LDAP Interface

 

Hi

 
I'm looking for help with the LDAP adapter.
 
Beside the ensemble documentation does anyone has some "hands on" experience (e.g. production examples) with 'connecting to'  and 'updating data' in the AD?
 
Thanks 
Gadi 
  • 0
  • 0
  • 422
  • 3
  • 3

Answers

What exactly do you want to reach, authentification in Caché using LDAP login, or you want to connect and load users from AD ?

Hi

Thank for the reply

the latter is the one I need. 

I want to updated attributes in the AD (e.g. department, telephoneNumber, mobile,  location , ... )  with data from our HR applicattion in an online/scheduled interface.

I have found the the EnsLib.LDAP.OutboundAdapter but didn't find more readble guide (e.g.: Using Email Adapters with Ensemble )

Gadi

 

 

 

So, you have to modify some entries in AD by data on Caché side.
In first, I have not been done such work before, I'm just trying to suggest what may help you.
Better way to understand what you have to achieve your needs, it's look at classes. Like EnsLib.LDAP.OutboundAdapter which you've already found and %SYS.LDAP which is lowest class, which actually doing all work with LDAP. Actually Enslib.LDAP as I see used deprecated classes from %Net.LDAP.Client.

How it may help? for example? you can find there such method as GetEntryEditObj,  which I think may be used to edit some entries in your AD, if you have enough permissions. Some example you can find in the class for this EntryEdit. Or method ModifyExts in %SYS.LDAP, also has some examples.

Hope it helps.

 

Hi Gadi,

The connection to the DB is done automatically by the adapter after you configure the BO settings. 

For example:

LDAP ServerSoraski.co.il
LDAP Port389
Distinguished NameOU=Users,OU=Accounts,DC=soraski,DC=co,DC=il

 

Here is a sample code for a method in a Business Operation that searches the LDAP DB:

 

The input accepts a filter (by which you want to search LDAP) and attributes (which attributes do you want returned. if no attributes are specified, all of the attributes are returned)

Method Search(pRequest As LDAP.REQ.Search, Output pResponse As LDAP.RES.Search) As %Status
{
    Set pResponse=##class(LDAP.RES.Search).%New()
    

     // sample data

    //set pRequest.Filter="cn=kerensk"
    //set pRequest.Attributes="sn,givenName"
    Set tSC=..Adapter.Search(.tEntries,2,pRequest.Filter,pRequest.Attributes,0) 
    if $$$ISERR(tSC) quit tSC
    if '$IsObject(tEntries) quit tSC
    

    Set count=0 
    do {   
        Set count=count+1  
        Set ent=tEntries.GetCurEntry()
        Set tRespEnt=##class(LDAP.RES.SearchEntry).%New()
        Set tRespEnt.DN=ent.DN
        Set attr="" ,str=""
        do { 
            Set attr=ent.Next(attr)  
            set str=str_","_attr
             Set valuelist=ent.GetAttribValue()                      
            Set valstr=""

           // go through the returned entries
            if valuelist'="" { 
                For i=1:1:valuelist.GetNumItems() {
                    Set valstr=valstr_",'"_valuelist.GetValue(i)_"'"
                } 
                Set valstr=$Extract(valstr,2,$Length(valstr))
                Do tRespEnt.Attributes.SetAt(valstr,attr)
            }
            else {
                set pResponse.Error="not found"
            }
        } while attr'=""
        Do pResponse.Entries.SetAt(tRespEnt,count)
    } while tEntries.NextEntry()
    $$$TRACE("Count of Entries: "_count)
    $$$TRACE(str)
    Quit tSC
}
 

Keren.

In addition, here is a sample for updating an attribute in LDAP - First you need to search for the correct entry in LDAP so you would be update it.

 

Method UpdateSingleValue(pRequest As LDAP.REQ.SetSingleValueAttributes, Output pResponse As LDAP.RES.SetSingleValueAttributes) As %Status
{
    #dim tEntries as %Net.LDAP.Client.Entries
    #dim ent as %Net.LDAP.Client.Entry
    Set pResponse=##class(LDAP.RES.SetSingleValueAttributes).%New()
    try {

     // sample input data

        //set pRequest.UserName="kerensk"
        //set x=##class(LDAP.REQ.AttributeInfo).%New()
        //set x.AttributeName="employeeID"
        //set x.AttributeValue="12345"
        //set y=##class(LDAP.REQ.AttributeInfo).%New()
        //set y.AttributeName="countryCode"
        //set y.AttributeValue="33"
        //do pRequest.AttributeNames.Insert(x)
        //do pRequest.AttributeNames.Insert(y)
        
        
        // prepare search parameters
        set Filter="SAMAccountName="_pRequest.UserName
        if pRequest.AttributeNames.Count()=0 {
            set pResponse.Success=0
            set pResponse.ErrorMessage="Empty attributes list"
            quit
        }
        if pRequest.UserName="" {
            set pResponse.Success=0
            set pResponse.ErrorMessage="Empty username parameter"
            quit
        }
        
        // search
        Set tSC=..Adapter.Search(.tEntries,2,Filter,"")
        if $$$ISERR(tSC) {
            set pResponse.Success=0
            set pResponse.ErrorMessage=$system.Status.GetErrorText(tSC)
            quit
        }
        if '$IsObject(tEntries) {
            set pResponse.Success=0
            set pResponse.ErrorMessage="User does not exist"
            quit
        }
        set ent=tEntries.GetNext("")
        
        if ($IsObject(ent)) {
               Set editParam = ##class(%Net.LDAP.Client.EditEntry).%New()
               Set editParam = tEntries.EditCurEntry()
            for i=1:1:pRequest.AttributeNames.Count() {
                   do editParam.Replace(pRequest.AttributeNames.GetAt(i).AttributeName,pRequest.AttributeNames.GetAt(i).AttributeValue,0)
            }
               set tSC = editParam.Commit()
            $$$TRACE("Commit="_$system.Status.GetErrorText(tSC))
            if $$$ISERR(tSC) {
                set pResponse.Success=0
                set pResponse.ErrorMessage=$system.Status.GetErrorText(tSC)
                quit
            }
         }
    }
    catch Err {
        set tSC=Err.AsStatus()
        set pResponse.Success=0
        set pResponse.ErrorMessage=$system.Status.GetErrorText(tSC)
    }
    Quit $$$OK
}
 

Thanks for all the answers, I sure have enough to go and make my "homeworks"

 

cheers

Gadi