class %Net.LDAP.Client.Session extends %Library.RegisteredObject

WARNING: This Class and its methods has been deprecated, please use the %SYS.LDAP class.

LDAP session.

The following shows an example on creating, deleting, and searching for entries:

      Set err=""
      Set session=##class(%Net.LDAP.Client.Session).%New()
      If (testnum) {
          Set DC="CN=Users,DC=kerberos,DC=iscinternal,DC=com"
          Set c=session.Connect("kerbad",0,"CN=administrator,"_DC,"password", 0)
      } else {
          Set DC="DC=testldap,DC=com"
          Set c=session.Connect("lx2",0,"CN=admin,"_DC,"password", 0)
      If ($$$ISERR(c)) {
          Do DecomposeStatus^%apiOBJ(c,.err)
          Write "Failed to connect : err : ", err(err),!
      Write "Connected to (",DC,")",!
      ;; Build attributes to be added to the entry
      Set p=session.GetPropList()
      Set c=p.Insert("objectclass","organizationalRole") w:(c'=$$$OK) "objclass attrib insert failed!!",!
      Set cn="test4"
      Set c=p.Insert("cn",cn) w:(c'=$$$OK) "cn attrib insert failed!!",!
      Set DN="cn="_cn_","_DC
      Set c=session.AddNewEntry(DN,p)
      If ($$$ISERR(c)) {
          Do DecomposeStatus^%apiOBJ(c,.err)
          Write "Failed to add/create a new entry(",DN,") : err : ", err(err),!
      } else {
          Write "Entry added (",DN,")",!
      ;; Rename an Entry
      s c=session.RenameEntry(DN,"cn=testxx","",1)
      if ($$$ISERR(c)) {
          d DecomposeStatus^%apiOBJ(c,.err)
          W "Failed to Rename the new entry(",DN,") to(","testxx",") : err : ", err(err),!
      } else {
          w "Rename 'testxx' back to '",cn,"'",!
          s c=session.RenameEntry("cn=testxx,"_DC,"cn="_cn,"",1)
          if ($$$ISERR(c)) d DecomposeStatus^%apiOBJ(c,.err) W "Failed to restore the name(",DN,") : err : ", err(err),!
      ;; Get all "ObjectClass" and "cn" in DC
      ;; build a list of desired attributes 
      Set sl=session.GetStringList()
      Do sl.InsertStr("ObjectClass","cn")
      Set session.MaxItems=100  ;; specify max number of results
      Set ents=session.Search(DC,scope, "(ObjectClass=*)",sl,1000)
      If ('$IsObject(ents)) {
          Do DecomposeStatus^%apiOBJ(ents,.err)
          Write "Search failed : err : ", err(err),!
      } else {
          Write !,"Search result:",!
          Set count=0
          Set entDN=""
          For  { ; iterate through returned entries
             Set ent=ents.GetNext(.entDN)
             if ($IsObject(ent)) {
                Set count=count+1
                Write "  ",count," - Entry(",entDN,")",!
                Set attrNM=""
                For  { ; iterate through each attribute of an entry
                   Set val=ent.GetNext(.attrNM)
                   Write "       Ent(",entDN,"), attr(",attrNM,")",!
                   ;; iterate through values associated with each attribute
                   For i=1:1:val.GetNumItems() { 
                      Write "         ",i," - Value(",val.GetValue(i),")",!
             } else {
                Quit  ;; list end
             Write !,"Search done!! Count == ",count,!
      s c=session.CompareEntryValue(DN,"cn",cn)
      if (c '= 1) {
          d DecomposeStatus^%apiOBJ(c,.err)
          W "Failed to compare entry(",DN,") : err : ", err(err),!
      } else {
          w "Comapred OK!!",!
      Set c=session.DeleteEntry(DN)
      If ($$$ISERR(c)) {
          Do DecomposeStatus^%apiOBJ(c,.err)
          Write "Failed to delete entry(",DN,") : err : ", err(err),!
      } else {
          Write "Delete entry (",DN,")",!

Property Inventory

Method Inventory


property MaxItems as %Integer;
Size limit
Property methods: MaxItemsDisplayToLogical(), MaxItemsGet(), MaxItemsIsValid(), MaxItemsLogicalToDisplay(), MaxItemsNormalize(), MaxItemsSet()
property Referrals as %Integer;
If set indicates that LDAP should chase referrals/references returned in a search
Property methods: ReferralsDisplayToLogical(), ReferralsGet(), ReferralsIsValid(), ReferralsLogicalToDisplay(), ReferralsNormalize(), ReferralsSet()
property SearchAttrsOnly as %Integer;
Search attributes only (Return no value)
Property methods: SearchAttrsOnlyDisplayToLogical(), SearchAttrsOnlyGet(), SearchAttrsOnlyIsValid(), SearchAttrsOnlyLogicalToDisplay(), SearchAttrsOnlyNormalize(), SearchAttrsOnlySet()


method AddNewEntry(DN As %String, attribs As %Net.LDAP.Client.PropList) as %Status [ Language = objectscript ]
Create a new entry
method CompareEntryValue(DN As %String, Attrib As %String, Value As %RawString, Binary As %Boolean = 0) as %Boolean [ Language = objectscript ]
Comapre an entry attribute value

DN Distinguished Name of the entry.

Attrib Attribute to compare its value.

Value The value to compare with.

Binary True if the value is binary.

method Connect(Server As %String = "", port As %Integer = 0, UserName As %String = "", Password As %String = "", UseSSL As %Boolean = 0) as %Status [ Language = objectscript ]
Establish connection to a LDAP server. You have to connect first before invoking other methods.
method DeleteEntry(DN As %String) as %Status [ Language = objectscript ]
Delete an entry
method EditEntry(DN As %String) as %Net.LDAP.Client.EditEntry [ Language = objectscript ]
Edit/Modify current entry attributes.

Returns EditEntry object, use the returned object to modify the attributes

method GetPropList() as %Net.LDAP.Client.PropList [ Language = objectscript ]
Return a new prop list object. Used to maintain attribute and value pairs.See %Net.LDAP.Client.PropList object.
method GetStringList() as %Net.LDAP.Client.PropList [ Language = objectscript ]
Return a new StringList list object. Used to maintain a list of strings i.e. list of attributes.
method GetValueList(binary As %Boolean = 0) as %Net.LDAP.Client.ValueList [ Language = objectscript ]
Return a new value list object. Value list is used to associate multiple values with an attribute. See %Net.LDAP.Client.ValueList Object.
method RenameEntry(DN As %String, NewRDN As %String, NewParent As %String = "", DelOldRDN As %Boolean = 0) as %Status [ Language = objectscript ]
Rename an entry

DN Distinguished Name of the entry

NewRDN New Relative Distinguished Name to assign to the entry

NewParent DN of the new parent to move the entry under. Pass "" if you do not want to move the entry to a different location.

DelOldRDN If 0, the old RDN is retained as an attribute in the modified entry

method SASLConnect(Server As %String = "", port As %Integer = 0, DistinguishedName As %String = "", AuthMechanism As %String, Credentials As %String, ByRef ServerData As %String) as %Status [ Language = objectscript ]
Authenticates client to an LDAP server using a SASL (Simple Authentication and Security Layer) mechanism. (see RFC2222).

Note: The LDAP server must support that SASL mechanism for authentication.

You have to connect first before invoking any methods.

If the server sends a challenge to your client. check argument ServerData for the server's challenge. Call the SASLConnect() method again to send a response to that challenge.


set comp=SASLConnect("localhost",0,"uid=u123,ou=people,o=isctest.com","abcMechanism","secret",srvData)

write:(comp=$$$OK) "Server credential is : ",srvData,!

Search LDAP DB
base: search base

scope: 0==search base, 1==search one level, 2==search subtree

filter: the search criteria (see RFC2254).

attrs: list of attributes to return per found entry.

If search fails the returned value is $$$ISERR

Inherited Members

Inherited Methods