Updating an LDAP Directory

Entries can be added, modified, and deleted. Remote administration of an LDAP server is one possible using one of these options.

The following example runs a cycle of LDAP actions by first adding a new record, then querying the LDAP directory and generating a form for the output, and finally deleting the new record.

To add a new record:

Open a new file in Studio.

Modify the file so that it appears as follows:

<!--- add a new record (Joe Smith) --->

<CFLDAP
    SERVER="myserver"
    USERNAME="uid=kvaughan, ou=People, o=airius.com"
    PASSWORD="bribery"
    ACTION="ADD"
    ATTRIBUTES="objectclass=top, person, organizationalPerson
        inetOrgPerson; cn=Joe Smith; 
        sn=Smith; mail=jSmith@airius.com;
        telephonenumber=+1 408 555 2128; ou=Human Resources"
        DN="uid=jSmith, ou=People, o=airius.com">

<!--- query the LDAP server --->

<CFLDAP Name="AriusList"
    SERVER="myserver"
    ACTION="QUERY"
    ATTRIBUTES="cn,mail,telephonenumber"
    SCOPE="SUBTREE"
    FILTER="ou=Human Resources"
    SORT="cn ASC"
    START="o=airius.com">

<!--- generate a form page for query output --->

<H3> Human Resources Directory for Arius</H3>

<CFFORM ACTION="ariusform_action.cfm">

    <CFGRID NAME="ariusgrid" width="350" query="AriusList" 
        insert="No" delete="No" sort="no" bold="No" italic="No"
        appendkey="No" highlighthref="No" griddataalign="LEFT"
        gridlines="no" rowheaders="no" rowheaderalign="LEFT"
        rowheaderitalic="No" rowheaderbold="No" colheaders="yes"
        colheaderalign="LEFT" colheaderitalic="No" 
colheaderbold="yes"
        selectmode="BROWSE" picturebar="no">

        <CFGRIDCOLUMN NAME="cn" HEADER="Name">
        <CFGRIDCOLUMN NAME="mail" HEADER="eMail Address">
        <CFGRIDCOLUMN NAME="telephonenumber" HEADER="Phone">
    </CFGRID><BR>

</CFFORM>

<!---delete record --->

<CFLDAP
    SERVER="myserver"
    USERNAME="uid=kvaughan, ou=People, o=airius.com"
    PASSWORD="bribery"
    ACTION="DELETE"
    DN="uid=jSmith, ou=People, o=airius.com">

Change myserver to a valid LDAP server.
Change the uid to a valid user id.
Save the page as ldapadd.cfm and view it in your browser.

To modify a record by adding an attribute:

This example illustrates modifying a record by adding an attribute value to the existing values. This is a necessary step to overcome the limitations of the MODIFY attribute.

Open a new file in Studio.

Modify the file so that it appears as follows:

<!--- modify a record, preserving 
    other existing attributes --->

<!--- You must include the existing attribute
values plus the new one you want to add. In this
case we are adding a unique member gfarmer to
the Accounting Managers. If we did not include 
the existing the existing unique members scarter 
and tmorris then they would no longer be unique
members. The modify really is doing a replace on 
this attribute. For the next release of ColdFusion 
we will provide an option to just update the attribute.
Multiple values for a single attribute are separated 
by a comma.  If a single attribute value contains a 
comma you must escape it by adding an extra comma. For 
example the uniquemember value uid=scarter,ou=groups,
o=airius.com must be entered as uid=scarter,,ou=groups,,
o=airius.com Be careful when you do this modify or you 
can remove attribute values you did not intend to! --->

<!--- ATTRIBUTES="uniquemember=uid=scarter,,ou=People,,o=airius.com, 
uid=tmorris,,ou=People,,o=airius.com, 
uid=gfarmer,,ou=People,,o=airius.com" --->

<CFLDAP SERVER="myserver"
    ACTION="Modify"
    USERNAME="uid=kvaughan, ou=People, o=airius.com"
    PASSWORD="bribery"
    ATTRIBUTES="uniquemember=uid=scarter,,ou=People,,o=airius.com,
        uid=tmorris,,ou=People,,o=airius.com,
        id=gfarmer,,ou=People,,o=airius.com"
        DN="cn=Accounting Managers, ou=groups; o=airius.com">

Change myserver to a valid LDAP server.
Change the uid to a valid user id.
Save the page as ldapaddattr.cfm and view it in your browser.

To insert or update an entry:

Open a new file in Studio.

Modify the file so that it appears as follows:

<!--- If the update parameter is sent
    then run this update --->
<!--- If the insert parameter is sent
    then run this insert --->

<CFIF IsDefined(rename_dn)>

    <CFLDAP Name="CustomerRename"
        SERVER="myserver"
        USERNAME="cn=Directory Manager,
            o=Ace Industry, c=US"
        PASSWORD="testldap"
        ACTION="MODIFYDN"
        ATTRIBUTES=#new_dn#
        DN=#rename_dn#>

<CFELSE>

    <CFIF IsDefined(dn)>
    <CFSET #UPDATE_ATTRS#=#mailtag# & #email# & ";" & 
        #phonetag# & #Phone#>

        <CFLDAP Name="CustomerModify"
            SERVER="myserver"
            USERNAME="cn=Directory Manager,
                o=Ace Industry, c=US"
            PASSWORD="testldap"
            ACTION="MODIFY"
            ATTRIBUTES=#UPDATE_ATTRS#
            DN=#dn#>

<CFELSE>

<!--- If the insert parameter is sent
    then run this insert --->

    <CFIF IsDefined(Distinguished_Name)>
    <CFSET #ADD_ATTRS# = "objectclass=top,
        person,organizationalPerson,inetOrgPerson;" &
        #fullnametag# &
        #Fullname# &
        ";" & 
        #surnametag# &
        #Surname# &
        ";" &
        #mailtag# &
        #Email# &
        ";" &
        #phonetag# &
        #Phone#>

        <CFLDAP Name="CustomerAdd"
            SERVER="myserver"
            USERNAME="cn=Directory Manager,
                o=Ace Industry, c=US"
            PASSWORD="testldap"
            ACTION="Add"
            ATTRIBUTES=#ADD_ATTRS#
            DN=#Distinguished_Name#>

    </CFIF>
    </CFIF>
</CFIF>

<!--- Use CFLDAP to retrieve the common
name and distinguished name for all employees
that have a surname that contains ens and a common
name that is > K. Search starts in the country US
and organization Ace Industry.--->

<CFLDAP Name="EntryList"
    SERVER="myserver"
    ACTION="Query"
    ATTRIBUTES="dn,cn, sn"
    SCOPE="SUBTREE"
    SORT="sn ASC"
    FILTER="(&(sn=*ens*)(cn>=K))"
    START="o=Ace Industry, c=US"
    MAXROWS=50
    TIMEOUT=30>

<HTML>
<HEAD>
    <TITLE>LDAP Directory Example</TITLE>
</HEAD>

<P>To modify the attributes of an entry,
select the entry and click the <B>Update</B>
button. To create a new entry, click the
<B>Add</B> button.

<CFFORM NAME="MyForm"
    ACTION="ldap_update.cfm"
    TARGET="Lower">

    <CFSELECT NAME="dn"
        SIZE="5"
        REQUIRED="Yes"
        QUERY="EntryList"
        Value="dn"
        Display="cn">
    </CFSELECT>

    <INPUT TYPE="Submit" VALUE="Update...">

</CFFORM>

<FORM ACTION="ldap_add.cfm"
    METHOD="Post"
    TARGET="Lower">

    <INPUT TYPE="Submit" VALUE="Add...">
</FORM>

</BODY>
</HTML>

Change myserver to a valid LDAP server.
Change the uid to a valid user id.
Save the page as ldapchangeattr.cfm and view it in your browser.

To delete an entry:

Open a new file in Studio.

Modify the file so that it appears as follows:

<!--- If the delete parameter is sent
then run this update --->
<CFIF IsDefined(dn)>
    <CFLDAP Name="LDAPDelete"
        SERVER="myserver"
        USERNAME="cn=Directory Manager,
            o=Ace Industry, c=US"
        PASSWORD="testldap"
        ACTION="Delete"
        DN=#dn#>
</CFIF>

<!--- Use CFLDAP to retrieve the common name
and distinguished name for all employees that
have a surname that contains ens and a common
name that is > K. Search starts in the country
US and organization Ace Industry. --->

<CFLDAP Name="EntryList"
    SERVER="myserver"
    ACTION="Query"
    ATTRIBUTES="dn,cn, sn"
    SCOPE="SUBTREE"
    SORT="cn ASC"
    FILTER="(cn>=A)"
    START="o=Ace Industry, c=US"
    TIMEOUT=30>

Change myserver to a valid LDAP server.
Change the uid to a valid user id.
Save the page as ldapdeleteattr.cfm and view it in your browser.

Creating searchable CFLDAP output

An example of building and searching a Verity collection from LDAP data can be found in "Indexing CFLDAP Query Results".

Developing Web Applications with ColdFusion
Chapter 16 : Connecting to LDAP Directories