Name
ldap_search — Search in an LDAP server.
Synopsis
any
ldap_search
(
|
in server_url varchar , |
| in try_tls integer , | |
| in base varchar , | |
| in filter varchar , | |
| in username varchar , | |
in
password
varchar
); |
Description
This function performs a search in the LDAP server. It returns control to the Virtuoso/PL environment only after all of the search results have been sent by the server or if the search request is timed out by the server. The result of the search (attributes, names of the attributes, etc.) will be returned as an array result. Options to the LDAP search can be passed as an array.
Parameters
server_url
The server URL has three parts, <protocol>://<host>:<port>. Missing parameters will be defaulted to
<ldap://localhost:389>
.
try_tls
try_tls
is a flag that tells the client to perform a handshake
with the LDAP server using a secure connection. This is only applicable to the ldap:// protocol and not
ldaps://. If a secure connection cannot be made, the connection will be insecure.
base
base
is a string representing the DN base of the search.
filter
Filter is a string representation of the filter to apply in the
search. Simple filters can be specified as
attributetype=attributevalue
. More
complex filters are specified using a prefix notation according
to the following BNF:
<filter> ::= '(' <filtercomp> ')'
<filtercomp> ::= <and> | <or> | <not> | <simple>
<and> ::= '&' <filterlist>
<or> ::= '|' <filterlist>
<not> ::= '!' <filter>
<filterlist> ::= <filter> | <filter> <filterlist>
<simple> ::= <attributetype> <filtertype> <attributevalue>
<filtertype> ::= '=' | '~=' | '<=' | '>='
username
username authorization credential
password
password authorization credential
Return Types
This function returns an array consisting of the following elements:
<entry type>, (<attribute name>, (<value 1>, <value 2> ...))
The entry type
can be the keyword 'entry' for search entry, 'reference' for search reference,
'extended' for extended result, or 'result' for result from search. When
you specify 'result',
the returned array consists of 'error' and 'error message' keywords corresponding
to error codes and error descriptions.
Errors
Table 24.46. Errors signalled by
ldap_search
| SQLState | Error Code | Error Text | Description |
|---|---|---|---|
| 2E000 | LD020 | Failed to load the wldap32.dll | |
| 2E000 | LD005 | Failed to initialize LDAP connection: <reason> (<reason code>) | |
| 2E000 | LD006 | Failed to set LDAP version option: <reason> (<reason code>) | |
| 2E000 | LD016 | Failed to start TLS: <reason> (<reason code>) | |
| 28000 | LD007 | Failed to bind synchronous LDAP connection: <reason> (<reason code>) | |
| 42000 | LD008 | Failed to search | |
| 39000 | LD002 | Failed to parse LDAP reference response | |
| 39000 | LD003 | Failed to parse LDAP extended result | |
| 39000 | LD004 | Failed to parse LDAP extended partial result |
Examples
Example 24.201. Using ldap_search
....
declare result any;
-- without authentication
result := ldap_search ('ldap://localhost', 0, 'c=US', '(cn=SomeBody*)', NULL);
or
-- with authentication
result := ldap_search ('ldap://localhost', 0, 'c=US', '(cn=SomeBody*)',
'cn=root,o=opl,c=US', 'secret');
-- the result may be following array:
-- ("entry"
("dn" "cn="John Atanasov",mail=hellraisor@hotmail.com,c=US,o=hotmail.com"
"mail" ("hellraisor@hotmail.com" )
"cn" ("John Atanasov" )
"o" ("hotmail.com" )
"l" ("SOFIA" )
"givenName" ("John" )
"surname" ("Atanasov" ))
"result"
("error" "0" "error message" "Success" ))
...