Adobe ColdFusion 8

Updating an LDAP directory

The cfldap tag lets you perform the following actions on LDAP directory entries:

  • Add
  • Delete
  • Add attributes
  • Delete attributes
  • Replace attributes
  • Change the DN (rename the entry)

These actions let you manage LDAP directory contents remotely.

You build a ColdFusion page that lets you manage an LDAP directory. The form displays directory entries in a table and includes a button that lets you populate the form fields based on the unique user ID.

The example ColdFusion page does not add or delete entry attributes or change the DN. For information on these operations, see Adding and deleting attributes of a directory entry and Changing a directory entry's DN.

To keep the code short, this example has limitations that are not appropriate in a production application. In particular, it has the following limitations:

  • If you enter an invalid user ID and click either the Update or the Delete button, ColdFusion generates a "No such object" error, because there is no directory entry to update or delete. Your application should verify that the ID exists in the directory before it tries to change or delete its entry.
  • If you enter a valid user ID in an empty form and click Update, the application deletes all the attributes for the User. The application should ensure that all required attribute fields contain valid entries before updating the directory.

Adding a directory entry

When you add an entry to an LDAP directory, you specify the DN, all the required attributes, including the entry's object class, and any optional attributes. The following example builds a form that adds an entry to an LDAP directory.

  1. Create a file that looks like the following:
    <!--- Set the LDAP server ID, user name, and password as variables
        here so they can be changed in only one place. --->
    <cfset myServer="ldap.myco.com">
    <cfset myUserName="cn=Directory Manager">
    <cfset myPassword="password">
    
    <!--- Initialize the values used in form fields to empty strings. --->
    <cfparam name="fullNameValue" default="">
    <cfparam name="surnameValue" default="">
    <cfparam name="emailValue" default="">
    <cfparam name="phoneValue" default="">
    <cfparam name="uidValue" default="">
    
    <!---When the form is submitted, add the LDAP entry. --->
    <cfif isdefined("Form.action") AND Trim(Form.uid) IS NOT "">
        <cfif Form.action is "add">
            <cfif Trim(Form.fullName) is "" OR Trim(Form.surname) is ""
                OR Trim(Form.email) is "" OR Trim(Form.phone) is "">
                    <h2>You must enter a value in every field.</h2>
                    <cfset fullNameValue=Form.fullName>
                    <cfset surnameValue=Form.surname>
                    <cfset emailValue=Form.email>
                    <cfset phoneValue=Form.phone>
                    <cfset uidValue=Form.uid>
            <cfelse>
                <cfset attributelist="objectclass=top, person,
                        organizationalperson, inetOrgPerson;
                    cn=#Trim(Form.fullName)#; sn=#Trim(Form.surname)#;
                    mail=#Trim(Form.email)#; 
                    telephonenumber=#Trim(Form.phone)#;
                    ou=Human Resources;
                    uid=#Trim(Form.uid)#">
                <cfldap action="add"
                    attributes="#attributeList#"
                    dn="uid=#Trim(Form.uid)#, ou=People, o=Airius.com"
                    server=#myServer#
                    username=#myUserName#
                    password=#myPassword#>
                <cfoutput><h3>Entry for User ID #Form.uid# has been added</h3>
                </cfoutput>
            </cfif>
        </cfif>    
    </cfif>
    
    <html>
    <head>
        <title>Update LDAP Form</title>
    </head>
    <body>
    <h2>Manage LDAP Entries</h2>
    
    <cfform action="update_ldap.cfm" method="post">
        <table>
            <tr><td>Full Name:</td>
                <td><cfinput type="Text"
                     name="fullName"
                     value=#fullNameValue#
                     size="20"
                     maxlength="30"
                     tabindex="1"></td>
            </tr>
            <tr><td>Surname:</td> 
                <td><cfinput type="Text"
                    name="surname"
                    Value= "#surnameValue#"
                    size="20"
                    maxlength="20"
                    tabindex="2"></td>
            </tr>
            <tr>
                <td>E-mail Address:</td>
                <td><cfinput type="Text"
                    name="email"
                    value="#emailValue#"
                    size="20"
                    maxlength="20"
                    tabindex="3"></td>
            </tr>
            <tr>
                <td>Telephone Number:</td>
                <td><cfinput type="Text"
                    name="phone"
                    value="#phoneValue#"
                    size="20"
                    maxlength="20"
                    tabindex="4"></td>
            </tr>
            <tr>
                <td>User ID:</td>
                <td><cfinput type="Text"
                    name="uid"
                    value="#uidValue#"
                    size="20"
                    maxlength="20"
                    tabindex="5"></td>
            </tr>
            <tr>
                <td colspan="2">
                    <input type="Submit"
                     name="action"
                     value="Add"
                     tabindex="8"></td>
            </tr>
        </table>
        <br>
        *All fields are required for Add<br>
    </cfform>
    
    <!---Output the user list. --->
    <h2>User List for the Human Resources Department</h2>
    <cfldap name="GetList"
        server=#myServer#
        action="query"
        attributes="cn,sn,mail,telephonenumber,uid"
        start="o=Airius.com"
        scope="subtree"
        filter="ou=Human Resources"
        sort="sn,cn"
        sortControl="asc, nocase">
    
    <table border="1">
        <tr>
            <th>Full Name</th>
            <th>Surname</th>
            <th>Mail</th>
            <th>Phone</th>
            <th>UID</th>
        </tr>
        <cfoutput query="GetList">
        <tr>
            <td>#GetList.cn#</td>
            <td>#GetList.sn#</td>
            <td>#GetList.mail#</td>
            <td>#GetList.telephonenumber#</td>
            <td>#GetList.uid#</td>
        </tr>
        </cfoutput>
    </table>
    </body>
    </html>
    

  2. At the top of the file, change the myServer, myUserName, and myPassword variable assignments to values that are valid for your LDAP server.
  3. Save the page as update_ldap.cfm and run it in your browser.

Reviewing the code

The following table describes the code:

Code

Description

<cfset myServer="ldap.myco.com"> <cfset myUserName="cn=Directory Manager"> <cfset myPassword="password">

Initializes the LDAP connection information variables. Uses variables for all connection information so that any changes have to be made in only one place.

<cfparam name="fullNameValue" default=""> <cfparam name="surnameValue" default=""> <cfparam name="emailValue" default=""> <cfparam name="phoneValue" default=""> <cfparam name="uidValue" default="">

Sets the default values of empty strings for the form field value variables. The data entry form uses cfinput fields with value attributes so that the form can be prefilled and so that, if the user submits an incomplete form, ColdFusion can retain any entered values in the form when it redisplays the page.

<cfif isdefined("Form.action") AND Trim(Form.uid) IS NOT "">

Ensures that the user entered a User ID in the form.

<cfif Form.action is "add">

If the user clicks Add, processes the code that follows.

<cfif Trim(Form.fullName) is "" OR Trim(Form.surname) is "" OR Trim(Form.email) is "" OR Trim(Form.phone) is ""> <h2>You must enter a value in every field.</h2> <cfset fullNameValue=Form.fullName> <cfset surnameValue=Form.surname> <cfset emailValue=Form.email> <cfset phoneValue=Form.phone> <cfset uidValue=Form.uid>

If any field in the submitted form is blank, display a message and set the other form fields to display data that the user submitted.

<cfelse> <cfset attributelist= "objectclass=top,person, organizationalperson, inetOrgPerson; cn=#Trim(Form.fullName)#; sn=#Trim(Form.surname)#; mail=#Trim(Form.email)#; telephonenumber= #Trim(Form.phone)#; ou=Human Resources; uid=#Trim(Form.uid)#">

If the user entered data in all fields, sets the attributelist variable to specify the entry's attributes, including the object class and the organizational unit (in this case, Human Resources).

The Trim function removes leading or trailing spaces from the user data.

<cfldap action="add" attributes="#attributeList#" dn="uid=#Trim(Form.uid)#, ou=People, o=Airius.com" server=#myServer# username=#myUserName# password=#myPassword#> <cfoutput><h3>Entry for User ID #Form.uid# has been added</h3> </cfoutput> </cfif> </cfif> </cfif>

Adds the new entry to the directory.

<cfform action="update_ldap.cfm" method="post"> <table> <tr><td>Full Name:</td> <td><cfinput type="Text" name="fullName" value=#fullNameValue# size="20" maxlength="30" tabindex="1"></td> </tr> . . . <tr><td colspan="2"> <input type="Submit" name="action" value="Add" tabindex="6"></td> </tr> </table> <br> *All fields are required for Add<br> </cfform>

Outputs the data entry form, formatted as a table. Each cfinput field always has a value, set by the value attribute when the page is called. The value attribute lets ColdFusion update the form contents when the form is redisplayed after the user clicks Add. The code that handles cases in which the user fails to enter all the required data uses this feature.

<cfldap name="GetList" server=#myServer# action="query" attributes="cn,sn,mail, telephonenumber,uid" start="o=Airius.com" scope="subtree" filter="ou=Human Resources" sort="sn,cn" sortControl="asc, nocase">

Queries the directory and gets the common name, surname, e-mail address, telephone number, and user ID from the matching entries.

Searches the subtree from the entry with the DN of o=Airius.com, and selects all entries in which the organizational unit is Human Resources.

Sorts the results by surname and then common name (to sort by last name, then first). Sorts in default ascending order that is not case-sensitive.

<table border="1"> <tr> <th>Full Name</th> <th>Surname</th> <th>Mail</th> <th>Phone</th> <th>UID</th> </tr> <cfoutput query="GetList"> <tr> <td>#GetList.cn#</td> <td>#GetList.sn#</td> <td>#GetList.mail#</td> <td>#GetList.telephonenumber#</td> <td>#GetList.uid#</td> </tr> </cfoutput> </table> </body> </html>

Displays the query results in a table.