This class abstracts a connection to an LDAP server (or servers), an instance will be connected to the server you specify and can be used to perform operations on that server.

Example

new ldapcon ~connect_timeout:5 ~version:3 ["ldap://first.ldap.server";"ldap://second.ldap.server"].

In addition to specifying multiple urls, if DNS names are given, and those names are bound to multiple addresses, then all possible addresses will be tried.

Example

new ldapcon ["ldaps://rrldap.csun.edu"]

is equivelant to

new ldapcon ["ldap://130.166.1.30";"ldap://130.166.1.31";"ldap://130.166.1.32"]

This means that if any host in the rr fails, the ldapcon will transparently move on to the next host, and you will never know the difference.

raises LDAP_Failure
All methods raise Ldap_types.LDAP_Failure on error

parameter connect_timeout
Default 1, an integer which specifies how long to wait for any given server in the list to respond before trying the next one. After all the servers have been tried for connect_timeout seconds LDAP_Failure (`SERVER_DOWN, ...) will be raised.

parameter referral_policy
In a future version of ocamldap this will be used to specify what you would like to do in the event of a referral. Currently it does nothing and is ignored see Ldap_ooclient.referral_policy.

parameter version
The protocol version to use, the default is 3, the other recognized value is 2.

Authentication

method bind : ?cred:string -> ?meth:Ldap_funclient.authmethod -> string -> unit

bind to the database using dn.

Simple Bind Example

ldap#bind ~cred:"password" "cn=foo,ou=people,ou=auth,o=bar"

To bind anonymously, omit ~cred, and leave dn blank eg.

Example

ldap#bind ""

parameter cred
The credentials to provide for binding. Default "".

parameter meth
The method to use when binding See Ldap_funclient.authmethod the default is `SIMPLE. If `SASL is used then dn and ~cred Are interperted according to the chosen SASL mechanism. SASL binds have not been tested extensively.

method unbind : unit

Deauthenticate and close the connection to the server

Searching

method search : ?scope:Ldap_types.search_scope ->
  ?attrs:string list ->
  ?attrsonly:bool ->
  ?base:string ->
  ?sizelimit:Int32.t ->
  ?timelimit:Int32.t ->
  string ->
  ldapentry list

Search the directory syncronously for an entry which matches the search criteria.

Example

ldap#search ~base:"dc=foo,dc=bar" ~attrs:["cn"] "uid=*"

parameter scope
Default `SUBTREE, defines the scope of the search. see Ldap_types.search_scope

parameter attrs
Default [] (means all attributes)

parameter attrsonly
Default false If true, asks the server to return only the attribute names, not their values.

parameter base
Default "", The search base, which is the dn of the object from which you want to start your search. Only that object, and it's children will be included in the search. Further controlled by ~scope.

parameter timelimit
The time limit (in seconds) to allow the search to run for. Default 0l, which means there is no user specified time limit, the server may still impose one.

parameter sizelimit
The max number of entries to return from the search (in number of entries)

method search_a : ?scope:Ldap_types.search_scope ->
  ?attrs:string list ->
  ?attrsonly:bool ->
  ?base:string ->
  ?sizelimit:Int32.t ->
  ?timelimit:Int32.t ->
  string ->
  ?abandon:bool ->
  unit ->
  ldapentry

Search the directory asyncronously, otherwise the same as search.

method rawschema : ldapentry

Fetch the raw (unparsed) schema from the directory using the standard mechanism (requires protocol version 3)

method schema : Ldap_schemaparser.schema

Fetch and parse the schema from the directory via the standard mechanism (requires version 3). Return a structured representation of the schema indexed by canonical name, and oid.

Making Modifications

method add : ldapentry -> unit

add an entry to the database

method delete : string -> unit

Delete the object named by dn from the database

method modify : string ->
  (Ldap_types.modify_optype * string * string list) list ->
  unit

Modify the entry named by dn, applying mods

Example

ldap#modify "uid=foo,ou=people,dc=bar,dc=baz" [(`DELETE, "cn", ["foo";"bar"])]

method update_entry : ldapentry -> unit

Syncronize changes made locally to an ldapentry with the directory.

method modrdn : string ->
  ?deleteoldrdn:bool ->
  ?newsup:string option ->
  string ->
  unit

Modify the rdn of the object named by dn, if the protocol version is 3 you may additionally change the superior, the rdn will be changed to the attribute represented (as a string) by newrdn,

Example With New Superior

ldap#modrdn ~newsup:(Some "o=csun") "cn=bob,ou=people,o=org" "uid=bperson"

After this example "cn=bob,ou=people,o=org" will end up as "uid=bperson,o=csun".

parameter deleteoldrdn
Default true, delete the old rdn value as part of the modrdn.

parameter newsup
Default None, only valid when the protocol version is 3, change the object's location in the tree, making its superior equal to the specified object.

package ldap

Example

Example

Authentication

Searching

Making Modifications