Ballerina library

ldap

Module ldap

API

Client

Declarations

ObjectClass
SearchScope
Status

Definitions

ClientSecureSocket
ConnectionConfig
Control
DcObject
Entry
ErrorDetails
LdapResponse
Person
SearchReference
SearchResult

Error

AttributeType

ballerina/ldap Ballerina library

1.2.0

Clients

ldap: Client

Isolated

Consists of APIs to integrate with LDAP.

Constructor

Gets invoked to initialize the LDAP client.

init (*ConnectionConfig config)
  • config *ConnectionConfig The configurations to be used when initializing the client

add

Isolated FunctionRemote Function
function add(string dN, Entry entry) returns LdapResponse|Error

Creates an entry in a directory server.

Copy
anydata user = {
  "objectClass": "user",
  "sn": "New User",
  "cn": "New User"
};
ldap:LdapResponse result = check ldapClient->add(userDN, user);
Parameters
  • dN stringThe distinguished name of the entry
  • entry EntryThe information to add
Return Type
  • LdapResponse|ErrorA ldap:Error if the operation fails or ldap:LdapResponse if successfully created

delete

Isolated FunctionRemote Function
function delete(string dN) returns LdapResponse|Error

Removes an entry in a directory server.

Copy
ldap:LdapResponse result = check ldapClient->delete(userDN);
Parameters
  • dN stringThe distinguished name of the entry to remove
Return Type
  • LdapResponse|ErrorA ldap:Error if the operation fails or ldap:LdapResponse if successfully removed

modify

Isolated FunctionRemote Function
function modify(string dN, Entry entry) returns LdapResponse|Error

Updates information of an entry.

Copy
anydata user = {
  "sn": "User",
  "givenName": "Updated User",
  "displayName": "Updated User"
};
ldap:LdapResponse result = check ldapClient->modify(userDN, user);
Parameters
  • dN stringThe distinguished name of the entry
  • entry EntryThe information to update
Return Type
  • LdapResponse|ErrorA ldap:Error if the operation fails or LdapResponse if successfully updated

modifyDn

Isolated FunctionRemote Function
function modifyDn(string currentDn, string newRdn, boolean deleteOldRdn) returns LdapResponse|Error

Renames an entry in a directory server.

Copy
ldap:LdapResponse modifyDN = check ldapClient->modifyDn(userDN, "CN=Test User2", true);
Parameters
  • currentDn stringThe current distinguished name of the entry
  • newRdn stringThe new relative distinguished name
  • deleteOldRdn boolean (default false)A boolean value to determine whether to delete the old RDN
Return Type
  • LdapResponse|ErrorA ldap:Error if the operation fails or ldap:LdapResponse if successfully renamed

compare

Isolated FunctionRemote Function
function compare(string dN, string attributeName, string assertionValue) returns boolean|Error

Determines whether a given entry has a specified attribute value.

Copy
boolean compare = check ldapClient->compare(userDN, "givenName", "New User");
Parameters
  • dN stringThe distinguished name of the entry
  • attributeName stringThe name of the target attribute for which the comparison is to be performed
  • assertionValue stringThe assertion value to verify within the entry
Return Type
  • boolean|ErrorA boolean value indicating whether the values match, or an ldap:Error if the operation fails

getEntry

Isolated FunctionRemote Function
function getEntry(string dN, typedesc<anydata> targetType) returns targetType|Error

Gets information of an entry.

Copy
anydata value = check ldapClient->getEntry(userDN);
Parameters
  • dN stringThe distinguished name of the entry
  • targetType typedesc<anydata> (default <>)Default parameter use to infer the user specified type
Return Type
  • targetType|ErrorAn entry result with the given type or else ldap:Error

searchWithType

Isolated FunctionRemote Function
function searchWithType(string baseDn, string filter, SearchScope scope, typedesc<record {}[]> targetType) returns targetType|Error

Returns a list of entries that match the given search parameters.

Copy
anydata[] value = check ldapClient->searchWithType("DC=ldap,DC=com", "(givenName=New User)", ldap:SUB);
Parameters
  • baseDn stringThe base distinguished name of the entry
  • filter stringThe filter to be used in the search
  • targetType typedesc<record {}[]> (default <>)Default parameter use to infer the user specified type
Return Type
  • targetType|ErrorAn array of entries with the given type or else ldap:Error
Isolated FunctionRemote Function
function search(string baseDn, string filter, SearchScope scope) returns SearchResult|Error

Returns a record containing search result entries and references that match the given search parameters.

Copy
ldap:SearchResult value = check ldapClient->search("DC=ldap,DC=windows", "(givenName=New User)", ldap:SUB);
Parameters
  • baseDn stringThe base distinguished name of the entry
  • filter stringThe filter to be used in the search
Return Type

close

Isolated FunctionRemote Function
function close()

Unbinds from the server and closes the LDAP connection.

Copy
ldapClient->close();

isConnected

Isolated FunctionRemote Function
function isConnected() returns boolean

Determines whether the client is connected to the server.

Copy
boolean isConnected = ldapClient->isConnected();
Return Type
  • booleanA boolean value indicating the connection status

Enums

ldap: ObjectClass

Standard values for ObjectClass attribute type.

Members

top
person
organizationalPerson
inetOrgPerson
organizationalRole
groupOfNames
groupOfUniqueNames
country
locality
organization
organizationalUnit
domainComponent
dcObject

ldap: SearchScope

Scope of the search operation.

Members

BASE - Indicates that only the entry specified by the base DN should be considered
ONE - Indicates that only entries that are immediate subordinates of the entry specified by the base DN (but not the base entry itself) should be considered
SUB - Indicates that the base entry itself and any subordinate entries (to any depth) should be considered
SUBORDINATE_SUBTREE - Indicates that any subordinate entries (to any depth) below the entry specified by the base DN should be considered, but the base entry itself should not be considered, as described in draft-sermersheim-ldap-subordinate-scope

ldap: Status

Represents the status of the operation

Members

SUCCESS - The operation was successful
OPERATIONS_ERROR - The operation failed due to an unexpected order relative to other operations on the same connection
PROTOCOL_ERROR - Represents the LDAP protocol error
TIME_LIMIT_EXCEEDED - Represents the time limit exceeded error
SIZE_LIMIT_EXCEEDED - Represents the error for exceeding the upper bound for the number of response entries
COMPARE_FALSE - Entry exists, attribute found, but no matching value
COMPARE_TRUE - Entry exists, attribute found, and matched the provided value
AUTH_METHOD_NOT_SUPPORTED - Represents the error for unsupported or disallowed authentication mechanism
STRONGER_AUTH_REQUIRED - Requires a stronger form of authentication
REFERRAL - The request can't be processed as issued. Try a different server or update the target location in the DIT
ADMIN_LIMIT_EXCEEDED - Administrative limit exceeded
UNAVAILABLE_CRITICAL_EXTENSION - Critical control could not be fulfilled
CONFIDENTIALITY_REQUIRED - The server requires a secure connection to process the requested operation
SASL_BIND_IN_PROGRESS - The server has completed a portion of the processing for the provided SASL bind request, but that it needs additional information from the client to complete the authentication
NO_SUCH_ATTRIBUTE - Attribute that does not exist in the specified entry
UNDEFINED_ATTRIBUTE_TYPE - The request attempted to provide one or more values for an attribute type that is not defined in the server schema
INAPPROPRIATE_MATCHING - The search request attempted a type of matching that is not supported for the specified attribute type
CONSTRAINT_VIOLATION - The requested operation would have resulted in an entry that violates some constraint defined within the server
ATTRIBUTE_OR_VALUE_EXISTS - The requested operation would have resulted in an attribute in which the same value appeared more than once
INVALID_ATTRIBUTE_SYNTAX - The requested operation would have resulted in an entry that had at least one attribute value that does not conform to the constraints of the associated attribute syntax.
NO_SUCH_OBJECT - The requested operation targeted an entry that does not exist within the DIT (Directory Information Tree).
ALIAS_PROBLEM - Error occurred while attempting to dereference an alias during search processing
INVALID_DN_SYNTAX - The request included a malformed entry DN
ALIAS_DEREFERENCING_PROBLEM - The server encountered an alias while processing the request and that there was some problem related to that alias.
INAPPROPRIATE_AUTHENTICATION - Attempt to bind in an inappropriate manner that is inappropriate for the target account
INVALID_CREDENTIALS - Attempt to bind with a set of credentials that cannot be used to authenticate
INSUFFICIENT_ACCESS_RIGHTS - Requested operation does not have the necessary access control permissions
BUSY - The requested operation cannot be processed because the server is currently too busy
UNAVAILABLE - The server is currently not available to process the requested operation
UNWILLING_TO_PERFORM - The server is not willing to process the requested operation for some reason
LOOP_DETECT - The server detected some kind of circular reference in the course of processing an operation
NAMING_VIOLATION - The requested operation would have resulted in an entry that violates some naming constraint within the server
OBJECT_CLASS_VIOLATION - The requested operation would have resulted in an entry that has an inappropriate set of object classes, or whose attributes violate the constraints associated with its set of object classes
NOT_ALLOWED_ON_NON_LEAF - The requested operation is only supported for leaf entries, but the targeted entry has one or more subordinates
NOT_ALLOWED_ON_RDN - the requested modify operation would have resulted in an entry that does not include all of the attributes used in its RDN
ENTRY_ALREADY_EXISTS - The requested operation would have resulted in an entry with the same DN as an entry that already exists in the server
OBJECT_CLASS_MODS_PROHIBITED - The requested modify operation would have altered the target entry’s set of object classes in a way that is not supported
AFFECTS_MULTIPLE_DSAS - The requested operation would have required manipulating information in multiple servers in a way that is not supported
OTHER - Represents other errors.

Records

ldap: ClientSecureSocket

Closed record

Provides configurations for facilitating secure communication with a remote ldap server.

Fields
  • enable boolean(default true) - Enable SSL validation
  • cert? TrustStore|string - Configurations associated with crypto:TrustStore or single certificate file that the client trusts
  • verifyHostName boolean(default true) - Enable/disable host name verification
  • tlsVersions string[](default []) - The TLS versions to be used

ldap: ConnectionConfig

Closed record

Provides a set of configurations to connect with a directory server.

Fields
  • hostName string - The host name of the Active Directory server
  • port int - The port of the Active Directory server
  • domainName string - The domain name of the Active Directory
  • password string - The password of the Active Directory

ldap: Control

Closed record

LDAP control type.

Fields
  • oid string - The OID of the control
  • isCritical boolean - The criticality of the control
  • value string - The value of the control

ldap: DcObject

A record for an entry to contain domain component information

Fields
  • dc string - name of the domain component

ldap: Entry

LDAP entry type.

Fields
  • AttributeType... - Rest field

ldap: ErrorDetails

Closed record

The error details type for the Ballerina LDAP module.

Fields
  • resultCode? string - The status of the error

ldap: LdapResponse

Closed record

LDAP response type.

Fields
  • matchedDN string? - The matched DN from the response
  • resultCode Status - The operation status of the response
  • diagnosticMessage string? - The diagnostic message from the response
  • operationType string? - The protocol operation type
  • referral string[]? - The referral URIs

ldap: Person

A record for an entry that represents a person.

Fields
  • sn? string - surname of the person
  • cn? string - common name of the person
  • userPassword? string - password of the person
  • telephoneNumber? string - telephone number of the person

ldap: SearchReference

Closed record

LDAP search reference type.

Fields
  • messageId int - The message ID
  • uris string[] - The referral URIs

ldap: SearchResult

Closed record

LDAP search result type.

Fields
  • resultCode Status - The result status of the response
  • entries? Entry[] - The entries returned from the search

Errors

ldap: Error

Distinct
ErrorDetails

Represents any error related to Ballerina LDAP module

Union types

ldap: AttributeType

boolean|int|float|decimal|string|string[]

AttributeType

Attribute type of an LDAP entry.

Import

import ballerina/ldap;Copy

Other versions

1.3.0

1.2.0

1.1.01.0.1

Metadata

Released date: 11 months ago

Version: 1.2.0

License: Apache-2.0

Compatibility

Platform: java21

Ballerina version: 2201.11.0-20241209-162400-0c015833

GraalVM compatible: Yes

Pull count

Total: 0

Current verison: 0

Weekly downloads

Source repository

Keywords

ldap

Contributors

Dependencies

ballerina/crypto/2.8.0

Terms of service

Privacy policy

Cookie policy

Delete policy

© 2025 WSO2 LLC