package ldap

  1. Overview
  2. Docs

a functional ldap client interface

type msgid
type conn
type modattr = Ldap_types.modify_optype * string * string list
type authmethod = [
  1. | `SIMPLE
  2. | `SASL
]
type search_result = [
  1. | `Entry of entry
  2. | `Referral of string list
  3. | `Success of Ldap_types.ldap_controls option
]
type page_control = [
  1. | `Noctrl
  2. | `Initctrl of int
  3. | `Subctrl of int * string
]
val init : ?connect_timeout:int -> ?version:int -> string list -> conn

Initializes the conn data structure, and opens a connection to the server. init ["ldap://rrhost.example.com/";"ldap://backup.example.com:1389"]. init is round robin dns aware, if dns returns multiple mappings it will try each one before finially failing. It also takes a list of hostnames, so you can specify backup servers to try. SSL and TLS are supported if selected at compile time.

  • parameter version

    the protocol version to use to connect, default is version 3. And actually, version 2 will probably not work correctly without some tweaking.

  • raises LDAP_Failure

    any failure to connect to the server will result in LDAP_Failure with the result_code set to `LOCAL_ERROR.

  • raises Failure

    May raise Failure "int_of_string" if you pass it a malformed url. May also raise various lexer errors under the same conditions.

val unbind : conn -> unit

close the connection to the server. You may not use the conn after you have unbound, if you do you will get an exception.

val bind_s : ?who:string -> ?cred:string -> ?auth_method:[> `SIMPLE ] -> conn -> unit

authenticatite to the server. In this version only simple binds are supported, however the ldap_protocol.ml module DOES implement sasl binds. It would be fairly easy to support them here. We eventually will.

  • parameter who

    the dn to bind as

  • parameter cred

    the credentials to authenticate with. For `SIMPLE binds this is a password, but for `SASL binds it can be nearly anything. Perhaps a hash of the thumb print of your first born is sufficent.

  • parameter auth_method

    either `SIMPLE (the default) or `SASL

  • raises LDAP_Failure

    for bind errors such as `INVALID_CREDENTIALS

  • raises Decoding_error

    for decoder errors (unlikely, probably a bug)

  • raises Encoding_error

    for encoder errors (unlikely, probably a bug)

Search for the given entry with the specified base node and search scope, optionally limiting the returned attributes to those listed in 'attrs'. aliasderef sets the server's alias dereferencing policy, sizelimit is the number of entries to return, timelimit is the number of seconds to allow the search to run for, attrsonly tells the server not to return the values. This is the asyncronus version of search (it does not block) you will need to call the get_search_entry function below to actually get any data back. This function will return a msgid which you must use when you call get_search_entry.

  • parameter base

    The dn of the object in the tree to use as the base object, the search will only cover children of this object, and will be further governed by scope.

  • parameter scope

    The depth in the tree to look for the requested object. There are three possible values, `BASE, `ONELEVEL, and `SUBTREE. `BASE means to only search the base object, the search will return exactly 1 or 0 objects. `ONELEVEL means to search one level under the base, only immediate children of the base object will be considered. `SUBTREE means to search the entire tree under the base object.

  • parameter aliasderef

    Controls when aliases are dereferenced.

  • parameter sizelimit

    The maximum number of objects to return

  • parameter timelimit

    The maximum time, in seconds, that the search will be allowed to run before terminateing.

  • parameter attrs

    The list of attribute types (names) to include [] (the default) means all.

  • parameter attrsonly

    return only attribute types (names), not any of the values

  • raises LDAP_Failure

    for immediate errors (bad filter, etc)

  • raises Decoding_error

    for decoder errors (unlikely, probably a bug)

  • raises Encoding_error

    for encoder errors (unlikely, probably a bug)

val get_search_entry : conn -> msgid -> [> `Entry of Ldap_types.search_result_entry | `Referral of string list ]

fetch a search entry from the wire using the given msgid. The entry could be a search entry, OR it could be a referral structure.

  • raises LDAP_Failure

    for all results other than `SUCCESS (except referrals)

  • raises Decoding_error

    for decoder errors (unlikely, probably a bug)

  • raises Encoding_error

    for encoder errors (unlikely, probably a bug)

val get_search_entry_with_controls : conn -> msgid -> [> `Entry of Ldap_types.search_result_entry | `Referral of string list | `Success of Ldap_types.ldap_controls option ]

fetch a search entry from the wire using the given msgid. The entry could be a search entry, OR it could be a referral structure.

The version supports passing ldap_controls (like page control) through on success. Returning an entry of type `SUCCESS was thus needed.

  • raises LDAP_Failure

    for all results other than `SUCCESS (except referrals)

  • raises Decoding_error

    for decoder errors (unlikely, probably a bug)

  • raises Encoding_error

    for encoder errors (unlikely, probably a bug)

val abandon : conn -> msgid -> unit

abandon the async request attached to msgid.

  • raises Encoding_error

    for encoder errors (unlikely, probably a bug)

val search_s : ?base:string -> ?scope:Ldap_types.search_scope -> ?aliasderef:Ldap_types.alias_deref -> ?sizelimit:int32 -> ?timelimit:int32 -> ?attrs:string list -> ?attrsonly:bool -> conn -> string -> [> `Entry of Ldap_types.search_result_entry | `Referral of string list ] list

This is the syncronus version of search. It blocks until the search is complete, and returns a list of objects. It is exactly the same in all other ways.

val add_s : conn -> entry -> unit

add entry to the directory

  • raises LDAP_Failure

    for all results other than `SUCCESS

  • raises Decoding_error

    for decoder errors (unlikely, probably a bug)

  • raises Encoding_error

    for encoder errors (unlikely, probably a bug)

val delete_s : conn -> dn:string -> unit

delete the entry named by dn from the directory

  • raises LDAP_Failure

    for all results other than `SUCCESS

  • raises Decoding_error

    for decoder errors (unlikely, probably a bug)

  • raises Encoding_error

    for encoder errors (unlikely, probably a bug)

val modify_s : conn -> dn:string -> mods:(Ldap_types.modify_optype * string * string list) list -> unit

apply the list of modifications to the named entry

  • parameter dn

    The dn of the object to modify

  • parameter mods

    The list of modifications to apply

  • raises LDAP_Failure

    for all results other than `SUCCESS

  • raises Decoding_error

    for decoder errors (unlikely, probably a bug)

  • raises Encoding_error

    for encoder errors (unlikely, probably a bug)

val modrdn_s : ?deleteoldrdn:bool -> ?newsup:'a option -> conn -> dn:string -> newdn:string -> unit

change the rdn, and optionally the superior entry of dn

  • parameter deleteoldrdn

    Delete the old rdn value, (default true)

  • parameter newsup

    The new superior dn of the object (default None)

  • parameter dn

    The dn of the object to modify

  • parameter newrdn

    The new rdn value (eg. cn=bob)

  • raises LDAP_Failure

    for all results other than `SUCCESS

  • raises Decoding_error

    for decoder errors (unlikely, probably a bug)

  • raises Encoding_error

    for encoder errors (unlikely, probably a bug)

OCaml

Innovation. Community. Security.