|
%SYS
|
|
|
%SYS
|
|
This class defines the security LDAPConfigs for a system. More...
Public Member Functions | |
| _.Library.Status | OnNew () |
| This callback method is invoked by the <METHOD>New</METHOD> method to. More... | |
Public Attributes | |
| DelimiterId | |
| Delimiter Id used for group naming. More... | |
| Description | |
| LDAP description. More... | |
| GroupId | |
| Group Id used for group naming. More... | |
| InstanceId | |
| Instance Id used for group naming. More... | |
| LDAPAttributeComment | |
| LDAP attribute name where the "Comment" field is retrieved. More... | |
| LDAPAttributeFullName | |
| LDAP attribute name where the "FullName" field is retrieved. More... | |
| LDAPAttributeMail | |
| LDAP attribute name where the "Mail" field is retrieved. More... | |
| LDAPAttributeMobile | |
| LDAP attribute name where the "Mobile" field is retrieved. More... | |
| LDAPAttributeMobileProvider | |
| LDAP attribute name where the "MobileProvider" field is retrieved. More... | |
| LDAPAttributeNameSpace | |
| LDAP attribute name where the "NameSpace" field is retrieved. More... | |
| LDAPAttributeRoles | |
| LDAP attribute name where the "Roles" field is retrieved. More... | |
| LDAPAttributeRoutine | |
| LDAP attribute name where the "Routine" field is retrieved. More... | |
| LDAPAttributes | |
| List of additional LDAP attributes to return from LDAP Server. More... | |
| LDAPBaseDN | |
| Specifies the point in the directory tree from which searches begin. More... | |
| LDAPBaseDNForGroups | |
| Specifies the point in the directory tree from which searches begin for Groups. More... | |
| LDAPCACertFile | |
| Specifies the location of the file containing any TLS/SSL certificates (in PEM format) More... | |
| LDAPClientTimeout | |
| Amount of time the client waits until a Server Down is returned. More... | |
| LDAPFlags | |
| Flags for the LDAP connection. More... | |
| LDAPGroupId | |
| Used to filter roles returned by the LDAP server for a user. More... | |
| LDAPHostNames | |
| Host name of the LDAP server. More... | |
| LDAPInstanceId | |
| Used to filter roles returned by the LDAP server for a user. More... | |
| LDAPSearchPassword | |
| Password of the search user. More... | |
| LDAPSearchUsername | |
| Username of the LDAP search user with enough privileges to search the LDAP database (Windows only). More... | |
| LDAPServerTimeout | |
| Amount of time the LDAP server will wait for a client message before the connection is terminated. More... | |
| LDAPUniqueDNIdentifier | |
| A unique identifying element of each user in the LDAP database. More... | |
| Name | |
| Name of the LDAP configuration. More... | |
| NamespaceId | |
| Namespace Id used for group naming. More... | |
| OrganizationId | |
| Organization name used for group naming. More... | |
| RoleId | |
| Role Id used for group naming. More... | |
| RoutineId | |
| Routine Id used for group naming. More... | |
This class defines the security LDAPConfigs for a system.
LDAP names have the following properties:
1) LDAP names are case insensitive.
2) Maximum length of a LDAP name is 64 characters.
The Admin Secure:USE permission is required to operate on a LDAP configuration
The table for this class should be manipulated only through object access, the published API's or through the System Management Portal. It should not be updated through direct SQL access.
| _.Library.Status OnNew | ( | ) |
This callback method is invoked by the <METHOD>New</METHOD> method to.
provide notification that a new instance of an object is being created.
If this method returns an error then the object will not be created.
It is passed the arguments provided in the New call. When customizing this method, override the arguments with whatever variables and types you expect to receive from New(). For example, if you're going to call New, passing 2 arguments, OnNew's signature could be:
Method OnNew(dob as Date = "", name as Name = "") as Status If instead of returning a Status code this returns an oref and this oref is a subclass of the current class then this oref will be the one returned to the caller of New method.
|
static |
Copy a LDAP configuration.
Copy an existing LDAP configuration in the Security database to a new one.
Parameters:
Name - Name of the LDAP configuration to be copied.
NewName - Name of the New LDAP configuration to be created.
|
static |
Create a LDAP configuration.
Create a LDAP configuration in the Security database.
Parameters:
Name - Name of the LDAP configuration to create
Properties - Array of properties
See the Get() method for a description of the Properties parameter.
If a specific property is not passed in the Properties array, the value is not set.
|
static |
Delete a LDAP configuration.
This method will delete a LDAP configuration from the security database. After the LDAP Configuration is delete, any user in the User database associated with this configuration will also be deleted.
Parameters:
Name - Name of LDAP configuration to delete
|
static |
LDAP configuration exists.
This method checks for the existence of a LDAP config in the security database.
Parameters:
Name - Name of the LDAP config to check existence of
Return values:
If Value of the method = 0 (LDAP does not exist, or some error occured)
LDAP = Null
Status = LDAP "x" does not exist, or other error message<br>
If Value of the method = 1 (LDAP exists)
LDAP = Object handle to LDAP config
Status = $$$OK
|
static |
This method exports LDAP configuration records to a file in xml format.
Parameters:
Filename - Output file name
NumExported (byref) - Returns number of records exported.
LDAPConfigs - Comma separated list of LDAPConfigs to export, "*" = All
|
static |
Format the domain name.
Parameters:
Name - Name of the domain to format and validate
NewName - byref formatted name of the name as follows:
Remove "@\,"
Lowercase it
Add ".com" or "com" if no suffix
Make sure no null pieces
|
static |
Get a LDAP configurations properties.
Gets a LDAP config's properties from the security database.
Parameters:
Name - Name of the LDAP config to get
Return values:
Properties - Array of properties. See the class documentation for each individual property.
Properties("Description")
Properties("LDAPAttributes",AttributeName)
Properties("LDAPAttributeComment")
Properties("LDAPAttributeFullName")
Properties("LDAPAttributeMail")
Properties("LDAPAttributeMobile")
Properties("LDAPAttributeMobileProvider")
Properties("LDAPAttributeNameSpace")
Properties("LDAPAttributeRoutine")
Properties("LDAPAttributeRoles")
Properties("LDAPBaseDN")
Properties("LDAPBaseDNForGroups")
Properties("LDAPCACertFile")
Properties("LDAPClientTimeout")
Properties("LDAPHostNames")
Properties("LDAPFlags")
Properties("LDAPGroupId")
Properties("LDAPInstanceId")
Properties("OrganizationId")
Properties("GroupId")
Properties("InstanceId")
Properties("RoleId")
Properties("NamespaceId")
Properties("RoutineId")
Properties("DelimiterId")
Properties("LDAPSearchPassword")
Properties("LDAPSearchUsername")
Properties("LDAPServerTimeout")
Properties("LDAPUniqueDNIdentifier")
|
static |
Get a LDAP configurations properties.
Gets a LDAP configurtions properties from the security database.
Parameters:
LDAP - Object handle to a LDAP record
Return values:
Properties - See the Get method for more information on properties returned
|
static |
Import LDAP configuration records from an xml file.
Parameters:
FileName - Filename to import LDAP configuration records from
NumImported (byref) - Returns number of records imported
Flags - Control import
Bit 0 - Do not import records, just return count
Note: On failure, no records will be imported
|
static |
Modify a LDAP configuration.
Modify an existing LDAP configurations properties in the security database.
Parameters:
Name - Name of the LDAP configuration to modify
Properties - Array of properties to modify.
See the Get() method for a description of the Properties parameter.
If a specific property is not passed in the Properties array, the value is not modified.
| DelimiterId |
Delimiter Id used for group naming.
| Description |
LDAP description.
| GroupId |
Group Id used for group naming.
| InstanceId |
Instance Id used for group naming.
| LDAPAttributeComment |
LDAP attribute name where the "Comment" field is retrieved.
| LDAPAttributeFullName |
LDAP attribute name where the "FullName" field is retrieved.
| LDAPAttributeMail |
LDAP attribute name where the "Mail" field is retrieved.
| LDAPAttributeMobile |
LDAP attribute name where the "Mobile" field is retrieved.
| LDAPAttributeMobileProvider |
LDAP attribute name where the "MobileProvider" field is retrieved.
| LDAPAttributeNameSpace |
LDAP attribute name where the "NameSpace" field is retrieved.
| LDAPAttributeRoles |
LDAP attribute name where the "Roles" field is retrieved.
| LDAPAttributeRoutine |
LDAP attribute name where the "Routine" field is retrieved.
| LDAPAttributes |
List of additional LDAP attributes to return from LDAP Server.
This property contains a list of additional LDAP User attributes for which you want values returned when a user authenticates himself via LDAP. For example, you may want to return a user's mail address from the LDAP server. You would set one of the list values to "mail" which is an LDAP attribute for a user. The values for the set of attributes are written to the user's authentication record, and may be retrieved by using the Security.Users class, Attributes property.
| LDAPBaseDN |
Specifies the point in the directory tree from which searches begin.
This typically consists of domain components, such as DC=intersystems,DC=com
| LDAPBaseDNForGroups |
Specifies the point in the directory tree from which searches begin for Groups.
This typically consists of domain components, such as DC=intersystems,DC=com
| LDAPCACertFile |
Specifies the location of the file containing any TLS/SSL certificates (in PEM format)
being used to authenticate the server certificate (Unix Only).
| LDAPClientTimeout |
Amount of time the client waits until a Server Down is returned.
| LDAPFlags |
Flags for the LDAP connection.
Bit 0 - Active directory LDAP server
Bit 1 - Use SSL/TLS connection
Bit 2 - Unused
Bit 3 - Use Groups
Bit 4 - Use Nested Groups
Bit 5 - Use Universal Groups
Bit 6 - LDAP configuration enabled
Bit 7 - Kerberos Only
| LDAPGroupId |
Used to filter roles returned by the LDAP server for a user.
| LDAPHostNames |
Host name of the LDAP server.
May be one or more, separated by a space. An optional port may be appended to the host name separated by a ":" (name:port) if the LDAP server is using non standard ports.
| LDAPInstanceId |
Used to filter roles returned by the LDAP server for a user.
| LDAPSearchPassword |
Password of the search user.
| LDAPSearchUsername |
Username of the LDAP search user with enough privileges to search the LDAP database (Windows only).
| LDAPServerTimeout |
Amount of time the LDAP server will wait for a client message before the connection is terminated.
| LDAPUniqueDNIdentifier |
A unique identifying element of each user in the LDAP database.
For Active Directory LDAP servers, usually sAMAccountName.
| Name |
Name of the LDAP configuration.
| NamespaceId |
Namespace Id used for group naming.
| OrganizationId |
Organization name used for group naming.
| RoleId |
Role Id used for group naming.
| RoutineId |
Routine Id used for group naming.
1.9.1