Skip to main content

Security.LDAPConfigs

persistent class Security.LDAPConfigs extends %Library.Persistent, %XML.Adaptor, %SYSTEM.Help

SQL Table Name: Security.LDAPConfigs

This class defines the security LDAPConfigs for a system.
LDAP names have the following properties:
1) LDAP names are case insensitive.
2) Maximum length of a LDAP name is 64 characters.
The %Admin Secure:USE permission is required to operate on a LDAP configuration

The table for this class should be manipulated only through object access, the published API's or through the System Management Portal. It should not be updated through direct SQL access.

Property Inventory

Method Inventory

Parameters

parameter DOMAIN = %Utility;

Properties

property DelimiterId as %String (MAXLEN = 1, VALUELIST = " - _ ^ . ~") [ InitialExpression = "-" , Required ];
Delimiter Id used for group naming.
Property methods: DelimiterIdDisplayToLogical(), DelimiterIdGet(), DelimiterIdGetStored(), DelimiterIdIsValid(), DelimiterIdLogicalToDisplay(), DelimiterIdLogicalToOdbc(), DelimiterIdNormalize(), DelimiterIdSet()
property Description as %String (MAXLEN = 128);
LDAP description.
Property methods: DescriptionDisplayToLogical(), DescriptionGet(), DescriptionGetStored(), DescriptionIsValid(), DescriptionLogicalToDisplay(), DescriptionLogicalToOdbc(), DescriptionNormalize(), DescriptionSet()
property GroupId as %String (MAXLEN = 64) [ InitialExpression = "Group" , Required ];
Group Id used for group naming.
Property methods: GroupIdDisplayToLogical(), GroupIdGet(), GroupIdGetStored(), GroupIdIsValid(), GroupIdLogicalToDisplay(), GroupIdLogicalToOdbc(), GroupIdNormalize(), GroupIdSet()
property InstanceId as %String (MAXLEN = 64) [ InitialExpression = "Instance" , Required ];
Instance Id used for group naming.
Property methods: InstanceIdDisplayToLogical(), InstanceIdGet(), InstanceIdGetStored(), InstanceIdIsValid(), InstanceIdLogicalToDisplay(), InstanceIdLogicalToOdbc(), InstanceIdNormalize(), InstanceIdSet()
property LDAPAttributeComment as %String (MAXLEN = 128) [ InitialExpression = "description" ];
LDAP attribute name where the "Comment" field is retrieved.
Property methods: LDAPAttributeCommentDisplayToLogical(), LDAPAttributeCommentGet(), LDAPAttributeCommentGetStored(), LDAPAttributeCommentIsValid(), LDAPAttributeCommentLogicalToDisplay(), LDAPAttributeCommentLogicalToOdbc(), LDAPAttributeCommentNormalize(), LDAPAttributeCommentSet()
property LDAPAttributeFullName as %String (MAXLEN = 128) [ InitialExpression = "displayName" ];
LDAP attribute name where the "FullName" field is retrieved.
Property methods: LDAPAttributeFullNameDisplayToLogical(), LDAPAttributeFullNameGet(), LDAPAttributeFullNameGetStored(), LDAPAttributeFullNameIsValid(), LDAPAttributeFullNameLogicalToDisplay(), LDAPAttributeFullNameLogicalToOdbc(), LDAPAttributeFullNameNormalize(), LDAPAttributeFullNameSet()
property LDAPAttributeMail as %String (MAXLEN = 128) [ InitialExpression = "mail" ];
LDAP attribute name where the "Mail" field is retrieved.
Property methods: LDAPAttributeMailDisplayToLogical(), LDAPAttributeMailGet(), LDAPAttributeMailGetStored(), LDAPAttributeMailIsValid(), LDAPAttributeMailLogicalToDisplay(), LDAPAttributeMailLogicalToOdbc(), LDAPAttributeMailNormalize(), LDAPAttributeMailSet()
property LDAPAttributeMobile as %String (MAXLEN = 128) [ InitialExpression = "mobile" ];
LDAP attribute name where the "Mobile" field is retrieved.
Property methods: LDAPAttributeMobileDisplayToLogical(), LDAPAttributeMobileGet(), LDAPAttributeMobileGetStored(), LDAPAttributeMobileIsValid(), LDAPAttributeMobileLogicalToDisplay(), LDAPAttributeMobileLogicalToOdbc(), LDAPAttributeMobileNormalize(), LDAPAttributeMobileSet()
property LDAPAttributeMobileProvider as %String (MAXLEN = 128);
LDAP attribute name where the "MobileProvider" field is retrieved.
Property methods: LDAPAttributeMobileProviderDisplayToLogical(), LDAPAttributeMobileProviderGet(), LDAPAttributeMobileProviderGetStored(), LDAPAttributeMobileProviderIsValid(), LDAPAttributeMobileProviderLogicalToDisplay(), LDAPAttributeMobileProviderLogicalToOdbc(), LDAPAttributeMobileProviderNormalize(), LDAPAttributeMobileProviderSet()
property LDAPAttributeNameSpace as %String (MAXLEN = 128) [ InitialExpression = "intersystems-Namespace" ];
LDAP attribute name where the "NameSpace" field is retrieved.
Property methods: LDAPAttributeNameSpaceDisplayToLogical(), LDAPAttributeNameSpaceGet(), LDAPAttributeNameSpaceGetStored(), LDAPAttributeNameSpaceIsValid(), LDAPAttributeNameSpaceLogicalToDisplay(), LDAPAttributeNameSpaceLogicalToOdbc(), LDAPAttributeNameSpaceNormalize(), LDAPAttributeNameSpaceSet()
property LDAPAttributeRoles as %String (MAXLEN = 128) [ InitialExpression = "intersystems-Roles" ];
LDAP attribute name where the "Roles" field is retrieved.
Property methods: LDAPAttributeRolesDisplayToLogical(), LDAPAttributeRolesGet(), LDAPAttributeRolesGetStored(), LDAPAttributeRolesIsValid(), LDAPAttributeRolesLogicalToDisplay(), LDAPAttributeRolesLogicalToOdbc(), LDAPAttributeRolesNormalize(), LDAPAttributeRolesSet()
property LDAPAttributeRoutine as %String (MAXLEN = 128) [ InitialExpression = "intersystems-Routine" ];
LDAP attribute name where the "Routine" field is retrieved.
Property methods: LDAPAttributeRoutineDisplayToLogical(), LDAPAttributeRoutineGet(), LDAPAttributeRoutineGetStored(), LDAPAttributeRoutineIsValid(), LDAPAttributeRoutineLogicalToDisplay(), LDAPAttributeRoutineLogicalToOdbc(), LDAPAttributeRoutineNormalize(), LDAPAttributeRoutineSet()
property LDAPAttributes as list of %String (MAXLEN = 128);
List of additional LDAP attributes to return from LDAP Server.
This property contains a list of additional LDAP User attributes for which you want values returned when a user authenticates himself via LDAP. For example, you may want to return a user's mail address from the LDAP server. You would set one of the list values to "mail" which is an LDAP attribute for a user. The values for the set of attributes are written to the user's authentication record, and may be retrieved by using the Security.Users class, Attributes property.
Property methods: LDAPAttributesBuildValueArray(), LDAPAttributesCollectionToDisplay(), LDAPAttributesCollectionToOdbc(), LDAPAttributesDisplayToCollection(), LDAPAttributesDisplayToLogical(), LDAPAttributesGet(), LDAPAttributesGetObject(), LDAPAttributesGetObjectId(), LDAPAttributesGetStored(), LDAPAttributesGetSwizzled(), LDAPAttributesIsValid(), LDAPAttributesLogicalToDisplay(), LDAPAttributesLogicalToOdbc(), LDAPAttributesNormalize(), LDAPAttributesOdbcToCollection(), LDAPAttributesSet(), LDAPAttributesSetObject(), LDAPAttributesSetObjectId()
property LDAPBaseDN as %String (MAXLEN = 256) [ Required ];
Specifies the point in the directory tree from which searches begin.
This typically consists of domain components, such as DC=intersystems,DC=com
Property methods: LDAPBaseDNDisplayToLogical(), LDAPBaseDNGet(), LDAPBaseDNGetStored(), LDAPBaseDNIsValid(), LDAPBaseDNLogicalToDisplay(), LDAPBaseDNLogicalToOdbc(), LDAPBaseDNNormalize(), LDAPBaseDNSet()
property LDAPBaseDNForGroups as %String (MAXLEN = 256) [ Required ];
Specifies the point in the directory tree from which searches begin for Groups.
This typically consists of domain components, such as DC=intersystems,DC=com
Property methods: LDAPBaseDNForGroupsDisplayToLogical(), LDAPBaseDNForGroupsGet(), LDAPBaseDNForGroupsGetStored(), LDAPBaseDNForGroupsIsValid(), LDAPBaseDNForGroupsLogicalToDisplay(), LDAPBaseDNForGroupsLogicalToOdbc(), LDAPBaseDNForGroupsNormalize(), LDAPBaseDNForGroupsSet()
property LDAPCACertFile as %String (MAXLEN = 256);
Specifies the location of the file containing any TLS/SSL certificates (in PEM format) being used to authenticate the server certificate (Unix Only).
Property methods: LDAPCACertFileDisplayToLogical(), LDAPCACertFileGet(), LDAPCACertFileGetStored(), LDAPCACertFileIsValid(), LDAPCACertFileLogicalToDisplay(), LDAPCACertFileLogicalToOdbc(), LDAPCACertFileNormalize(), LDAPCACertFileSet()
property LDAPClientTimeout as %Integer [ InitialExpression = $$$LDAPDefaultClientTimeout , Required ];
Amount of time the client waits until a Server Down is returned.
Property methods: LDAPClientTimeoutDisplayToLogical(), LDAPClientTimeoutGet(), LDAPClientTimeoutGetStored(), LDAPClientTimeoutIsValid(), LDAPClientTimeoutLogicalToDisplay(), LDAPClientTimeoutNormalize(), LDAPClientTimeoutSet(), LDAPClientTimeoutXSDToLogical()
property LDAPFlags as Security.Datatype.LDAPFlags [ InitialExpression = $$$LDAPEnabled+$$$LDAPActiveDirectory+$$$LDAPUseGroups+$$$LDAPKerberosOnly , Required ];
Flags for the LDAP connection.
Bit 0 - Active directory LDAP server
Bit 1 - Use SSL/TLS connection
Bit 2 - Unused
Bit 3 - Use Groups
Bit 4 - Use Nested Groups
Bit 5 - Use Universal Groups
Bit 6 - LDAP configuration enabled
Bit 7 - Kerberos Only
Property methods: LDAPFlagsDisplayToLogical(), LDAPFlagsGet(), LDAPFlagsGetStored(), LDAPFlagsIsValid(), LDAPFlagsLogicalToDisplay(), LDAPFlagsLogicalToOdbc(), LDAPFlagsNormalize(), LDAPFlagsSet(), LDAPFlagsXSDToLogical()
property LDAPGroupId as %String (MAXLEN = 256);
Used to filter roles returned by the LDAP server for a user.
Property methods: LDAPGroupIdDisplayToLogical(), LDAPGroupIdGet(), LDAPGroupIdGetStored(), LDAPGroupIdIsValid(), LDAPGroupIdLogicalToDisplay(), LDAPGroupIdLogicalToOdbc(), LDAPGroupIdNormalize(), LDAPGroupIdSet()
property LDAPHostNames as %String (MAXLEN = 256) [ Required ];
Host name of the LDAP server.
May be one or more, separated by a space. An optional port may be appended to the host name separated by a ":" (name:port) if the LDAP server is using non standard ports.
Property methods: LDAPHostNamesDisplayToLogical(), LDAPHostNamesGet(), LDAPHostNamesGetStored(), LDAPHostNamesIsValid(), LDAPHostNamesLogicalToDisplay(), LDAPHostNamesLogicalToOdbc(), LDAPHostNamesNormalize(), LDAPHostNamesSet()
property LDAPInstanceId as %String (MAXLEN = 256) [ InitialExpression = $zu(110)_"_"_$p($zu(86),"*",2) ];
Used to filter roles returned by the LDAP server for a user.
Property methods: LDAPInstanceIdDisplayToLogical(), LDAPInstanceIdGet(), LDAPInstanceIdGetStored(), LDAPInstanceIdIsValid(), LDAPInstanceIdLogicalToDisplay(), LDAPInstanceIdLogicalToOdbc(), LDAPInstanceIdNormalize(), LDAPInstanceIdSet()
property LDAPSearchPassword as Security.Datatype.Password (MAXLEN = 64);
Password of the search user.
Property methods: LDAPSearchPasswordGet(), LDAPSearchPasswordGetStored(), LDAPSearchPasswordIsValid(), LDAPSearchPasswordLogicalToDisplay(), LDAPSearchPasswordLogicalToOdbc(), LDAPSearchPasswordLogicalToXSD(), LDAPSearchPasswordXSDToLogical()
property LDAPSearchUsername as %String (MAXLEN = 256) [ Required ];
Username of the LDAP search user with enough privileges to search the LDAP database (Windows only).
Property methods: LDAPSearchUsernameDisplayToLogical(), LDAPSearchUsernameGet(), LDAPSearchUsernameGetStored(), LDAPSearchUsernameIsValid(), LDAPSearchUsernameLogicalToDisplay(), LDAPSearchUsernameLogicalToOdbc(), LDAPSearchUsernameNormalize(), LDAPSearchUsernameSet()
property LDAPServerTimeout as %Integer [ InitialExpression = $$$LDAPDefaultServerTimeout , Required ];
Amount of time the LDAP server will wait for a client message before the connection is terminated.
Property methods: LDAPServerTimeoutDisplayToLogical(), LDAPServerTimeoutGet(), LDAPServerTimeoutGetStored(), LDAPServerTimeoutIsValid(), LDAPServerTimeoutLogicalToDisplay(), LDAPServerTimeoutNormalize(), LDAPServerTimeoutSet(), LDAPServerTimeoutXSDToLogical()
property LDAPUniqueDNIdentifier as %String (MAXLEN = 128) [ InitialExpression = "sAMAccountName" , Required ];
A unique identifying element of each user in the LDAP database.
For Active Directory LDAP servers, usually sAMAccountName.
Property methods: LDAPUniqueDNIdentifierDisplayToLogical(), LDAPUniqueDNIdentifierGet(), LDAPUniqueDNIdentifierGetStored(), LDAPUniqueDNIdentifierIsValid(), LDAPUniqueDNIdentifierLogicalToDisplay(), LDAPUniqueDNIdentifierLogicalToOdbc(), LDAPUniqueDNIdentifierNormalize(), LDAPUniqueDNIdentifierSet()
property Name as %String (MAXLEN = 128, MINLEN = 1) [ Required ];
Name of the LDAP configuration.
Property methods: NameDisplayToLogical(), NameGet(), NameGetStored(), NameIsValid(), NameLogicalToDisplay(), NameLogicalToOdbc(), NameNormalize(), NameSet()
property NamespaceId as %String (MAXLEN = 64) [ InitialExpression = "Namespace" , Required ];
Namespace Id used for group naming.
Property methods: NamespaceIdDisplayToLogical(), NamespaceIdGet(), NamespaceIdGetStored(), NamespaceIdIsValid(), NamespaceIdLogicalToDisplay(), NamespaceIdLogicalToOdbc(), NamespaceIdNormalize(), NamespaceIdSet()
property OrganizationId as %String (MAXLEN = 64) [ InitialExpression = "intersystems" ];
Organization name used for group naming.
Property methods: OrganizationIdDisplayToLogical(), OrganizationIdGet(), OrganizationIdGetStored(), OrganizationIdIsValid(), OrganizationIdLogicalToDisplay(), OrganizationIdLogicalToOdbc(), OrganizationIdNormalize(), OrganizationIdSet()
property RoleId as %String (MAXLEN = 64) [ InitialExpression = "Role" , Required ];
Role Id used for group naming.
Property methods: RoleIdDisplayToLogical(), RoleIdGet(), RoleIdGetStored(), RoleIdIsValid(), RoleIdLogicalToDisplay(), RoleIdLogicalToOdbc(), RoleIdNormalize(), RoleIdSet()
property RoutineId as %String (MAXLEN = 64) [ InitialExpression = "Routine" , Required ];
Routine Id used for group naming.
Property methods: RoutineIdDisplayToLogical(), RoutineIdGet(), RoutineIdGetStored(), RoutineIdIsValid(), RoutineIdLogicalToDisplay(), RoutineIdLogicalToOdbc(), RoutineIdNormalize(), RoutineIdSet()

Methods

classmethod Copy(Name As %String, NewName As %String) as %Status
Copy a LDAP configuration.
Copy an existing LDAP configuration in the Security database to a new one.
Parameters:
Name - Name of the LDAP configuration to be copied.
NewName - Name of the New LDAP configuration to be created.
classmethod Create(Name As %String, ByRef Properties As %String) as %Status
Create a LDAP configuration.
Create a LDAP configuration in the Security database.
Parameters:
Name - Name of the LDAP configuration to create
Properties - Array of properties
See the Get() method for a description of the Properties parameter.
If a specific property is not passed in the Properties array, the value is not set.
classmethod Delete(Name As %String) as %Status
Delete a LDAP configuration.
This method will delete a LDAP configuration from the security database. After the LDAP Configuration is delete, any user in the User database associated with this configuration will also be deleted.
Parameters:
Name - Name of LDAP configuration to delete
classmethod Exists(Name As %String, ByRef LDAP As %ObjectHandle, ByRef Status As %Status) as %Boolean
LDAP configuration exists.
This method checks for the existence of a LDAP config in the security database.
Parameters:
Name - Name of the LDAP config to check existence of
Return values:
If Value of the method = 0 (LDAP does not exist, or some error occured)
LDAP = Null
Status = LDAP "x" does not exist, or other error message

If Value of the method = 1 (LDAP exists)
LDAP = Object handle to LDAP config
Status = $$$OK
classmethod Export(FileName As %String = "LDAPConfigsExport.xml", ByRef NumExported As %Integer, LDAPConfigs As %String = "*") as %Status
This method exports LDAP configuration records to a file in xml format.
Parameters:
Filename - Output file name
NumExported (byref) - Returns number of records exported.
LDAPConfigs - Comma separated list of LDAPConfigs to export, "*" = All
classmethod FormatExample(Mode As %Integer, OrganizationId As %String, GroupId As %String, InstanceId As %String, RoleId As %String, NamespaceId As %String, RoutineId As %String, DelimiterId As %String, UniversalGroup As %Boolean, LDAPGroupId As %String, LDAPInstanceId As %String, ByRef ExampleResults) as %Status
classmethod FormatName(Name As %String, ByRef NewName As %String, ByRef BaseDN As %String) as %Status
Format the domain name.
Parameters:
Name - Name of the domain to format and validate
NewName - byref formatted name of the name as follows:
Remove "@\,"
Lowercase it
Add ".com" or "com" if no suffix
Make sure no null pieces
classmethod Get(Name As %String, ByRef Properties As %String) as %Status
Get a LDAP configurations properties.
Gets a LDAP config's properties from the security database.
Parameters:
Name - Name of the LDAP config to get
Return values:
Properties - Array of properties. See the class documentation for each individual property.
Properties("Description")
Properties("LDAPAttributes",AttributeName)
Properties("LDAPAttributeComment")
Properties("LDAPAttributeFullName")
Properties("LDAPAttributeMail")
Properties("LDAPAttributeMobile")
Properties("LDAPAttributeMobileProvider")
Properties("LDAPAttributeNameSpace")
Properties("LDAPAttributeRoutine")
Properties("LDAPAttributeRoles")
Properties("LDAPBaseDN")
Properties("LDAPBaseDNForGroups")
Properties("LDAPCACertFile")
Properties("LDAPClientTimeout")
Properties("LDAPHostNames")
Properties("LDAPFlags")
Properties("LDAPGroupId")
Properties("LDAPInstanceId")
Properties("OrganizationId")
Properties("GroupId")
Properties("InstanceId")
Properties("RoleId")
Properties("NamespaceId")
Properties("RoutineId")
Properties("DelimiterId")
Properties("LDAPSearchPassword")
Properties("LDAPSearchUsername")
Properties("LDAPServerTimeout")
Properties("LDAPUniqueDNIdentifier")
classmethod GetProperties(LDAP As %ObjectHandle, ByRef Properties As %String) as %Status
Get a LDAP configurations properties.
Gets a LDAP configurtions properties from the security database.
Parameters:
LDAP - Object handle to a LDAP record
Return values:
Properties - See the Get method for more information on properties returned
classmethod Import(FileName As %String = "LDAPConfigsExport.xml", ByRef NumImported As %Integer, Flags As %Integer = 0) as %Status
Import LDAP configuration records from an xml file.
Parameters:
FileName - Filename to import LDAP configuration records from
NumImported (byref) - Returns number of records imported
Flags - Control import
Bit 0 - Do not import records, just return count
Note: On failure, no records will be imported
classmethod Modify(Name As %String, ByRef Properties As %String) as %Status
Modify a LDAP configuration.
Modify an existing LDAP configurations properties in the security database.
Parameters:
Name - Name of the LDAP configuration to modify
Properties - Array of properties to modify.
See the Get() method for a description of the Properties parameter.
If a specific property is not passed in the Properties array, the value is not modified.

Queries

query Detail(Names As %String = "*", Flags As %Integer = 0)
Selects Name, Description, LDAP Enabled, ActiveDirectory, UseSSL, UseGroups, UseNestedGroups, UniversalGroups, AllowISCLDAPCONFIGURATION, LDAPAttributes, LDAPAttributeComment, LDAPAttributeFullName, LDAPAttributeMail, LDAPAttributeMobile, LDAPAttributeMobileProvider, LDAPAttributeNameSpace, LDAPAttributeRoles, LDAPAttributeRoutine, LDAPBaseDN, LDAPBaseDNForGroups, LDAPCACertFile, LDAPClientTimeout, LDAPFlags, LDAPGroupId, LDAPHostNames, LDAPInstanceId, OrganizationId, GroupId, InstanceId, RoleId, NamespaceId, RoutineId, DelimiterId, LDAPSearchUsername, LDAPServerTimeout, LDAPUniqueDNIdentifier, LDAPFlagsDisplay
Detail of LDAP Configurations.
Names - Comma separated list of LDAP names, "*" = All
Flags - 0 - Use "Startswith" as the selection on the name.
Flags - 1 - Use "Contains" as the selection on the name.
Note: This query may change in future versions
query List(Names As %String = "*", Flags As %Integer = 0)
Selects Name As %String, LDAP Enabled As %String, Description As %String, LDAPCACertFile As %String
List of LDAP Configurations.
Names - Comma separated list of LDAP names, "*" = All
Flags - 0 - Use "Startswith" as the selection on the name.
Flags - 1 - Use "Contains" as the selection on the name.
Note: This query may change in future versions

Indexes

index (NameIndex on NameLowerCase) [IdKey, Type = key];
Index methods: NameIndexCheck(), NameIndexDelete(), NameIndexExists(), NameIndexOpen(), NameIndexSQLCheckUnique(), NameIndexSQLExists(), NameIndexSQLFindPKeyByConstraint(), NameIndexSQLFindRowIDByConstraint()

Inherited Members

Inherited Methods

Storage

Storage Model: Storage (Security.LDAPConfigs)

^|$$$SecurityMapLDAPConfigs|SYS("Security","LDAPConfigsD")(ID)
=
%%CLASSNAME
Description
Name
LDAPAttributes
LDAPAttributeComment
LDAPAttributeFullName
LDAPAttributeMail
LDAPAttributeMobile
LDAPAttributeMobileProvider
LDAPAttributeNameSpace
LDAPAttributeRoles
LDAPAttributeRoutine
LDAPBaseDN
LDAPCACertFile
LDAPClientTimeout
LDAPDomainName
LDAPFlags
LDAPGroupId
LDAPHostNames
LDAPInstanceId
LDAPSearchPassword
LDAPSearchUsername
LDAPServerTimeout
LDAPUniqueDNIdentifier
OrganizationId
GroupId
InstanceId
RoleId
NamespaceId
RoutineId
DelimiterId
Version
LDAPBaseDNForGroups
FeedbackOpens in a new tab