_OPEN

Opens a connection to an LDAP server
Syntax
Details
Examples

Syntax

_OPEN(ldapServerName, port, base, bindDN, password<, session_options> );

Required Arguments

ldapServerName
names the LDAP server to connect to. If the ldapServerName parameter is left blank, the default server name is that of the host that is running the application that called this method. Otherwise, the value of the ldapServerName parameter must be the DNS name or IP address of a host on which an LDAP server is running.
Type:Character, Input
port
specifies the TCP port of the LDAP server. If the value 0 is specified, then the standard port of 389 is used.
Type:Numeric, Input
base
specifies the base object for the upcoming search operation. The base object is the point in the LDAP tree at which you want to start searching. Its value is a distinguished name. If this value is blank, then the macro variable or environment variable LDAP_BASE is used for the definition of the base object.
Type:Character, Input
bindDN
specifies the distinguished name that is used to bind to the server. If this value is blank, then the macro variable or environment variable LDAP_BINDDN is used as the bind distinguished name. If the value "" is specified and the LDAP_BINDDN variable has not been set, then an unauthorized bind is performed.
Type:Character, Input
password
specifies the password that is used to bind to the server. If this value is blank, then the macro variable or environment variable LDAP_BINDPW is used as the bind password. If the value "" is specified and the LDAP_BINDPW variable has not been set, then an unauthenticated bind is performed. Passwords that have been encoded by using the PWENCODE procedure can be used to bind to the server. For more information, see the PWENCODE procedure.
Type:Character, Input

Optional Argument

session_options
specifies one or more session options to use with this bind. Valid session options are as follows:
OPT_REFERRALS_OFF instructs the server to not chase referrals. Specifying this option overrides the default value of OPT_REFERRALS_ON.
SUBTREE_SEARCH_SCOPE sets the scope of the search to include all subtrees. This is the default value.
BASE_SEARCH_SCOPE sets the scope of the search to include only the base. This value overrides the default value of SUBTREE_SEARCH_SCOPE.
ONELEVEL_SEARCH_SCOPE sets the scope of the search to include the base and one additional level. This value overrides the default value of SUBTREE_SEARCH_SCOPE.
Note that you can specify only one search scope option. If multiple search scope options are specified, then the one that appears last is used. If none of the search scope options are specified, then the default value of SUBTREE_SEARCH_SCOPE is used.
Type:Character, Input

Details

When invoked on an LDAPSERVICES instance, the _OPEN method initializes the connection to the specified LDAP server.
The %SYSRC macro can be used to check for errors that are returned from the _OPEN method. Here are the possible error return codes:
_SELDBOS indicates that the specified bind distinguished name is outside the scope of the directory server.
_SELDNSO indicates that the bind DN does not exist.
_SELDICR indicates that an invalid password was specified.
_SELDDWN indicates that the SAS system was unable to connect to the LDAP server.
If the return code is not one of these pre-defined system return codes, use the SYSMSG() function to determine the exact error message. See the examples section for sample code that shows how to check for these return codes.

Examples

Example 1

The following example opens a connection to an LDAP server using an anonymous bind and the default session options. It also shows how to check for error conditions from the _OPEN method.
dclass = loadclass('sashelp.base.ldapservices.class');
ds = instance(dclass);
server = "myhost.net.com";
base = "Alphalite Airways,c=US";
bindDn="";
pw="";
rc = ds._open(server,8001,base,bindDn,pw);
if rc ne 0 then do;
   if (rc = %sysrc(_SELDBOS)) then
      put 'Bind outside of scope.';
   else if (rc = %sysrc(_SELDNSO)) then
      put 'No such object.';
   else if (rc = %sysrc(_SELDICR)) then
      put 'Invalid credentials.';
   else if (rc = %sysrc(_SELDDWN)) then
      put 'Unable to contact LDAP server.';
   else do;
      msg = sysmsg();
      put msg;
   end;
end;

Example 2

The following example opens a connection to an LDAP server, binding as user John Doe. It passes in a session option of OPT_REFERRALS_OFF; this option instructs the LDAP server not to chase referrals.
server = "myhost.net.com";
base = "Alphalite Airways,c=US";
bindDN ="cn=John Doe,ou=People,o=Alphalite Airways,c=us";
pw="myPass1";
referral= "OPT_REFERRALS_OFF";
rc = ds._OPEN(server,8001,base,bindDn,pw,referral);
Copyright © SAS Institute Inc. All rights reserved.