Updating an LDAP Directory

Entries can be added, modified, and deleted. Remote administration of an LDAP server is one possible using one of these options.

The following example runs a cycle of LDAP actions by first adding a new record, then querying the LDAP directory and generating a form for the output, and finally deleting the new record.

Note To add a new record:
  1. Open a new file in Studio.
  2. Modify the file so that it appears as follows:
    <!--- add a new record (Joe Smith) --->
    
    <CFLDAP
        SERVER="myserver"
        USERNAME="uid=kvaughan, ou=People, o=airius.com"
        PASSWORD="bribery"
        ACTION="ADD"
        ATTRIBUTES="objectclass=top, person, organizationalPerson
            inetOrgPerson; cn=Joe Smith; 
            sn=Smith; mail=jSmith@airius.com;
            telephonenumber=+1 408 555 2128; ou=Human Resources"
            DN="uid=jSmith, ou=People, o=airius.com">
    
    <!--- query the LDAP server --->
    
    <CFLDAP Name="AriusList"
        SERVER="myserver"
        ACTION="QUERY"
        ATTRIBUTES="cn,mail,telephonenumber"
        SCOPE="SUBTREE"
        FILTER="ou=Human Resources"
        SORT="cn ASC"
        START="o=airius.com">
    
    <!--- generate a form page for query output --->
    
    <H3> Human Resources Directory for Arius</H3>
    
    <CFFORM ACTION="ariusform_action.cfm">
    
        <CFGRID NAME="ariusgrid" width="350" query="AriusList" 
            insert="No" delete="No" sort="no" bold="No" italic="No"
            appendkey="No" highlighthref="No" griddataalign="LEFT"
            gridlines="no" rowheaders="no" rowheaderalign="LEFT"
            rowheaderitalic="No" rowheaderbold="No" colheaders="yes"
            colheaderalign="LEFT" colheaderitalic="No" 
    colheaderbold="yes"
            selectmode="BROWSE" picturebar="no">
    
            <CFGRIDCOLUMN NAME="cn" HEADER="Name">
            <CFGRIDCOLUMN NAME="mail" HEADER="eMail Address">
            <CFGRIDCOLUMN NAME="telephonenumber" HEADER="Phone">
        </CFGRID><BR>
    
    </CFFORM>
    
    <!---delete record --->
    
    <CFLDAP
        SERVER="myserver"
        USERNAME="uid=kvaughan, ou=People, o=airius.com"
        PASSWORD="bribery"
        ACTION="DELETE"
        DN="uid=jSmith, ou=People, o=airius.com">
    
  3. Change myserver to a valid LDAP server.
  4. Change the uid to a valid user id.
  5. Save the page as ldapadd.cfm and view it in your browser.
Note To modify a record by adding an attribute:

This example illustrates modifying a record by adding an attribute value to the existing values. This is a necessary step to overcome the limitations of the MODIFY attribute.

  1. Open a new file in Studio.
  2. Modify the file so that it appears as follows:
    <!--- modify a record, preserving 
        other existing attributes --->
    
    <!--- You must include the existing attribute
    values plus the new one you want to add. In this
    case we are adding a unique member gfarmer to
    the Accounting Managers. If we did not include 
    the existing the existing unique members scarter 
    and tmorris then they would no longer be unique
    members. The modify really is doing a replace on 
    this attribute. For the next release of ColdFusion 
    we will provide an option to just update the attribute.
    Multiple values for a single attribute are separated 
    by a comma.  If a single attribute value contains a 
    comma you must escape it by adding an extra comma. For 
    example the uniquemember value uid=scarter,ou=groups,
    o=airius.com must be entered as uid=scarter,,ou=groups,,
    o=airius.com Be careful when you do this modify or you 
    can remove attribute values you did not intend to! --->
    
    <!--- ATTRIBUTES="uniquemember=uid=scarter,,ou=People,,o=airius.com, 
    uid=tmorris,,ou=People,,o=airius.com, 
    uid=gfarmer,,ou=People,,o=airius.com" --->
    
    <CFLDAP SERVER="myserver"
        ACTION="Modify"
        USERNAME="uid=kvaughan, ou=People, o=airius.com"
        PASSWORD="bribery"
        ATTRIBUTES="uniquemember=uid=scarter,,ou=People,,o=airius.com,
            uid=tmorris,,ou=People,,o=airius.com,
            id=gfarmer,,ou=People,,o=airius.com"
            DN="cn=Accounting Managers, ou=groups; o=airius.com">
    
  3. Change myserver to a valid LDAP server.
  4. Change the uid to a valid user id.
  5. Save the page as ldapaddattr.cfm and view it in your browser.
Note To insert or update an entry:
  1. Open a new file in Studio.
  2. Modify the file so that it appears as follows:
    <!--- If the update parameter is sent
        then run this update --->
    <!--- If the insert parameter is sent
        then run this insert --->
    
    <CFIF IsDefined(rename_dn)>
    
        <CFLDAP Name="CustomerRename"
            SERVER="myserver"
            USERNAME="cn=Directory Manager,
                o=Ace Industry, c=US"
            PASSWORD="testldap"
            ACTION="MODIFYDN"
            ATTRIBUTES=#new_dn#
            DN=#rename_dn#>
    
    <CFELSE>
    
        <CFIF IsDefined(dn)>
        <CFSET #UPDATE_ATTRS#=#mailtag# & #email# & ";" & 
            #phonetag# & #Phone#>
    
            <CFLDAP Name="CustomerModify"
                SERVER="myserver"
                USERNAME="cn=Directory Manager,
                    o=Ace Industry, c=US"
                PASSWORD="testldap"
                ACTION="MODIFY"
                ATTRIBUTES=#UPDATE_ATTRS#
                DN=#dn#>
    
    <CFELSE>
    
    <!--- If the insert parameter is sent
        then run this insert --->
    
        <CFIF IsDefined(Distinguished_Name)>
        <CFSET #ADD_ATTRS# = "objectclass=top,
            person,organizationalPerson,inetOrgPerson;" &
            #fullnametag# &
            #Fullname# &
            ";" & 
            #surnametag# &
            #Surname# &
            ";" &
            #mailtag# &
            #Email# &
            ";" &
            #phonetag# &
            #Phone#>
    
            <CFLDAP Name="CustomerAdd"
                SERVER="myserver"
                USERNAME="cn=Directory Manager,
                    o=Ace Industry, c=US"
                PASSWORD="testldap"
                ACTION="Add"
                ATTRIBUTES=#ADD_ATTRS#
                DN=#Distinguished_Name#>
    
        </CFIF>
        </CFIF>
    </CFIF>
    
    <!--- Use CFLDAP to retrieve the common
    name and distinguished name for all employees
    that have a surname that contains ens and a common
    name that is > K. Search starts in the country US
    and organization Ace Industry.--->
    
    <CFLDAP Name="EntryList"
        SERVER="myserver"
        ACTION="Query"
        ATTRIBUTES="dn,cn, sn"
        SCOPE="SUBTREE"
        SORT="sn ASC"
        FILTER="(&(sn=*ens*)(cn>=K))"
        START="o=Ace Industry, c=US"
        MAXROWS=50
        TIMEOUT=30>
    
    <HTML>
    <HEAD>
        <TITLE>LDAP Directory Example</TITLE>
    </HEAD>
    
    <P>To modify the attributes of an entry,
    select the entry and click the <B>Update</B>
    button. To create a new entry, click the
    <B>Add</B> button.
    
    <CFFORM NAME="MyForm"
        ACTION="ldap_update.cfm"
        TARGET="Lower">
    
        <CFSELECT NAME="dn"
            SIZE="5"
            REQUIRED="Yes"
            QUERY="EntryList"
            Value="dn"
            Display="cn">
        </CFSELECT>
    
        <INPUT TYPE="Submit" VALUE="Update...">
    
    </CFFORM>
    
    <FORM ACTION="ldap_add.cfm"
        METHOD="Post"
        TARGET="Lower">
    
        <INPUT TYPE="Submit" VALUE="Add...">
    </FORM>
    
    </BODY>
    </HTML>
    
  3. Change myserver to a valid LDAP server.
  4. Change the uid to a valid user id.
  5. Save the page as ldapchangeattr.cfm and view it in your browser.
Note To delete an entry:
  1. Open a new file in Studio.
  2. Modify the file so that it appears as follows:
    <!--- If the delete parameter is sent
    then run this update --->
    <CFIF IsDefined(dn)>
        <CFLDAP Name="LDAPDelete"
            SERVER="myserver"
            USERNAME="cn=Directory Manager,
                o=Ace Industry, c=US"
            PASSWORD="testldap"
            ACTION="Delete"
            DN=#dn#>
    </CFIF>
    
    <!--- Use CFLDAP to retrieve the common name
    and distinguished name for all employees that
    have a surname that contains ens and a common
    name that is > K. Search starts in the country
    US and organization Ace Industry. --->
    
    <CFLDAP Name="EntryList"
        SERVER="myserver"
        ACTION="Query"
        ATTRIBUTES="dn,cn, sn"
        SCOPE="SUBTREE"
        SORT="cn ASC"
        FILTER="(cn>=A)"
        START="o=Ace Industry, c=US"
        TIMEOUT=30>
    
  3. Change myserver to a valid LDAP server.
  4. Change the uid to a valid user id.
  5. Save the page as ldapdeleteattr.cfm and view it in your browser.

Creating searchable CFLDAP output

An example of building and searching a Verity collection from LDAP data can be found in "Indexing CFLDAP Query Results".