiring the first found entry.
-
You cannot acquire a particular entry more than once.
-
You cannot modify, delete, or add an entry using a script.
-
- Acquiring attribute values
-
-
You can acquire the value of an attribute by specifying the name of the attribute.
-
You cannot modify, delete, or add attribute values using a script.
-
In cases for which more than one value with the same attribute name is assigned, you can use multiple instances of SELECTVALUE to sequentially specify the values.
-
- Using and referencing object parameters
-
-
Once an object parameter has been released, it cannot be used or referenced again.
-
(3) Memory management structure of objects
The following figure shows the memory management structure of objects.
LDAPOBJ, LDAPRST, LDAPENT, and LDAPATR manage all the objects below themselves. Accordingly, releasing LDAPOBJ, LDAPRST, LDAPENT, and LDAPATR releases all the objects below them. Note, however, that KEYNAME, LDAPVAL, DN, SELVAL, and the other lowermost character strings cannot be released as objects.
(4) Example
An example using the $LDAPACS embedded function:
[VAR] STATUS MSG HOST PORT FILTER BASE SCOPE FIRST LDOBJ LDRST LDENT DN NAME [SET_VALUE] HOST = 'localhost' PORT = '389' BASE = 'ou=people,o=xxxxxxx.co.us' SCOPE= 'LDAP_SCOPE_ONELEVEL' [SET_VALUE] $LDAPACS('CONNECT',LDOBJ,HOST,PORT,'','') # CONNECT STATUS = $GETSTATUS() [SET_VALUE] FILTER = '(&(objectclass=*)(title;lang-ja=' FILTER = FILTER+$LDAPACS('CONVERT','Supervisor') # CONVERT FILTER = FILTER+'))' # FILTER=(&(objectclass=*)(title;lang-ja=\E4\B8\BB\E4\BB\BB)) $LDAPACS('SEARCH',LDRST,LDOBJ,BASE,FILTER,SCOPE) # SEARCH FIRST = 1 [DO] [IF] FIRST = 1 [THEN] [SET_VALUE] $LDAPACS('FIRSTENTRY',LDENT,LDRST) # GET FIRST ENTRY STATUS = $GETSTATUS() FIRST = 0 [ELSE] [SET_VALUE] $LDAPACS('NEXTENTRY',LDENT,LDRST) # GET NEXT ENTRY STATUS = $GETSTATUS() [IF_END] [IF] STATUS = NORMAL [THEN] [SET_VALUE] $LDAPACS('GETDN',DN,LDENT) # GET DN $LDAPACS('SELECTVALUE',NAME,LDENT,'cn') # GET VALUE OF CN MSG='DN ['+DN+'] is '+NAME $ECHO(MSG) $LDAPACS('FREEENTRY',LDENT) # FREE ENTRY OBJECT [ELSE] [SET_VALUE] $BREAK() [IF_END] [DO_END] [SET_VALUE] $LDAPACS('FREERESULT',LDRST) # FREE SEARCH OBJECT [SET_VALUE] $LDAPACS('DISCONNECT',LDOBJ) # FREE LDAP OBJECT