Contents LDAP SCL Interface Previous Next

_OPEN

Opens a connection to an LDAP server.

Syntax

_OPEN(ldapServerName, port, base, bindDN, password, <session_options>);

ldapServerName
Character, input.
Names the LDAP server to connect to. If the ldapServerName parameter is left blank, the default server name is that of the host that is running the application that called this method. Otherwise, the value of the ldapServerName parameter must be the DNS name or IP address of a host on which an LDAP server is running.

port
Numeric, input.
Specifies the TCP port of the LDAP server. If a value of 0 is specified, the standard port of 389 is used.

base
Character, input.
Specifies the base object for the upcoming search operation. The base object is the point in the LDAP tree at which you want to start searching. Its value is a distinguished name. If this value is blank, the macro variable or environment variable LDAP_BASE is used for the definition of the base object.

bindDN
Character, input.
Specifies the distinguished name used to bind to the server. If this value is blank, the macro variable or environment variable LDAP_BINDDN is used as the bind distinguished name. If a value of "" is specified and the LDAP_BINDDN variable has not been set, an unauthorized bind is performed.

password
Character, input.
Specifies the password used to bind to the server. If this value is blank, the macro variable or environment variable LDAP_BINDPW is used as the bind password. If the value of this attribute is specified as "" and the LDAP_BINDPW variable has not been set, an unauthenticated bind is performed.

session_options
Character, input.
Specifies one or more session options to use with this bind. Valid session options are:
OPT_REFERRALS_OFF
Instructs the server to not chase referrals. Specifying this option overrides the default value of OPT_REFERRALS_ON.

SUBTREE_SEARCH_SCOPE
Sets the scope of the search to include all subtrees. This is the default.

BASE_SEARCH_SCOPE
Sets the scope of the search to include only the base. This value overrides the default value of SUBTREE_SEARCH_SCOPE.

ONELEVEL_SEARCH_SCOPE
Sets the scope of the search to include the base and one additional level. This overrides the default value of SUBTREE_SEARCH_SCOPE.

Note: Specify only one search scope option. If multiple search scope options are specified, the one that appears last is used. If none of the search scope options are specified, the default value of SUBTREE_SEARCH_SCOPE is used.

Details

When invoked on an LDAPSERVICES instance, the _OPEN method initializes the connection to the specified LDAP server.

The %SYSRC macro can be used to check for errors returned from the _OPEN method. Possible error return codes include:

_SELDBOS
Indicates that the specified bind distinguished name is outside the scope of the directory server.

_SELDNSO
Indicates that the bind DN doesn't exist.

_SELDICR
Indicates that an invalid password was specified.

_SELDDWN
Indicates that the SAS system was unable to connect to the LDAP server.

If the return code is not one of these pre-defined system return codes, use SYSMSG() to determine the exact error message. See the examples section for a sample code snippet that shows how to check for these return codes.

Examples

The following example opens a connection to an LDAP server using an anonymous bind and the default session options. It also shows how to check for error conditions from the _OPEN method.


dclass  = loadclass('sashelp.base.ldapservices.class');
ds = instance(dclass);
server = "myhost.net.com";
base = "Alpine Airways,c=US";
bindDn="";
pw="";
rc = ds._open(server,8001,base,bindDn,pw);
if rc ne 0 then do;
  if (rc = %sysrc(_SELDBOS)) then
    put 'Bind outside of scope.';
  else if (rc = %sysrc(_SELDNSO)) then
    put 'No such object.';
  else if (rc = %sysrc(_SELDICR)) then
    put 'Invalid credentials.';
  else if (rc = %sysrc(_SELDDWN)) then
    put 'Unable to contact LDAP server.';
  else do;
     msg = sysmsg();
     put msg;
  end;
end;

The following example opens a connection to an LDAP server, binding as user John Doe. It passes in a session option of OPT_REFERRALS_OFF; this instructs the LDAP server not to chase referrals.


server = "myhost.net.com";
base = "Alpine Airways,c=US";
bindDN ="cn=John Doe,ou=People,o=Alpine Airways,c=us";
pw="myPass1";
referral= "OPT_REFERRALS_OFF";
rc = ds._OPEN(server,8001,base,bindDn,pw,referral);

Contents LDAP SCL Interface Previous Next