ipworksssl
Class Ldaps

java.lang.Object
  ipworksssl.Ldaps

public class Ldaps
extends java.lang.Object

The LDAPS Bean is used to search, manage, and maintain Internet Directory (LDAP) servers.

The LDAPS Bean is the SSL-enabled equivalent of the IP*Works! LDAP bean. The main difference is the introduction of a set of new configuration settings, properties and events that deal with SSL security. The ipworksssl.Ldaps#config and {@link ipworksssl.Ldaps#config configuration settings determine which protocols are enabled and at what security level. The {@link ipworksssl.Ldaps#getSSLCert SSLCert} property is used to select a client certificate if the server is requesting client authentication. The {@link ipworksssl.Ldaps#config configuration setting, together with the {@link ipworksssl.LdapsSSLServerAuthenticationEvent SSLServerAuthentication} event allow you to check the server identity and other security attributes. Finally, the {@link ipworksssl.LdapsSSLStatusEvent SSLStatus} event provides information about the SSL handshake.

The LDAPS Bean implements a standard LDAP client as specified in RFC 1777, 2251, and other LDAP RFCs. Support for both LDAP v2 and v3 is provided.

The first step in using the bean is specifying the {@link ipworksssl.Ldaps#getServerName ServerName} , a {@link ipworksssl.Ldaps#getDN DN} (Distinguished Name) to bind as, and optionally a {@link ipworksssl.Ldaps#getPassword Password} . Then you can call one or more of the bean methods to act upon the server. Server responses are normally received through the {@link ipworksssl.LdapsResultEvent Result} event. The only exceptions are search requests which result in one or more {@link ipworksssl.LdapsSearchResultEvent SearchResult} events, followed by a final {@link ipworksssl.LdapsSearchCompleteEvent SearchComplete} event.

Attributes are set and returned through the {@link ipworksssl.Ldaps#getAttributes Attributes} collection . Other command arguments are specified through other properties. These are specified in detail in each method.

Search filters are to be specified as string arguments to the {@link ipworksssl.Ldaps#search Search} method. The format must be a standard LDAP search string as specified in RFC 1558. Other search attributes are set in properties such as {@link ipworksssl.Ldaps#getSearchScope SearchScope} , {@link ipworksssl.Ldaps#getSearchTimeLimit SearchTimeLimit} , {@link ipworksssl.Ldaps#getSearchSizeLimit SearchSizeLimit} , {@link ipworksssl.Ldaps#isSearchReturnValues SearchReturnValues} , and {@link ipworksssl.Ldaps#getSearchDerefAliases SearchDerefAliases} .

The bean operates synchronously by default (waits for a response before returning control to the caller), however, the bean may also operate asynchronously (return control immediately), by setting {@link ipworksssl.Ldaps#getTimeout Timeout} to 0. Please refer to the {@link ipworksssl.Ldaps#getTimeout Timeout} property for more information.

Field Summary

static int	amDigestMD5
static int	amKerberos
static int	amNegotiate
static int	amSimple
static int	sdaAlways
static int	sdaFindingBaseObject
static int	sdaInSearching
static int	sdaNever
static int	ssBaseObject
static int	sslAutomatic
static int	sslExplicit
static int	sslImplicit
static int	sslNone
static int	ssSingleLevel
static int	ssWholeSubtree

Constructor Summary

Ldaps()
Creates an instance of Ldaps Bean.

Ldaps(java.lang.String runtimeLicense)
Creates an instance of Ldaps Bean with specified run-time license.

Method Summary

void	abandon(int messageId) Asks the server to abandon a request.
void	add() Adds an entry specified by DN to the directory server using the type and value attributes defined in the Attributes collection .
void	addLdapsEventListener(LdapsEventListener l)
java.lang.String	attr(java.lang.String attrType) Returns the value of the specified LDAP attribute.
void	bind() Connects and binds to the directory server.
void	compare() Compares attributes and values with those of the entry specified by DN .
java.lang.String	config(java.lang.String configurationString) Sets or retrieves a {@link ipworksssl.Ldaps#config configuration setting.
void	delete() Deletes an entry specified by DN from the directory server.
void	doEvents() Processes events from the internal message queue.
void	extendedRequest(java.lang.String requestName, byte[] requestValue) Performs an LDAP V3 Extended Operation.
LDAPAttributeList	getAttributes() Attributes for the current entry.
int	getAuthMechanism() The authentication mechanism to be used when connecting to the LDAP server.
java.lang.String	getDN() The Distinguished Name used as the base for LDAP operations.
Firewall	getFirewall() A set of properties related to firewall access.
int	getLDAPVersion() The version of LDAP used.
java.lang.String	getLocalHost() The name of the local host or user-assigned IP interface through which connections are initiated or accepted.
int	getMessageId() The message identifier for the next LDAP request.
int	getPageSize() The maximum number of results per page for the Search method.
java.lang.String	getPassword() The password used to authenticate to the LDAP server.
LDAPReferenceList	getReferences() Collection of references returned from the server.
int	getResultCode() The result code returned in the last server response.
java.lang.String	getResultDescription() The descriptive text returned in the last server response (if any).
java.lang.String	getResultDN() The Distinguished Name returned in the last server response (if any).
int	getSearchDerefAliases() Controls alias dereferencing during searching.
int	getSearchScope() Controls the scope of LDAP search operations.
int	getSearchSizeLimit() Maximum number of entries that can be returned by the next search operation.
int	getSearchTimeLimit() A time limit for the next search operation (in seconds).
java.lang.String	getServerName() The name or address of the LDAP server.
int	getServerPort() The server port for the LDAP connection (default is 636).
java.lang.String	getSortAttributes() A string of attribute names to sort on with optional relative matching rules.
Certificate	getSSLAcceptServerCert() Instructs the bean to unconditionally accept the server certificate that matches the supplied certificate.
Certificate	getSSLCert() The certificate to be used during SSL negotiation.
Certificate	getSSLServerCert() The server certificate for the last established connection.
int	getSSLStartMode() Determines how the bean starts the SSL negotiation.
int	getTimeout() A timeout for the bean.
void	interrupt() Interrupt the current method.
boolean	isAcceptData() Enables or disables data reception from the server.
boolean	isConnected() Shows whether the bean is connected.
boolean	isDeleteOldRDN() Controls whether the old RDN (Relative Distinguished Name) should be deleted.
boolean	isIdle() The current status of the component.
boolean	isSearchReturnValues() Controls whether the search operation returns values of attributes, or only types.
void	modify() Performs an LDAP 'modify' operation on the entry specified by DN .
void	modifyRDN(java.lang.String newRDN) Performs an LDAP 'modify RDN' operation an entry specified by DN .
void	moveToDN(java.lang.String newSuperior) Performs an LDAP 'modify' operation on the entry specified by DN by changing its superior.
void	removeLdapsEventListener(LdapsEventListener l)
void	search(java.lang.String searchFilter) Searches the directory server using the base object specified in DN and the search filter SearchFilter .
void	setAcceptData(boolean acceptData) Enables or disables data reception from the server.
void	setAuthMechanism(int authMechanism) The authentication mechanism to be used when connecting to the LDAP server.
void	setConnected(boolean connected) Shows whether the bean is connected.
void	setDeleteOldRDN(boolean deleteOldRDN) Controls whether the old RDN (Relative Distinguished Name) should be deleted.
void	setDN(java.lang.String DN) The Distinguished Name used as the base for LDAP operations.
void	setFirewall(Firewall firewall) A set of properties related to firewall access.
void	setLDAPVersion(int LDAPVersion) The version of LDAP used.
void	setLocalHost(java.lang.String localHost) The name of the local host or user-assigned IP interface through which connections are initiated or accepted.
void	setMessageId(int messageId) The message identifier for the next LDAP request.
void	setPageSize(int pageSize) The maximum number of results per page for the Search method.
void	setPassword(java.lang.String password) The password used to authenticate to the LDAP server.
void	setSearchDerefAliases(int searchDerefAliases) Controls alias dereferencing during searching.
void	setSearchReturnValues(boolean searchReturnValues) Controls whether the search operation returns values of attributes, or only types.
void	setSearchScope(int searchScope) Controls the scope of LDAP search operations.
void	setSearchSizeLimit(int searchSizeLimit) Maximum number of entries that can be returned by the next search operation.
void	setSearchTimeLimit(int searchTimeLimit) A time limit for the next search operation (in seconds).
void	setServerName(java.lang.String serverName) The name or address of the LDAP server.
void	setServerPort(int serverPort) The server port for the LDAP connection (default is 636).
void	setSortAttributes(java.lang.String sortAttributes) A string of attribute names to sort on with optional relative matching rules.
void	setSSLAcceptServerCert(Certificate SSLAcceptServerCert) Instructs the bean to unconditionally accept the server certificate that matches the supplied certificate.
void	setSSLCert(Certificate SSLCert) The certificate to be used during SSL negotiation.
void	setSSLStartMode(int SSLStartMode) Determines how the bean starts the SSL negotiation.
void	setTimeout(int timeout) A timeout for the bean.
void	unbind() Unbinds from the directory server.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

amSimple

public static final int amSimple

See Also:

Constant Field Values

amDigestMD5

public static final int amDigestMD5

See Also:

Constant Field Values

amNegotiate

public static final int amNegotiate

See Also:

Constant Field Values

amKerberos

public static final int amKerberos

See Also:

Constant Field Values

sdaNever

public static final int sdaNever

See Also:

Constant Field Values

sdaInSearching

public static final int sdaInSearching

See Also:

Constant Field Values

sdaFindingBaseObject

public static final int sdaFindingBaseObject

See Also:

Constant Field Values

sdaAlways

public static final int sdaAlways

See Also:

Constant Field Values

ssBaseObject

public static final int ssBaseObject

See Also:

Constant Field Values

ssSingleLevel

public static final int ssSingleLevel

See Also:

Constant Field Values

ssWholeSubtree

public static final int ssWholeSubtree

See Also:

Constant Field Values

sslAutomatic

public static final int sslAutomatic

See Also:

Constant Field Values

sslImplicit

public static final int sslImplicit

See Also:

Constant Field Values

sslExplicit

public static final int sslExplicit

See Also:

Constant Field Values

sslNone

public static final int sslNone

See Also:

Constant Field Values

Constructor Detail

Ldaps

public Ldaps()

Creates an instance of Ldaps Bean.

Ldaps

public Ldaps(java.lang.String runtimeLicense)

Creates an instance of Ldaps Bean with specified run-time license.

Method Detail

isAcceptData

public boolean isAcceptData()

Enables or disables data reception from the server.

This property enables or disables data reception from the server. Setting the property to False, temporarily disables data reception. Setting the property to True, re-enables data reception.

setAcceptData

public void setAcceptData(boolean acceptData)
                   throws IPWorksSSLException

Enables or disables data reception from the server.

This property enables or disables data reception from the server. Setting the property to False, temporarily disables data reception. Setting the property to True, re-enables data reception.

Throws:

IPWorksSSLException

getAttributes

public LDAPAttributeList getAttributes()

Attributes for the current entry.

This property contains a collection of all of the attributes for the current entry. Each attribute's details are found in the fields of the ldapattribute type.

After a Search , this property will be populated with the attributes of each search results and can be read within the SearchResult event (one event for each resulting DN).

During an LDAP Modify operation, this property describes the modifications that are to be made to the attributes. You may specify the attribute, the new value, and the operation to be executed by the server in this property.

This collection is indexed from 0 to size - 1.

getAuthMechanism

public int getAuthMechanism()

The authentication mechanism to be used when connecting to the LDAP server.

By default, AuthMechanism is amSimple (0), and default plaintext authentication is used to login to the server. If AuthMechanism is set to amDigestMD5 (1), the more secure DIGEST-MD5 authentication is used instead.

If AuthMechanism is set to amNegotiate (2) NTLM/Negotiate authentication will be used.

If AuthMechanism is set to amKerberos (6) Kerberos/Negotiate authentication will be used.

setAuthMechanism

public void setAuthMechanism(int authMechanism)
                      throws IPWorksSSLException

The authentication mechanism to be used when connecting to the LDAP server.

By default, AuthMechanism is amSimple (0), and default plaintext authentication is used to login to the server. If AuthMechanism is set to amDigestMD5 (1), the more secure DIGEST-MD5 authentication is used instead.

If AuthMechanism is set to amNegotiate (2) NTLM/Negotiate authentication will be used.

If AuthMechanism is set to amKerberos (6) Kerberos/Negotiate authentication will be used.

Throws:

IPWorksSSLException

isConnected

public boolean isConnected()

Shows whether the bean is connected.

This property is used to determine whether or not the bean is connected to the remote host.

setConnected

public void setConnected(boolean connected)
                  throws IPWorksSSLException

Shows whether the bean is connected.

This property is used to determine whether or not the bean is connected to the remote host.

Throws:

IPWorksSSLException

isDeleteOldRDN

public boolean isDeleteOldRDN()

Controls whether the old RDN (Relative Distinguished Name) should be deleted.

This property controls whether the old Relative Distinguished Name (RDN) should be deleted. It is used when ModifyRDN is called. The default value is True, which instructs the server to delete the old RDN.

setDeleteOldRDN

public void setDeleteOldRDN(boolean deleteOldRDN)
                     throws IPWorksSSLException

Controls whether the old RDN (Relative Distinguished Name) should be deleted.

This property controls whether the old Relative Distinguished Name (RDN) should be deleted. It is used when ModifyRDN is called. The default value is True, which instructs the server to delete the old RDN.

Throws:

IPWorksSSLException

getDN

public java.lang.String getDN()

The Distinguished Name used as the base for LDAP operations.

Also the base object during LDAP searches.

The Distinguished Name is provided in string format as specified by RFC 1779. Example (Setting DN)

 LDAPControl.DN = "uid=TThompson,ou=Employees,dc=server"
 
 LDAPControl.DN = "Domain\Username" 

setDN

public void setDN(java.lang.String DN)
           throws IPWorksSSLException

The Distinguished Name used as the base for LDAP operations.

Also the base object during LDAP searches.

The Distinguished Name is provided in string format as specified by RFC 1779. Example (Setting DN)

 LDAPControl.DN = "uid=TThompson,ou=Employees,dc=server"
 
 LDAPControl.DN = "Domain\Username" 

Throws:

IPWorksSSLException

getFirewall

public Firewall getFirewall()

A set of properties related to firewall access.

This is a Firewall type property which contains fields describing the firewall through which the bean will attempt to connect.

setFirewall

public void setFirewall(Firewall firewall)
                 throws IPWorksSSLException

A set of properties related to firewall access.

This is a Firewall type property which contains fields describing the firewall through which the bean will attempt to connect.

Throws:

IPWorksSSLException

isIdle

public boolean isIdle()

The current status of the component.

Idle will be False if the component is currently busy (communicating and/or waiting for an answer), and True at all other times.

getLDAPVersion

public int getLDAPVersion()

The version of LDAP used.

This property contains the version of LDAP used. The default value is 2 (for LDAPv2).

setLDAPVersion

public void setLDAPVersion(int LDAPVersion)
                    throws IPWorksSSLException

The version of LDAP used.

This property contains the version of LDAP used. The default value is 2 (for LDAPv2).

Throws:

IPWorksSSLException

getLocalHost

public java.lang.String getLocalHost()

The name of the local host or user-assigned IP interface through which connections are initiated or accepted.

The LocalHost property contains the name of the local host as obtained by the gethostname() system call, or if the user has assigned an IP address, the value of that address.

In multi-homed hosts (machines with more than one IP interface) setting LocalHost to the value of an interface will make the bean initiate connections (or accept in the case of server beans) only through that interface.

If the bean is connected, the LocalHost property shows the IP address of the interface through which the connection is made in internet dotted format (aaa.bbb.ccc.ddd). In most cases, this is the address of the local host, except for multi-homed hosts (machines with more than one IP interface).

NOTE: LocalHost is not persistent. You must always set it in code, and never in the property window.

setLocalHost

public void setLocalHost(java.lang.String localHost)
                  throws IPWorksSSLException

The name of the local host or user-assigned IP interface through which connections are initiated or accepted.

The LocalHost property contains the name of the local host as obtained by the gethostname() system call, or if the user has assigned an IP address, the value of that address.

In multi-homed hosts (machines with more than one IP interface) setting LocalHost to the value of an interface will make the bean initiate connections (or accept in the case of server beans) only through that interface.

If the bean is connected, the LocalHost property shows the IP address of the interface through which the connection is made in internet dotted format (aaa.bbb.ccc.ddd). In most cases, this is the address of the local host, except for multi-homed hosts (machines with more than one IP interface).

NOTE: LocalHost is not persistent. You must always set it in code, and never in the property window.

Throws:

IPWorksSSLException

getMessageId

public int getMessageId()

The message identifier for the next LDAP request.

This property contains the message identifier for the next LDAP request. If a custom value is needed, this property must be set before calling any other methods. The bean increments this property automatically after each request.

setMessageId

public void setMessageId(int messageId)
                  throws IPWorksSSLException

The message identifier for the next LDAP request.

This property contains the message identifier for the next LDAP request. If a custom value is needed, this property must be set before calling any other methods. The bean increments this property automatically after each request.

Throws:

IPWorksSSLException

getPageSize

public int getPageSize()

The maximum number of results per page for the Search method.

This property contains the maximum number of results per page for the Search method. The default value is 0 (no paging). If set to a value greater than zero, results will be paged, i.e. returned in blocks of maximum PageSize results.

For each page sent by the server, a SearchPage event will fire. you may decide to cancel or continue displaying results from within this event.

Note: LDAP paging functionality is described by LDAP extension RFCs and may or may not be implemented by the LDAP server being accessed.

setPageSize

public void setPageSize(int pageSize)
                 throws IPWorksSSLException

The maximum number of results per page for the Search method.

This property contains the maximum number of results per page for the Search method. The default value is 0 (no paging). If set to a value greater than zero, results will be paged, i.e. returned in blocks of maximum PageSize results.

For each page sent by the server, a SearchPage event will fire. you may decide to cancel or continue displaying results from within this event.

Note: LDAP paging functionality is described by LDAP extension RFCs and may or may not be implemented by the LDAP server being accessed.

Throws:

IPWorksSSLException

getPassword

public java.lang.String getPassword()

The password used to authenticate to the LDAP server.

This property contains the password used to authenticate to the LDAP server. Leave this value empty if no password is required.

setPassword

public void setPassword(java.lang.String password)
                 throws IPWorksSSLException

The password used to authenticate to the LDAP server.

This property contains the password used to authenticate to the LDAP server. Leave this value empty if no password is required.

Throws:

IPWorksSSLException

getReferences

public LDAPReferenceList getReferences()

Collection of references returned from the server.

This property contains a collection of references returned from the server. References will be SearchResult references if inside a SearchResult or SearchResultReference event in which case they represent URLs to contact to continue the search. References will be regular Result references if inside the Result event or SearchComplete event in which case they represent the URLs to contact in order to complete the requested operation.

This collection is indexed from 0 to size - 1.

getResultCode

public int getResultCode()

The result code returned in the last server response.

This property contains the result code returned in the last server response. This is identical to the corresponding parameter provided by the last Result , SearchResult , or SearchComplete event.

Possible result codes are:

0

success

1

operationsError

2

protocolError

3

timeLimitExceeded

4

sizeLimitExceeded

5

compareFalse

6

compareTrue

7

authMethodNotSupported

8

strongAuthRequired

9

reserved

10

referral

11

adminLimitExceeded

12

unavailableCriticalExtension

13

confidentialityRequired

14

saslBindInProgress

16

noSuchAttribute

17

undefinedAttributeType

18

inappropriateMatching

19

constraintViolation

20

attributeOrValueExists

21

invalidAttributeSyntax

32

noSuchObject

33

aliasProblem

34

invalidDNSyntax

35

reserved for undefined isLeaf

36

aliasDereferencingProblem

48

inappropriateAuthentication

49

invalidCredentials

50

insufficientAccessRights

51

busy

52

unavailable

53

unwillingToPerform

54

loopDetect

64

namingViolation

65

objectClassViolation

66

notAllowedOnNonLeaf

67

notAllowedOnRDN

68

entryAlreadyExists

69

objectClassModsProhibited

70

reserved for CLDAP

71

affectsMultipleDSAs

All the result codes with the exception of success, compareFalse and compareTrue are to be treated as meaning the operation could not be completed in its entirety. Result codes from 16 to 21 indicate an AttributeProblem, codes 32, 33, 34 and 36 indicate a NameProblem, codes 48, 49 and 50 indicate a SecurityProblem, codes 51 to 54 indicate a ServiceProblem, and codes 64 to 69 and 71 indicate an UpdateProblem.

getResultDescription

public java.lang.String getResultDescription()

The descriptive text returned in the last server response (if any).

This property contains the descriptive text returned in the last server response (if any). This is identical to the corresponding parameter provided by the last Result , SearchResult , or SearchComplete event.

getResultDN

public java.lang.String getResultDN()

The Distinguished Name returned in the last server response (if any).

This property contains the Distinguished Name returned in the last server response (if any). This is identical to the corresponding parameter provided by the last Result , or SearchComplete event.

getSearchDerefAliases

public int getSearchDerefAliases()

Controls alias dereferencing during searching.

This property controls the alias dereferencing during searching. Possible values are:

sdaNever (0)

Do not dereference aliases in searching or in locating the base object of the search.

sdaInSearching (1)

Dereference aliases in subordinates of the base object in searching, but not in locating the base object of the search.

sdaFindingBaseObject (2)

Dereference aliases in locating the base object of the search, but not when searching subordinates of the base object.

sdaAlways (3)

Dereference aliases both in searching and in locating the base object of the search.

Default is to never dereference aliases.

setSearchDerefAliases

public void setSearchDerefAliases(int searchDerefAliases)
                           throws IPWorksSSLException

Controls alias dereferencing during searching.

This property controls the alias dereferencing during searching. Possible values are:

sdaNever (0)

Do not dereference aliases in searching or in locating the base object of the search.

sdaInSearching (1)

Dereference aliases in subordinates of the base object in searching, but not in locating the base object of the search.

sdaFindingBaseObject (2)

Dereference aliases in locating the base object of the search, but not when searching subordinates of the base object.

sdaAlways (3)

Dereference aliases both in searching and in locating the base object of the search.

Default is to never dereference aliases.

Throws:

IPWorksSSLException

isSearchReturnValues

public boolean isSearchReturnValues()

Controls whether the search operation returns values of attributes, or only types.

This property controls whether the search operation returns values of attributes, or only types. If only attributes are needed, disabling returning of values will enhance performance.

setSearchReturnValues

public void setSearchReturnValues(boolean searchReturnValues)
                           throws IPWorksSSLException

Controls whether the search operation returns values of attributes, or only types.

This property controls whether the search operation returns values of attributes, or only types. If only attributes are needed, disabling returning of values will enhance performance.

Throws:

IPWorksSSLException

getSearchScope

public int getSearchScope()

Controls the scope of LDAP search operations.

This property controls the scope of LDAP search operations. Possible values are:

ssBaseObject (0)

Search only the base object.

ssSingleLevel (1)

Search only one level, including objects directly below the base object, but not the base object itself.

ssWholeSubtree (2)

Search the whole subtree, including the base object itself.

Default is to search the whole subtree.

setSearchScope

public void setSearchScope(int searchScope)
                    throws IPWorksSSLException

Controls the scope of LDAP search operations.

This property controls the scope of LDAP search operations. Possible values are:

ssBaseObject (0)

Search only the base object.

ssSingleLevel (1)

Search only one level, including objects directly below the base object, but not the base object itself.

ssWholeSubtree (2)

Search the whole subtree, including the base object itself.

Default is to search the whole subtree.

Throws:

IPWorksSSLException

getSearchSizeLimit

public int getSearchSizeLimit()

Maximum number of entries that can be returned by the next search operation.

This property contains the maximum number of entries that can be returned by the next search operation. This limit is provided as a hint to the directory server. A value of 0 means that no size limits are in effect for the search.

setSearchSizeLimit

public void setSearchSizeLimit(int searchSizeLimit)
                        throws IPWorksSSLException

Maximum number of entries that can be returned by the next search operation.

This property contains the maximum number of entries that can be returned by the next search operation. This limit is provided as a hint to the directory server. A value of 0 means that no size limits are in effect for the search.

Throws:

IPWorksSSLException

getSearchTimeLimit

public int getSearchTimeLimit()

A time limit for the next search operation (in seconds).

This property contains a time limit for the next search operation (in seconds). This limit is provided as a hint to the directory server. A value of 0 means that no time limits are in effect for the search.

setSearchTimeLimit

public void setSearchTimeLimit(int searchTimeLimit)
                        throws IPWorksSSLException

A time limit for the next search operation (in seconds).

This property contains a time limit for the next search operation (in seconds). This limit is provided as a hint to the directory server. A value of 0 means that no time limits are in effect for the search.

Throws:

IPWorksSSLException

getServerName

public java.lang.String getServerName()

The name or address of the LDAP server.

This property specifies the IP address (IP number in dotted internet format) or Domain Name of the directory server. It is set before a connection is attempted and cannot be changed once a connection is in progress.

If this property is set to a Domain Name, a DNS request is initiated and upon successful termination of the request, this property is set to the corresponding address. If the search is not successful, an error is returned.

setServerName

public void setServerName(java.lang.String serverName)
                   throws IPWorksSSLException

The name or address of the LDAP server.

This property specifies the IP address (IP number in dotted internet format) or Domain Name of the directory server. It is set before a connection is attempted and cannot be changed once a connection is in progress.

If this property is set to a Domain Name, a DNS request is initiated and upon successful termination of the request, this property is set to the corresponding address. If the search is not successful, an error is returned.

Throws:

IPWorksSSLException

getServerPort

public int getServerPort()

The server port for the LDAP connection (default is 636).

This property contains the server port for the LDAP connection (default is 636). A valid port number (a value between 1 and 65535) is required for the connection to take place. The property must be set before a connection is attempted and cannot be changed once a connection is established. Any attempt to change this property while connected will fail with an error.

For explicit SSL, use port 389 instead (please refer to the SSLStartMode property for more information).

setServerPort

public void setServerPort(int serverPort)
                   throws IPWorksSSLException

The server port for the LDAP connection (default is 636).

This property contains the server port for the LDAP connection (default is 636). A valid port number (a value between 1 and 65535) is required for the connection to take place. The property must be set before a connection is attempted and cannot be changed once a connection is established. Any attempt to change this property while connected will fail with an error.

For explicit SSL, use port 389 instead (please refer to the SSLStartMode property for more information).

Throws:

IPWorksSSLException

getSortAttributes

public java.lang.String getSortAttributes()

A string of attribute names to sort on with optional relative matching rules.

This property contains a string of attribute names to sort on with optional relative matching rules. When set prior to a Search , entries returned by the server will be sorted according to SortAttributes . The format consists of one or more attribute names separated by spaces. Each attribute may be followed by an optional matching rule.

If matching rules are defined, they should be separated from the attribute names with a "/".

Normally the values are returned in ascending order. If descending (reverse) order of sorting is desired, the attribute type must be preceded with a "-".

Examples:

 LDAPControl.SortAttributes = "loginTime"
 
 LDAPControl.SortAttributes = "name/caseIgnoreSubstringsMatch age/numericStringSubstringsMatch"
 
 LDAPControl.SortAttributes = "cn age/1.3.6.1.4.1.1466.115.121.1.27"
 
 LDAPControl.SortAttributes = "-cn age/1.3.6.1.4.1.1466.115.121.1.27" 

Matching Rules for Equality Filters

1.3.6.1.4.1.1466.115.121.1.38

objectIdentifierMatch

1.3.6.1.4.1.1466.115.121.1.12

distinguishedNameMatch

1.3.6.1.4.1.1466.115.121.1.15

caseIgnoreMatch

1.3.6.1.4.1.1466.115.121.1.36

numericStringMatch

1.3.6.1.4.1.1466.115.121.1.41

caseIgnoreListMatch

1.3.6.1.4.1.1466.115.121.1.27

integerMatch

1.3.6.1.4.1.1466.115.121.1.6

bitStringMatch

1.3.6.1.4.1.1466.115.121.1.50

telephoneNumberMatch

1.3.6.1.4.1.1466.115.121.1.43

presentationAddressMatch

1.3.6.1.4.1.1466.115.121.1.34

uniqueMemberMatch

1.3.6.1.4.1.1466.115.121.1.42

protocolInformationMatch

1.3.6.1.4.1.1466.115.121.1.24

generalizedTimeMatch

1.3.6.1.4.1.1466.115.121.1.26

caseExactIA5Match

1.3.6.1.4.1.1466.115.121.1.26

caseIgnoreIA5Match

Matching Rules for Inequality Filters

1.3.6.1.4.1.1466.115.121.1.24

generalizedTimeOrderingMatch

1.3.6.1.4.1.1466.115.121.1.15

caseIgnoreOrderingMatch

Matching Rules for Substring Filters

1.3.6.1.4.1.1466.115.121.1.58

caseIgnoreSubstringsMatch

1.3.6.1.4.1.1466.115.121.1.58

telephoneNumberSubstringsMatch

1.3.6.1.4.1.1466.115.121.1.58

numericStringSubstringsMatch

Matching Rules for Subschema Attributes

1.3.6.1.4.1.1466.115.121.1.27

integerFirstComponentMatch

1.3.6.1.4.1.1466.115.121.1.38

objectIdentifierFirstComponentMatch

setSortAttributes

public void setSortAttributes(java.lang.String sortAttributes)
                       throws IPWorksSSLException

A string of attribute names to sort on with optional relative matching rules.

This property contains a string of attribute names to sort on with optional relative matching rules. When set prior to a Search , entries returned by the server will be sorted according to SortAttributes . The format consists of one or more attribute names separated by spaces. Each attribute may be followed by an optional matching rule.

If matching rules are defined, they should be separated from the attribute names with a "/".

Normally the values are returned in ascending order. If descending (reverse) order of sorting is desired, the attribute type must be preceded with a "-".

Examples:

 LDAPControl.SortAttributes = "loginTime"
 
 LDAPControl.SortAttributes = "name/caseIgnoreSubstringsMatch age/numericStringSubstringsMatch"
 
 LDAPControl.SortAttributes = "cn age/1.3.6.1.4.1.1466.115.121.1.27"
 
 LDAPControl.SortAttributes = "-cn age/1.3.6.1.4.1.1466.115.121.1.27" 

Matching Rules for Equality Filters

1.3.6.1.4.1.1466.115.121.1.38

objectIdentifierMatch

1.3.6.1.4.1.1466.115.121.1.12

distinguishedNameMatch

1.3.6.1.4.1.1466.115.121.1.15

caseIgnoreMatch

1.3.6.1.4.1.1466.115.121.1.36

numericStringMatch

1.3.6.1.4.1.1466.115.121.1.41

caseIgnoreListMatch

1.3.6.1.4.1.1466.115.121.1.27

integerMatch

1.3.6.1.4.1.1466.115.121.1.6

bitStringMatch

1.3.6.1.4.1.1466.115.121.1.50

telephoneNumberMatch

1.3.6.1.4.1.1466.115.121.1.43

presentationAddressMatch

1.3.6.1.4.1.1466.115.121.1.34

uniqueMemberMatch

1.3.6.1.4.1.1466.115.121.1.42

protocolInformationMatch

1.3.6.1.4.1.1466.115.121.1.24

generalizedTimeMatch

1.3.6.1.4.1.1466.115.121.1.26

caseExactIA5Match

1.3.6.1.4.1.1466.115.121.1.26

caseIgnoreIA5Match

Matching Rules for Inequality Filters

1.3.6.1.4.1.1466.115.121.1.24

generalizedTimeOrderingMatch

1.3.6.1.4.1.1466.115.121.1.15

caseIgnoreOrderingMatch

Matching Rules for Substring Filters

1.3.6.1.4.1.1466.115.121.1.58

caseIgnoreSubstringsMatch

1.3.6.1.4.1.1466.115.121.1.58

telephoneNumberSubstringsMatch

1.3.6.1.4.1.1466.115.121.1.58

numericStringSubstringsMatch

Matching Rules for Subschema Attributes

1.3.6.1.4.1.1466.115.121.1.27

integerFirstComponentMatch

1.3.6.1.4.1.1466.115.121.1.38

objectIdentifierFirstComponentMatch

Throws:

IPWorksSSLException

getSSLAcceptServerCert

public Certificate getSSLAcceptServerCert()

Instructs the bean to unconditionally accept the server certificate that matches the supplied certificate.

If it finds any issues with the certificate presented by the server, the bean will normally terminate the connection with an error.

You may override this behavior by supplying a value for SSLAcceptServerCert . If the certificate supplied in SSLAcceptServerCert is the same as the certificate presented by the server, then the server certificate is accepted unconditionally, and the connection will continue normally.

Please note that this functionality is provided only for cases where you otherwise know that you are communicating with the right server. If used improperly, this property may create a security breach. Use it at your own risk.

setSSLAcceptServerCert

public void setSSLAcceptServerCert(Certificate SSLAcceptServerCert)
                            throws IPWorksSSLException

Instructs the bean to unconditionally accept the server certificate that matches the supplied certificate.

If it finds any issues with the certificate presented by the server, the bean will normally terminate the connection with an error.

You may override this behavior by supplying a value for SSLAcceptServerCert . If the certificate supplied in SSLAcceptServerCert is the same as the certificate presented by the server, then the server certificate is accepted unconditionally, and the connection will continue normally.

Please note that this functionality is provided only for cases where you otherwise know that you are communicating with the right server. If used improperly, this property may create a security breach. Use it at your own risk.

Throws:

IPWorksSSLException

getSSLCert

public Certificate getSSLCert()

The certificate to be used during SSL negotiation.

The digital certificate that the bean will use during SSL negotiation. Set this property to a valid certificate before starting SSL negotiation. To set a certificate, you may set the Encoded field to the encoded certificate. To select a certificate, use the store and subject fields.

setSSLCert

public void setSSLCert(Certificate SSLCert)
                throws IPWorksSSLException

The certificate to be used during SSL negotiation.

The digital certificate that the bean will use during SSL negotiation. Set this property to a valid certificate before starting SSL negotiation. To set a certificate, you may set the Encoded field to the encoded certificate. To select a certificate, use the store and subject fields.

Throws:

IPWorksSSLException

getSSLServerCert

public Certificate getSSLServerCert()

The server certificate for the last established connection.

SSLServerCert contains the server certificate for the last established connection.

SSLServerCert is reset every time a new connection is attempted.

getSSLStartMode

public int getSSLStartMode()

Determines how the bean starts the SSL negotiation.

The SSLStartMode property may have one of the following values:

0 (sslAutomatic - default)

If the remote port is set to the standard plaintext port of the protocol (where applicable), the bean will behave the same as if SSLStartMode is set to sslExplicit . In all other cases, SSL negotiation will be implicit ( sslImplicit ).

1 (sslImplicit)

The SSL negotiation will start immediately after the connection is established.

2 (sslExplicit)

The bean will first connect in plaintext, and then explicitly start SSL negotiation through a protocol command such as STARTTLS.

3 (sslNone)

No SSL negotiation, no SSL security. All communication will be in plaintext mode.

setSSLStartMode

public void setSSLStartMode(int SSLStartMode)
                     throws IPWorksSSLException

Determines how the bean starts the SSL negotiation.

The SSLStartMode property may have one of the following values:

0 (sslAutomatic - default)

If the remote port is set to the standard plaintext port of the protocol (where applicable), the bean will behave the same as if SSLStartMode is set to sslExplicit . In all other cases, SSL negotiation will be implicit ( sslImplicit ).

1 (sslImplicit)

The SSL negotiation will start immediately after the connection is established.

2 (sslExplicit)

The bean will first connect in plaintext, and then explicitly start SSL negotiation through a protocol command such as STARTTLS.

3 (sslNone)

No SSL negotiation, no SSL security. All communication will be in plaintext mode.

Throws:

IPWorksSSLException

getTimeout

public int getTimeout()

A timeout for the bean.

If the Timeout property is set to 0, all operations return immediately, potentially failing with an error if they can't be completed immediately.

If Timeout is set to a positive value, the bean will wait for the operation to complete before returning control.

The bean will use DoEvents to enter an efficient wait loop during any potential waiting period, making sure that all system events are processed immediately as they arrive. This ensures that the host application does not "freeze" and remains responsive.

If Timeout expires, and the operation is not yet complete, the bean throws an exception.

Please note that by default, all timeouts are inactivity timeouts , i.e. the timeout period is extended by Timeout seconds when any amount of data is successfully sent or received.

Optionally, the behavior of the bean may be changed to absolute timeouts , i.e. the bean will wait for a maximum of Timeout seconds since the beginning of the operation, without extending the timeout period during communications.

This behavior is controlled by the ipworksssl.Ldaps#config configuration setting.

The default value for the {@link ipworksssl.Ldaps#getTimeout Timeout} property is 60 seconds.

setTimeout

public void setTimeout(int timeout)
                throws IPWorksSSLException

A timeout for the bean.

If the Timeout property is set to 0, all operations return immediately, potentially failing with an error if they can't be completed immediately.

If Timeout is set to a positive value, the bean will wait for the operation to complete before returning control.

The bean will use DoEvents to enter an efficient wait loop during any potential waiting period, making sure that all system events are processed immediately as they arrive. This ensures that the host application does not "freeze" and remains responsive.

If Timeout expires, and the operation is not yet complete, the bean throws an exception.

Please note that by default, all timeouts are inactivity timeouts , i.e. the timeout period is extended by Timeout seconds when any amount of data is successfully sent or received.

Optionally, the behavior of the bean may be changed to absolute timeouts , i.e. the bean will wait for a maximum of Timeout seconds since the beginning of the operation, without extending the timeout period during communications.

This behavior is controlled by the ipworksssl.Ldaps#config configuration setting.

The default value for the {@link ipworksssl.Ldaps#getTimeout Timeout} property is 60 seconds.

Throws:

IPWorksSSLException

abandon

public void abandon(int messageId)
             throws IPWorksSSLException

Asks the server to abandon a request.

This method asks the server to abandon the request specified by MessageId . The result of the operation is returned via the Result event.

Throws:

IPWorksSSLException

add

public void add()
         throws IPWorksSSLException

Adds an entry specified by DN to the directory server using the type and value attributes defined in the Attributes collection .

This method adds the entry specified by DN to the directory. All Entries are required to have an objectClass attribute.

In order to add a new entry, first Bind with credentials that will allow you to perform the new addition. To add attributes instead of entries, use the Modify method instead. When specifying multi-valued attributes, specify the attribute type only in the first occurrence of that attribute type in the Attributes collection . Additional occurrences of the same attribute type should specify an attribute type of empty string.

The result of the operation is returned via the Result event.

Example (Add a New Entry, including the multi-valued objectClass attribute)

 LDAPControl.DN = "uid=NewUser,ou=Employees,dc=server"
 LDAPControl.Attributes.Add(new LDAPAttribute("objectClass", "top"))
 LDAPControl.Attributes.Add(new LDAPAttribute("", "person"))
 LDAPControl.Attributes.Add(new LDAPAttribute("", "organizationalPerson"))
 LDAPControl.Attributes.Add(new LDAPAttribute("", "inetorgperson"))
 LDAPControl.Attributes.Add(new LDAPAttribute("sn", "UserName"))
 LDAPControl.Attributes.Add(new LDAPAttribute("cn", "New S. UserName"))
 LDAPControl.Attributes.Add(new LDAPAttribute("uid", "NewUser"))
 LDAPControl.Add() 

Throws:

IPWorksSSLException

attr

public java.lang.String attr(java.lang.String attrType)
                      throws IPWorksSSLException

Returns the value of the specified LDAP attribute.

This method returns the value of the specified LDAP attribute. If the attribute does not exist, an empty string is returned.

Please refer to the Attributes collection for more information.

Throws:

IPWorksSSLException

bind

public void bind()
          throws IPWorksSSLException

Connects and binds to the directory server.

This method connects and binds to the directory server. If the Password property has a value, it is used for authentication. If not, the Bind is performed anonymously. Binding is often required on some directory servers like Active Directory. The result of the operation is returned via the Result event.

Example (Binding)

 LDAPControl.DN = "uid=TThompson,ou=Employees,dc=server"
 LDAPControl.Password = "mypassword"
 LDAPControl.Bind()
 
 LDAPControl.DN = "Domain/Username"
 LDAPControl.Password = "mypassword"
 LDAPControl.Bind() 

Throws:

IPWorksSSLException

compare

public void compare()
             throws IPWorksSSLException

Compares attributes and values with those of the entry specified by DN .

This method compares attributes types and values specified via the Attributes collection , with the values in the directory for the entry specified by DN . The result of the operation is returned via the Result event.

Throws:

IPWorksSSLException

config

public java.lang.String config(java.lang.String configurationString)
                        throws IPWorksSSLException

Sets or retrieves a ipworksssl.Ldaps#config configuration setting.

{@link ipworksssl.Ldaps#config Config} is a generic method available in every bean. It is used to set and retrieve {@link ipworksssl.Ldaps#config configuration settingsfor the bean.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the bean, access to these internal properties is provided through the {@link ipworksssl.Ldaps#config Config} method.

To set a configuration setting named PROPERTY , you must call Config("PROPERTY=VALUE") , where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a {@link ipworksssl.Ldaps#config configuration setting, you must call Config("PROPERTY") . The value will be returned as a string.

The bean accepts one or more of the following configuration settings . Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the bean, access to these internal properties is provided through the {@link ipworksssl.Ldaps#config Config} method.

LDAP Configuration Settings

FriendlyGUID

Whether to return GUID attribute values in a human readable format

When inspecting object attributes this setting determines whether GUID attributes such as "objectGUID" are returned as binary objects or converted into a human readable string such as "708d9374-d64a-49b2-97ea-489ddc717703". When set to True a friendly string value is returned. When set to False (default) a binary object is returned.

FriendlySID

Whether to return SID attribute values in a human readable format

When inspecting object attributes this setting determines whether SID attributes such as "objectSid" are returned as binary objects or converted into a human readable string such as "S-1-5-21-4272240814-246508344-1325542772-12464". When set to True a friendly string value is returned. When set to False (default) a binary object is returned.

MaxAttributes

Instructs bean to save the amount of attributes specified that are returned by the server

This config should be set when populating the {@link ipworksssl.Ldaps#getAttributes Attributes} collection as a result of an LDAP search. This value represents the number of LDAP attributes that are to be saved in the collection .To save all items to the collection , set this config to -1. If no items are wanted, set this to 0, which will not save any to the collection . The default for this config is -1, so all items will be included in the collection .

You may still add to the {@link ipworksssl.Ldaps#getAttributes Attributes} collection when this config is set. This config only specifies a max for returned attributes.

NOTE: This functionality is only available in Java and .NET.

IPPort Configuration Settings

ConnectionTimeout

Sets a separate timeout value for establishing a connection

When set, this configuration setting allows you to specify a different timeout value for establishing a connection. Otherwise, the bean will use {@link ipworksssl.Ldaps#getTimeout Timeout} for establishing a connection and transmitting/receiving data.

FirewallAutoDetect

Tells the bean whether or not to automatically detect and use firewall system settings, if available

This is the same as AutoDetect . This setting is provided for use by beans that do not directly expose Firewall properties.

FirewallHost

Name or IP address of firewall (optional)

If a {@link ipworksssl.Ldaps#config is given, requested connections will be authenticated through the specified firewall when connecting.If the {@link ipworksssl.Ldaps#config setting is set to a Domain Name, a DNS request is initiated. Upon successful termination of the request, the {@link ipworksssl.Ldaps#config setting is set to the corresponding address. If the search is not successful, an error is returned.

NOTE: This is the same as Host . This setting is provided for use by beans that do not directly expose Firewall properties.

FirewallListener

If true, the component binds to a SOCKS firewall as a server (IPPort only)

This entry is for IPPort only and does not work for other components that descend from IPPort.If this entry is set, the bean acts as a server. {@link ipworksssl.Ldaps#getRemoteHost RemoteHost} and {@link ipworksssl.Ldaps#getRemotePort RemotePort} are used to tell the SOCKS firewall in which address and port to listen to. The firewall rules may ignore {@link ipworksssl.Ldaps#getRemoteHost RemoteHost} , and it is recommended that {@link ipworksssl.Ldaps#getRemoteHost RemoteHost} be set to empty string in this case.

{@link ipworksssl.Ldaps#getRemotePort RemotePort} is the port in which the firewall will listen to. If set to 0, the firewall will select a random port. The binding (address and port) is provided through the {@link ipworksssl.LdapsConnectionStatusEvent ConnectionStatus} event.

The connection to the firewall is made by calling the {@link ipworksssl.Ldaps#connect Connect} method.

FirewallPassword

Password to be used if authentication is to be used when connecting through the firewall

If {@link ipworksssl.Ldaps#config is specified, the {@link ipworksssl.Ldaps#config and {@link ipworksssl.Ldaps#config settings are used to connect and authenticate to the given firewall. If the authentication fails, the bean throws an exception.NOTE: This is the same as Password . This setting is provided for use by beans that do not directly expose Firewall properties.

FirewallPort

The TCP port for the FirewallHost;

Note that the {@link ipworksssl.Ldaps#config is set automatically when {@link ipworksssl.Ldaps#config is set to a valid value.NOTE: This is the same as Port . This setting is provided for use by beans that do not directly expose Firewall properties.

FirewallType

Determines the type of firewall to connect through

The appropriate values are as follows:

0

No firewall (default setting).

1

Connect through a tunneling proxy. {@link ipworksssl.Ldaps#config is set to 80.

2

Connect through a SOCKS4 Proxy. {@link ipworksssl.Ldaps#config is set to 1080.

3

Connect through a SOCKS5 Proxy. {@link ipworksssl.Ldaps#config is set to 1080.

NOTE: This is the same as FirewallType . This setting is provided for use by beans that do not directly expose Firewall properties.

FirewallUser

A user name if authentication is to be used connecting through a firewall

If the {@link ipworksssl.Ldaps#config is specified, the {@link ipworksssl.Ldaps#config and {@link ipworksssl.Ldaps#config settings are used to connect and authenticate to the Firewall. If the authentication fails, the bean throws an exception.NOTE: This is the same as User . This setting is provided for use by beans that do not directly expose Firewall properties.

KeepAliveTime

The inactivity time in milliseconds before a TCP keep-alive packet is sent

When set, {@link ipworksssl.Ldaps#config will automatically be set to true. By default the operating system will determine the time a connection is idle before a TCP keep-alive packet is sent. This system default if this value is not specified here is 2 hours. In many cases a shorter interval is more useful. Set this value to the desired interval in milliseconds.Note: This value is not applicable in Java.

KeepAliveInterval

The retry interval, in milliseconds, to be used when a TCP keep-alive packet is sent and no response is received

When set, {@link ipworksssl.Ldaps#config will automatically be set to true. A TCP keep-alive packet will be sent after a period of inactivity as defined by {@link ipworksssl.Ldaps#config . If no acknowledgement is received from the remote host the keep-alive packet will be re-sent. This setting specifies the interval at which the successive keep-alive packets are sent in milliseconds. This system default if this value is not specified here is 1 second.Note: This value is not applicable in Java or MAC.

Linger

When set to True, connections are terminated gracefully

This property controls how a connection is closed. The default is True.In the case that Linger is True (default), there are two scenarios for determining how long the connection will linger. The first, if {@link ipworksssl.Ldaps#config is 0 (default), the system will attempt to send pending data for a connection until the default IP protocol timeout expires.

In the second scenario, {@link ipworksssl.Ldaps#config is a positive value, the system will attempt to send pending data until the specified {@link ipworksssl.Ldaps#config is reached. If this attempt fails, then the system will reset the connection.

The default behavior (which is also the default mode for stream sockets) might result in a long delay in closing the connection. Although the bean returns control immediately, the system could hold system resources until all pending data is sent (even after your application closes).

Setting this property to False forces an immediate disconnection. If you know that the other side has received all the data you sent (by a client acknowledgment, for example), setting this property to False might be the appropriate course of action.

LingerTime

Time in seconds to have the connection linger

LingerTime is the time, in seconds, to leave the socket connection linger. This value is 0 by default, which means it will use the default IP protocol timeout.

LocalHost

The name of the local host through which connections are initiated or accepted

The {@link ipworksssl.Ldaps#getLocalHost LocalHost} setting contains the name of the local host as obtained by the gethostname() system call, or if the user has assigned an IP address, the value of that address.In multi-homed hosts (machines with more than one IP interface) setting LocalHost to the value of an interface will make the bean initiate connections (or accept in the case of server beans) only through that interface.

If the bean is connected, the {@link ipworksssl.Ldaps#getLocalHost LocalHost} setting shows the IP address of the interface through which the connection is made in internet dotted format (aaa.bbb.ccc.ddd). In most cases, this is the address of the local host, except for multi-homed hosts (machines with more than one IP interface).

LocalPort

The TCP port in the local host where the bean binds

This must be set before a connection is attempted. It instructs the bean to bind to a specific port (or communication endpoint) in the local machine.Setting this to 0 (default) enables the system to choose a port at random. The chosen port will be shown by {@link ipworksssl.Ldaps#getLocalPort LocalPort} after the connection is established.

{@link ipworksssl.Ldaps#getLocalPort LocalPort} cannot be changed once a connection is made. Any attempt to set this when a connection is active will generate an error.

This; setting is useful when trying to connect to services that require a trusted port in the client side. An example is the remote shell (rsh) service in UNIX systems.

MaxLineLength

The maximum amount of data to accumulate when no EOL is found

{@link ipworksssl.Ldaps#config is the size of an internal buffer, which holds received data while waiting for an {@link ipworksssl.Ldaps#getEOL EOL} string.If an {@link ipworksssl.Ldaps#getEOL EOL} string is found in the input stream before {@link ipworksssl.Ldaps#config bytes are received, the {@link ipworksssl.LdapsDataInEvent DataIn} event is fired with the EOL parameter set to True, and the buffer is reset.

If no {@link ipworksssl.Ldaps#getEOL EOL} is found, and {@link ipworksssl.Ldaps#config bytes are accumulated in the buffer, the {@link ipworksssl.LdapsDataInEvent DataIn} event is fired with the EOL parameter set to False, and the buffer is reset.

The minimum value for {@link ipworksssl.Ldaps#config is 256 bytes. The default value is 2048 bytes. The maximum value is 65536 bytes.

MaxTransferRate

The transfer rate limit in bytes per second

This setting can be used to throttle outbound TCP traffic. Set this to the number of bytes to be sent per second. By default this is not set and there is no limit.

TCPKeepAlive

Determines whether or not the keep alive socket option is enabled

If set to true, the socket's keep-alive option is enabled and keep-alive packets will be sent periodically to maintain the connection. Set {@link ipworksssl.Ldaps#config and {@link ipworksssl.Ldaps#config to configure the timing of the keep-alive packets.Note: This value is not applicable in Java.

UseIPv6

Whether or not to use IPv6

By default, the component expects an IPv4 address for local and remote host properties, and will create an IPv4 socket. To use IPv6 instead, set this to True.

CloseStreamAfterTransfer

If true, the component will close the upload or download stream after the transfer

This setting determines whether the input or output stream is closed after the transfer completes. When set to True (default), all streams will be closed after a transfer is completed. In order to keep streams open after the transfer of data, set this to False. the default value is True.

TcpNoDelay

Whether or not to delay when sending packets

When true, the socket will send all data that is ready to send at once. When false, the socket will send smaller buffered packets of data at small intervals. This is known as the Nagle algorithm.By default, this config is set to false.

SSL Configuration Settings

ReuseSSLSession

Determines if the SSL session is reused

If set to true, the component will reuse the context if and only if the following criteria are met:

• The target host name is the same.
• The system cache entry has not expired (default timeout is 10 hours).
• The application process that calls the function is the same.
• The logon session is the same.
• The instance of the component is the same.

SSLCipherStrength

The minimum cipher strength used for bulk encryption

This minimum cipher strength largely dependent on the security modules installed on the system. If the cipher strength specified is not supported, an error will be returned when connections are initiated.Please note that this setting contains the minimum cipher strength requested from the security library. The actual cipher strength used for the connection is shown by the {@link ipworksssl.LdapsSSLStatusEvent SSLStatus} event.

Use this setting with caution. Requesting a lower cipher strength than necessary could potentially cause serious security vulnerabilities in your application.

When the provider is OpenSSL, SSLCipherStrength is currently not supported. This functionality is instead made available through the {@link ipworksssl.Ldaps#config config setting.

SSLEnabledProtocols

Used to enable/disable the supported security protocols

Used to enable/disable the supported security protocols.Not all supported protocols are enabled by default (the value of this setting is 192). If you want more granular control over the enabled protocols, you can set this property to the binary 'OR' of one or more of the following values:

TLS1.2

3072 (Hex C00)

TLS1.1

768 (Hex 300)

TLS1

192 (Hex C0) (Default)

SSL3

48 (Hex 30)

SSL2

12 (Hex 0C)

Please note that although a number of sites still support SSL2, it is usually a good idea to disable it because of potential security vulnerabilities.

When the provider is OpenSSL, SSLCipherStrength is currently not supported. This functionality is instead made available through the {@link ipworksssl.Ldaps#config config setting.

TLS 1.1 and TLS1.2 support are only available starting with Windows 7.

SSLProvider

The name of the security provider to use

Change this setting to use security providers other than the system default.Use this setting with caution. Disabling SSL security or pointing to the wrong provider could potentially cause serious security vulnerabilities in your application.

The special value "*" (default) picks the default SSL provider defined in the system.

Note: On Windows systems, the default SSL Provider is "Microsoft Unified Security Protocol Provider" and cannot be changed.

SSLSecurityFlags

Flags that control certificate verification

The following flags are defined (specified in hexadecimal notation). They can be or-ed together to exclude multiple conditions:

0x00000001

Ignore time validity status of certificate.

0x00000002

Ignore time validity status of CTL.

0x00000004

Ignore non-nested certificate times.

0x00000010

Allow unknown Certificate Authority.

0x00000020

Ignore wrong certificate usage.

0x00000100

Ignore unknown certificate revocation status.

0x00000200

Ignore unknown CTL signer revocation status.

0x00000400

Ignore unknown Certificate Authority revocation status.

0x00000800

Ignore unknown Root revocation status.

0x00008000

Allow test Root certificate.

0x00004000

Trust test Root certificate.

0x80000000

Ignore non-matching CN (certificate CN not-matching server name).

This functionality is currently not available in Java or when the provider is OpenSSL.

SSLContextProtocol

The protocol used when getting an SSLContext instance

Possible values are SSL, SSLv2, SSLv3, TLS and TLSv1. Use it only in case your security provider does not support TLS. This is the parameter "protocol" inside the SSLContext.getInstance(protocol) call.

SSLTrustManagerFactoryAlgorithm

The algorithm to be used to create a TrustManager through TrustManagerFactory

Possible values include SunX509. This is the parameter "algorithm" inside the TrustManagerFactory.getInstance(algorithm) call.

SSLEnabledCipherSuites

The cipher suite to be used in an SSL negotiation

The enabled cipher suites to be used in SSL negotiation.By default, the enabled cipher suites will include all available ciphers ("*").

The special value "*" means that the component will pick all of the supported cipher suites. If SSLEnabledCipherSuites is set to any other value, only the specified cipher suites will be considered.

Multiple cipher suites are separated by semicolons.

Example values:

 obj.config("SSLEnabledCipherSuites=*");
 obj.config("SSLEnabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA");
 obj.config("SSLEnabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA; SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"); 

Possible values include:

• SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
• SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
• SSL_RSA_WITH_RC4_128_SHA
• SSL_RSA_WITH_DES_CBC_SHA
• SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
• SSL_DH_anon_WITH_DES_CBC_SHA
• SSL_RSA_EXPORT_WITH_RC4_40_MD5
• SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
• SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
• SSL_DHE_DSS_WITH_DES_CBC_SHA
• SSL_RSA_WITH_NULL_MD5
• SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
• SSL_DHE_RSA_WITH_DES_CBC_SHA
• SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
• SSL_RSA_WITH_NULL_SHA
• SSL_DH_anon_WITH_RC4_128_MD5
• SSL_RSA_WITH_RC4_128_MD5
• SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
• SSL_RSA_WITH_3DES_EDE_CBC_SHA
• TLS_ECDH_ECDSA_WITH_NULL_SHA
• TLS_DH_anon_WITH_AES_128_CBC_SHA256
• TLS_ECDH_anon_WITH_RC4_128_SHA
• TLS_DH_anon_WITH_AES_128_CBC_SHA
• TLS_DHE_RSA_WITH_AES_128_CBC_SHA
• TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
• TLS_KRB5_WITH_3DES_EDE_CBC_SHA
• TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
• TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
• TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
• TLS_KRB5_EXPORT_WITH_RC4_40_SHA
• TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
• TLS_ECDHE_RSA_WITH_RC4_128_SHA
• TLS_ECDH_ECDSA_WITH_RC4_128_SHA
• TLS_ECDH_anon_WITH_NULL_SHA
• TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
• TLS_RSA_WITH_NULL_SHA256
• TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
• TLS_KRB5_WITH_RC4_128_MD5
• TLS_ECDHE_ECDSA_WITH_NULL_SHA
• TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
• TLS_ECDH_RSA_WITH_RC4_128_SHA
• TLS_EMPTY_RENEGOTIATION_INFO_SCSV
• TLS_KRB5_WITH_3DES_EDE_CBC_MD5
• TLS_KRB5_WITH_RC4_128_SHA
• TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
• TLS_ECDH_RSA_WITH_NULL_SHA
• TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
• TLS_KRB5_WITH_DES_CBC_MD5
• TLS_KRB5_EXPORT_WITH_RC4_40_MD5
• TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
• TLS_ECDH_anon_WITH_AES_128_CBC_SHA
• TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
• TLS_KRB5_WITH_DES_CBC_SHA
• TLS_RSA_WITH_AES_128_CBC_SHA
• TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
• TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
• TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
• TLS_ECDHE_RSA_WITH_NULL_SHA
• TLS_RSA_WITH_AES_128_CBC_SHA256
• TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
• TLS_DHE_DSS_WITH_AES_128_CBC_SHA

SSLEnabledCipherSuites is used together with SSLCipherStrength .

Note: This configuration setting is available only in .NET and Java.

SSLAlgorithmList

A string that controls the cipher algorithms to be used by SSL

This configuration option takes a semicolon (;) delimited list of cipher algorithms to specify what algorithms may be used by SSL. This option can be used in conjunction with SSLEnabledProtocols to control which ciphers are used.For example:

 obj.Config("SSLEnabledProtocols=3072"); // TLS1.2  (supports SHA_256)
   obj.Config("SSLAlgorithmList=CALG_SHA_256;CALG_MD5"); 

Possible values include:

• CALG_3DES
• CALG_3DES_112
• CALG_AES
• CALG_AES_128
• CALG_AES_192
• CALG_AES_256
• CALG_AGREEDKEY_ANY
• CALG_CYLINK_MEK
• CALG_DES
• CALG_DESX
• CALG_DH_EPHEM
• CALG_DH_SF
• CALG_DSS_SIGN
• CALG_ECDH
• CALG_ECDSA
• CALG_ECMQV
• CALG_HASH_REPLACE_OWF
• CALG_HUGHES_MD5
• CALG_HMAC
• CALG_KEA_KEYX
• CALG_MAC
• CALG_MD2
• CALG_MD4
• CALG_MD5
• CALG_NO_SIGN
• CALG_OID_INFO_CNG_ONLY
• CALG_OID_INFO_PARAMETERS
• CALG_PCT1_MASTER
• CALG_RC2
• CALG_RC4
• CALG_RC5
• CALG_RSA_KEYX
• CALG_RSA_SIGN
• CALG_SCHANNEL_ENC_KEY
• CALG_SCHANNEL_MAC_KEY
• CALG_SCHANNEL_MASTER_HASH
• CALG_SEAL
• CALG_SHA
• CALG_SHA1
• CALG_SHA_256
• CALG_SHA_384
• CALG_SHA_512
• CALG_SKIPJACK
• CALG_SSL2_MASTER
• CALG_SSL3_MASTER
• CALG_SSL3_SHAMD5
• CALG_TEK
• CALG_TLS1_MASTER
• CALG_TLS1PRF

This option is only valid in Windows.

Socket Configuration Settings

AbsoluteTimeout

Determines whether timeouts are inactivity timeouts or absolute timeouts

If AbsoluteTimeout is set to True, any method which does not complete within Timeout seconds will be aborted. By default, AbsoluteTimeout is False, and the timeout is an inactivity timeout.Note: This option is not valid for UDP ports.

FirewallData

Used to send extra data to the firewall

When the firewall is a tunneling proxy, use this property to send custom (additional) headers to the firewall (e.g. headers for custom authentication schemes).

InBufferSize

The size in bytes of the incoming queue of the socket

This is the size of an internal queue in the TCP/IP stack. You can increase or decrease its size depending on the amount of data that you will be receiving. Increasing the value of the InBufferSize setting can provide significant improvements in performance in some cases.Some TCP/IP implementations do not support variable buffer sizes. If that is the case, when the bean is activated the InBufferSize reverts to its defined size. The same happens if you attempt to make it too large or too small.

OutBufferSize

The size in bytes of the outgoing queue of the socket

This is the size of an internal queue in the TCP/IP stack. You can increase or decrease its size depending on the amount of data that you will be sending. Increasing the value of the OutBufferSize setting can provide significant improvements in performance in some cases.Some TCP/IP implementations do not support variable buffer sizes. If that is the case, when the bean is activated the OutBufferSize reverts to its defined size. The same happens if you attempt to make it too large or too small.

Base Configuration Settings

GUIAvailable

Tells the bean whether or not a message loop is available for processing events

In a GUI-based application, long-running blocking operations may cause the application to stop responding to input until the operation returns. The bean will attempt to discover whether or not the application has a message loop and, if one is discovered, it will process events in that message loop during any such blocking operation.In some non-GUI applications an invalid message loop may be discovered that will result in errant behavior. In these cases, setting GuiAvailable to false will ensure that the bean does not attempt to process external events.

UseDaemonThreads

Whether threads created by the bean are daemon threads

If set to True, when the bean creates a thread the thread's Daemon property will be explicitly set to True. By default this setting is False and the bean will not set the Daemon property on the created thread.

Throws:

IPWorksSSLException

delete

public void delete()
            throws IPWorksSSLException

Deletes an entry specified by DN from the directory server.

This method deletes the entry specified by DN from the directory. The result of the operation is returned via the Result event.

Throws:

IPWorksSSLException

doEvents

public void doEvents()
              throws IPWorksSSLException

Processes events from the internal message queue.

When DoEvents is called, the bean processes any available events. If no events are available, it waits for a preset period of time, and then returns.

Throws:

IPWorksSSLException

extendedRequest

public void extendedRequest(java.lang.String requestName,
                            byte[] requestValue)
                     throws IPWorksSSLException

Performs an LDAP V3 Extended Operation.

This method performs an LDAP V3 Extended Operation. RequestName must contain the OID of the operation, and RequestValue may contain an optional value.

Throws:

IPWorksSSLException

interrupt

public void interrupt()
               throws IPWorksSSLException

Interrupt the current method.

If there is no method in progress, Interrupt simply returns, doing nothing.

Throws:

IPWorksSSLException

modify

public void modify()
            throws IPWorksSSLException

Performs an LDAP 'modify' operation on the entry specified by DN .

This method performs an LDAP 'modify' operation on the entry specified by DN . The attribute(s) to modify should be set via the Attributes collection . When specifying multi-valued attributes, specify the attribute type only in the first occurrence of that attribute type in the Attributes collection . Additional occurrences of the same attribute type should specify an attribute type of empty string.

The modification can be a replacement, an addition, or a deletion, depending on the ModOp field of the attribute;. The result of the operation is returned via the Result event.

Example (Modify an Entry - Replace an Attribute Value)

 LDAPControl.DN = "uid=TThompson,ou=Employees,dc=server"
 LDAPControl.Attributes.Add(New LDAPAttribute("url", "www.url1.net", LDAPAttributeModOps.amoReplace))
 LDAPControl.Attributes.Add(New LDAPAttribute("", "www.url2.net", LDAPAttributeModOps.amoReplace))
 LDAPControl.Modify() 

Throws:

IPWorksSSLException

modifyRDN

public void modifyRDN(java.lang.String newRDN)
               throws IPWorksSSLException

Performs an LDAP 'modify RDN' operation an entry specified by DN .

This method performs an LDAP 'modify RDN' operation on the entry specified by DN .

NewRDN is the new RDN for the entry specified by DN

The result of the operation is returned via the Result event.

Throws:

IPWorksSSLException

moveToDN

public void moveToDN(java.lang.String newSuperior)
              throws IPWorksSSLException

Performs an LDAP 'modify' operation on the entry specified by DN by changing its superior.

This method performs an LDAP 'modify' operation on the entry specified by DN by changing its superior. None of the entry's attributes will change. DeleteOldRDN property will be set to true to delete the old entry. The result of the operation is returned via the Result event.

Throws:

IPWorksSSLException

search

public void search(java.lang.String searchFilter)
            throws IPWorksSSLException

Searches the directory server using the base object specified in DN and the search filter SearchFilter .

This method searches the directory server using the base object specified in the DN and the search filter specified in the SearchFilter parameter. Additional search parameters are specified through the SearchScope , SearchDerefAliases , SearchSizeLimit , SearchTimeLimit , and SearchReturnValues properties.

If Attributes are specified before starting a search, the server will only return results that contain a value for the specified attributes.

Results are returned through zero or more SearchResult events, after which a SearchComplete event is fired.

Example (Searching for a User)

 LDAPControl.DN = "ou=Employees,dc=server"
 LDAPControl.Search("uid=TThompson") 

A DSE Search (Directory Specific Entries) will search for attributes of the server itself. Example (DSE Search)

 LDAPControl.DN = "" 
 LDAPControl.SearchScope = 0
 LDAPControl.Search("objectClass=*") 

SearchFilter is a string representation of the LDAP search filter used for the search.

The format of the search filter is specified by RFC 1558 and is identical to the format used by most LDAP applications.

The following are examples of search filters, as provided in the RFC:

 (cn=Babs Jensen)
      (!(cn=Tim Howes))
      (&(objectClass=Person)(|(sn=Jensen)(cn=Babs J*)))
      (o=univ*of*mich*) 

The complete specification is given by the following BNF:

 <filter> ::= "(" <filtercomp> ")"
      <filtercomp> ::= <and> | <or> | <not> | <item>
      <and> ::= "&" <filterlist>
      <or> ::= "|" <filterlist>
      <not> ::= "!" <filter>
      <filterlist> ::= <filter> | <filter> <filterlist>
      <item> ::= <simple> | <present> | <substring>
      <simple> ::= <attr> <filtertype> <value>
      <filtertype> ::= <equal> | <approx> | <greater> | <less>
      <equal> ::= "="
      <approx> ::= "~="
      <greater> ::= ">="
      <less> ::= "<="
      <present> ::= <attr> "=*"
      <substring> ::= <attr> "=" <initial> <any> <final>
      <initial> ::= NULL | <value>
      <any> ::= "*" <starval>
      <starval> ::= NULL | <value> "*" <starval>
      <final> ::= NULL | <value> 

<attr> is a string representing an attribute type as defined in RFC 1777. <value> is a string representing an attribute value, or part of one, and has the form defined in RFC 1779. If a <value> must contain one of the characters '*' or '(' or ')', these should be escaped by preceding them with the backslash '\' character.

Throws:

IPWorksSSLException

unbind

public void unbind()
            throws IPWorksSSLException

Unbinds from the directory server.

This method unbinds from the directory server and breaks the connection.

Throws:

IPWorksSSLException

addLdapsEventListener

public void addLdapsEventListener(LdapsEventListener l)
                           throws java.util.TooManyListenersException

Throws:

java.util.TooManyListenersException

removeLdapsEventListener

public void removeLdapsEventListener(LdapsEventListener l)