<cfldap>
Provides an interface to LDAP Lightweight Directory Access Protocol directory servers like the Microsoft Active Directory.
This tag cannot have a body.
This tag is also supported within <cfscript>
<cfldap
returnAsBinary=string
server=string
port=number
usetls=boolean
username=string
secure=string
password=string
action=add|delete|modifyDn|modify|query
name=string
timeout=number
maxRows=number
start=string
scope=string
attributes=string
filter=string
filterFile=string
sort=string
sortControl=string
dn=string
startRow=number
modifyType=string
rebind=boolean
referral=number
separator=string
delimiter=string
>
| Attribute | Description | Default |
|---|---|---|
|
server
string, required
|
edit
Host name "biff.upperlip.com" or IP address "192.1.2.225" of the LDAP server. |
|
|
port
number, optional
|
edit
Port defaults to the standard LDAP port, 389. |
|
|
usetls
boolean, optional
|
edit
use a secure connection. (but try secure="CFSSL_BASIC" instead) |
false |
|
username
string, optional
|
edit
If no user name is specified, the LDAP connection is anonymous. |
|
|
secure
string, optional
|
edit
The type of security to use
|
|
|
password
string, optional
|
edit
used when username is defined |
|
|
action
string, optional
|
edit
Specifies the LDAP action.
|
query |
|
timeout
number, optional
|
edit
Specifies the maximum amount of time, in milliseconds, to wait for LDAP processing. Defaults to 60000 ms (60 seconds). This was previously in seconds in Lucee 5, changed to match ACF since Lucee 6.0.0.170 |
|
|
referral
number, optional
|
edit
Number of hops allowed in a referral. A value of 0 disables referred addresses for LDAP; no data is returned. |
Query LDAP
Search and retrieve LDAP entries
| Attribute | Description | Default |
|---|---|---|
|
name
string, optional
|
edit
The name you assign to the LDAP query. Alias: variable |
|
|
maxRows
number, optional
|
edit
Specifies the maximum number of entries for LDAP queries. |
|
|
start
string, optional
|
edit
Specifies the distinguished name of the entry to be used to start the search. |
|
|
scope
string, optional
|
edit
Specifies the scope of the search from the entry specified in the Start attribute for action = "Query". |
|
|
attributes
string, optional
|
edit
Required if action = "Query", "Add", "ModifyDN", or "Modify" For queries: comma-delimited list of attributes to return. For queries, to get all attributes, specify "*". If action = "add" or "modify", you can specify a list of update columns. Separate attributes with a semicolon. If action = "ModifyDN", CFML passes attributes to the LDAP server without syntax checking. |
|
|
filter
string, optional
|
edit
Search criteria for action = "Query". List attributes in the form: "(attribute operator value)" Example: "(sn = Smith)" |
|
|
sort
string, optional
|
edit
Indicates the attribute or attributes by which to sort query results. Use a comma to separate attributes. |
|
|
sortControl
string, optional
|
edit
Specifies how to sort query results. |
|
|
startRow
number, optional
|
edit
Used in conjunction with action = "Query". Specifies the first row of the LDAP query to insert into the query. The default is 1. |
|
|
separator
string, optional
|
edit
Specifies the character that cfldap uses to separate attribute values in multi-value attributes. This character is used by the The default character is the comma (,). |
|
|
delimiter
string, optional
|
edit
Specifies the character that cfldap uses to separate multiple attribute name/value pairs when more than one attribute is specified in the attribute attribute or the attribute that you want to use has the default delimiter character, which is the semicolon (;), such as The delimiter character is used by the query, add, and modify action attributes, and is used by cfldap to output multi-value attributes |
|
|
returnAsBinary
string, optional
|
edit
A comma-delimited list of columns that are to be returned as binary values. |
Add LDAP Entry
Add new entry to LDAP directory
| Attribute | Description | Default |
|---|---|---|
|
dn
string, optional
|
edit
Specifies the distinguished name for update actions. |
|
|
attributes
string, optional
|
edit
Required if action = "Query", "Add", "ModifyDN", or "Modify" For queries: comma-delimited list of attributes to return. For queries, to get all attributes, specify "*". If action = "add" or "modify", you can specify a list of update columns. Separate attributes with a semicolon. If action = "ModifyDN", CFML passes attributes to the LDAP server without syntax checking. |
|
|
separator
string, optional
|
edit
Specifies the character that cfldap uses to separate attribute values in multi-value attributes. This character is used by the The default character is the comma (,). |
|
|
delimiter
string, optional
|
edit
Specifies the character that cfldap uses to separate multiple attribute name/value pairs when more than one attribute is specified in the attribute attribute or the attribute that you want to use has the default delimiter character, which is the semicolon (;), such as The delimiter character is used by the query, add, and modify action attributes, and is used by cfldap to output multi-value attributes |
Modify LDAP Entry
Update existing LDAP entry
| Attribute | Description | Default |
|---|---|---|
|
dn
string, optional
|
edit
Specifies the distinguished name for update actions. |
|
|
attributes
string, optional
|
edit
Required if action = "Query", "Add", "ModifyDN", or "Modify" For queries: comma-delimited list of attributes to return. For queries, to get all attributes, specify "*". If action = "add" or "modify", you can specify a list of update columns. Separate attributes with a semicolon. If action = "ModifyDN", CFML passes attributes to the LDAP server without syntax checking. |
|
|
modifyType
string, optional
|
edit
Indicates whether to add, delete, or replace an attribute in a multi-value list of attributes. |
|
|
separator
string, optional
|
edit
Specifies the character that cfldap uses to separate attribute values in multi-value attributes. This character is used by the The default character is the comma (,). |
|
|
delimiter
string, optional
|
edit
Specifies the character that cfldap uses to separate multiple attribute name/value pairs when more than one attribute is specified in the attribute attribute or the attribute that you want to use has the default delimiter character, which is the semicolon (;), such as The delimiter character is used by the query, add, and modify action attributes, and is used by cfldap to output multi-value attributes |
Modify DN
Change distinguished name of entry
| Attribute | Description | Default |
|---|---|---|
|
dn
string, optional
|
edit
Specifies the distinguished name for update actions. |
|
|
attributes
string, optional
|
edit
Required if action = "Query", "Add", "ModifyDN", or "Modify" For queries: comma-delimited list of attributes to return. For queries, to get all attributes, specify "*". If action = "add" or "modify", you can specify a list of update columns. Separate attributes with a semicolon. If action = "ModifyDN", CFML passes attributes to the LDAP server without syntax checking. |
Delete LDAP Entry
Remove entry from LDAP directory
| Attribute | Description | Default |
|---|---|---|
|
dn
string, optional
|
edit
Specifies the distinguished name for update actions. |
Unimplemented Attribute(s)
| Attribute | Description | Default |
|---|---|---|
|
filterFile
string, optional
|
edit
this attribute is deprecated and no longer supported. * deprecated * |
|
|
rebind
boolean, optional
|
edit
If you set rebind to Yes, cfldap attempts to rebind the referral callback and reissue the query by the referred address using the original credentials. The default is No, which means referred connections are anonymous. * unimplemented * |
Examples
editThere are currently no examples for this tag.
See also
- LDAP
- Internet Protocols
- Setting Up Secure LDAP
- Search Issue Tracker open_in_new
- Search Lucee Test Cases open_in_new (good for further, detailed examples)