Steve,
Here is some sample code that should help get you going in the right direction. NOTE - the byRef LD argument is a handle for the connection to the LDAP server and it needs to be cleaned up when you're done if you're going to fetch any attributes.
(sorry for the messed up indentation)
/// Authenticates against the configured domain, with username/password, passing a resulting a status ByRef and a returning success/failure value
ClassMethod Authenticate(username As %String, password As %String, ByRef Status As %Status, ByRef LD As %Integer) As %Boolean
{
Set Status=$$$OK, ret=0
If ('$data(username))||('$data(password)) {
Set Status=$$$ERROR($$$GeneralError,"Both fields are required")
Quit 0
}
Set sc=$$$OK
Try {
//Connect to the LDAP server
Set LDAPServer="myldapserver.mydomain.com"
Set sc=$$$OK
Set LD=##class(%SYS.LDAP).Init(LDAPServer)
If LD=0 {
Set LDAPStatus=##class(%SYS.LDAP).GetLastError()
Set sc=$$$ERROR($$$GeneralError,"LDAP Init Error: "_##class(%SYS.LDAP).Err2String(LDAPStatus))
} Else {
//Authenticate the passed in user by using the Binds command
Set Domain=..GetDomain()
If ($$$isWINDOWS) {
Set LDAPStatus=##Class(%SYS.LDAP).StartTLSs(LD)
If LDAPStatus'=$$$LDAPSUCCESS {
Set sc=$$$ERROR($$$GeneralError,"LDAP StartTLSs Error: "_##class(%SYS.LDAP).Err2String(LDAPStatus))
} Else {
Set LDAPStatus=##Class(%SYS.LDAP).Binds(LD,"",$lb(username,Domain,password),$$$LDAPAUTHNEGOTIATE)
If LDAPStatus'=$$$LDAPSUCCESS {
Set sc=$$$ERROR($$$GeneralError,"LDAP Binds Error: "_##class(%SYS.LDAP).Err2String(LDAPStatus))
}
}
} ElseIf ($$$isUNIX) {
Set cert = ..GetCert()
Set LDAPStatus=##Class(%SYS.LDAP).SetOption(LD,$$$LDAPOPTXTLSCACERTFILE,cert)
If LDAPStatus'=$$$LDAPSUCCESS {
Set sc=$$$ERROR($$$GeneralError,"LDAP SetOption Error: "_##class(%SYS.LDAP).Err2String(LDAPStatus))
Do ..RotateOnFailure(sc)
} Else {
Set LDAPStatus=##Class(%SYS.LDAP).StartTLSs(LD)
If LDAPStatus'=$$$LDAPSUCCESS {
Set sc=$$$ERROR($$$GeneralError,"LDAP StartTLSs Error: "_##class(%SYS.LDAP).Err2String(LDAPStatus))
}
}
If LDAPStatus=$$$LDAPSUCCESS {
Set LDAPStatus=##Class(%SYS.LDAP).SimpleBinds(LD,username_"@"_Domain,password)
If LDAPStatus'=$$$LDAPSUCCESS {
Set sc=$$$ERROR($$$GeneralError,"LDAP SimpleBinds Error: "_##class(%SYS.LDAP).Err2String(LDAPStatus))
}
}
} Else {
Set LDAPStatus=$$$LDAPAUTHMETHODNOTSUPPORTED
}
If (LDAPStatus'=$$$LDAPSUCCESS)&&($$$ISOK(sc)) {
Set sc=$$$ERROR($$$GeneralError,"LDAP API Error: "_##class(%SYS.LDAP).Err2String(LDAPStatus))
}
}
} Catch err {
Set sc = $$$ERROR($$$GeneralError,err.Data)
}
If $$$ISOK(sc) {
Set ret = 1
} Else {
Set Status = sc
}
Quit ret
}