SAS 9.1.3 Integration Technologies » Developer's Guide


	LDAP SCL Interface

	_ADD

	_CLOSE

	_DELETE

	_MODIFY

	_OPEN

	_SETOPTIONS

	_SEARCH

Prev | Next | Contents

Directory Services

_OPEN

Opens a connection to an LDAP server.

Syntax

_OPEN(ldapServerName, port, base, bindDN, password, <session_options>);

ldapServerName

Character, input.
Names the LDAP server to connect to. If the ldapServerName parameter is left blank, the default server name is that of the host that is running the application that called this method. Otherwise, the value of the ldapServerName parameter must be the DNS name or IP address of a host on which an LDAP server is running.

port

Numeric, input.
Specifies the TCP port of the LDAP server. If a value of 0 is specified, the standard port of 389 is used.

base

Character, input.
Specifies the base object for the upcoming search operation. The base object is the point in the LDAP tree at which you want to start searching. Its value is a distinguished name. If this value is blank, the macro variable or environment variable LDAP_BASE is used for the definition of the base object.

bindDN

Character, input.
Specifies the distinguished name used to bind to the server. If this value is blank, the macro variable or environment variable LDAP_BINDDN is used as the bind distinguished name. If a value of "" is specified and the LDAP_BINDDN variable has not been set, an unauthorized bind is performed.

password

Character, input.
Specifies the password used to bind to the server. If this value is blank, the macro variable or environment variable LDAP_BINDPW is used as the bind password. If the value of this attribute is specified as "" and the LDAP_BINDPW variable has not been set, an unauthenticated bind is performed.

Passwords that have been encoded by using the PWENCODE procedure can be used to bind to the server. For more information, see The PWENCODE Procedure in Base SAS Procedures Guide.

session_options

Character, input.
Specifies one or more session options to use with this bind. Valid session options are as follows:

OPT_REFERRALS_OFF: Instructs the server to not chase referrals. Specifying this option overrides the default value of OPT_REFERRALS_ON.
SUBTREE_SEARCH_SCOPE: Sets the scope of the search to include all subtrees. This is the default.
BASE_SEARCH_SCOPE: Sets the scope of the search to include only the base. This value overrides the default value of SUBTREE_SEARCH_SCOPE.
ONELEVEL_SEARCH_SCOPE: Sets the scope of the search to include the base and one additional level. This overrides the default value of SUBTREE_SEARCH_SCOPE.

Note: Specify only one search scope option. If multiple search scope options are specified, the one that appears last is used. If none of the search scope options are specified, the default value of SUBTREE_SEARCH_SCOPE is used.

Details

When invoked on an LDAPSERVICES instance, the _OPEN method initializes the connection to the specified LDAP server.

The %SYSRC macro can be used to check for errors returned from the _OPEN method. Possible error return codes include the following:

_SELDBOS: Indicates that the specified bind distinguished name is outside the scope of the directory server.
_SELDNSO: Indicates that the bind DN doesn't exist.
_SELDICR: Indicates that an invalid password was specified.
_SELDDWN: Indicates that the SAS system was unable to connect to the LDAP server.

If the return code is not one of these pre-defined system return codes, use SYSMSG() to determine the exact error message. See the examples section for a sample code snippet that shows how to check for these return codes.

Examples

The following example opens a connection to an LDAP server using an anonymous bind and the default session options. It also shows how to check for error conditions from the _OPEN method.


dclass  = loadclass('sashelp.base.ldapservices.class');
ds = instance(dclass);
server = "myhost.net.com";
base = "Alphalite Airways,c=US";
bindDn="";
pw="";
rc = ds._open(server,8001,base,bindDn,pw);
if rc ne 0 then do;
  if (rc = %sysrc(_SELDBOS)) then
    put 'Bind outside of scope.';
  else if (rc = %sysrc(_SELDNSO)) then
    put 'No such object.';
  else if (rc = %sysrc(_SELDICR)) then
    put 'Invalid credentials.';
  else if (rc = %sysrc(_SELDDWN)) then
    put 'Unable to contact LDAP server.';
  else do;
     msg = sysmsg();
     put msg;
  end;
end;

The following example opens a connection to an LDAP server, binding as user John Doe. It passes in a session option of OPT_REFERRALS_OFF; this instructs the LDAP server not to chase referrals.


server = "myhost.net.com";
base = "Alphalite Airways,c=US";
bindDN ="cn=John Doe,ou=People,o=Alphalite Airways,c=us";
pw="myPass1";
referral= "OPT_REFERRALS_OFF";
rc = ds._OPEN(server,8001,base,bindDn,pw,referral);