eldap(3erl) Erlang Module Definition eldap(3erl)
NAME
eldap - LDAP Client
DESCRIPTION
This module provides a client api to the Lightweight Directory Access
Protocol (LDAP).
References:
* RFC 4510 - RFC 4519
* RFC 2830
The above publications can be found at IETF.
DATA TYPES
Type definitions that are used more than once in this module:
handle():
Connection handle
attribute() =:
{Type = string(), Values=[string()]}
modify_op():
See mod_add/2, mod_delete/2, mod_replace/2
scope():
See baseObject/0, singleLevel/0, wholeSubtree/0
dereference():
See neverDerefAliases/0, derefInSearching/0, derefFindingBaseObj/0,
derefAlways/0
filter():
See present/1, substrings/2, equalityMatch/2, greaterOrEqual/2,
lessOrEqual/2, approxMatch/2, extensibleMatch/2, 'and'/1, 'or'/1,
'not'/1
return_value() = :
ok | {ok, {referral,referrals()}} | {error,Error}
referrals() =:
[Address = string()] The contents of Address is server dependent.
EXPORTS
open([Host]) -> {ok, Handle} | {error, Reason}
Types:
Handle = handle()
Setup a connection to an LDAP server, the HOST's are tried in
order.
open([Host], [Option]) -> {ok, Handle} | {error, Reason}
Types:
Handle = handle()
Option = {port, integer()} | {log, function()} | {timeout,
integer()} | {ssl, boolean()} | {sslopts, list()} | {tcpopts,
list()}
Setup a connection to an LDAP server, the HOST's are tried in
order.
The log function takes three arguments, fun(Level, FormatString,
[FormatArg]) end.
Timeout set the maximum time in milliseconds that each server
request may take.
All TCP socket options are accepted except active, binary, de-
liver, list, mode and packet
close(Handle) -> ok
Types:
Handle = handle()
Shutdown the connection after sending an unbindRequest to the
server. If the connection is tls the connection will be closed
with ssl:close/1, otherwise with gen_tcp:close/1.
start_tls(Handle, Options) -> return_value()
Same as start_tls(Handle, Options, infinity)
start_tls(Handle, Options, Timeout) -> return_value()
Types:
Handle = handle()
Options = ssl:ssl_options()
Timeout = infinity | positive_integer()
Upgrade the connection associated with Handle to a tls connec-
tion if possible.
The upgrade is done in two phases: first the server is asked for
permission to upgrade. Second, if the request is acknowledged,
the upgrade to tls is performed.
Error responses from phase one will not affect the current en-
cryption state of the connection. Those responses are:
tls_already_started:
The connection is already encrypted. The connection is not
affected.
{response,ResponseFromServer}:
The upgrade was refused by the LDAP server. The Response-
FromServer is an atom delivered byt the LDAP server ex-
plained in section 2.3 of rfc 2830. The connection is not
affected, so it is still un-encrypted.
Errors in the second phase will however end the connection:
Error:
Any error responded from ssl:connect/3
The Timeout parameter is for the actual tls upgrade (phase 2)
while the timeout in eldap:open/2 is used for the initial nego-
tiation about upgrade (phase 1).
simple_bind(Handle, Dn, Password) -> return_value()
Types:
Handle = handle()
Dn = string()
Password = string()
Authenticate the connection using simple authentication.
add(Handle, Dn, [Attribute]) -> return_value()
Types:
Handle = handle()
Dn = string()
Attribute = attribute()
Add an entry. The entry must not exist.
add(Handle,
"cn=Bill Valentine, ou=people, o=Example Org, dc=example, dc=com",
[{"objectclass", ["person"]},
{"cn", ["Bill Valentine"]},
{"sn", ["Valentine"]},
{"telephoneNumber", ["545 555 00"]}]
)
delete(Handle, Dn) -> return_value()
Types:
Dn = string()
Delete an entry.
delete(Handle, "cn=Bill Valentine, ou=people, o=Example Org, dc=example, dc=com")
mod_add(Type, [Value]) -> modify_op()
Types:
Type = string()
Value = string()
Create an add modification operation.
mod_delete(Type, [Value]) -> modify_op()
Types:
Type = string()
Value = string()
Create a delete modification operation.
mod_replace(Type, [Value]) -> modify_op()
Types:
Type = string()
Value = string()
Create a replace modification operation.
modify(Handle, Dn, [ModifyOp]) -> return_value()
Types:
Dn = string()
ModifyOp = modify_op()
Modify an entry.
modify(Handle, "cn=Bill Valentine, ou=people, o=Example Org, dc=example, dc=com",
[eldap:mod_replace("telephoneNumber", ["555 555 00"]),
eldap:mod_add("description", ["LDAP Hacker"]) ])
modify_password(Handle, Dn, NewPasswd) -> return_value() | {ok, Gen-
Passwd}
Types:
Dn = string()
NewPasswd = string()
Modify the password of a user. See modify_password/4.
modify_password(Handle, Dn, NewPasswd, OldPasswd) -> return_value() |
{ok, GenPasswd}
Types:
Dn = string()
NewPasswd = string()
OldPasswd = string()
GenPasswd = string()
Modify the password of a user.
* Dn. The user to modify. Should be "" if the modify request
is for the user of the LDAP session.
* NewPasswd. The new password to set. Should be "" if the
server is to generate the password. In this case, the result
will be {ok, GenPasswd}.
* OldPasswd. Sometimes required by server policy for a user to
change their password. If not required, use modify_pass-
word/3.
modify_dn(Handle, Dn, NewRDN, DeleteOldRDN, NewSupDN) -> return_value()
Types:
Dn = string()
NewRDN = string()
DeleteOldRDN = boolean()
NewSupDN = string()
Modify the DN of an entry. DeleteOldRDN indicates whether the
current RDN should be removed from the attribute list after the
operation. NewSupDN is the new parent that the RDN shall be
moved to. If the old parent should remain as parent, NewSupDN
shall be "".
modify_dn(Handle, "cn=Bill Valentine, ou=people, o=Example Org, dc=example, dc=com ",
"cn=Bill Jr Valentine", true, "")
search(Handle, SearchOptions) -> {ok, #eldap_search_result{}} | {ok,
{referral,referrals()}} | {error, Reason}
Types:
SearchOptions = #eldap_search{} | [SearchOption]
SearchOption = {base, string()} | {filter, filter()} |
{scope, scope()} | {attributes, [string()]} | {deref, deref-
erence()} | | {types_only, boolean()} | {timeout, integer()}
Search the directory with the supplied the SearchOptions. The
base and filter options must be supplied. Default values: scope
is wholeSubtree(), deref is derefAlways(), types_only is false
and timeout is 0 (meaning infinity).
Filter = eldap:substrings("cn", [{any,"V"}]),
search(Handle, [{base, "dc=example, dc=com"}, {filter, Filter}, {attributes, ["cn"]}]),
The timeout option in the SearchOptions is for the ldap server,
while the timeout in eldap:open/2 is used for each individual
request in the search operation.
baseObject() -> scope()
Search baseobject only.
singleLevel() -> scope()
Search the specified level only, i.e. do not recurse.
wholeSubtree() -> scope()
Search the entire subtree.
neverDerefAliases() -> dereference()
Never derefrence aliases, treat aliases as entries.
derefAlways() -> dereference()
Always derefrence aliases.
derefInSearching() -> dereference()
Derefrence aliases only when searching.
derefFindingBaseObj() -> dereference()
Derefrence aliases only in finding the base.
present(Type) -> filter()
Types:
Type = string()
Create a filter which filters on attribute type presence.
substrings(Type, [SubString]) -> filter()
Types:
Type = string()
SubString = {StringPart, string()}
StringPart = initial | any | final
Create a filter which filters on substrings.
equalityMatch(Type, Value) -> filter()
Types:
Type = string()
Value = string()
Create a equality filter.
greaterOrEqual(Type, Value) -> filter()
Types:
Type = string()
Value = string()
Create a greater or equal filter.
lessOrEqual(Type, Value) -> filter()
Types:
Type = string()
Value = string()
Create a less or equal filter.
approxMatch(Type, Value) -> filter()
Types:
Type = string()
Value = string()
Create a approximation match filter.
extensibleMatch(MatchValue, OptionalAttrs) -> filter()
Types:
MatchValue = string()
OptionalAttrs = [Attr]
Attr = {matchingRule,string()} | {type,string()} | {dnAt-
tributes,boolean()}
Creates an extensible match filter. For example,
eldap:extensibleMatch("Bar", [{type,"sn"}, {matchingRule,"caseExactMatch"}]))
creates a filter which performs a caseExactMatch on the attri-
bute sn and matches with the value "Bar". The default value of
dnAttributes is false.
'and'([Filter]) -> filter()
Types:
Filter = filter()
Creates a filter where all Filter must be true.
'or'([Filter]) -> filter()
Types:
Filter = filter()
Create a filter where at least one of the Filter must be true.
'not'(Filter) -> filter()
Types:
Filter = filter()
Negate a filter.
Ericsson AB eldap 1.2.8 eldap(3erl)