Please enable JavaScript to view this site.

The command ldap_read() reads a value from an LDAP directory and stores it in a variable.

 

This command connects to an LDAP server, reads the value of an attribute, and stores it in a variable.

If none of the specified LDAP servers is reached, the email is rejected with a temporary error (420, could not connect to LDAP server).

 

Structure of the command

 

ldap_read('ldap','attr','var');

 

 

Return value

positive

if the attribute 'attr’ was found and a value can be attached to the 'var’ variable

negative

if no value can be attached to the 'var'  variables

 

Parameters

Variables available!

 

empty

anchor link Attention:

The contents of the variables in the "Filter" parameter deviate from the default variables!

 

 

ldap

The parameter is structured as follows:

'URI;BindDN;Password;SearchBase;Filter'

The meaning of the individual part strings is described in the following table:

 

Parameters

Description

URI

Specifies the LDAP server to be queried. The hostname or IP address is accepted as input. Several, comma-separated values can also be specified. In this case, the system automatically accesses the next server if the previous one cannot be reached.

 

empty

anchor link Note:

If more than one LDAP server is entered, a connection is established for each individual server. The connections are stored temporarily. The actual query is then executed in the server order entered until the query is successful. If a query was unsuccessful, the connection is removed from the cache. If there is no remaining connection in the cache, the connections are re-established.

BindDN

Input of the full distinguished name (DN) of the (read-only) account that is authorised to search the "SearchBase" in the LDAP directory.

Password

The password of the user specified under BindDN

 

empty

anchor link Note:

Semicolons ";" and backslashes "\" in the password must each be marked with a backslash as special character, i.e. "\;" and/or "\\".

For instance, the password

p4ss\w0rd;

would have to be entered as follows:

p4ss\\w0rd\;

SearchBase

Search path: Specifies the branch of the LDAP directory to be searched by means of the search filter (see line below) for the object from which the attribute 'attr’ is to be read.

Filter

Indication of the search attribute/value by means of which the object is to be searched for in the "SearchBase" branch. The search attribute is generally "(mail=...)". For evaluating the email address(es), the variables indicated below are available.

 

Variables

empty

anchor link Attention:

The contents of the variables indicated here deviate from the default variables!

For example, if the parameter 'ldap’ was filled with a variable written by means of setvar(), deviations in processing could occur.

 

$from

This variable returns the email address of the sender from the FROM header of the email.

If the sender of the FROM header is not internal - i.e. cannot be assigned to a Managed domain - the system checks for the presence of the SENDER header. If this is present and the sender contained therein is internal, it is output instead of the sender of the FROM header. This avoids problems when forwarding calendar invitations, for example.

Return value when using this variable

positive

if a corresponding object with the indicated attribute 'attr’ was found in the path indicated via the LDAP search string (ldap/filter).

negative

if no corresponding value was found.

 

empty

anchor link Attention:

Before using ldap_read() with the following variables, a splitrecipients() is urgently required to be able to guarantee that the variable 'var’ can be written for each recipient.

$one_recipient

If an email contains several recipients, a corresponding object with the indicated attribute 'attr’ is searched for in the LDAP search string (ldap/filter) for all recipients.

Return value when using this variable

positive

if a corresponding object with the indicated attribute 'attr’ was found in the path indicated via the LDAP search string (ldap/filter) for at least one recipient.

negative

If a corresponding object/attribute could not be found for any recipient.

 

$all_recipients

If an email contains several recipients, a corresponding object with the indicated attribute 'attr’ is searched for in the LDAP search string (ldap/filter) for all recipients.

Return value when using this variable

positive

If a corresponding object with the indicated attribute 'attr’ was found in the path indicated via the LDAP search string (ldap/filter) for all recipients.

negative

if  no corresponding object/attribute has been found for even one recipient.

 

 

 

attr

Attribute whose value is to be read after a successful search (see (ldap/filter)).

 

var

Name of the variable in which the value of the attribute 'attr' is to be stored

 

Example 1

The value of the attribute "Name" is to be read from an LDAP directory. This is to be stored in the variable "name_from_ldap".

The statement looks like this:

 

Line

Code

01

ldap_read('ldaps://directory.domain.tld;CN=Peter Mueller,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=Firma,DC=local;mypassword;OU=SBSUsers,OU=Users,OU=MyBusiness,DC=firma,DC=local;(mail=$sender)','name','name_from_ldap');

 

Explanation

The LDAP server with the IP address 192.168.10.10 (and the standard port 389) is queried.

The distinguished name (DN) of the user (Peter Mueller) under which the query is executed (this user must have the appropriate permissions) is

CN=Peter Mueller,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=Firma,DC=local

The password of this user is

mypassword

The LDAP path in which the attribute "name" is to be searched for is

OU=SBSUsers,OU=Users,OU=MyBusiness,DC=Firma,DC=local

The user whose group membership is to be determined is defined by the sender email address (ldap/filter).

If the indicated attribute 'attr’ or the entry that is searched for does not exist, the variable 'var’ will be assigned an empty value.

If several entries (objects) are found in the attribute 'attr’ only the first one is evaluated.

If several attributes 'attr' are present, all attributes will be evaluated (multi value).

If none of the specified LDAP servers is reached, the email is rejected with a temporary error.

 

Processing of JSON "objects" within attributes

Case 1:

If an attribute attr named json is given and the value of the attribute is in JSON format, individual names can be read from JSON and their values written into variables.

For this, var is entered as JSON name field followed by colon : and the name of the variable into which the name value should be written, enfolded by curly brackets as follows

{"namefield_1": "variable_1", "namefield_2": "variable_2", "namefield_n": "variable_n"}

 

Example 1

The attribute "myJson" includes a JSON object, for example

 

{

 "FirstName" : "John",

 "Name" : "Doe",

 "Street" : "Paradigm Street 1",

 "PostalCode" : "98765",

 "City" : "Paradigm City",

 "Country" : "commercial"

}

 

From this JSON object, the values of the name fields "Name", "Street", “PostalCode" und "City" should be written into the variables "$surname", "$street", "$postalcode" and "$locality”.

 

Line

Code

01

ldap_read('ldaps://directory.domain.tld;CN=Peter Mueller,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=Firma,DC=local;mypassword;OU=SBSUsers,OU=Users,OU=MyBusiness,DC=firma,DC=local;(mail=$sender)','json','"Name" : "$surname", "Street" : "$street", "PostalCode" : "$postalcode", "City" : "$locality"');

 

This results in the following variable-value combinations

 

$surname

Doe

$street

Paradigm Street 1

$postalcode

98765

$locality

Paradigm City

 

 

Case 2:

If an attribute attr with any name is given and the value is in JSON format, the contents of the name fields from the JSON object can be written into variables of the same name.

As var, the value json is used.

 

Example 2

The attribute "myJson" includes a JSON object, for example

 

{

 "FirstName" : "John",

 "Name" : "Doe",

 "Street" : "Paradigm Street 1",

 "PostalCode" : "98765",

 "City" : "Paradigm City",

 "Country" : "commercial"

}

 

From the JSON object the contents of the name fields shall be written into variables of the same name, which is triggered by using json as var.

 

Line

Code

01

ldap_read('ldaps://directory.domain.tld;CN=Peter Mueller,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=Company,DC=local;mypassword;OU=SBSUsers,OU=Users,OU=MyBusiness,DC=firma,DC=local;(mail=$sender)','myJson','json');

 

This results in the following variable-value combinations

 

$FirstName

John

$Name

Doe

$Street

Paradigm Street 1

$PostalCode

98765

$City

Paradigm City

$Country

commercial

 
  

Keyboard Navigation

F7 for caret browsing
Hold ALT and press letter

This Info: ALT+q
Topic Header: ALT+t
Topic Body: ALT+b
Contents: ALT+c
Search: ALT+s
Exit Menu/Up: ESC