Topic - LDAP DSML Tutorial / Examples / Reference
Topic - LDAP DSML Tutorial / Examples / Reference Topic - LDAP DSML Tutorial / Examples / Reference
from forum Solutions Developer
 forum index   my profile   search 
 new topic  post reply Development -> Solutions Developer -> LDAP DSML Tutorial / Examples / Reference
moderators: pjr tab
LDAP DSML Tutorial / Examples / Reference
pjr
Joined: 7-February-2005
Posts: 550
Location: UK
Posted: 15-August-2005 08:08
An LDAP DSML Reference

We've just released an LDAP library http://www.1060.org/forum/topic/82/1 for NetKernel it uses DSML to perform search, addition and modification of LDAP records. This is a brief tutorial on DSML syntax for reference.

The OASIS DSML specification is available here http://www.oasis-open.org/specs/index.php#dsmlv2 - it can look complicated at first, but when scripted with the ldapBatch accessor, provided in the mod-ldap library, it makes interacting with LDAP very easy.

I wrote this guide as a simple DSML reference which provides examples of the primitive operations which may issued to an LDAP repository.

Making a request

DSML is a request response syntax - the main element for a DSML request is...

<ds:batchRequest xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds="urn:oasis:names:tc:DSML:2:0:core" processing="sequential">
<!-- Your LDAP operations here... --></ds:batchRequest>


The request is populated with a set of LDAP operation declarations. The "processing" option can be either "sequential" or "parallel" -
take care since parallel means you must not make any assumptions about execution order.

The response from a DSML Request is a DSML response document which will a response entry for each request operation. Any number of operations specified in a single DSML request and each will yield a resulting response with an indication of success status and any returned data - for example, a search operation will yield a list of LDAP entries as XML records.


Add

This operation will add a new record with distinguished name "dn" to the LDAP repository.

<ds:addRequest xmlns:ds="urn:oasis:names:tc:DSML:2:0:core" dn="cn=Test,ou=1060Research,dc=1060,dc=org">
<ds:attr name="objectclass">
<ds:value>top</ds:value>
</ds:attr>
<ds:attr name="objectclass">
<ds:value>person</ds:value>
</ds:attr>
<ds:attr name="objectclass">
<ds:value>organizationalPerson</ds:value>
</ds:attr>
<ds:attr name="objectclass">
<ds:value>inetOrgPerson</ds:value>
</ds:attr>
<ds:attr name="cn">
<ds:value>Test</ds:value>
</ds:attr>
<ds:attr name="sn">
<ds:value>Test</ds:value>
</ds:attr>
<ds:attr name="givenName">
<ds:value>Test</ds:value>
</ds:attr>
<ds:attr name="title">
<ds:value>A Test Addition</ds:value>
</ds:attr>
</ds:addRequest>


Contact your LDAP admin to find out which schema your LDAP server supports and to find a desription of the permitted fields that are supported. Here we are using the most common person and organizationalPerson schemas.

Search

This operation will search for records. Filter can contain substring matches - in this example a
match for 'Smith' is made on the 'sn' field. All matching records (up to the sizeLimit" will be
returned. See spec for scope and filter options - here were matching the wholeSubTree which is a broad search.

<ds:searchRequest xmlns:ds="urn:oasis:names:tc:DSML:2:0:core" dn="dc=1060,dc=org" scope="wholeSubtree" derefAliases="neverDerefAliases" sizeLimit="1000"> <ds:filter> <ds:substrings name="sn"> <ds:any>Smith</ds:any>
</ds:substrings>
</ds:filter>
</ds:searchRequest>


Modify

This operation modifies an LDAP record. The modification tag specifies the field name to
be modified and the new value to assign.

<ds:modifyRequest xmlns:ds="urn:oasis:names:tc:DSML:2:0:core" dn="cn=Test,ou=1060Research,dc=1060,dc=org">
<ds:modification name="mail" operation="add">
<value>test@1060.org</value>
</ds:modification>
<ds:modification name="sn" operation="replace">
<value>Smith</value>
</ds:modification>
<ds:modification name="mail" operation="replace">
<value>j.smith@1060.org</value>
</ds:modification>
<ds:modification name="givenName" operation="replace">
<value>smithy</value>
</ds:modification>
</ds:modifyRequest>


Modify DN

The distinguished name (DN) is the primary key for an LDAP record. This operation
allows the DN to be changed.

<modDNRequest xmlns:ds="urn:oasis:names:tc:DSML:2:0:core" dn="cn=Test,ou=1060Research,dc=1060,dc=org" newrdn="cn=John Smith" deleteoldrdn="true" newSuperior="ou=1060research,dc=1060,dc=org" />


Compare

This operation allows simple assertions about an LDAP record to be made.

<ds:compareRequest xmlns:ds="urn:oasis:names:tc:DSML:2:0:core" dn="cn=John Smith,ou=1060Research,dc=1060,dc=org"> <ds:assertion name="sn"> <ds:value>Smith</ds:value>
</ds:assertion>
</ds:compareRequest>


Delete

This operation deletes an LDAP record.

<ds:delRequest xmlns:ds="urn:oasis:names:tc:DSML:2:0:core" dn="cn=John Smith,ou=1060Research,dc=1060,dc=org" />

dsml requests not needing a bind
rip
Joined: 13-June-2007
Posts: 15
Posted: 24-August-2007 16:58
Because the "user" argument is required, there
does not seem to be a way to use ldapBatch to
simply make an anonymous dsml request (an empty
request or public search). 
There are other ways to do accomplish this but
it would be handy to be able to use your ldapBatch
interface for all possible ldap reqeusts.
Perhaps there is a way to override?
 new topic  post reply  To find out about new replies to this post as they occur
please subscribe to one of these feeds: 		AtomRSS moderate 
© 2003-2006, 1060 Research Limited. 1060 registered trademark, NetKernel trademark of 1060 Research Limited.