LDAP Interface
Hi
Comments
What exactly do you want to reach, authentification in Caché using LDAP login, or you want to connect and load users from AD ?
Hi Dmitry
Thank for the reply
the latter is the one I need.
I want to updated attributes in the AD (e.g. department, telephoneNumber, mobile, location , ... ) with data from our HR applicattion in an online/scheduled interface.
I have found the the EnsLib.LDAP.OutboundAdapter but didn't find more readble guide (e.g.: Using Email Adapters with Ensemble )
Gadi
So, you have to modify some entries in AD by data on Caché side.
In first, I have not been done such work before, I'm just trying to suggest what may help you.
Better way to understand what you have to achieve your needs, it's look at classes. Like EnsLib.LDAP.OutboundAdapter which you've already found and %SYS.LDAP which is lowest class, which actually doing all work with LDAP. Actually Enslib.LDAP as I see used deprecated classes from %Net.LDAP.Client.
How it may help? for example? you can find there such method as GetEntryEditObj, which I think may be used to edit some entries in your AD, if you have enough permissions. Some example you can find in the class for this EntryEdit. Or method ModifyExts in %SYS.LDAP, also has some examples.
Hope it helps.
Hi Gadi,
The connection to the DB is done automatically by the adapter after you configure the BO settings.
For example:
| LDAP Server | Soraski.co.il |
| LDAP Port | 389 |
| Distinguished Name | OU=Users,OU=Accounts,DC=soraski,DC=co,DC=il |
Here is a sample code for a method in a Business Operation that searches the LDAP DB:
The input accepts a filter (by which you want to search LDAP) and attributes (which attributes do you want returned. if no attributes are specified, all of the attributes are returned)
Method Search(pRequest As LDAP.REQ.Search, Output pResponse As LDAP.RES.Search) As %Status
{
Set pResponse=##class(LDAP.RES.Search).%New()
// sample data
//set pRequest.Filter="cn=kerensk"
//set pRequest.Attributes="sn,givenName"
Set tSC=..Adapter.Search(.tEntries,2,pRequest.Filter,pRequest.Attributes,0)
if $$$ISERR(tSC) quit tSC
if '$IsObject(tEntries) quit tSC
Set count=0
do {
Set count=count+1
Set ent=tEntries.GetCurEntry()
Set tRespEnt=##class(LDAP.RES.SearchEntry).%New()
Set tRespEnt.DN=ent.DN
Set attr="" ,str=""
do {
Set attr=ent.Next(attr)
set str=str_","_attr
Set valuelist=ent.GetAttribValue()
Set valstr=""
// go through the returned entries
if valuelist'="" {
For i=1:1:valuelist.GetNumItems() {
Set valstr=valstr_",'"_valuelist.GetValue(i)_"'"
}
Set valstr=$Extract(valstr,2,$Length(valstr))
Do tRespEnt.Attributes.SetAt(valstr,attr)
}
else {
set pResponse.Error="not found"
}
} while attr'=""
Do pResponse.Entries.SetAt(tRespEnt,count)
} while tEntries.NextEntry()
$$$TRACE("Count of Entries: "_count)
$$$TRACE(str)
Quit tSC
}
Keren.
In addition, here is a sample for updating an attribute in LDAP - First you need to search for the correct entry in LDAP so you would be update it.
Method UpdateSingleValue(pRequest As LDAP.REQ.SetSingleValueAttributes, Output pResponse As LDAP.RES.SetSingleValueAttributes) As %Status
{
#dim tEntries as %Net.LDAP.Client.Entries
#dim ent as %Net.LDAP.Client.Entry
Set pResponse=##class(LDAP.RES.SetSingleValueAttributes).%New()
try {
// sample input data
//set pRequest.UserName="kerensk"
//set x=##class(LDAP.REQ.AttributeInfo).%New()
//set x.AttributeName="employeeID"
//set x.AttributeValue="12345"
//set y=##class(LDAP.REQ.AttributeInfo).%New()
//set y.AttributeName="countryCode"
//set y.AttributeValue="33"
//do pRequest.AttributeNames.Insert(x)
//do pRequest.AttributeNames.Insert(y)
// prepare search parameters
set Filter="SAMAccountName="_pRequest.UserName
if pRequest.AttributeNames.Count()=0 {
set pResponse.Success=0
set pResponse.ErrorMessage="Empty attributes list"
quit
}
if pRequest.UserName="" {
set pResponse.Success=0
set pResponse.ErrorMessage="Empty username parameter"
quit
}
// search
Set tSC=..Adapter.Search(.tEntries,2,Filter,"")
if $$$ISERR(tSC) {
set pResponse.Success=0
set pResponse.ErrorMessage=$system.Status.GetErrorText(tSC)
quit
}
if '$IsObject(tEntries) {
set pResponse.Success=0
set pResponse.ErrorMessage="User does not exist"
quit
}
set ent=tEntries.GetNext("")
if ($IsObject(ent)) {
Set editParam = ##class(%Net.LDAP.Client.EditEntry).%New()
Set editParam = tEntries.EditCurEntry()
for i=1:1:pRequest.AttributeNames.Count() {
do editParam.Replace(pRequest.AttributeNames.GetAt(i).AttributeName,pRequest.AttributeNames.GetAt(i).AttributeValue,0)
}
set tSC = editParam.Commit()
$$$TRACE("Commit="_$system.Status.GetErrorText(tSC))
if $$$ISERR(tSC) {
set pResponse.Success=0
set pResponse.ErrorMessage=$system.Status.GetErrorText(tSC)
quit
}
}
}
catch Err {
set tSC=Err.AsStatus()
set pResponse.Success=0
set pResponse.ErrorMessage=$system.Status.GetErrorText(tSC)
}
Quit $$$OK
}
Thanks for all the answers, I sure have enough to go and make my "homeworks"
cheers
Gadi