LdapUserLookup

Overview

LdapUserLookup is a class that provides usage of the LdapClient for authentication. It's a thread-safe wrapper; to find the DN for a given username, validate the password and return a list of groups this user is in.

Location

 

constructor

Creates a new instance of this class.

 

constructor

 

LdapUserLookup()

 

init()

 

Sub New()

AfterConnect

Triggered just after the connection has been established. The parameter will provide access to the LdapClient object.

 

event AfterConnect: EventHandler<LdapEventArgs>

 

delegate EventHandler<LdapEventArgs> AfterConnect()

 

__event EventHandler<LdapEventArgs>: AfterConnect!

 

Event AfterConnect As EventHandler<LdapEventArgs>

BeforeConnect

Triggered just before a connection is made. The parameter will provide access to the LdapClient object.

 

event BeforeConnect: EventHandler<LdapEventArgs>

 

delegate EventHandler<LdapEventArgs> BeforeConnect()

 

__event EventHandler<LdapEventArgs>: BeforeConnect!

 

Event BeforeConnect As EventHandler<LdapEventArgs>

Disconnected

Triggered just after the LdapClient disconnects.

 

event Disconnected: EventHandler<LdapEventArgs>

 

delegate EventHandler<LdapEventArgs> Disconnected()

 

__event EventHandler<LdapEventArgs>: Disconnected!

 

Event Disconnected As EventHandler<LdapEventArgs>

GroupFilter

Filter to use for finding groups a user is in. The default value is "(objectClass=groupOfNames)". groupOfNames and groupOfUniqueNames are supported.

 

property GroupFilter: String read write;

 

String GroupFilter { get; set; }

 

var GroupFilter: String { get{} set{} }

 

Property GroupFilter() As String

GroupMemberField

Contains the attribute name of the Ldap group object that will contain the DN for a user. By default, this is "member".

 

property GroupMemberField: String read write;

 

String GroupMemberField { get; set; }

 

var GroupMemberField: String { get{} set{} }

 

Property GroupMemberField() As String

GroupNameField

Contains the attribute name of the Ldap group object that will contain the name of the group. The default value is "cn".

 

property GroupNameField: String read write;

 

String GroupNameField { get; set; }

 

var GroupNameField: String { get{} set{} }

 

Property GroupNameField() As String

GroupSearchBase

The search base for the groups to search for a user.

 

property GroupSearchBase: String read write;

 

String GroupSearchBase { get; set; }

 

var GroupSearchBase: String { get{} set{} }

 

Property GroupSearchBase() As String

Hostname

The target hostname.

 

property Hostname: String read write;

 

String Hostname { get; set; }

 

var Hostname: String { get{} set{} }

 

Property Hostname() As String

Login

Tries to log in a user. The result will be nil if the user cannot be found. Otherwise the resulting class contains:

  • Username: Name of the user
  • DN: Full distinguished name of the Ldap user object
  • UserObject: Details about this user, contains the full user record
  • GroupMembership: Groups this user is a member of

 

method Login(username: String; password: String): LookupResults

 

LookupResults Login(String username, String password)

 

func Login(_ username: String, _ password: String) -> LookupResults

 

Function Login(username As String, password As String) As LookupResults

Parameters:

  • username: Username of this user (note: this is not the DN, it's generally the uid used by Ldap).
  • password: Password this user used to login; null or empty will not be accepted as valid even if the user has an empty password.

LookupDN

Username used to look up users. This login name should have access to all users and all groups as it's used to resolve the DN for a username and return the group list.

 

property LookupDN: String read write;

 

String LookupDN { get; set; }

 

var LookupDN: String { get{} set{} }

 

Property LookupDN() As String

LookupPassword

Contains the password associated with the LookupDN account.

 

property LookupPassword: String read write;

 

String LookupPassword { get; set; }

 

var LookupPassword: String { get{} set{} }

 

Property LookupPassword() As String

Port

Port to connect to.

 

property Port: Int32 read write;

 

Int32 Port { get; set; }

 

var Port: Int32 { get{} set{} }

 

Property Port() As Int32

SearchGroups

When true, the LdapUserLookup will look up the groups the user to be authenticated is member of. By default, this property is set to true.

 

property SearchGroups: Boolean read write;

 

Boolean SearchGroups { get; set; }

 

var SearchGroups: Boolean { get{} set{} }

 

Property SearchGroups() As Boolean

SearchSubTree

When true, it will recurse into sub trees during the search for users and groups. By default, this property is set to true.

 

property SearchSubTree: Boolean read write;

 

Boolean SearchSubTree { get; set; }

 

var SearchSubTree: Boolean { get{} set{} }

 

Property SearchSubTree() As Boolean

SslOptions

Ssl Options to use when connecting to the server. When enabled, it will wrap the whole connection in Ssl. Use the UseStartTLS option to initialize secure communication as part of the protocol.

 

property SslOptions: SslConnectionFactory read;

 

SslConnectionFactory SslOptions { get; }

 

var SslOptions: SslConnectionFactory { get{} }

 

ReadOnly Property SslOptions() As SslConnectionFactory

StripGroupBaseDN

When false, the list of groups a user is member of will contain the full DN of the groups, for true it will strip the group base from the DN and just return the name of the group prefixed by any name.

  • GroupBase: ou=groups,cn=company,cn=com
  • Item: cn=mygroup,ou=groups,cn=company,cn=com
    ** returns: "mygroup"
  • Item: cn=mygroup,ou=list,ou=groups,cn=company,cn=com
    ** returns: "list.mygroup"

False by default.

 

property StripGroupBaseDN: Boolean read write;

 

Boolean StripGroupBaseDN { get; set; }

 

var StripGroupBaseDN: Boolean { get{} set{} }

 

Property StripGroupBaseDN() As Boolean

UserFilter

Ldap filter to use when looking up a user. Defaults to "(objectClass=inetOrgPerson)".

 

property UserFilter: String read write;

 

String UserFilter { get; set; }

 

var UserFilter: String { get{} set{} }

 

Property UserFilter() As String

UserNameField

Contains the Ldap field with the username. Defaults to "uid".

 

property UserNameField: String read write;

 

String UserNameField { get; set; }

 

var UserNameField: String { get{} set{} }

 

Property UserNameField() As String

UserSearchBase

Search base to start searching for a user.

 

property UserSearchBase: String read write;

 

String UserSearchBase { get; set; }

 

var UserSearchBase: String { get{} set{} }

 

Property UserSearchBase() As String

UseStartTLS

When true, the Ldap client will try to initialize TLS after connecting.

 

property UseStartTLS: Boolean read write;

 

Boolean UseStartTLS { get; set; }

 

var UseStartTLS: Boolean { get{} set{} }

 

Property UseStartTLS() As Boolean

 

GroupFilter

Filter to use for finding groups a user is in. The default value is "(objectClass=groupOfNames)". groupOfNames and groupOfUniqueNames are supported.

 

property GroupFilter: String read write;

 

String GroupFilter { get; set; }

 

var GroupFilter: String { get{} set{} }

 

Property GroupFilter() As String

GroupMemberField

Contains the attribute name of the Ldap group object that will contain the DN for a user. By default, this is "member".

 

property GroupMemberField: String read write;

 

String GroupMemberField { get; set; }

 

var GroupMemberField: String { get{} set{} }

 

Property GroupMemberField() As String

GroupNameField

Contains the attribute name of the Ldap group object that will contain the name of the group. The default value is "cn".

 

property GroupNameField: String read write;

 

String GroupNameField { get; set; }

 

var GroupNameField: String { get{} set{} }

 

Property GroupNameField() As String

GroupSearchBase

The search base for the groups to search for a user.

 

property GroupSearchBase: String read write;

 

String GroupSearchBase { get; set; }

 

var GroupSearchBase: String { get{} set{} }

 

Property GroupSearchBase() As String

Hostname

The target hostname.

 

property Hostname: String read write;

 

String Hostname { get; set; }

 

var Hostname: String { get{} set{} }

 

Property Hostname() As String

LookupDN

Username used to look up users. This login name should have access to all users and all groups as it's used to resolve the DN for a username and return the group list.

 

property LookupDN: String read write;

 

String LookupDN { get; set; }

 

var LookupDN: String { get{} set{} }

 

Property LookupDN() As String

LookupPassword

Contains the password associated with the LookupDN account.

 

property LookupPassword: String read write;

 

String LookupPassword { get; set; }

 

var LookupPassword: String { get{} set{} }

 

Property LookupPassword() As String

Port

Port to connect to.

 

property Port: Int32 read write;

 

Int32 Port { get; set; }

 

var Port: Int32 { get{} set{} }

 

Property Port() As Int32

SearchGroups

When true, the LdapUserLookup will look up the groups the user to be authenticated is member of. By default, this property is set to true.

 

property SearchGroups: Boolean read write;

 

Boolean SearchGroups { get; set; }

 

var SearchGroups: Boolean { get{} set{} }

 

Property SearchGroups() As Boolean

SearchSubTree

When true, it will recurse into sub trees during the search for users and groups. By default, this property is set to true.

 

property SearchSubTree: Boolean read write;

 

Boolean SearchSubTree { get; set; }

 

var SearchSubTree: Boolean { get{} set{} }

 

Property SearchSubTree() As Boolean

SslOptions

Ssl Options to use when connecting to the server. When enabled, it will wrap the whole connection in Ssl. Use the UseStartTLS option to initialize secure communication as part of the protocol.

 

property SslOptions: SslConnectionFactory read;

 

SslConnectionFactory SslOptions { get; }

 

var SslOptions: SslConnectionFactory { get{} }

 

ReadOnly Property SslOptions() As SslConnectionFactory

StripGroupBaseDN

When false, the list of groups a user is member of will contain the full DN of the groups, for true it will strip the group base from the DN and just return the name of the group prefixed by any name.

  • GroupBase: ou=groups,cn=company,cn=com
  • Item: cn=mygroup,ou=groups,cn=company,cn=com
    ** returns: "mygroup"
  • Item: cn=mygroup,ou=list,ou=groups,cn=company,cn=com
    ** returns: "list.mygroup"

False by default.

 

property StripGroupBaseDN: Boolean read write;

 

Boolean StripGroupBaseDN { get; set; }

 

var StripGroupBaseDN: Boolean { get{} set{} }

 

Property StripGroupBaseDN() As Boolean

UserFilter

Ldap filter to use when looking up a user. Defaults to "(objectClass=inetOrgPerson)".

 

property UserFilter: String read write;

 

String UserFilter { get; set; }

 

var UserFilter: String { get{} set{} }

 

Property UserFilter() As String

UserNameField

Contains the Ldap field with the username. Defaults to "uid".

 

property UserNameField: String read write;

 

String UserNameField { get; set; }

 

var UserNameField: String { get{} set{} }

 

Property UserNameField() As String

UserSearchBase

Search base to start searching for a user.

 

property UserSearchBase: String read write;

 

String UserSearchBase { get; set; }

 

var UserSearchBase: String { get{} set{} }

 

Property UserSearchBase() As String

UseStartTLS

When true, the Ldap client will try to initialize TLS after connecting.

 

property UseStartTLS: Boolean read write;

 

Boolean UseStartTLS { get; set; }

 

var UseStartTLS: Boolean { get{} set{} }

 

Property UseStartTLS() As Boolean

 

constructor

Creates a new instance of this class.

 

constructor

 

LdapUserLookup()

 

init()

 

Sub New()

Login

Tries to log in a user. The result will be nil if the user cannot be found. Otherwise the resulting class contains:

  • Username: Name of the user
  • DN: Full distinguished name of the Ldap user object
  • UserObject: Details about this user, contains the full user record
  • GroupMembership: Groups this user is a member of

 

method Login(username: String; password: String): LookupResults

 

LookupResults Login(String username, String password)

 

func Login(_ username: String, _ password: String) -> LookupResults

 

Function Login(username As String, password As String) As LookupResults

Parameters:

  • username: Username of this user (note: this is not the DN, it's generally the uid used by Ldap).
  • password: Password this user used to login; null or empty will not be accepted as valid even if the user has an empty password.

 

AfterConnect

Triggered just after the connection has been established. The parameter will provide access to the LdapClient object.

 

event AfterConnect: EventHandler<LdapEventArgs>

 

delegate EventHandler<LdapEventArgs> AfterConnect()

 

__event EventHandler<LdapEventArgs>: AfterConnect!

 

Event AfterConnect As EventHandler<LdapEventArgs>

BeforeConnect

Triggered just before a connection is made. The parameter will provide access to the LdapClient object.

 

event BeforeConnect: EventHandler<LdapEventArgs>

 

delegate EventHandler<LdapEventArgs> BeforeConnect()

 

__event EventHandler<LdapEventArgs>: BeforeConnect!

 

Event BeforeConnect As EventHandler<LdapEventArgs>

Disconnected

Triggered just after the LdapClient disconnects.

 

event Disconnected: EventHandler<LdapEventArgs>

 

delegate EventHandler<LdapEventArgs> Disconnected()

 

__event EventHandler<LdapEventArgs>: Disconnected!

 

Event Disconnected As EventHandler<LdapEventArgs>