LdapUserLookup

Overview

LdapUserLookup is a class that provides usage of the LdapClient for authentication. It's a thread-safe wrapper; to find the DN for a given username, validate the password and return a list of groups this user is in.

Location

Reference: RemObjects.SDK.dll
Namespace: RemObjects.SDK.Ldap
Ancestry: Component | LdapUserLookup

constructor

Creates a new instance of this class.

constructor

LdapUserLookup()

Sub New()

AfterConnect

Triggered just after the connection has been established. The parameter will provide access to the LdapClient object.

event AfterConnect: EventHandler<LdapEventArgs>;

delegate EventHandler<LdapEventArgs> AfterConnect()

Event AfterConnect As EventHandler<LdapEventArgs>

BeforeConnect

Triggered just before a connection is made. The parameter will provide access to the LdapClient object.

event BeforeConnect: EventHandler<LdapEventArgs>;

delegate EventHandler<LdapEventArgs> BeforeConnect()

Event BeforeConnect As EventHandler<LdapEventArgs>

Disconnected

Triggered just after the LdapClient disconnects.

event Disconnected: EventHandler<LdapEventArgs>;

delegate EventHandler<LdapEventArgs> Disconnected()

Event Disconnected As EventHandler<LdapEventArgs>

GroupFilter

Filter to use for finding groups a user is in. The default value is "(objectClass=groupOfNames)". groupOfNames and groupOfUniqueNames are supported.

property GroupFilter: String read write;

String GroupFilter { get; set; }

Property GroupFilter() As String

GroupMemberField

Contains the attribute name of the Ldap group object that will contain the DN for a user. By default, this is "member".

property GroupMemberField: String read write;

String GroupMemberField { get; set; }

Property GroupMemberField() As String

GroupNameField

Contains the attribute name of the Ldap group object that will contain the name of the group. The default value is "cn".

property GroupNameField: String read write;

String GroupNameField { get; set; }

Property GroupNameField() As String

GroupSearchBase

The search base for the groups to search for a user.

property GroupSearchBase: String read write;

String GroupSearchBase { get; set; }

Property GroupSearchBase() As String

Hostname

The target hostname.

property Hostname: String read write;

String Hostname { get; set; }

Property Hostname() As String

Tries to log in a user. The result will be nil if the user cannot be found. Otherwise the resulting class contains:

Username: Name of the user
DN: Full distinguished name of the Ldap user object
UserObject: Details about this user, contains the full user record
GroupMembership: Groups this user is a member of

method Login(username: String; password: String): LookupResults

LookupResults Login(String username, String password)

Function Login(username As String, password As String) As LookupResults

Parameters:

username: Username of this user (note: this is not the DN, it's generally the uid used by Ldap).
password: Password this user used to login; null or empty will not be accepted as valid even if the user has an empty password.

LookupDN

Username used to look up users. This login name should have access to all users and all groups as it's used to resolve the DN for a username and return the group list.

property LookupDN: String read write;

String LookupDN { get; set; }

Property LookupDN() As String

LookupPassword

Contains the password associated with the LookupDN account.

property LookupPassword: String read write;

String LookupPassword { get; set; }

Property LookupPassword() As String

Port

Port to connect to.

property Port: Int32 read write;

Int32 Port { get; set; }

Property Port() As Int32

SearchGroups

When true, the LdapUserLookup will look up the groups the user to be authenticated is member of. By default, this property is set to true.

property SearchGroups: Boolean read write;

Boolean SearchGroups { get; set; }

Property SearchGroups() As Boolean

SearchSubTree

When true, it will recurse into sub trees during the search for users and groups. By default, this property is set to true.

property SearchSubTree: Boolean read write;

Boolean SearchSubTree { get; set; }

Property SearchSubTree() As Boolean

SslOptions

Ssl Options to use when connecting to the server. When enabled, it will wrap the whole connection in Ssl. Use the UseStartTLS option to initialize secure communication as part of the protocol.

property SslOptions: SslConnectionFactory read;

SslConnectionFactory SslOptions { get; }

ReadOnly Property SslOptions() As SslConnectionFactory

StripGroupBaseDN

When false, the list of groups a user is member of will contain the full DN of the groups, for true it will strip the group base from the DN and just return the name of the group prefixed by any name.

GroupBase: ou=groups,cn=company,cn=com
Item: cn=mygroup,ou=groups,cn=company,cn=com
** returns: "mygroup"
Item: cn=mygroup,ou=list,ou=groups,cn=company,cn=com
** returns: "list.mygroup"

False by default.

property StripGroupBaseDN: Boolean read write;

Boolean StripGroupBaseDN { get; set; }

Property StripGroupBaseDN() As Boolean

UserFilter

Ldap filter to use when looking up a user. Defaults to "(objectClass=inetOrgPerson)".

property UserFilter: String read write;

String UserFilter { get; set; }

Property UserFilter() As String

UserNameField

Contains the Ldap field with the username. Defaults to "uid".

property UserNameField: String read write;

String UserNameField { get; set; }

Property UserNameField() As String

UserSearchBase

Search base to start searching for a user.

property UserSearchBase: String read write;

String UserSearchBase { get; set; }

Property UserSearchBase() As String

UseStartTLS

When true, the Ldap client will try to initialize TLS after connecting.

property UseStartTLS: Boolean read write;

Boolean UseStartTLS { get; set; }

Property UseStartTLS() As Boolean