Boxlang 1.x Stable Released
BoxLang : A Modern Dynamic JVM Language
DownloadTrySourceSupport
Edit

LDAP

Complete reference for the LDAP component - perform directory operations including query, add, modify, delete, and connection management

The <bx:ldap> component provides comprehensive LDAP (Lightweight Directory Access Protocol) operations for directory services integration. It supports querying, adding, modifying, and deleting directory entries, as well as connection management for efficient multi-operation workflows.

Syntax

Template Syntax

<bx:ldap
    action="query"
    server="ldap.example.com"
    port="389"
    result="queryResults"
    start="dc=example,dc=org"
    filter="(objectClass=person)"
/>

Script Syntax

ldap
    action="query"
    server="ldap.example.com"
    port="389"
    result="queryResults"
    start="dc=example,dc=org"
    filter="(objectClass=person)";

Supported Actions

The LDAP component supports seven core operations:

query

Search the directory with filters, scopes, and attribute selection.

  • Use Case: Find users, groups, or any directory objects

  • Returns: BoxLang Query object with results (contains matched LDAP entries as rows with their attributes as columns)

  • Features: Filtering, sorting, pagination, scope control

  • Empty Results: Returns a Query with recordCount=0 if no entries match (no exception thrown)

add

Create new entries in the directory.

  • Use Case: Add new users, groups, organizational units

  • Supports: Multi-valued attributes, all attribute types

  • Returns: Boolean true on success

  • Error Handling: Throws exception if entry already exists or DN is invalid

modify

Update existing directory entries.

  • Use Case: Update user information, group memberships

  • Operations: Replace, add, or delete attributes

  • Returns: Boolean true on success

  • Flexibility: Modify multiple attributes in one operation

  • Error Handling: Throws exception if entry does not exist or modification type is invalid

delete

Remove entries from the directory.

  • Use Case: Delete obsolete users, groups, or objects

  • Returns: Boolean true on success

  • Safety: Validates entry exists before deletion (throws exception if not found)

  • Note: Cannot delete entries with children (delete children first)

  • Error Handling: Throws exception if entry has subordinate entries or does not exist

modifydn

Rename entries or move them within the directory tree.

  • Use Case: Rename users, reorganize directory structure

  • Returns: Boolean true on success

  • Operations: Rename (change RDN) or move to different parent

  • Flexibility: Supports both rename and move operations

  • Error Handling: Throws exception if new DN is invalid or already exists

open

Create and store a named connection for reuse across multiple operations.

  • Use Case: Establish a connection with credentials that can be reused without repetition

  • Required Attributes: connection (connection name), server, plus authentication details

  • Returns: Connection object if result attribute is specified, otherwise ignored

  • Benefits: Simplifies multi-operation workflows by eliminating credential repetition

  • Note: Connection remains open until explicitly closed or application terminates

close

Close and release a named connection.

  • Use Case: Explicitly close a named connection to free resources

  • Required Attributes: connection (connection name to close)

  • Returns: Boolean true on success

  • Benefits: Allows proper resource management for long-running applications

  • Note: Once closed, connection can be reopened with same name if needed

Attributes

Core Attributes

Attribute
Type
Required
Default
Description

action

string

✅ Yes

-

LDAP operation: "query", "add", "modify", "delete", "modifydn", "open", "close"

server

string

⚠️ Conditional

-

LDAP server hostname or IP address. Required if connection is not provided.

connection

string

⚠️ Conditional

-

Named connection to an LDAP server (previously created). Required if server is not provided. Allows reusing connection credentials across multiple operations.

port

number

No

389 (636 for SSL)

LDAP server port

result

string

⚠️ Query

-

Variable name to store query results (primary attribute for result handling)

name

string

No

-

Deprecated: Use result instead. Maintained for backwards compatibility with query actions only

start

string

✅ Yes

-

Starting DN (Distinguished Name) for search or operation

Authentication Attributes

Attribute
Type
Required
Default
Description

username

string

No

"" (anonymous)

Bind DN for authentication (e.g., "cn=admin,dc=example,dc=org")

password

string

No

"" (anonymous)

Password for authentication

secure

boolean/string

No

false

Security mode: false (no SSL), true (SSL), "CFSSL_BASIC" (server auth only), "CFSSL_CLIENT_AUTH" (mutual TLS)

useTls

boolean

No

false

Whether to use StartTLS extension to initiate SSL/TLS over normal port

clientCert

string

No

-

Full path to keystore file containing client certificate

clientCertPassword

string

No

-

Password for client certificate keystore

timeout

integer

No

60000

Operation timeout in milliseconds

Query-Specific Attributes

Attribute
Type
Required
Default
Description

filter

string

No

"(objectClass=*)"

LDAP search filter (e.g., "(uid=jdoe)")

scope

string

No

"onelevel"

Search scope: "base", "onelevel", "subtree"

attributes

string

No

"*"

Comma-separated list of attributes to return

sort

string

No

-

Attribute name to sort results by

sortDirection

string

No

"asc"

Sort direction: "asc" or "desc"

maxrows

number

No

-

Maximum number of results to return

startRow

number

No

1

Starting row for pagination

returnFormat

string

No

"query"

Result format: "query" (Query object) or "array" (Array of structs)

Modify-Specific Attributes

Attribute
Type
Required
Default
Description

dn

string

✅ Yes

-

Distinguished Name of entry to modify

attributes

struct

✅ Yes

-

Struct of attributes to modify (key=attribute, value=new value)

modifyType

string

No

"replace"

Modification type: "replace", "add", "delete"

Add-Specific Attributes

Attribute
Type
Required
Default
Description

dn

string

✅ Yes

-

Distinguished Name for new entry

attributes

struct

✅ Yes

-

Struct of attributes for new entry

Delete-Specific Attributes

Attribute
Type
Required
Default
Description

dn

string

✅ Yes

-

Distinguished Name of entry to delete

ModifyDN-Specific Attributes

Attribute
Type
Required
Default
Description

dn

string

✅ Yes

-

Current Distinguished Name

attributes

struct

✅ Yes

-

Struct with "newRDN" and optionally "newParentDN"

Examples

Query Operations

Simple Query

Find all users in a directory:

Filtered Search

Search for a specific user with attribute selection:

Complex Filter Query

Use advanced LDAP filter syntax:

Paginated Query

Handle large result sets efficiently:

Query Results as Array

Return results as an array of structs instead of a Query object:

Add Operations

Add New User

Create a new directory entry:

Add Entry with Multiple Values

Create an entry with multi-valued attributes:

Modify Operations

Modify User Attributes

Update an existing entry:

Add Attribute Values

Add values to existing multi-valued attributes:

Delete Attribute Values

Remove specific values from multi-valued attributes:

Delete Operations

Delete User

Remove an entry from the directory:

ModifyDN Operations

Rename Entry

Change an entry's RDN (Relative Distinguished Name):

Move Entry to Different OU

Move an entry to a different organizational unit:

Connection Management

Define and Reuse Named Connections

Create a named connection once and reuse it across multiple operations:

Explicitly Open a Named Connection

Establish a connection with the open action for later reuse:

Close a Named Connection

Explicitly close a connection to free resources:

Secure Connections

SSL/TLS Secure Connection

Connect securely with SSL:

Mutual TLS Authentication

Use client certificates for authentication:

LDAP Filter Syntax

The LDAP filter attribute supports standard LDAP filter operators:

Filter Operators

  • & - AND (all conditions must match)

  • | - OR (any condition matches)

  • ! - NOT (negation)

  • = - Equals

  • >= - Greater than or equal

  • <= - Less than or equal

  • =* - Presence check (attribute exists)

  • =value* - Starts with

  • =*value - Ends with

  • =*value* - Contains

Example Filters

Error Handling

Understanding Empty Results

Important: LDAP queries return empty Query objects (recordCount=0) instead of throwing exceptions when:

  • Entry does not exist

  • Filter matches no entries

  • Insufficient permissions (sometimes)

  • Entry was deleted

Exception Handling

Handle connection and operation errors:

Common Error Scenarios

Error
Cause
Solution

Connection timeout

Server unreachable

Check server hostname, port, firewall

Invalid credentials

Wrong username/password

Verify bind DN and password

Entry already exists

Duplicate DN in add

Use unique DN or modify existing entry

No such object

DN doesn't exist

Verify DN syntax and entry existence

Insufficient access

Permission denied

Check ACLs and bind user permissions

Invalid DN syntax

Malformed DN

Validate DN format: uid=user,ou=org,dc=example,dc=org

Event Handling

The LDAP component announces events at key points in the connection lifecycle:

onLDAPConnectionOpen

Announced when an LDAP connection is successfully opened.

Event Payload:

onLDAPConnectionClose

Announced when an LDAP connection is closed.

Event Payload:

Related

PreviousComponentsNextPDF +

Last updated

Was this helpful?