Qore openldap Module  1.2
Qore openldap Module

Introduction

The openldap module exposes functionality from the openldap library as a Qore API, allowing qore programs to communicate with LDAP servers.

This module is released under the LGPL 2.1 and is tagged as such in the module's header (meaning it can be loaded unconditionally regardless of how the Qore library was initialized).

Like all Qore components, the openldap module is thread-safe. The OpenLdap::LdapClient class represents a single network connection to the LDAP server and therefore wraps requests in a mutual-exclusion lock to ensure atomicity and thread-safety.

Asynchronous APIs are used internally to enforce time limits for each LDAP operation. The default timeout for all LDAP operations is set in the LdapClient::constructor() method with the "timeout" option, however each method requiring communication with the LDAP server also takes an optional timeout argument that allows the default timeout to be overridden for specific calls. If no "timeout" option is specifically set in the LdapClient::constructor(), the default timeout for new objects is automatically set to 60 seconds.

Overview of Operations Supported by the LdapClient Class

Operation Method Description
search LdapClient::search() Search for entries and attributes
add LdapClient::add() Add entries to the Directory Information Tree
modify LdapClient::modify() Modify existing entries
delete LdapClient::del() Delete existing Entries
compare LdapClient::compare() Compare attribute values
rename LdapClient::rename() Rename or move entries to another location in the Directory Information Tree
change password LdapClient::passwd() Changes the LDAP password for the given user

The underlying LDAP functionality is provided by the openldap library.

Installation notes

If you intend to use the oracle module along with openldap on Linux, then you will probably be facing the issue https://github.com/qorelanguage/qore/issues/1043. Currently we don't have a generic solution for the issue, but there is a work-around using LDPRELOAD.

Examples

The bulk of the LDAP functionality provided by this module is encapsulated in the OpenLdap::LdapClient class. There are also four example programs included with the openldap module: qldapsearch, qldapmodify, qldapdelete, qldapadd, and qldappasswd. These are somewhat similar in usage to the standard LDAP commands, however are designed to provide user-friendly examples of command-line Qore-based LDAP integration, and, for example, do not support or work with LDIF formatted data, etc (for example, qldapsearch outputs the results of a search as a multi-line formatted Qore hash).

Performing an LDAP Search
%requires openldap
my string $uri = "ldap://localhost";
my hash $conn_opts = (
"binddn": "cn=admin,dc=example,dc=com",
"password": "password",
"timeout": 20s,
"starttls": True,
);
my LdapClient $ldap($uri, $conn_opts);
my hash $search = (
"base": "ou=people,dc=example,dc=com",
"filter": "(uid=username)",
"attributes": ("uidNumber", "gidNumber"),
"scope": LDAP_SCOPE_BASE,
);
my hash $result = $ldap.search($search);
See also
LdapClient::search()
Adding an LDAP Entry
%requires openldap
my string $uri = "ldap://localhost";
my hash $conn_opts = (
"binddn": "cn=admin,dc=example,dc=com",
"password": "password",
"timeout": 20s,
"starttls": True,
);
my LdapClient $ldap($uri, $conn_opts);
$ldap.add("uid=test,ou=people,dc=example,dc=com", ("objectclass": "inetorgperson", "sn": "Test", "cn": "User Test"));
See also
LdapClient::add()
Modifying Attributes of an Existing LDAP Entry
%requires openldap
my string $uri = "ldap://localhost";
my hash $conn_opts = (
"binddn": "cn=admin,dc=example,dc=com",
"password": "password",
"timeout": 20s,
"starttls": True,
);
my LdapClient $ldap($uri, $conn_opts);
$ldap.modify("uid=test,ou=people,dc=example,dc=com", ("mod": LDAP_MOD_REPLACE, "attr": "gidnumber", "value": 1000));
See also
LdapClient::modify()
Deleting an Existing LDAP Entry
%requires openldap
my string $uri = "ldap://localhost";
my hash $conn_opts = (
"binddn": "cn=admin,dc=example,dc=com",
"password": "password",
"timeout": 20s,
"starttls": True,
);
my LdapClient $ldap($uri, $conn_opts);
$ldap.del("uid=test,ou=people,dc=example,dc=com");
See also
LdapClient::del()

Limitations

This module currently has the following limitations:

  • supports only simple SASL binds
  • extended operations are not supported
  • server and client controls are not supported
  • LDAP transactions are not supported

Release Notes

openldap Module 1.2

openldap Module 1.1.1

  • fixed a bug where incorrect class destructor is called in openldap module (issue 1174)

openldap Module 1.1.1

  • disable openssl cleanup in the Qore library since the openldap module makes openssl cleanup calls and calling those routines twice can result in segfaults
  • updated example/test scripts to use %strict-args

openldap Module 1.0

  • Initial release of the module.
OpenLdap::LDAP_MOD_REPLACE
const LDAP_MOD_REPLACE
for replacing an entry
Definition: QC_LdapClient.dox.h:302
OpenLdap::LDAP_SCOPE_BASE
const LDAP_SCOPE_BASE
limits the search scope to the object itself
Definition: QC_LdapClient.dox.h:283