Table of Contents
LDAP4D at A Dog And His Boy

LDAP4D - Sample Methods


About this section...

Sample methods that may or may not be distributed with LDAP4D but are provided as examples.


  ` Project method
  ` created 4/6/07
  `  `
  `This is a wrapper for a search operation demonstraing how to access users on an Active Directory server


  `Active Directory form of a user's Distinguished Name
  `    "CN=Bleeper Blozgo,CN=Users,DC=ad,DC=dogboy,DC=com"  

  `possible desired attributes - note that these may or may not be populated
  `values are modifiable on a Windows 2000 Server via the 
  ` Users and Groups dialog boxes in "Active Directory Users and Computers"  application

ARRAY TEXT(at_Attributenames;10)  `note: leaving the attributes array empty is the same as asking for all attributes 
at_Attributenames{1}:="memberOf"  `may return multiple values in the form "CN=Schema Admins,CN=Users,DC=ad,DC=dogboy,DC=com"
at_Attributenames{3}:="mail"  `may return multiple values
at_Attributenames{5}:="cn"  `common name - ex. "Tom Swenson"
at_Attributenames{9}:="sn"  `surname

  `$1 = distinguished name - search base
  `$2 = servername 
  `$3 = search filter
  `$4 = {optional} user name
  `$5 = {optional} user password
  `$6 = {optional} pointer to array of attribute

$tSearchBase:="DC=ad, DC=dogboy, DC=com"  `in this case the domain name of the server is ''

$tServerName:=""  `I.P. Address or DNS name

  `filter to get list of users in "Domain Admins" group on an Windows 2000 Active Directory server
$tFilter:=$tFilter+"(memberOF=CN=Domain Admins, CN=Users,DC=ad,DC=dogboy,DC=com))"
$tUser:="Mot Nosnews"

LDAPu_DoSearch ($tSearchBase;$tServerName;$tFilter;$tUser;$tPassword)  `does an open connection, bind, search, parse response(s), unbind and close connection
  `also might want to adjust additional parms in call to LDAP_Search inside LDAPu_DoSearch

$iNumResponses:=LDAP_iNumResponses   `count of responses from search request

If ($iNumResponses>0)
	ARRAY TEXT(at_MyDistinguishedNames;$iNumResponses)
	COPY ARRAY($pDNs->;at_MyDistinguishedNames)  `list of users
	$pAttributes:=LDAP_Pointer2AttributeTypes   `Pointer to 2D array of attribute types returned for each response.
	  `seems strange, but different attributes may be returned for seemingly alike directory tree entries
	ARRAY TEXT(at_ReturnedAttributes;$iNumResponses;0)  `2D array as attribute can have multiple values
	COPY ARRAY($pAttributes->;at_ReturnedAttributes)
	  `note: attribute values are returned in arrays declared in COMPILERu_LDAP_ProcessVars
	  `example of stepping through them and placing in a hierachical list is in method aaaLoadList in demo db
End if 

  `note: the response arrays populated in a search are cleared by a call to 
  `now do what you want with the values returned


  `Project method
  `created 8/13/02
  `{030310} modified - added name and password parms
  `Copyright A Dog and His Boy
  `wrapper for LDAP_SearchRequest 

  `$1 = distinguished name - search base
  `$2 = servername 
  `$3 = search filter
  `$4 = {optional} user name
  `$5 = {optional} user password
  `$6 = {optional} pointer to array of attribute

  `pass empty strings for user name and password for anonymous binds
  `can also extend by passing in an LDAP search string
  `probably (some day) want to extend to doing a SSL connection

  `$0 = result code, 0 = success, non-zero = failure


$0:=0  ` no error yet
Case of 
	: (Count parameters<5)
End case 

If ($0=0)  `passed preconditions
	$iLDAPstream:=LDAP_Open ($tServerName;389)
	If ($iLDAPstream#0)
		$iErr:=LDAP_Message_Send ($iLDAPstream;$iMessageID;LDAP_BindRequest ($tUserName;$tPassword))
		$iErr:=LDAP_ResponseParse ($iLDAPstream)
		If ($iErr=0)  `noErr
			If (Count parameters>5)
				COPY ARRAY($6->;tA_LDAPSearchAttributes)
				ARRAY TEXT(tA_LDAPSearchAttributes;0)  `we want all the attributes
			End if 
			  `these could be made prefs somewhere
			$iTimeLimit:=15  `seconds  
			  `$1 = baseObject -  text - distinguished name
			  `$2 = scope - text
			  `$3 = derefAliases - text
			  `$4 = sizeLimit (max num of results to return) - LI
			  `$5 = time limit (in seconds) - LI
			  `$6 = pointer to BER encoded LDAP Filter (per RFC 2254)
			  `$7 = pointer to array - Attributes to return - empty means all`note might want to 
			  `$8 = return attributes - boolean, true = only attributes, 
			  `                                      false = both attributes and values
			$tText:=LDAP_SearchRequest ($tDN;"wholeSubTree";"neverDerefAliases";$iSizeLimit;$iTimeLimit;$tSearchFilter;->tA_LDAPSearchAttributes;False)
			$tErrMessage:=LDAP_tFilterErrorMessage   `see if search filter was valid
			If ($tErrMessage="")
				$iErr:=LDAP_Message_Send ($iLDAPstream;$iMessageID;$tText)
				$iErr:=LDAP_ResponseParse ($iLDAPstream)
				  `here it is up to the developer to pull values returned out of arrays
				  `and display them as he/she will        
				  `use the Response Handling methods - 
				If ($iErr>0)
					$0:=0  `noErr
					$0:=-1  `failure
				End if 
				ALERT("Problem with search filter: "+$tErrMessage)
			End if 
			$iErr:=LDAP_Message_Send ($iLDAPstream;$iMessageID;LDAP_UnbindRequest )
		Else   `couldn't bind
		End if 
		$iErr:=LDAP_Close ($iLDAPstream)
		$0:=-1  `couldn't open a stream  
	End if 
End if   `passed preconditions  


  `load a hierarchical list with a display of the responses
  `this is an example of how to access all attribute values returned from an LDAP_SearchRequest
  `created {030310}


If (Is a list(hAttributeList))
	CLEAR LIST(hAttributeList;*)
End if 
hAttributeList:=New list

  `now load from arrays if they have content
  `hAttributeList is set up in 'On Load" button on page 0 of the demo application  
$iItemRef:=0  `this will be used only for this list, and reset every time the list is created

$pDistinguishedNames:=LDAP_Pointer2DistinguishedNames   `1 for each response
$pAttributeTypes:=LDAP_Pointer2AttributeTypes   `all attributes returned in all responses
$pResponseAttributes:=LDAP_Pointer2ResponseAttributes   `2D array, 1 row for each response

  `build an array of pointers to attribute values arrays
  `note: the tA_AttributeValue1, tA_AttributeValue2, ... arrays 
  `are cleared in LDAPu_InitSearchResponse which is called internally by LDAP_SearchRequest
  `they are then populated if the search request was successful.
ARRAY POINTER($pAttributeValues;$iNumAttributeTypes)
For ($iAttributeLoop;1;$iNumAttributeTypes)
	$pAttributeValues{$iAttributeLoop}:=Get pointer("tA_AttributeValue"+String($iAttributeLoop))  `a pointer to a 2d array of attribute values
End for 

  `now put attributes and values from each response into sublists
For ($iResponseLoop;1;$iNumResponses)  `each response that came back
	  `create a list of attribute names for each attribute returned with this response
	$iList:=New list
	$iNumAttributeTypes:=Size of array($pResponseAttributes->{$iResponseLoop})
	For ($iAttributeLoop;1;$iNumAttributeTypes)  `each of the attributes that came back with this response
		$iAttributeIndex:=Find in array($pAttributeTypes->;$tAttributeName)  `also the index into the values array
		$iCountValues:=Size of array($pAttributeValues{$iAttributeIndex}->{$iResponseLoop})  `# of values for this attribute of this response
		Case of   `each attribute could be a list itself, since it could hold multiple values
			: ($iCountValues=0)  `don't include the attribute in the list
			: ($iCountValues>=1)  `make a list of the values
				$iSubList:=New list  `a list of values of the attribute
				For ($i;1;$iCountValues)
					APPEND TO LIST($iSubList;$pAttributeValues{$iAttributeIndex}->{$iResponseLoop}{$i};$iItemRef;0;True)
				End for 
				APPEND TO LIST($iList;$tAttributeName;$iItemRef;$iSubList;True)  `expand this
		End case 
	End for   `$iAttributeLoop
	APPEND TO LIST(hAttributeList;$tItemText;$iItemRef;$iList;False)  `attach the list to the parent list as an "item"  
End for 

Back to top