Class Reference
IRIS for UNIX 2019.2
InterSystems: The power behind what matters   
Documentation  Search
  [%SYS] >  [Security] >  [LDAPConfigs]
Private  Storage   

persistent class Security.LDAPConfigs extends %Persistent, %XML.Adaptor, %SYSTEM.Help

This class defines the security LDAPConfigs for a system.
LDAP names have the following properties:
1) LDAP names are case insensitive.
2) Maximum length of a LDAP name is 64 characters.
The %Admin Secure:USE permission is required to operate on a LDAP configuration

The table for this class should be manipulated only through object access, the published API's or through the System Management Portal. It should not be updated through direct SQL access.

Inventory

Parameters Properties Methods Queries Indices ForeignKeys Triggers
2 24 24 2 1


Summary

Properties
Description LDAPAttributeComment LDAPAttributeFullName LDAPAttributeMail
LDAPAttributeMobile LDAPAttributeMobileProvider LDAPAttributeNameSpace LDAPAttributeRoles
LDAPAttributeRoutine LDAPAttributes LDAPBaseDN LDAPCACertFile
LDAPClientTimeout LDAPFlags LDAPGroupId LDAPHostNames
LDAPInstanceId LDAPSearchPassword LDAPSearchUsername LDAPServerTimeout
LDAPUniqueDNIdentifier Name

Methods
%AddToSaveSet %AddToSyncSet %BMEBuilt %CheckConstraints
%CheckConstraintsForExtent %ClassIsLatestVersion %ClassName %ComposeOid
%ConstructClone %Delete %DeleteExtent %DeleteId
%DispatchClassMethod %DispatchGetModified %DispatchGetProperty %DispatchMethod
%DispatchSetModified %DispatchSetMultidimProperty %DispatchSetProperty %Exists
%ExistsId %Extends %GUID %GUIDSet
%GetLock %GetParameter %GetSwizzleObject %Id
%InsertBatch %IsA %IsModified %IsNull
%KillExtent %KillExtentData %LoadFromMemory %LockExtent
%LockId %New %NormalizeObject %ObjectIsNull
%ObjectModified %Oid %OnBeforeAddToSync %OnDetermineClass
%Open %OpenId %OriginalNamespace %PackageName
%PhysicalAddress %PurgeIndices %Reload %RemoveFromSaveSet
%ResolveConcurrencyConflict %RollBack %Save %SaveDirect
%SaveIndices %SerializeObject %SetModified %SortBegin
%SortEnd %SyncObjectIn %SyncTransport %UnlockExtent
%UnlockId %ValidateIndices %ValidateObject Copy
Create Delete Exists Export
FormatName Get GetProperties Help
Import Modify XMLDTD XMLExport
XMLExportToStream XMLExportToString XMLNew XMLSchema
XMLSchemaNamespace XMLSchemaType


Parameters

• parameter DOMAIN = "%Utility";

Properties

• property Description as %String(MAXLEN=128);
LDAP description.
• property LDAPAttributeComment as %String(MAXLEN=128) [ InitialExpression = "description" ];
LDAP attribute name where the "Comment" field is retrieved.
• property LDAPAttributeFullName as %String(MAXLEN=128) [ InitialExpression = "displayName" ];
LDAP attribute name where the "FullName" field is retrieved.
• property LDAPAttributeMail as %String(MAXLEN=128) [ InitialExpression = "mail" ];
LDAP attribute name where the "Mail" field is retrieved.
• property LDAPAttributeMobile as %String(MAXLEN=128) [ InitialExpression = "mobile" ];
LDAP attribute name where the "Mobile" field is retrieved.
• property LDAPAttributeMobileProvider as %String(MAXLEN=128);
LDAP attribute name where the "MobileProvider" field is retrieved.
• property LDAPAttributeNameSpace as %String(MAXLEN=128) [ InitialExpression = "intersystems-Namespace" ];
LDAP attribute name where the "NameSpace" field is retrieved.
• property LDAPAttributeRoles as %String(MAXLEN=128) [ InitialExpression = "intersystems-Roles" ];
LDAP attribute name where the "Roles" field is retrieved.
• property LDAPAttributeRoutine as %String(MAXLEN=128) [ InitialExpression = "intersystems-Routine" ];
LDAP attribute name where the "Routine" field is retrieved.
• property LDAPAttributes as list of %String(MAXLEN=128);
List of additional LDAP attributes to return from LDAP Server.
This property contains a list of additional LDAP User attributes for which you want values returned when a user authenticates himself via LDAP. For example, you may want to return a user's mail address from the LDAP server. You would set one of the list values to "mail" which is an LDAP attribute for a user. The values for the set of attributes are written to the user's authentication record, and may be retrieved by using the Security.Users class, Attributes property.
• property LDAPBaseDN as %String(MAXLEN=256) [ Required ];
Specifies the point in the directory tree from which searches begin.
This typically consists of domain components, such as DC=intersystems,DC=com
• property LDAPCACertFile as %String(MAXLEN=256);
Specifies the location of the file containing any TLS/SSL certificates (in PEM format) being used to authenticate the server certificate (Unix Only).
• property LDAPClientTimeout as %Integer [ InitialExpression = $$$LDAPDefaultClientTimeout,Required ];
Amount of time the client waits until a Server Down is returned.
• property LDAPFlags as Security.Datatype.LDAPFlags [ InitialExpression = $$$LDAPEnabled+$$$LDAPActiveDirectory+$$$LDAPUseGroups+$$$LDAPKerberosOnly,Required ];
Flags for the LDAP connection.
Bit 0 - Active directory LDAP server Bit 1 - Use SSL/TLS connection Bit 2 - Unused Bit 3 - Use Groups Bit 4 - Use Nested Groups Bit 5 - Use Universal Groups Bit 6 - LDAP configuration enabled Bit 7 - Kerberos Only
• property LDAPGroupId as %String(MAXLEN=256);
Used to filter roles returned by the LDAP server for a user.
• property LDAPHostNames as %String(MAXLEN=256) [ Required ];
Host name of the LDAP server.
May be one or more, separated by a space. An optional port may be appended to the host name separated by a ":" (name:port) if the LDAP server is using non standard ports.
• property LDAPInstanceId as %String(MAXLEN=256) [ InitialExpression = $zu(110)_"_"_$p($zu(86),"*",2) ];
Used to filter roles returned by the LDAP server for a user.
• property LDAPSearchPassword as Security.Datatype.Password(MAXLEN=64);
Password of the search user.
• property LDAPSearchUsername as %String(MAXLEN=256) [ Required ];
Username of the LDAP search user with enough privileges to search the LDAP database (Windows only).
• property LDAPServerTimeout as %Integer [ InitialExpression = $$$LDAPDefaultServerTimeout,Required ];
Amount of time the LDAP server will wait for a client message before the connection is terminated.
• property LDAPUniqueDNIdentifier as %String(MAXLEN=128) [ InitialExpression = "sAMAccountName",Required ];
A unique identifying element of each user in the LDAP database.
For Active Directory LDAP servers, usually sAMAccountName.
• property Name as %String(MAXLEN=128,MINLEN=1) [ Required ];
Name of the LDAP configuration.

Methods

• classmethod Copy(Name As %String, NewName As %String) as %Status
Copy a LDAP configuration.
Copy an existing LDAP configuration in the Security database to a new one.
Parameters:
Name - Name of the LDAP configuration to be copied.
NewName - Name of the New LDAP configuration to be created.
• classmethod Create(Name As %String, ByRef Properties As %String) as %Status
Create a LDAP configuration.
Create a LDAP configuration in the Security database.
Parameters:
Name - Name of the LDAP configuration to create
Description - Description
• classmethod Delete(Name As %String) as %Status
Delete a LDAP configuration.
This method will delete a LDAP configuration from the security database. After the LDAP Configuration is delete, any user in the User database associated with this configuration will also be deleted.
Parameters:
Name - Name of LDAP configuration to delete
• classmethod Exists(Name As %String, ByRef LDAP As %ObjectHandle, ByRef Status As %Status) as %Boolean
LDAP configuration exists.
This method checks for the existence of a LDAP config in the security database.
Parameters:
Name - Name of the LDAP config to check existence of
Return values:
If Value of the method = 0 (LDAP does not exist, or some error occured)
LDAP = Null
Status = LDAP "x" does not exist, or other error message

If Value of the method = 1 (LDAP exists)
LDAP = Object handle to LDAP config
Status = $$$OK
• classmethod Export(FileName As %String = "LDAPConfigsExport.xml", ByRef NumExported As %Integer, LDAPConfigs As %String = "*") as %Status
This method exports LDAP configuration records to a file in xml format.
Parameters:
Filename - Output file name
NumExported (byref) - Returns number of records exported.
LDAPConfigs - Comma separated list of LDAPConfigs to export, "*" = All
• classmethod FormatName(Name As %String, ByRef NewName As %String, ByRef BaseDN As %String) as %Status
Format the domain name.
Parameters:
Name - Name of the domain to format and validate
NewName - byref formatted name of the name as follows:
Remove "@\,"
Lowercase it
Add ".com" or "com" if no suffix
Make sure no null pieces
• classmethod Get(Name As %String, ByRef Properties As %String) as %Status
Get a LDAP configurations properties.
Gets a LDAP config's properties from the security database.
Parameters:
Name - Name of the LDAP config to get
Return values:
Properties - Array of properties
Properties("Description") - Description of the LDAP config
• classmethod GetProperties(LDAP As %ObjectHandle, ByRef Properties As %String) as %Status
Get a LDAP configurations properties.
Gets a LDAP configurtions properties from the security database.
Parameters:
LDAP - Object handle to a LDAP record
Return values:
Properties - See the Get method for more information on properties returned
• classmethod Import(FileName As %String = "LDAPConfigsExport.xml", ByRef NumImported As %Integer, Flags As %Integer = 0) as %Status
Import LDAP configuration records from an xml file.
Parameters:
FileName - Filename to import LDAP configuration records from
NumImported (byref) - Returns number of records imported
Flags - Control import
Bit 0 - Do not import records, just return count
Note: On failure, no records will be imported
• classmethod Modify(Name As %String, ByRef Properties As %String) as %Status
Modify a LDAP configuration.
Modify an existing LDAP configurations properties in the security database.
Parameters:
Name - Name of the LDAP configuration to modify
Properties - Array of properties to modify.
See the Get() method for a description of the Properties parameter.
If a specific property is not passed in the properties array, the value is not modified.

Queries

• query Detail(Names As %String = "*", Flags As %Integer = 0)
Selects Name, Description, LDAP Enabled, ActiveDirectory, UseSSL, UseGroups, UseNestedGroups, UniversalGroups, AllowISCLDAPCONFIGURATION, LDAPAttributes, LDAPAttributeComment, LDAPAttributeFullName, LDAPAttributeMail, LDAPAttributeMobile, LDAPAttributeMobileProvider, LDAPAttributeNameSpace, LDAPAttributeRoles, LDAPAttributeRoutine, LDAPBaseDN, LDAPCACertFile, LDAPClientTimeout, LDAPFlags, LDAPGroupId, LDAPHostNames, LDAPInstanceId, LDAPSearchUsername, LDAPServerTimeout, LDAPUniqueDNIdentifier, LDAPFlagsDisplay
Detail of LDAP Configurations.
Names - Comma separated list of LDAP names, "*" = All
Flags - 0 - Use "Startswith" as the selection on the name.
Flags - 1 - Use "Contains" as the selection on the name.
Note: This query may change in future versions
• query List(Names As %String = "*", Flags As %Integer = 0)
Selects Name As %String, LDAP Enabled As %String, Description As %String, LDAPCACertFile As %String
List of LDAP Configurations.
Names - Comma separated list of LDAP names, "*" = All
Flags - 0 - Use "Startswith" as the selection on the name.
Flags - 1 - Use "Contains" as the selection on the name.
Note: This query may change in future versions

Indices

•index (NameIndex on NameLowerCase) [IdKey];


Copyright (c) 2019 by InterSystems Corporation. Cambridge, Massachusetts, U.S.A. All rights reserved. Confidential property of InterSystems Corporation.