cfldap ColdFusion 9 Documentation

Description

Provides an interface to a Lightweight Directory Access Protocol (LDAP) directory server, such as the Netscape Directory Server.

Syntax

<cfldap  
    action = "action" 
    server = "server name" 
    attributes = "attribute, attribute" 
    delimiter = "delimiter character" 
    dn = "distinguished name" 
    filter = "filter" 
    maxRows = "number" 
    modifyType = "replace|add|delete" 
    name = "name" 
    password = "password" 
    port = "port number" 
    rebind = "yes|no" 
    referral = "number of allowed hops" 
    returnAsBinary = "column name, column name" 
    scope = "scope" 
    secure = "multifield security string" 
    separator = "separator character" 
    sort = "attribute[, attribute]..." 
    sortControl = "nocase|desc|asc" 
    start = "distinguished name" 
    startRow = "row number" 
    timeout = "milliseconds" 
    username = "user name">

Note: You can specify this tag’s attributes in an attributeCollection attribute whose value is a structure. Specify the structure name in the attributeCollection attribute and use the tag’s attribute names as structure keys.

History

ColdFusion 8: Added the ability to use a comma as a delimiter when specifying a list of variables in the returnAsBinary attribute, for example, returnAsBinary="objectGUID,objectSID". Previously, the allowed delimiter was a space.

ColdFusion MX 7: Added the returnAsBinary attribute. Added SSL V2 client based authentication; this means that ColdFusion supports the CFSSL_CLIENT_AUTH option. If CFSSL_CLIENT_AUTH is selected, ColdFusion assumes that the first certificate in the cacerts (or the certificate database) contains the Client Certificate.

ColdFusion MX:

Changed the name attribute behavior: this tag validates the query name in the name attribute.
Changed sorting behavior: this tag does not support client-side sorting of query results. (It supports server-side sorting; use the sort and sortcontrol attributes.)
Changed how results are sorted: server-side sorting results might be sorted slightly differently than in ColdFusion 5. If you attempt a sort against a server that does not support it, ColdFusion MX throws an error.
Deprecated the filterConfig and filterFile attributes. They might not work, and might cause an error, in later releases.

Attributes

Attribute	Req/Opt	Default	Description
`action`	Required	`query`	`query`: returns LDAP entry information only. Requires `name`, `start`, and `attributes` attributes. `add`: adds LDAP entries to LDAP server. Requires `attributes` attribute. `modify`: modifies LDAP entries, except distinguished name `dn` attribute, on LDAP server. Requires `dn`. See `modifyType` attribute. `modifyDN`: modifies distinguished name attribute for LDAP entries on LDAP server. Requires `dn`. `delete`: deletes LDAP entries on an LDAP server. Requires `dn`.
`server`	Required		Host name or IP address of LDAP server.
`attributes`	Required if `action="Query"`, `"Add"`, `"ModifyDN"`, or `"Modify"`		For queries: comma-delimited list of attributes to return. For queries, to get all attributes, specify `"*"`. If `action="add"or"modify"`, you can specify a list of update columns. Separate attributes with a semicolon. If `action="ModifyDN"`, ColdFusion passes attributes to the LDAP server without syntax checking.
`delimiter`	Optional	`;` (semicolon)	Separator between attribute name-value pairs. Use this attribute if either of these situations exist: The `attributes` attribute specifies more than one item. An attribute contains the default delimiter (semicolon), for example: `mgrpmsgrejecttext;lang-en` Used by `query`, `add`, and `modify` actions, and by `cfldap` to output multi-value attributes. For example, if `$` (dollar sign), you could specify `"cn=DoubleTreeInn$street=1111Elm;Suite100`, where the semicolon is part of the street value.
`dn`	Required if `action="Add"`,`"Modify"`, `"ModifyDN"`, or `"delete"`		Distinguished name, for `update` action, for example, `"cn=BobJensen,o=AceIndustry,c=US"`
`filter`	Optional	`"objectclass = *"`	Search criteria for `action="query"`. List attributes in the form: `"(attributeoperatorvalue)"` For example: `"(sn=Smith)"`
`maxRows`	Optional		Maximum number of entries for LDAP queries.
`modifyType`	Optional	`replace`	How to process an attribute in a multi-value list: `add`: appends it to any attributes. `delete`: deletes it from the set of attributes. `replace`: replaces it with specified attributes. You cannot add an attribute that is already present or that is empty.
`name`	Required if `action="Query"`		Name of LDAP query. The tag validates the value.
`password`	Required if `secure="CFSSL_BASIC"`		Password that corresponds to user name. If `secure ="CFSSL_BASIC"`, V2 encrypts the password before transmission.
`port`	Optional	389	Port.
`rebind`	Optional	`no`	yes: attempts to rebind referral callback and reissue query by referred address using original credentials. no: referred connections are anonymous.
`referral`	Optional		Integer. Number of hops allowed in a referral. A value of 0 disables referred addresses for LDAP; no data is returned.
`returnAsBinary`	Optional		A space-delimited list of columns that are to be returned as binary values.
`scope`	Optional	`oneLevel`	Scope of search, from entry specified in `start` attribute for `action="Query"`. `oneLevel`: entries one level below entry. `base`: only the entry. `subtree`: entry and all levels below it.
`secure`	Optional		Security to employ, and required information. If you specify this attribute, its value must be `CFSSL_BASIC`, which provides V2 SSL encryption and server authentication.
`separator`	Optional	`,` (comma)	Delimiter to separate attribute values of multi-value attributes. Used by `query`, `add`, and `modify` actions, and by `cfldap` to output multi-value attributes. For example, if `$` (dollar sign), the `attributes` attribute could be `"objectclass=top$person"`, where the first value of `objectclass` is `top`, and the second value is `person`. This avoids confusion if values include commas.
`sort`	Optional		Attributes by which to sort query results. Use a comma delimiter.
`sortControl`	Optional	`asc`	`nocase`: case-insensitive sort. `asc`: ascending (a to z) case-sensitive sort. `desc`: descending (z to a) case-sensitive sort. You can enter a combination of sort types; for example, `sortControl="nocase,asc"`.
`start`	Required if `action="Query"`		Distinguished name of entry to be used to start a search.
`startRow`	Optional	1	Used with `action="query"`. First row of LDAP query to insert into a ColdFusion query.
`timeout`	Optional	60000	Maximum length of time, in milliseconds, to wait for LDAP processing.
`username`	Required if `secure="CFSSL_BASIC"`	(anonymous)	User ID.

Usage

If you use the query action, cfldap creates a query object, allowing access to information in the query variables, as follows:

Variable name	Description
queryname.recordCount	Number of records returned by query
queryname.currentRow	Current row of query that `cfoutput` is processing
queryname.columnList	Column names in query

If you use the security="CFSSL_BASIC" option, ColdFusion determines whether to trust the server by comparing the server’s certificate with the information in the jre/lib/security/cacerts keystore of the JRE used by ColdFusion. The ColdFusion default cacerts file contains information about many certificate granting authorities. If you must update the file with additional information, you can use the keytool utility in the ColdFusion jre/bin directory to import certificates that are in X.509 format. For example, enter the following:

keytool -import -keystore cacerts -alias ldap -file ldap.crt -keypass bl19mq

Then restart ColdFusion. The keytool utility initial keypass password is “change it”. For more information on using the keytool utility, see the Sun JDK documentation.

Characters that are illegal in ColdFusion can be used in LDAP attribute names. As a result, the cfldap tag could create columns in the query result set whose names contain illegal characters and are, therefore, inaccessible in CFML. In ColdFusion, illegal characters are automatically mapped to the underscore character; therefore, column names in the query result set might not exactly match the names of the LDAP attributes.

For usage examples, see the Developing ColdFusion Applications.

Example

<h3>cfldap Example</h3> 
<p>Provides an interface to LDAP directory servers. The example uses the  
University of Connecticut public LDAP server. For more public LDAP servers, 
see <a href="http://www.emailman.com">http://www.emailman.com</a>.</p> 
<p>Enter a name and search the public LDAP resource.  
An asterisk before or after the name acts as a wildcard.</p> 
<!--- If form.name exists, the form was submitted; run the query. ---> 
<cfif IsDefined("form.name")> 
    <!--- Check to see that there is a name listed. ---> 
    <cfif form.name is not ""> 
        <!--- Make the LDAP query. ---> 
        <cfldap  
             server = "ldap.uconn.edu" 
             action = "query" 
             name = "results" 
             start = "dc=uconn,dc=edu" 
             filter = "cn=#name#" 
             attributes = "cn,o,title,mail,telephonenumber" 
             sort = "cn ASC"> 
        <!--- Display results. ---> 
        <center> 
        <table border = 0 cellspacing = 2 cellpadding = 2> 
            <tr> 
                <th colspan = 5> 
                    <cfoutput>#results.recordCount# matches found </cfoutput></TH> 
            </tr> 
            <tr> 
                <th><font size = "-2">Name</font></TH> 
                <th><font size = "-2">Organization</font></TH> 
                <th><font size = "-2">Title</font></TH> 
                <th><font size = "-2">E-Mail</font></TH> 
                <th><font size = "-2">Phone</font></TH> 
            </tr> 
            <cfoutput query = "results"> 
                <tr> 
                    <td><font size = "-2">#cn#</font></td> 
                    <td><font size = "-2">#o#</font></td> 
                    <td><font size = "-2">#title#</font></td> 
                    <td><font size = "-2"> 
                        <A href = "mailto:#mail#">#mail#</A></font></td> 
                    <td><font size = "-2">#telephonenumber#</font></td> 
                </tr> 
            </cfoutput> 
            </table> 
            </center> 
        </cfif> 
</cfif> 
 
<form action="#cgi.script_name#" method="POST"> 
    <p>Enter a name to search in the database.</p> 
    <input type="Text" name="name"> 
    <input type="Submit" value="Search" name=""> 
</form>

cfldap