Class Ldap_ooclient.ldapcon

class ldapcon : ?connect_timeout:int -> ?referral_policy:[> `RETURN ] -> ?version:int -> string list -> object .. end

This class abstracts a connection to an LDAP server (or servers), an instance will be connected to the server you specify and can be used to perform operations on that server.

Example

new ldapcon ~connect_timeout:5 ~version:3 ["ldap://first.ldap.server";"ldap://second.ldap.server"].

In addition to specifying multiple urls, if DNS names are given, and those names are bound to multiple addresses, then all possible addresses will be tried.

Example

new ldapcon ["ldaps://rrldap.csun.edu"]

is equivelant to

new ldapcon ["ldap://130.166.1.30";"ldap://130.166.1.31";"ldap://130.166.1.32"]

This means that if any host in the rr fails, the ldapcon will transparently move on to the next host, and you will never know the difference.
Raises LDAP_Failure All methods raise Ldap_types.LDAP_Failure on error

connect_timeout : Default 1, an integer which specifies how long to wait for any given server in the list to respond before trying the next one. After all the servers have been tried for connect_timeout seconds LDAP_Failure (`SERVER_DOWN, ...) will be raised.

referral_policy : In a future version of ocamldap this will be used to specify what you would like to do in the event of a referral. Currently it does nothing and is ignored see Ldap_ooclient.referral_policy.

version : The protocol version to use, the default is 3, the other recognized value is 2.

Authentication

method bind : ?cred:string -> ?meth:Ldap_funclient.authmethod -> string -> unit

bind to the database using dn.

Simple Bind Example

ldap#bind ~cred:"password" "cn=foo,ou=people,ou=auth,o=bar"

To bind anonymously, omit ~cred, and leave dn blank eg.

Example

ldap#bind ""

cred : The credentials to provide for binding. Default "".

meth : The method to use when binding See Ldap_funclient.authmethod the default is `SIMPLE. If `SASL is used then dn and ~cred Are interperted according to the chosen SASL mechanism. SASL binds have not been tested extensively.

method unbind : unit

Deauthenticate and close the connection to the server

Searching

method search : ?scope:Ldap_types.search_scope ->
       ?attrs:string list ->
       ?attrsonly:bool -> ?base:string -> string -> ldapentry list

Search the directory syncronously for an entry which matches the search criteria.

Example

ldap#search ~base:"dc=foo,dc=bar" ~attrs:["cn"] "uid=*"

scope : Default `SUBTREE, defines the scope of the search. see Ldap_types.search_scope

attrs : Default [] (means all attributes)

attrsonly : Default false If true, asks the server to return only the attribute names, not their values.

base : Default "", The search base, which is the dn of the object from which you want to start your search. Only that object, and it's children will be included in the search. Further controlled by ~scope.

method search_a : ?scope:Ldap_types.search_scope ->
       ?attrs:string list ->
       ?attrsonly:bool ->
       ?base:string -> string -> ?abandon:bool -> unit -> ldapentry

Search the directory asyncronously, otherwise the same as search.

method rawschema : ldapentry

Fetch the raw (unparsed) schema from the directory using the standard mechanism (requires protocol version 3)

method schema : Ldap_schemaparser.schema

Fetch and parse the schema from the directory via the standard mechanism (requires version 3). Return a structured representation of the schema indexed by canonical name, and oid.

Making Modifications

method add : ldapentry -> unit

add an entry to the database

method delete : string -> unit

Delete the object named by dn from the database

method modify : string -> (Ldap_types.modify_optype * string * string list) list -> unit

Modify the entry named by dn, applying mods

Example

ldap#modify "uid=foo,ou=people,dc=bar,dc=baz" [(`DELETE, "cn", ["foo";"bar"])]

method update_entry : ldapentry -> unit

Syncronize changes made locally to an ldapentry with the directory.

method modrdn : string -> ?deleteoldrdn:bool -> ?newsup:string option -> string -> unit

Modify the rdn of the object named by dn, if the protocol version is 3 you may additionally change the superior, the rdn will be changed to the attribute represented (as a string) by newrdn,

Example With New Superior

ldap#modrdn ~newsup:(Some "o=csun") "cn=bob,ou=people,o=org" "uid=bperson"

After this example "cn=bob,ou=people,o=org" will end up as "uid=bperson,o=csun".

deleteoldrdn : Default true, delete the old rdn value as part of the modrdn.

newsup : Default None, only valid when the protocol version is 3, change the object's location in the tree, making its superior equal to the specified object.