Please enable JavaScript to view this site.

The command ldap_getcerts() retrieves public S/MIME keys (certificates) from an LDAP directory service.

 

This command obtains public S/MIME keys (certificates) from an LDAP directory service for each recipient of an email.

The search filter for this is (mail=) and is not configurable.

 

Structure of the command

 

ldap_getcerts('ldap', ['filter'], ['optional']);

 

 

Return value

positive

always

 

Parameters

Variables available!

 

ldap

The parameter is structured as follows:

'URI;BindDN;Password;SearchBase'

The meaning of the individual part strings is described in the following table:

 

Parameters

Description

URI

Specifies the LDAP(s) server to be queried. The hostname or IP address is accepted as input. Several, comma-separated values can also be specified. In this case, the system automatically accesses the next server if the previous one cannot be reached.

 

empty

anchor link Note:

If more than one LDAP server is entered, a connection is established for each individual server. The connections are stored temporarily. The actual query is then executed in the server order entered until the query is successful. If a query was unsuccessful, the connection is removed from the cache. If there is no remaining connection in the cache, the connections are re-established.

BindDN

Input of the full distinguished name (DN) of the (read-only) account that is authorised to search the "SearchBase" in the LDAP directory.

Password

The password of the user specified under BindDN

 

empty

anchor link Note:

Semicolons ";" and backslashes "\" in the password must each be marked with a backslash as special character, i.e. "\;" and/or "\\".

For instance, the password

p4ss\w0rd;

would have to be entered as follows:

p4ss\\w0rd\;

SearchBase

Search path: Specifies the branch of the LDAP directory in which the attribute from the parameter 'attr' is to be searched.

 

filter (optional)

If a search filter which deviates from the default filter (mail=<E-Mail Adresse des Empfängers>) is required, this can be entered optionally.

 

optional (optional)

Determines the behaviour if the LDAP directory service cannot be reached

Possible values

true, yes or 1

prevents termination

false, no or 0

immediate termination

The default setting is 0

 

Example 1

Line

Code

01

ldap_getcerts('ldaps://ldap-directory.domain.tld;;;ou=pki-participant,dc=pki,dc=mycompany,dc=tld');

 

Explanation

The LDAP server accessible under the Fully Qualified Domain Name (FQDN) "ldap-directory.domain.tld" (on the standard port 636) is queried. A user (BindDN) with password to authorise the query is not necessary because the example makes use of a public LDAP directory service. The LDAP path in which the certificates are stored is ou=pki-participant,dc=pki,dc=domain,dc=tld

 
  

Keyboard Navigation

F7 for caret browsing
Hold ALT and press letter

This Info: ALT+q
Topic Header: ALT+t
Topic Body: ALT+b
Contents: ALT+c
Search: ALT+s
Exit Menu/Up: ESC