LDAP data collection definitions

Input data collections

Each request that must be handled by the LDAP Access Service requires specific types of input data. A collection of data used by these requests has been created and collected into a toolkit context. Users of this service do not access this context directly, however the names of the data entries in this context correspond to ones that the user would use in defining mappings for output data from the LDAP Access Service.

Table 1. LDAP input data elements
Data Name Data Type Used By Description
simpleName field all requests Used to hold an LDAP name or suffix (not dynamic).
filter field search Used to specify a simple filter.
filterExpression field search Used to specify a filter expression.
filterType field search Used to indicate what type of filter will be used for this search.
maxHits field search Used to indicate the number of search results to return.
followReferencesFlag field search Used to specify whether LDAP should follow references.
returnObjectFlag field search Used to indicate whether LDAP should return objects along with search result data.
searchScope field search Used to specify the scope of the search.
timeLimit field search Used to specify the maximum time to carry out a search request.
dynamicName kColl all requests Contains data elements used to build an LDAP name dynamically.
filterList kColl search Used to hold a list of filter objects for dynamically building up a filter. (Used in conjunction with filterExpression.)
attributeFilterList kColl search,

getattributes
Used to specify what subset of attributes should be returned by these requests.
attributeList kColl search,

create
Used by the search request to build up a filter. Used by the create request to specify what attributes to associate with the newly created data entry.
modificationList kColl modify Used to specify a set of attributes and modification codes, for the modify request.
The following are the externalized definitions for input data (in the data and context definition files):
<kColl id="ldapInData" dynamic="true">
    <!-- field level definitions-->
    <field id="simpleName"/>
    <field id="filter"/>
    <field id="filterExpression"/>
    <field id="filterType"/>
    <field id="maxHits"/>
    <field id="followReferencesFlag"/>
    <field id="returnObjectFlag"/>
    <field id="searchScope"/>
    <field id="timeLimit"/>
    <field id="useFilter"/>

    <!-- collections-->
    <kColl id="dynamicName" dynamic="true"></kColl>
    <kColl id="filterList" dynamic="true"></kColl>
    <iColl id="attributeFilterList" dynamic="true"></iColl>
    <kColl id="attributeList" dynamic="true"></kColl>
    <kColl id="modificationList" dynamic="true"></kColl>
</kColl>

<context id="ldapInCtx" type="operation" parent="nil">
    <refKColl refId="ldapInData">
    </refKColl>
</context>

Output data collections

Table 2. LDAP output data elements
Data Name Data Type Used By Short Description
listResults kColl list Holds data returned by the list request.
listBindingsResults kColl listbindings Holds data returned by the listbindings request.
lookupResults kColl lookup Holds data returned by the lookup request.
searchResults kColl search Holds data returned by the search request.
getAttributesResults kColl getattributes Holds data returned by the getattributes request.

The output data collections contain data mapped from 'native' LDAP objects. The following section describes the contents of each of these collections.

listResults

The listResults collection contains an indexed representation of the results returned from the LDAP server for a list request. Each of the results contained in this listing has the following two attributes:
  • name - the DN for the result.
  • classname - the name of the class (Java or otherwise) being used to represent the data entry.
To access the name attribute of the first result in the list, use the following:
listResults.0.name 
The attributes for the first result are also stored in the top-level object, so that to get the name attribute of the first result in the collection you could also use the following:
listResults.name 

listBindingsResults

The listBindingsResults collection contains an indexed representation of the results returned from the LDAP server for a listbindings request. Each of the results contained in this listing has the following three attributes:
  • name - the DN for the result
  • classname - the name of the class (Java or otherwise) being used to represent the data entry.
  • object - the DIT may contain an actual object being used to implement the data entry. If it does, this object will be returned by LDAP, and is stored in this attribute.
To access the object attribute of the first result in the list, use the following:
listBindingsResults.0.object 
The attributes for the first result are also stored in the top-level object, so that to get the object attribute of the first result in the collection you could also use the following:
listBindingsResults.object 

lookupResults

The lookupResults collection contains the result returned from the LDAP server for a lookup request. It holds the following attribute:
  • object - the object being used to implement the data entry in LDAP for which we performed a lookup
To access this attribute, use the following:
lookupResults.object 

searchResults

The searchResults collection contains a list of the results returned from the LDAP server for a search request. Each result represents a data entry and contains at least the following five attributes:
  • bindName - the DN for the data entry.
  • className - the name of the class (Java or otherwise) being used to represent the data entry.
  • class - the class (Java or otherwise) being used to represent the data entry.
  • object - the object being used to implement the data entry
  • attributes - the attributes of the data entry (stored in a javax.naming.directory.Attributes object)
To obtain the className attribute of the first result, use the following:
searchResults.0.className 
In addition, the attributes of the data entry are also stored in the result object, for easy access. Note that LDAP may return multiple values for an attribute. If all values are required, they should be accessed through the attributes of the result (see above). So to access the first value of an attribute named cn, for example, you would use the following:
searchResults.0.cn 

getAttributesResults

The getAttributesResults collection contains the attributes returned from the LDAP server for a getattributes request. Each of these attributes is represented by a collection as well, with the name of the collection being the same as the attribute, and its contents being all the values for the attribute. So for example, if a getattributes request returns the attributes cn, and telephonenumber, and telephonenumber has two values '1-800-921-3345' and '1-703-453-0098', and you wish to access the second telephone number value, you would use the following:
getAttributesResults.telephonenumber.0
Note: There are no output data collections for create and destroy requests, because no data is returned from JNDI for them.
The following is the externalized definition for output data (in the data and context definition files):
<kColl id="ldapOutData" dynamic="true">
    <kColl id="listResults" dynamic="true"></kColl>
    <kColl id="listBindingsResults" dynamic="true"></kColl>
    <kColl id="lookupResults" dynamic="true"></kColl>
    <kColl id="searchResults" dynamic="true"></kColl>
    <kColl id="getAttributesResults" dynamic="true"></kColl>
</kColl>

<context id="ldapOutCtx" type="operation" parent="nil">
    <refKColl refId="ldapOutData">
    </refKColl>
</context>