Tcl LDAP Command(s) (version 3.0)

ldap - binding to LDAP C API.

package require ldap ?3.0?
: ldap ?options? ?host? ?port?

SYNOPSIS

package require ldap ?3.0?

ldap ?options? ?host? ?port?

This extension provides a generic binding to LDAP, adding a single command to the Tcl interpreter that dynamically creates session command objects each time it is called. The resultant command can be used to exercise the full range of the LDAP protocol, with the notable exception of extended operations (a LDAP v3 feature). For background on LDAP please visit http://www3.innosoft.com/ldapworld/.

ldap ?options? ?host? ?port?: Initializes an LDAP connection to specified host (default: localhost) and port (default: 389). Returns the name of a new command in the interpreter that can be used to communicate with the specified LDAP Server. The available options are: -

-timeout seconds

Provide the query timeout. (default: 120)

-version number

Provide the protocol version to use when communicating with the LDAP Server. (default: 3, if ldap toolkit supports it, otherwise 2)

Object Command

$obj add dn ?attr values? ...: Add new object to directory, populating the specified attributes with the coresponding values. Note: many attributes in a directory are multi-value, so the value provided here is a Tcl list of values for each occurance of an attribute.
$obj bind ?dn? ?password?: Issue a bind (e.g. authentication request) against the specified user dn. If neither dn or password are supplied an anonymous bind is performed.
$obj compare dn attr value: Issue a compare, returns 1 (true) if attr matches value, otherwise 0 (false).
$obj delete dn: Issue a delete against the specified dn. Note: Most directories will not allow you to delete a node that has children.
$obj join rdnlist: Join each rdn (relative DN) together to produce a fully qualified dn. (local)
$obj modify dn ?add: attr values? ?del: attr? ?mod: attr values?: Issue a modify against specified dn. This is best shown by example. The following adds two objectclass attributes, deletes the junkAttr attrbute and replaces any existing cn attrbutes with the single value "Matt Newman": -; $obj modify $dn add: objectclass [list person inetOrgPerson] del: junkAttr mod: cn [list "Matt Newman"]
$obj modrdn dn rdn ?retain?: Renames the leaf rdn component of dn in the directory - see LDAP reference documentation for more details.
$obj parent dn: Returns the logical parent dn for the specified dn.
$obj search ?options? base ?filter? ?attr ...?: The heart of most ldap programs - issue a search against the directory. Returns a list of entries, where each entry is in itself an list of attr values pairs, suitable for use with array set. Note: the values associated with a given attribute are a list, since attributes can have multiple values.; If no filter is provided the default filter (objectclass=*) is used. If attribute names are provided after the filter then only the named attributes will be returned. The available options are: -

-attrs bool

Return only the names of the attributes in the matching objects. When this is true the returned format is a list of entries where the first element of each entry is the matching dn and the subsequent fields are the attribute names. (default: false)

-names bool

Return only the dn names of the matching objects. When this is true the returned format is a simple list of dn's. (default: false)

-scope enum

Specify the scope of the LDAP search. Can be base, one, or sub. (default: base)

$obj split dn ?friendly?: Break up the specified dn into a Tcl list of it's component parts. If friendly is true then the qualified (e.g. cn=) is dropped.
$obj url url: Behaves exactly as $obj search, except the search criterial are specified using the standard LDAP URL notation.

NAME

SYNOPSIS

DESCRIPTION

Object Command

SEE ALSO