DEV-4: OpenEdge® in an LDAP World
Michael Jacobs
Architect, Progress OpenEdge
Agenda
 Introduction to LDAP
 Directory Service fundamentals
 Exploring the LDAP API
 LDAP Authentication Process
 Using LDAP from the ABL language
2
DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
LDAP v3
Lightweight Directory Access Protocol :

Client-server wire protocol for accessing and
managing objects in a Directory Service

Originated from the X standards as DAP (Directory
Access Protocol) and X.500 Directory

Open standard supported by many
• Programming languages: C, Perl, Java, …
• Software vendors
–
–
–
–
3
Microsoft Active Directory
Sun
Novell
OpenLDAP.org
DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
LDAP Directory Service
A network accessible source of enterprise information:


Extensible, general purpose, object storage

Single unified view of distributed and replicate object
storage across multiple servers

Primary OpenEdge application uses
Used for storing frequently read, seldom written
information
• Single point of user authentication
• Access user account information and role membership
• Synchronize user-accounts from LDAP
4
DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
Agenda
 Introduction to LDAP
 Directory Service fundamentals
 Exploring the LDAP API
 LDAP Authentication Process
 Using LDAP from the ABL language
5
DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
Mastering Directory Services
To effectively use LDAP, you need four basic skills :
1.
2.
3.
4.
6
LDAP object storage model
LDAP object name-space model
Connect and search for data objects
Extracting data object’s information
DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
Directory Service Storage Model
Directories provide data storage as objects :
 Objects represent real-world concepts
• Users
• Organizations
• Servers, applications, …
 Objects support an inheritance model
 Object definitions include
• The parent object
• OID (Object-IDentifier)
• Required & allowed data attributes
person
Parent: top
OID:
1.2.3.4
Required: a, b
Allowed: c, d
organizationalPerson
Parent: person
OID:
1.2.3.5
Required: a, b, k
Allowed: c, d, p
inetOrgPerson
Parent:
organizationalPerson
OID:
1.2.3.6
Required: a, b, k, m
Allowed: c, d, p, r
7
DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
Directory Service Storage Model
Some common Directory objects (objectClass) :
 User accounts
• person, inetOrgPerson, user
 DNS domain server
• domainComponent (dc)
 A company & its organizational hierarchy
• organization (o) & organizationalUnit (ou)
 <private object definition>
8
DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
Directory Service Storage Model
Objects store information in Attributes :
 An Attribute definition has a
• Full name
• Object identification
• Data-type
commonName
(by OID)
(by OID)
• An Attribute definition may have
• Alias name
• Description
• Suggested max value length
• An Attribute’s data-type definition
has
•
•
•
•
9
Object identification
Single/multi-values
Encoding style
Matching rules
DEV-4: OpenEdge in an LDAP World
OID:
2.5.4.3
Type:
directoryString
Alias:
cn
directoryString:
OID:
1.3.6.1.4…
Values: Multi-value
Format: UTF-8
Match: caseIgnoreMatch
(by OID)
(strings)
© 2007 Progress Software Corporation
Common Attribute Data Types
LDAP data types are defined by their OID description :
 DirectoryString
 DistinguishedName
 Boolean
 Integer
 NumericString
 OID
 OctetString
 GeneralizedTime
 <private data-type>
10 DEV-4: OpenEdge in an LDAP World
(UTF-8 character string)
© 2007 Progress Software Corporation
User Account Entry Attributes
LDAP user accounts can contain a wealth of information :










objectClass
commonName (cn)
telephoneNumber
description
locality (l)
organization (o)
userid (uid)
mail
country (c)
<private attribute>
Common user login attribute names
11 DEV-4: OpenEdge in an LDAP World










sAMAccountName*
userPrincipalName*
mobile*
lastLogon*
displayName*
userWorkstations*
userSharedFolder*
maxStorage*
primaryGroupID*
...
* Active Directory only
© 2007 Progress Software Corporation
Directory Service Name-space Model
Every company’s directory has its own unique design :


Instances of objects are stored as entries
Entries are arranged in a hierarchical treelike
structure
• Every entry is a node in the tree and may
contain data
• Any entry may have 0 to n children of any
object type

Each entry has a unique distinguished name
(DN)
• All entries are located and referenced via
its DN
• All children of an entry must have a unique
relative distinguished name (RDN), which is
relevant to its parent’s DN
12 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
Directory Service Name-space Model
uid=alice, ou=doc,ou=people,ou=us, o=acme corp
o=acme corp
ou=au
ou=people
ou=us
ou=people
ou=it
uid=jim
uid=bob
ou=doc
uid=alice uid=barb uid=rob
Sample Directory Information Tree model
13 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
Directory Service Entry Example
Extend the schema with your own objects or attributes :
dn: uid=alice,ou=doc,ou=people,ou=us,o=acme corp
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: acmeEmployee
uid: alice
sn: Smith
cn: Alice Smith
cn: Alice F Smith
telephonenumber: 510-555-1234
o: Acme Corp
mail: [email protected]
homedirectory: /home/asmith
loginshell: /usr/local/bin/bash
acmedepartment: documentation
acmeemployeeid: 034678
14 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
LDAP Connections
Four simple steps :
1.
2.
Initialize an LDAP connection context
a. “server[:port][ server[:port] …]”
Set the connection context’s network options
a.
b.
c.
d.
3.
LDAP protocol version
SSL on/off
Timeouts
…
Connect and authenticate* (bind) to the directory as
a. Anonymous
b. LDAP user account DN & secret (password)
4.
Disconnect (“unbind”) when done with the service
* Use LDAP simple authentication
15 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
Searching a Directory Service
LDAP searches are used to find and retrieve information :

LDAP searches require three components
1. The entry’s DN of where to start the search [root]
2. An attribute filter to determine which entries to find
and return
3. The scope of the search
1. Search root entry
2. Search root’s child entries
3. Search root and its entire sub-tree

LDAP searches return 0 – N entries
•
Optionally returns each returned entry’s attributes
Tip: always check how many entries were returned
16 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
Searching a Directory Service
Search a sub-tree for Barb’s entry :
1. Search-root
“ou=us,o=acme corp”
2. Filter:
“(uid=barb)”
o=acme corp
ou=au
ou=us
3. Scope:
“sub-tree”
ou=people
ou=it
uid=jim
uid=bob
17 DEV-4: OpenEdge in an LDAP World
ou=people
ou=doc
uid=alice uid=barb uid=rob
© 2007 Progress Software Corporation
Directory Service Security Model
Directory vendors supply security systems :


Discretionary access controls applied at run-time
Controls assigned to stored entries & their attributes
• Allowed LDAP users & groups
• Allowed user/group actions (read, write, search, … )

For example:
• Everyone can connect to LDAP without a user-id or
password
• Certain accounts can search for entries
• Nobody can see a user-account entry’s password
• Only user & administrator changes password
18 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
Retrieving LDAP Entries
LDAP entries are accessed dynamically :
1.
Complete the LDAP search
2.
Get the number of entries returned from the
search
3.
Use first - next operations to access
individual entries
4.
Get the entry’s DN for later use
19 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
Retrieving LDAP Attribute Values
Entry attributes are accessed dynamically :
1.
2.
Get the number of returned attributes
Use first - next functions to access individual
attributes
For each attribute:
a. Get the number of attribute values
b. Get the array of attribute values
c. Loop through the array of attribute values to
retrieve individual values
d. Release the memory allocated by the LDAP
API library in step “b”
20 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
Agenda
 Introduction to LDAP
 Directory Service fundamentals
 Exploring the LDAP API
 LDAP Authentication Process
 Using LDAP from the ABL language
21 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
LDAP “C” Shared-library API Guidelines
 LDAP “C” functions all start with “ldap_”
 LDAP has synchronous & asynchronous API
calls
• ldap_bind()
• ldap_bind_s()
(asynchronous)
(synchronous)
 Windows OS
• ANSI & WIDE (Unicode) function calls
• ldap_bind_sA
(ANSI)
• ldap_bind_sW
(WIDE)
22 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
LDAP API Cheat-sheet
Operation
LDAP API
Initialization ldap_init
Connect
(binding)
Search
Enumerate
entries
ldap_set_option
ldap_get_option
ldap_bind_s
ldap_unbind
ldap_search
ldap_count_entries
ldap_first_entry
ldap_next_entry
Use
Initialize LDAP library
Set/get connection
options
Connect/login user-id &
logout/disconnect
Search for entries &
return how many found
Enumerate returned list
of searched entries
ABL language LDAP API declarations at the end of the slide deck
23 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
LDAP API Cheat-sheet (cont)
Class
Entry
attributes
Attribute
values
LDAP API
ldap_get_dn
ldap_first_attribute
ldap_next_attribute
ldap_get_values
ldap_count_values
ldap_value_free
24 DEV-4: OpenEdge in an LDAP World
Use
Get returned entry’s
fully qualified DN
Enumerate returned
entry’s attribute list
Return attribute’s list of
[multiple] values
How many attribute
values returned
Free LDAP memory
allocation
© 2007 Progress Software Corporation
LDAP Search Filter Examples
Can use wildcards and logical operators in filters :

All entries:
“(objectclass=*)”

All entries with userid starting with “al”
“(uid=al*)”


Operators: = ~= <= >= & | !
Entry with object type “user” and user-id “alice”
“( &(objectclass=person)
(uid=alice) )”

Entry with user-id “alice” and objectclass “user” or
“inetOrgPerson”
“( &(uid=alice) ( |(objectclass=person)
(objectclass=inetOrgPerson) ) )”
Tip: LDAP server implementations may not index all
attributes, so some filters may not perform well.
25 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
Agenda
 Introduction to LDAP
 Directory Service fundamentals
 Exploring the LDAP API
 LDAP Authentication Process
 Using LDAP from the ABL language
26 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
LDAP User Authentication DN
Do I have to type in my full user account DN?

Nobody types in their full DN
“uid=alice,ou=doc,ou=people,ou=us,o=acme corp”

LDAP authentication code finds the user’s full DN for
them

Search for the user’s entry where the login-id matches
one, or more, of the entry’s attribute value
•
•
•
login-id
LDAP search filter
alice
alice smith
asmith
“(uid=alice)”
“(cn=alice smith)”
“(sAMAccountName=asmith)”
27 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
Building LDAP Search Filters
Map user account attributes to Login-id prompts :
 User-id prompt’s value used in LDAP search
for user’s full DN
cSearchTpl = “(&(objectclass=person)(uid=%s))”.
cSearchFilter = replace(cSearchTpl, “%s”, cLoginId).
 Can allow multiple forms of login-ids, each a
different user object attribute
example: uid, cn, or e-mail
cSearchTpl = “(&(objectclass=person)(|(uid=%s)(cn=%s)(mail=%s)))”.
cSearchFilter = replace(cSearchTpl, “%s”, cLoginId).
28 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
LDAP Authentication Process
After initializing and setting LDAP options :
Does Directory
security require user
DN to search?
Initialize
bind DN
Bind with
Anonymous
LDAP user
success
ldap_bind_s()
N
Use DN that has
LDAP search
privilege
Bind with
LDAP DN
F
S
29 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
LDAP Authentication Process
Searching for the user’s LDAP account :
Login:
alice
Password: *******
“(&(objectclass=person)(uid=%s))”
ldap_search()
S
Build search
filter from
user’s login-id
Search for
user’s
full DN
success
ldap_unbind()
Search sub-tree for
matching entry
Unbind
session
N
F
Verify search returns
exactly 1
V
30 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
LDAP Authentication Process
Validating the password and specific user entry attributes :
V
Login:
alice
Password: *******
ldap_bind_s()
Validates user’s
password
Bind using
user entry’s
full DN
F
success
N
ldap_search()
ldap_first_attribute()
ldap_next_attribute()
ldap_get_values()
ldap_free_value()
Get user’s
attributes &
check values
success
Execute a second
ldap_search() of
user’s full DN
N
F
C
31 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
LDAP Authentication Process
Caching useful LDAP user account information :
C
home directory
surname
given name
country
organization
custom attributes …
ldap_unbind()
Do not authenticate
on each user
context switch
F
Cache
Attribute
Values
Unbind
from
LDAP
Unbind
from
LDAP
Failure
Success
32 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
Agenda
 Introduction to LDAP
 Directory Service fundamentals
 Exploring the LDAP API
 LDAP Authentication Process
 Using LDAP from the ABL language
33 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
Use OS Native LDAP Shared Libraries

All vendors support common LDAP options
• Identify and conditionalize vendor specific options
• Option support is relative to the Directory Service, not
the LDAP client

Find the operating system’s LDAP shared library
•
•
•
•
•
Solaris:
Windows:
Linux:
HPUX:
AIX:
/usr/lib/libldap.so
wldap32.dll
/usr/lib/libldap.so
Mozilla / OpenLDAP / Internet Express
OpenLDAP*
Tip: OpenLDAP is the most common cross-platform LDAP
implementation, and is available on all these systems.
34 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
Working With a Native Shared Library
Native “C” language NULL parameter value :



Use a MEMPTR variable (mNULL)
Set iPtrSize to hardware’s address size (4 or 8 bytes)
Fill MEMPTR with zeros
define variable mNULL as MEMPTR no-undo.
define variable iPtrSize as INTEGER INITIAL 4 no-undo.
set-size(mNULL) = iPtrSize.
do i = 1 to iPtrSize: put-byte(mNULL, i) = 0.

Pass mNULL as INPUT parameter to LDAP function
35 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
Working With a Native Shared Library
Native “C” language array of memory-pointers :

Extracting attribute value memory-pointers returned
from ldap_search()
ldap_get_values(… , OUTPUT mAttrValues).
iPtrIndex = 1.
for i = 1 to iNumValues do:
if (iPtrSize = 4) then do:
set-pointer-value(mValue) = get-long(iPtrIndex, mAttrValues).
end. else do:
set-pointer-value(mValue) = get-int64(iPtrIndex, mAttrValues).
end.
iPtrIndex = iPtrIndex + iPtrSize.
cAttrValue = get-string(mValue,1).
end.
36 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
In Summary
 LDAP is a popular choice for


managing distributed network
services
Used often as a single-point of
user authentication
LDAP support is achievable
from the OpenEdge ABL
37 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
For More Information, go to…

PSDN
• White paper: LDAP User Authentication in an
OpenEdge ABL Environment

Internet references:
• www.openldap.org
• msdn.microsoft.com
• docs.sun.com
• www.iana.org/assignments
• www.alvestrand.no/objectid/

Reference books:
• LDAP Programming Directory-Enabled Applications with
Lightweight Directory Access Protocol
38 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
Relevant Exchange Sessions
 DB-14: OpenEdge Database Run-time



Security Revealed
DB-19: OpenEdge Authentication without
the _User Table
DB-8: Jump-starting Your OpenEdge
Auditing Solution
ARCH-4: A Statefull Application in a
Stateless World
39 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
Questions?
40 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
Thank you for
your time
41 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
LDAP API Session Functions (Binding)
Establishing LDAP sessions :
Configure
server host &
port
PROCEDURE ldap_init
EXTERNAL "libldap.so" PERSISTENT CDECL.
DEFINE INPUT PARAMETER p_cServerHost
AS CHAR.
DEFINE INPUT PARAMETER p_mPort
AS LONG.
DEFINE RETURN PARAMETER p_mLDAPContext AS MEMPTR.
END PROCEDURE.
Set session
options
PROCEDURE ldap_set_option
EXTERNAL "libldap.so" PERSISTENT CDECL.
DEFINE INPUT PARAMETER p_mLDAPContext AS MEMPTR.
DEFINE INPUT PARAMETER p_iLDAPOption AS LONG.
DEFINE INPUT PARAMETER p_mOptionValue AS MEMPTR.
DEFINE RETURN PARAMETER p_iStatus
AS LONG.
END PROCEDURE.
Connect &
authenticate
user-id
42 DEV-4: OpenEdge in an LDAP World
PROCEDURE ldap_bind_s
EXTERNAL "libldap.so" PERSISTENT CDECL.
DEFINE INPUT PARAMETER p_mLDAPContext AS MEMPTR.
DEFINE INPUT PARAMETER p_cBindUserDN AS CHAR.
DEFINE INPUT PARAMETER p_cBindUserPwd AS CHAR.
DEFINE INPUT PARAMETER p_iAuthMethod AS LONG.
DEFINE RETURN PARAMETER p_iStatus
AS LONG.
END PROCEDURE.
© 2007 Progress Software Corporation
LDAP API Search Functions
Establishing LDAP sessions :
Search for
LDAP entries
How many
entries were
found?
43 DEV-4: OpenEdge in an LDAP World
PROCEDURE ldap_search_s
EXTERNAL "libldap.so" PERSISTENT CDECL.
DEFINE INPUT PARAMETER p_mLDAPContext AS MEMPTR.
DEFINE INPUT PARAMETER p_cSearchRoot
AS CHAR.
DEFINE INPUT PARAMETER p_iScope
AS LONG.
DEFINE INPUT PARAMETER p_cSearchFilter AS CHAR.
DEFINE INPUT PARAMETER p_mAttrArray
AS MEMPTR.
DEFINE INPUT PARAMETER p_iAttrsOnly
AS LONG.
DEFINE OUTPUT PARAMETER p_mLDAPMessage AS HANDLE TO LONG.
DEFINE RETURN PARAMETER p_iStatus
AS LONG.
END PROCEDURE.
PROCEDURE ldap_count_entries
EXTERNAL "libldap.so" PERSISTENT CDECL.
DEFINE INPUT PARAMETER p_mLDAPContext AS MEMPTR.
DEFINE INPUT PARAMETER p_mLDAPMessage AS MEMPTR.
DEFINE RETURN PARAMETER p_iStatus
AS LONG.
END PROCEDURE.
© 2007 Progress Software Corporation
LDAP API Entry Functions
Get the first
returned
LDAP entry
PROCEDURE ldap_first_entry
EXTERNAL "libldap.so" PERSISTENT CDECL.
DEFINE INPUT PARAMETER p_mLDAPContext AS MEMPTR.
DEFINE INPUT PARAMETER p_mLDAPMessage AS MEMPTR.
DEFINE RETURN PARAMETER p_mLDAPEntry AS HANDLE TO LONG.
END PROCEDURE.
Get entry’s
fully qualified
DN
PROCEDURE ldap_get_dn
EXTERNAL "libldap.so" PERSISTENT.
DEFINE INPUT PARAMETER p_mLDAPContext AS MEMPTR.
DEFINE INPUT PARAMETER p_mLDAPMessage AS MEMPTR.
DEFINE RETURN PARAMETER p_mAttrName
AS MEMPTR.
END PROCEDURE.
Enumerate
remaining
LDAP entries
PROCEDURE ldap_next_entry
EXTERNAL "libldap.so" PERSISTENT CDECL.
DEFINE INPUT PARAMETER p_mLDAPContext AS MEMPTR.
DEFINE INPUT PARAMETER p_mLDAPMessage AS MEMPTR.
DEFINE RETURN PARAMETER p_mLDAPEntry AS HANDLE TO LONG.
END PROCEDURE.
44 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
LDAP API Attribute Functions
Get the first
LDAP entry
attribute
PROCEDURE ldap_first_attribute
EXTERNAL "libldap.so" PERSISTENT CDECL.
DEFINE INPUT PARAMETER p_mLDAPContext AS MEMPTR.
DEFINE INPUT PARAMETER p_mLDAPMessage AS MEMPTR.
DEFINE OUTPUT PARAMETER p_mCtxPtr
AS MEMPTR.
DEFINE RETURN PARAMETER p_mAttrName
AS MEMPTR.
END PROCEDURE.
Enumerate
remaining
attribues
PROCEDURE ldap_next_attribute
EXTERNAL "libldap.so" PERSISTENT CDECL.
DEFINE INPUT PARAMETER p_mLDAPContext AS MEMPTR.
DEFINE INPUT PARAMETER p_mLDAPMessage AS MEMPTR.
DEFINE INPUT PARAMETER p_mCtxPtr
AS MEMPTR.
DEFINE RETURN PARAMETER p_mAttrName
AS MEMPTR.
END PROCEDURE.
45 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
LDAP API Attribute Value Functions
Get pointer to
attribute value
list
PROCEDURE ldap_get_values
EXTERNAL "libldap.so" PERSISTENT CDECL.
DEFINE INPUT PARAMETER p_mLDAPContext AS MEMPTR.
DEFINE INPUT PARAMETER p_mLDAPMessage AS MEMPTR.
DEFINE INPUT PARAMETER p_mAttrName
AS MEMPTR.
DEFINE RETURN PARAMETER p_mAttrValues
AS MEMPTR.
END PROCEDURE.
How many
values in the
list
PROCEDURE ldap_count_values
EXTERNAL "libldap.so" PERSISTENT CDECL.
DEFINE INPUT PARAMETER p_mValueMemory AS MEMPTR.
DEFINE RETURN PARAMETER p_iCount
AS LONG.
END PROCEDURE.
FREE LDAP
API MEMORY
PROCEDURE ldap_value_free
EXTERNAL "libldap.so" PERSISTENT CDECL.
DEFINE INPUT PARAMETER p_mValueMemory AS MEMPTR.
DEFINE RETURN PARAMETER p_iStatus
AS LONG.
END PROCEDURE.
46 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
LDAP API Session Function (Unbinding)
End LDAP
session
47 DEV-4: OpenEdge in an LDAP World
PROCEDURE ldap_unbind_s
EXTERNAL "libldap.so" PERSISTENT CDECL.
DEFINE INPUT PARAMETER p_mLDAPContext AS MEMPTR.
DEFINE RETURN PARAMETER p_iStatus
AS LONG.
END PROCEDURE.
© 2007 Progress Software Corporation
Error Handling
Get LDAP
information
PROCEDURE ldap_get_option
EXTERNAL "libldap.so" PERSISTENT CDECL.
DEFINE INPUT PARAMETER p_mLDAPContext AS MEMPTR.
DEFINE INPUT PARAMETER p_iLDAPOption AS LONG.
DEFINE INPUT PARAMETER p_mOptionValue AS MEMPTR.
DEFINE RETURN PARAMETER p_iStatus
AS LONG.
END PROCEDURE.
 p_iLDAPOption
48 DEV-4: OpenEdge in an LDAP World
 LDAP_OPT_ERROR_NUMBER
[0x31]
 LDAP_OPT_ERROR_STRING
[0x32]
© 2007 Progress Software Corporation
LDAP API Session API Parameters
LDAP connection API notes :

ldap_set_option : LDAP-Option conform to production’s
configuration
• LDAP_OPT_AREC_EXCLUSIVE
[0x98]
• LDAP_OPT_SSL
[0x0a]
• LDAP_OPT_TIMELIMIT
[0x04]
• LDAP_OPT_PROTOCOL_VERSION*
[0x11]

ldap_set_option : Option-Value for setting & discovering
configuration values
• LDAP_OPT_ON
[0x01]
• LDAP_OPT_OFF
[0x00]
• LDAP_VERSION3*
[0x03]
*Required
49 DEV-4: OpenEdge in an LDAP World
© 2007 Progress Software Corporation
Descargar

OpenEdge in an LDAP World