|
Table of Contents
|
LDAP4D at A Dog And His Boy |
LDAP4D - Sample Methods |
|
|
|
|
About this section... |
Sample methods that may or may not be distributed with LDAP4D but are provided as examples. |
LDAPu_GetActiveDirectoryUsers |
|
|
`LDAPu_GetActiveDirectoryUsers
` Project method
` created 4/6/07
` `
`This is a wrapper for a search operation demonstraing how to access users on an Active Directory server
C_TEXT($tSearchBase;$tServerName;$tFilter;$tUser;$tPassword)
C_LONGINT($iNumResponses)
`Active Directory form of a user's Distinguished Name
` "CN=Bleeper Blozgo,CN=Users,DC=ad,DC=dogboy,DC=com"
`possible desired attributes - note that these may or may not be populated
`values are modifiable on a Windows 2000 Server via the
` Users and Groups dialog boxes in "Active Directory Users and Computers" application
ARRAY TEXT(at_Attributenames;10) `note: leaving the attributes array empty is the same as asking for all attributes
at_Attributenames{1}:="memberOf" `may return multiple values in the form "CN=Schema Admins,CN=Users,DC=ad,DC=dogboy,DC=com"
at_Attributenames{2}:="manager"
at_Attributenames{3}:="mail" `may return multiple values
at_Attributenames{4}:="otherTelephone"
at_Attributenames{5}:="cn" `common name - ex. "Tom Swenson"
at_Attributenames{6}:="displayName"
at_Attributenames{7}:="givenName"
at_Attributenames{8}:="name"
at_Attributenames{9}:="sn" `surname
at_Attributenames{10}:="memberOf"
`$1 = distinguished name - search base
`$2 = servername
`$3 = search filter
`$4 = {optional} user name
`$5 = {optional} user password
`$6 = {optional} pointer to array of attribute
$tSearchBase:="DC=ad, DC=dogboy, DC=com" `in this case the domain name of the server is 'ad.dogboy.com'
$tServerName:="192.168.0.200" `I.P. Address or DNS name
`filter to get list of users in "Domain Admins" group on an Windows 2000 Active Directory server
$tFilter:="(&(objectClass=Person)"
$tFilter:=$tFilter+"(memberOF=CN=Domain Admins, CN=Users,DC=ad,DC=dogboy,DC=com))"
$tUser:="Mot Nosnews"
$tPassword:="S0meRea11yHardT0Figure0utPassw0rd"
LDAPu_DoSearch ($tSearchBase;$tServerName;$tFilter;$tUser;$tPassword) `does an open connection, bind, search, parse response(s), unbind and close connection
`also might want to adjust additional parms in call to LDAP_Search inside LDAPu_DoSearch
$iNumResponses:=LDAP_iNumResponses `count of responses from search request
If ($iNumResponses>0)
C_POINTER($pDNs;$pAttributes)
$pDNs:=LDAP_Pointer2DistinguishedNames
ARRAY TEXT(at_MyDistinguishedNames;$iNumResponses)
COPY ARRAY($pDNs->;at_MyDistinguishedNames) `list of users
$pAttributes:=LDAP_Pointer2AttributeTypes `Pointer to 2D array of attribute types returned for each response.
`seems strange, but different attributes may be returned for seemingly alike directory tree entries
ARRAY TEXT(at_ReturnedAttributes;$iNumResponses;0) `2D array as attribute can have multiple values
COPY ARRAY($pAttributes->;at_ReturnedAttributes)
`note: attribute values are returned in arrays declared in COMPILERu_LDAP_ProcessVars
`example of stepping through them and placing in a hierachical list is in method aaaLoadList in demo db
End if
`note: the response arrays populated in a search are cleared by a call to
`now do what you want with the values returned
|
|
LDAPu_DoSearch |
|
`LDAPu_DoSearch
`Project method
`created 8/13/02
`{030310} modified - added name and password parms
`
`Copyright A Dog and His Boy
`wrapper for LDAP_SearchRequest
`$1 = distinguished name - search base
`$2 = servername
`$3 = search filter
`$4 = {optional} user name
`$5 = {optional} user password
`$6 = {optional} pointer to array of attribute
`pass empty strings for user name and password for anonymous binds
`can also extend by passing in an LDAP search string
`probably (some day) want to extend to doing a SSL connection
`$0 = result code, 0 = success, non-zero = failure
C_TEXT($1;$2;$tDN;$tServerName;$tText;$tSearchFilter;$tErrMessage)
C_LONGINT($0;$iLDAPstream;$iMessageID;$iErr;$iSizeLimit;$iTimeLimit)
C_TEXT($3;$4;$tUserName;$5;$tPassword)
C_POINTER($6)
`preconditions
$0:=0 ` no error yet
Case of
: (Count parameters<5)
$0:=-1
Else
$tDN:=$1
$tServerName:=$2
$tSearchFilter:=$3
$tUserName:=$4
$tPassword:=$5
End case
If ($0=0) `passed preconditions
LDAP_DeclareVars
$iLDAPstream:=LDAP_Open ($tServerName;389)
If ($iLDAPstream#0)
$iMessageID:=1
$iErr:=LDAP_Message_Send ($iLDAPstream;$iMessageID;LDAP_BindRequest ($tUserName;$tPassword))
$iErr:=LDAP_ResponseParse ($iLDAPstream)
If ($iErr=0) `noErr
If (Count parameters>5)
COPY ARRAY($6->;tA_LDAPSearchAttributes)
Else
ARRAY TEXT(tA_LDAPSearchAttributes;0) `we want all the attributes
End if
$iMessageID:=$iMessageID+1
`these could be made prefs somewhere
$iSizeLimit:=50
$iTimeLimit:=15 `seconds
`$1 = baseObject - text - distinguished name
`$2 = scope - text
`$3 = derefAliases - text
`$4 = sizeLimit (max num of results to return) - LI
`$5 = time limit (in seconds) - LI
`$6 = pointer to BER encoded LDAP Filter (per RFC 2254)
`$7 = pointer to array - Attributes to return - empty means all`note might want to
`$8 = return attributes - boolean, true = only attributes,
` false = both attributes and values
$tText:=LDAP_SearchRequest ($tDN;"wholeSubTree";"neverDerefAliases";$iSizeLimit;$iTimeLimit;$tSearchFilter;->tA_LDAPSearchAttributes;False)
$tErrMessage:=LDAP_tFilterErrorMessage `see if search filter was valid
If ($tErrMessage="")
$iErr:=LDAP_Message_Send ($iLDAPstream;$iMessageID;$tText)
$iErr:=LDAP_ResponseParse ($iLDAPstream)
`here it is up to the developer to pull values returned out of arrays
`and display them as he/she will
`use the Response Handling methods - http://www.adogandhisboy.com/manual/Response.html
If ($iErr>0)
$0:=0 `noErr
Else
$0:=-1 `failure
End if
Else
ALERT("Problem with search filter: "+$tErrMessage)
End if
$iMessageID:=$iMessageID+1
$iErr:=LDAP_Message_Send ($iLDAPstream;$iMessageID;LDAP_UnbindRequest )
Else `couldn't bind
$0:=-1
End if
$iErr:=LDAP_Close ($iLDAPstream)
Else
$0:=-1 `couldn't open a stream
End if
End if `passed preconditions
|
|
aaaLoadList |
|
|
`aaaLoadList
`load a hierarchical list with a display of the responses
`this is an example of how to access all attribute values returned from an LDAP_SearchRequest
`created {030310}
C_LONGINT($iSelectedItemRef;$iNumResponses;$iNumAttributeTypes;$iList;$iCountValues;$i)
C_LONGINT($iResponseLoop;$iAttributeLoop;$iItemRef;$iAttributeIndex;$iSubList)
C_TEXT($tItemText;$tAttributeName)
C_POINTER($pDistinguishedNames;$pAttributeTypes;$pResponseAttributes)
If (Is a list(hAttributeList))
CLEAR LIST(hAttributeList;*)
End if
hAttributeList:=New list
`now load from arrays if they have content
`hAttributeList is set up in 'On Load" button on page 0 of the demo application
$iNumResponses:=LDAP_iNumResponses
$iNumAttributeTypes:=LDAP_iNumAttributeTypes
$iItemRef:=0 `this will be used only for this list, and reset every time the list is created
$pDistinguishedNames:=LDAP_Pointer2DistinguishedNames `1 for each response
$pAttributeTypes:=LDAP_Pointer2AttributeTypes `all attributes returned in all responses
$pResponseAttributes:=LDAP_Pointer2ResponseAttributes `2D array, 1 row for each response
`build an array of pointers to attribute values arrays
`note: the tA_AttributeValue1, tA_AttributeValue2, ... arrays
`are cleared in LDAPu_InitSearchResponse which is called internally by LDAP_SearchRequest
`they are then populated if the search request was successful.
ARRAY POINTER($pAttributeValues;$iNumAttributeTypes)
For ($iAttributeLoop;1;$iNumAttributeTypes)
$pAttributeValues{$iAttributeLoop}:=Get pointer("tA_AttributeValue"+String($iAttributeLoop)) `a pointer to a 2d array of attribute values
End for
`now put attributes and values from each response into sublists
For ($iResponseLoop;1;$iNumResponses) `each response that came back
$tItemText:=$pDistinguishedNames->{$iResponseLoop}
`create a list of attribute names for each attribute returned with this response
$iList:=New list
$iNumAttributeTypes:=Size of array($pResponseAttributes->{$iResponseLoop})
For ($iAttributeLoop;1;$iNumAttributeTypes) `each of the attributes that came back with this response
$tAttributeName:=$pResponseAttributes->{$iResponseLoop}{$iAttributeLoop}
$iAttributeIndex:=Find in array($pAttributeTypes->;$tAttributeName) `also the index into the values array
$iCountValues:=Size of array($pAttributeValues{$iAttributeIndex}->{$iResponseLoop}) `# of values for this attribute of this response
Case of `each attribute could be a list itself, since it could hold multiple values
: ($iCountValues=0) `don't include the attribute in the list
: ($iCountValues>=1) `make a list of the values
$iSubList:=New list `a list of values of the attribute
For ($i;1;$iCountValues)
$iItemRef:=$iItemRef+1
APPEND TO LIST($iSubList;$pAttributeValues{$iAttributeIndex}->{$iResponseLoop}{$i};$iItemRef;0;True)
End for
$iItemRef:=$iItemRef+1
APPEND TO LIST($iList;$tAttributeName;$iItemRef;$iSubList;True) `expand this
End case
End for `$iAttributeLoop
$iItemRef:=$iItemRef+1
APPEND TO LIST(hAttributeList;$tItemText;$iItemRef;$iList;False) `attach the list to the parent list as an "item"
End for
|
|