Overview ColdFusion Open BlueDragon Lucee

Provides an interface to a Lightweight Directory Access Protocol (LDAP) directory server, such as the Netscape Directory Server.


Name Required Type Default Description
action No String query * query: returns LDAP entry information only. Requires name, start, and attributes attributes. * add: adds LDAP entries to LDAP server. Requires attributes attribute. * modify: modifies LDAP entries, except distinguished name dn attribute, on LDAP server. Requires dn. See modifyType attribute. * modifyDN: modifies distinguished name attribute for LDAP entries on LDAP server. Requires dn. * delete: deletes LDAP entries on an LDAP server. Requires dn.
attributes No String Required if action = "Query", "Add", "ModifyDN", or "Modify" For queries: comma-delimited list of attributes to return. For queries, to get all attributes, specify "*". If action = "add" or "modify", you can specify a list of update columns. Separate attributes with a semicolon. If action = "ModifyDN", CFML passes attributes to the LDAP server without syntax checking.
clientcert No String Path to certificate
clientcertpassword No String Password for certificate
delimiter No String ; Separator between attribute name-value pairs. Use this attribute if: * the attributes attribute specifies more than one item, or * an attribute contains the default delimiter (semicolon). For example: mgrpmsgrejecttext;lang-en Used by query, add, and modify actions, and by cfldap to output multi-value attributes. For example, if $ (dollar sign), you could specify "cn = Double Tree Inn$street = 1111 Elm; Suite 100 where the semicolon is part of the street value.
dn No String Distinguished name, for update action. Example: "cn = Bob Jensen, o = Ace Industry, c = US"
filter No String Search criteria for action = "Query". List attributes in the form: "(attribute operator value)" Example: "(sn = Smith)"
filterfile No Specifies the name of a filter file and of the stanza tag within the file that contains the LDAP filter string specification. You can specify an absolute pathname or a simple filename to identify the file.
maxrows No Numeric Maximum number of entries for LDAP queries.
modifytype No String replace Default replace How to process an attribute in a multi-value list. * add: appends it to any attributes * delete: deletes it from the set of attributes * replace: replaces it with specified attributes You cannot add an attribute that is already present or that is empty.
name No String Required if action = "Query" Name of LDAP query. The tag validates the value.
password No String Password that corresponds to user name. If secure = "CFSSL_BASIC", V2 encrypts the password before transmission.
port No Numeric 389 Port of the LDAP server (default 389).
rebind No Boolean false * Yes: attempt to rebind referral callback and reissue query by referred address using original credentials. * No: referred connections are anonymous
referral No Numeric Number of hops allowed in a referral. A value of 0 disables referred addresses for LDAP; no data is returned.
returnasbinary No String A comma-delimited list of columns that are to be returned as binary values.
scope No String onelevel Scope of search, from entry specified in start attribute for action = "Query". * oneLevel: entries one level below entry. * base: only the entry. * subtree: entry and all levels below it.
secure No String Security to employ, and required information. One option: * CFSSL_BASIC "CFSSL_BASIC" provides V2 SSL encryption and server authentication.
separator No String , Default , (a comma) Delimiter to separate attribute values of multi-value attributes. Used by query, add, and modify actions, and by cfldap to output multi-value attributes. For example, if $ (dollar sign), the attributes attribute could be "objectclass = top$person", where the first value of objectclass is top, and the second value is person. This avoids confusion if values include commas.
server Yes String Host name or IP address of LDAP server.
sort No String Attribute(s) by which to sort query results. Use a comma delimiter.
sortcontrol No String asc Default asc * nocase: case-insensitive sort * asc: ascending (a to z) case-sensitive sort * desc: descending (z to a) case-sensitive sort You can enter a combination of sort types; for example, sortControl = "nocase, asc".
start No Numeric Required if action = "Query" Distinguished name of entry to be used to start a search.
startrow No Numeric Used with action = "query". First row of LDAP query to insert into a CFML query.
timeout No Numeric 60000 Maximum length of time, in seconds, to wait for LDAP processing. Default 60000
username No String The User ID. Required if secure = "CFSSL_BASIC"
usetls No Boolean If STARTTLS command should be sent