minimal setup

    my $conn = Connector::Proxy::Net::LDAP->new({
       LOCATION  => 'ldap://localhost:389',
       base      => 'dc=example,dc=org',
       filter  => '(cn=[% ARGS.0 %])',
    });

    $conn->get('John Doe');

Above code will run a query of "cn=test@example.org against the server" using an anonymous bind.

using bind credentials

    my $conn = Connector::Proxy::Net::LDAP->new( {
        LOCATION  => 'ldap://localhost:389',
        base      => 'dc=example,dc=org',
        filter  => '(cn=[% ARGS.0 %])',
        binddn    => 'cn=admin,dc=openxpki,dc=org',
        password  => 'admin',
        attrs => ['usercertificate;binary','usercertificate'],
    });

Uses bind credentials and queries for entries having (at least) one of the mentioned attributes.

connection control

timeout

keepalive

multihomed

localaddr

debug

raw

Enables utf8 for returned attribute values. The default value is qr/;binary/, set this to a Regex reference to change the attribute pattern for utf8 conversion or set undef to disable it.

SSL connection options

SSl related options are passed to Net::LDAP->new, see Net::LDAP for details. The attribute names in brackets are identical to the ones used in the HTTP based connectors and mapped to their equivalents.

Note that mapping takes place at first init, so modifications to those values after the first connection will not be visibile. The native parameter names are superior.

verify (ssl_ignore_mode - 'reqiured' if true)

sslversion

ciphers

capath (ca_certificate_path)

cafile (ca_certificate_file)

clientcert (certificate_file)

clientkey (certificate_key_file)

checkcrl

setting values

    connector:
        LOCATION:...
        ....
        action: replace

replace

This is the default (the action parameter may be omitted). The passed value is set as the only value in the attribute. Any values (even if there are more than one) are removed. If undef is passed, the whole attribute is removed from the node.

append

The given value is appended to exisiting attributes. If undef is passed, the request is ignored.

delete

The given value is deleted from the attribute entry. If there are more items in the attribute, the remaining values are left untouched. If the value is not present or undef is passed, the request is ignored.

autocreation of missing nodes

    schema:
        cn:
            objectclass: inetOrgPerson pkiUser
            values:
                sn: copy:self
                ou: IT Department

You can specify multiple objectclass entries seperated by space or as list.

The objects attribute matching the RDN component is always set, you can use the special word "copy:self" to copy the attribute value within the object. The values section is optional.

If schema for CN is given and the filter does not find a result, the node name is constructed from using the first path argument as CN and the base dn of the connector as path. All defined attribute values that have been passed are also added to the object on creation. Auto-Creation is not applied if action is set to delete.

For creating the actual leaf node, there are additional options by adding the node create to the configuration.

set another component class for the node

    create:
        rdnkey: emailAddress

Will use the given class name with the first argument as value plus the base dn to build the node DN. The old syntax with rdnkey + value pattern (which was broken anyway) is no longer supported, use the full rdn template as given below if required.

set another path to the node

    create:
        basedn: ou=Webservers,ou=Servers,dc=company,dc=org

use templating to generate the local component

The given base dn will be prefixed with the component assigned to the leaf, e.g. cn=www.example.org,ou=Webservers,ou=Servers,dc=company,dc=org

use templating to generate the local component

    create:
        rdn: emailAddress=[% ARGS.0 %]

Same result as the first example, the path arguments are all in ARGS, additional data (depends on the subclass implementation) are made available in the DATA key.

Multivalued RDNs can be constructed using a list:

    create:
        rdn:
         - emailAddress=[% ARGS.0 %]
         - CN=[% ARGS.1 %]

use temlating for full DN

    create:
        dn: emailAddress=[% ARGS.0 %],ou=People,dc=company,dc=org

Same as setting basedn and rdn, components of the path are created if there is a matching schema definition. Limitation: this module does not support different value patterns for the same class name.

Full example using Connector::Multi

    [ca1]
    myrepo@ = connector:connectors.ldap

    [connectors]

    [connectors.ldap]
    class = Connector::Proxy::Net::LDAP
    LOCATION = ldap://ldaphost:389
    base     = dc=openxpki,dc=org
    filter   = (cn=[% ARGS.0 %])
    attrs    = userCertificate;binary
    binddn   = cn=admin,dc=openxpki,dc=org
    password = admin
    action = replace

    [connectors.ldap.create]
    basedn: ou=Webservers,ou=Server CA3,dc=openxpki,dc=org
    rdnkey: cn
    value: [% ARGS.0 %]

    [connectors.ldap.schema.cn]
    objectclass: inetOrgPerson

    [connectors.ldap.schema.cn.values]
    sn: copy:self

    [connectors.ldap.schema.ou]
    objectclass: organizationalUnit

_getByDN

    $self->_getByDN( 'cn=John Doe,ou=people,dc=openxpki,dc=org' );

Returns the ldap entry object or undef if not found. Pass "{create =" 1}> and configure your connector to auto create a new node if none is found.

_createPathItem

_triggerAutoCreate

_splitDN

_run_search

  my $mesg = $ldap->search( $self->_build_search_options( $args, $param ) );

that will take care of stale/lost connections to the server. The result object is returned by the method, the ldap object is taken from the class.