8. LDAP

AWS provides a complete API to retrieve information from LDAP servers. Note that there is no support for updating, modifying or deleting information only to read information from the server.

The AWS/LDAP implementation is based on OpenLDAP. To build an LDAP application you need to link with the libldap.a library. This library is built by AWS on Windows based system and will use the wldap32.dll as provided with Windows NT/2000/XP. On UNIX based systems, you must install properly the OpenLDAP package.

The steps required to read information from an LDAP server are:

Initialize the LDAP directory

We open a connection:

declare
  Directory : LDAP.Client.Directory;
begin
  Directory := LDAP.Client.Init (Host);

Host is the hostname where the LDAP directory is running. It is possible to specify the port if the LDAP server does not use the default one.

Bind to the LDAP server

This step is the way to pass a login/password if the LDAP server required an authentication. If not, the login/password must be empty strings:

LDAP.Client.Bind (Directory, "", "");
Do the search

For the search you must specify the base name, a filter, the scope and a set of attributes to retrieve:

Response_Set := LDAP.Client.Search
  (Directory, Base_DN, Filter, LDAP.Client.LDAP_Scope_Subtree,
LDAP.Client.Attributes ("cn", "sn", "telephonenumber"));
Attributes

The set of attributes to retrieve from the directory.

Filter

A set of values for some attributes. A filter is <attribute_name>=<value> where value can contain ‘*’ at the end. For example “(cn=DUPON*)” will look for all entries where the common name is starting by the string “DUPON”.

Scope

Define how far in the hierarchical directory the search will operate. It is either one level, all subtrees or on the base of the tree.

For more information see AWS.LDAP.Client.

Iterate through the response set

For this there is two iterators. First_Entry/Next_Entry or the generic high level iterator For_Every_Entry:

declare
  Message : LDAP.Client.LDAP_Message;
begin
  Message := LDAP.Client.First_Entry (Directory, Response_Set);

  while Message /= LDAP.Client.Null_LDAP_Message loop
    Do_Job (Message);

    Message := LDAP.Client.Next_Entry (Directory, Message);
  end loop;
end;
Read attributes for each entry

Each entry has an associated set of attributes. To retrieve attributes values there is two iterators. First_Attribute / Next_Attribute or the generic high level iterator For_Every_Attribute:

declare
  BER  : aliased LDAP.Client.BER_Element;
  Attr : constant String := LDAP.Client.First_Attribute
           (Directory, Message, BER'Unchecked_Access);
begin
  Do_Job (Attr);

  loop
    declare
      Attr : constant String := LDAP.Client.Next_Attribute
               (Directory, Message, BER);
    begin
      exit when Attr = "";
      Do_Job (Attr);
    end;
  end loop;
end;
Cleanup

At the end of the processing it is important to release memory associated with LDAP objects:

LDAP.Client.Free (Message);
LDAP.Client.Unbind (Directory);

See AWS.LDAP.Client for all high level supported API and documentation.

Note that for complete information about AWS/LDAP you should read an LDAP API description. AWS/LDAP is only a binding and follows the LDAP API closely.