Class Ldap_ooclient.ldapcon

class ldapcon : ?connect_timeout:int -> ?referral_policy:[> `RETURN ] -> ?version:int -> string list -> object .. end
This class abstracts a connection to an LDAP server (or servers), an instance will be connected to the server you specify and can be used to perform operations on that server.


new ldapcon ~connect_timeout:5 ~version:3 ["ldap://first.ldap.server";"ldap://second.ldap.server"].

In addition to specifying multiple urls, if DNS names are given, and those names are bound to multiple addresses, then all possible addresses will be tried.


new ldapcon ["ldaps://"]

is equivelant to

new ldapcon ["ldap://";"ldap://";"ldap://"]

This means that if any host in the rr fails, the ldapcon will transparently move on to the next host, and you will never know the difference.
Raises LDAP_Failure All methods raise Ldap_types.LDAP_Failure on error

connect_timeout : Default 1, an integer which specifies how long to wait for any given server in the list to respond before trying the next one. After all the servers have been tried for connect_timeout seconds LDAP_Failure (`SERVER_DOWN, ...) will be raised.
referral_policy : In a future version of ocamldap this will be used to specify what you would like to do in the event of a referral. Currently it does nothing and is ignored see Ldap_ooclient.referral_policy.
version : The protocol version to use, the default is 3, the other recognized value is 2.


method bind : ?cred:string -> ?meth:Ldap_funclient.authmethod -> string -> unit
bind to the database using dn.

Simple Bind Example

ldap#bind ~cred:"password" "cn=foo,ou=people,ou=auth,o=bar"

To bind anonymously, omit ~cred, and leave dn blank eg.


ldap#bind ""

cred : The credentials to provide for binding. Default "".
meth : The method to use when binding See Ldap_funclient.authmethod the default is `SIMPLE. If `SASL is used then dn and ~cred Are interperted according to the chosen SASL mechanism. SASL binds have not been tested extensively.
method unbind : unit
Deauthenticate and close the connection to the server


method search : ?scope:Ldap_types.search_scope ->
?attrs:string list ->
?attrsonly:bool -> ?base:string -> string -> ldapentry list
Search the directory syncronously for an entry which matches the search criteria.


ldap#search ~base:"dc=foo,dc=bar" ~attrs:["cn"] "uid=*"

scope : Default `SUBTREE, defines the scope of the search. see Ldap_types.search_scope
attrs : Default [] (means all attributes)
attrsonly : Default false If true, asks the server to return only the attribute names, not their values.
base : Default "", The search base, which is the dn of the object from which you want to start your search. Only that object, and it's children will be included in the search. Further controlled by ~scope.
method search_a : ?scope:Ldap_types.search_scope ->
?attrs:string list ->
?attrsonly:bool ->
?base:string -> string -> ?abandon:bool -> unit -> ldapentry
Search the directory asyncronously, otherwise the same as search.
method rawschema : ldapentry
Fetch the raw (unparsed) schema from the directory using the standard mechanism (requires protocol version 3)
method schema : Ldap_schemaparser.schema
Fetch and parse the schema from the directory via the standard mechanism (requires version 3). Return a structured representation of the schema indexed by canonical name, and oid.

Making Modifications

method add : ldapentry -> unit
add an entry to the database
method delete : string -> unit
Delete the object named by dn from the database
method modify : string -> (Ldap_types.modify_optype * string * string list) list -> unit
Modify the entry named by dn, applying mods


ldap#modify "uid=foo,ou=people,dc=bar,dc=baz" [(`DELETE, "cn", ["foo";"bar"])]

method update_entry : ldapentry -> unit
Syncronize changes made locally to an ldapentry with the directory.
method modrdn : string -> ?deleteoldrdn:bool -> ?newsup:string option -> string -> unit
Modify the rdn of the object named by dn, if the protocol version is 3 you may additionally change the superior, the rdn will be changed to the attribute represented (as a string) by newrdn,

Example With New Superior

ldap#modrdn ~newsup:(Some "o=csun") "cn=bob,ou=people,o=org" "uid=bperson"

After this example "cn=bob,ou=people,o=org" will end up as "uid=bperson,o=csun".

deleteoldrdn : Default true, delete the old rdn value as part of the modrdn.
newsup : Default None, only valid when the protocol version is 3, change the object's location in the tree, making its superior equal to the specified object.