Professional Documents
Culture Documents
The documentation may have changed since you downloaded the PDF. You can always find the latest information on SAP Help Portal.
Note
This PDF document contains the selected topic and its subtopics (max. 150) in the selected structure. Subtopics from other structures are not included.
2014 SAP AG or an SAP affiliate company. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose
without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG
and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided by
SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be
liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express
warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. SAP and other
SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other
countries. Please see www.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark information and notices.
Table of content
PUBLIC
2014 SAP AG or an SAP affiliate company. All rights reserved.
Page 1 of 6
Table of content
1 LDAP Connector Interface
PUBLIC
2014 SAP AG or an SAP affiliate company. All rights reserved.
Page 2 of 6
PUBLIC
2014 SAP AG or an SAP affiliate company. All rights reserved.
Page 3 of 6
LDAPE: The input parameter is a complex data type that describes the data of the entry.
DN: The complete Distinguished Name of the entry to be created.
ATTRIBUTES: A table with the attribute names and values. The row type of this table is complex and has the following relevant fields:
NAME: Attribute name
TYP: Specifies whether this is a text (C) or binary (X) attribute. Only these two values are permissible.
VALS: For text attributes, the attribute values are transferred in this table (in the table column VAL).
XVALS: For binary attributes, the attribute values are transferred in this table (in the table column VAL).
LDAP_UPDATE (Changing an Entry)
You can use this function to change an existing entry. The interface is identical to that of LDAP_CREATE. For this function, the OPERATION field of the attribute
table specifies for each attribute which operation is to be performed:
A: "Append". The specified values are to be added to the existing values.
D: "Delete". The specified values are to be deleted from the existing values.
R: "Replace". The specified values completely replace the existing values. In accordance with the LDAP standard, replacement with an empty value set is
equivalent to deletion.
LDAP_READ (Reading Entries)
You can use this function to read data from the directory.
BASE_STRING: The Distinguished Name of the entry from which the search is to be performed.
SCOPE: Search depth.
Permissible values:
0: The search extends only to the base entry. Choose this search depth to check whether a particular entry exists, or to read attributes of a known
entry.
1: Search one level below the base entry.
2: The search extends to the base entry and all entries and subtrees below.
FILTER_STRING: The search filter in LDAP notation. Example: (&(objectclass=*)(telephoneNumber=12345))
TIMEOUT: A structure with the fields SEC and USEC, which define the maximum search time in the directory, if set to a value other than zero. This
information is forwarded to the directory. SAP is not responsible for it being taken into account, nor for its effects.
ATTRIBUTES: You can use this table to specify which attributes are to be read, and in which format (text or binary) they are returned.
If the table is empty, all attributes are returned in both formats.
If the table contains a row with an attribute name in the NAME field, this attribute is returned in the format specified in the TYP field. Permissible
values for this field:
C: The attribute is only read in text format.
X: The attribute is only read in binary format.
Empty: The attribute is read in text and binary formats.
If the table contains a row with an asterisk (*) in the NAME field, all attributes are returned in the format specified in the TYP field.
The search results are returned in the ENTRIES table with a complex row structure:
DN: The Distinguished Name of the entry found.
ATTRIBUTES: A table containing the found attributes of the entry. The row structure has the following fields:
NAME: The name of the attribute
TYP: The format in which this attribute was read (C for text, X for binary).
VALS: For attributes read in text format, this table contains the attribute values.
XVALS: For attributes read in binary format, this table contains the attribute values.
Connection Between Requested and Returned Attribute Names and Types
Attribute names are not case-sensitive, in accordance with the LDAP standard. You can therefore request an attribute using parameter ATTRIBUTES of
LDAP_READ with any notation.
To permit a search in the search result by this attribute, LDAP_READ returns every requested attribute (if it exists in the directory) in the return structure with the
same notation, and also take into account the requested type.
If you used the placeholder asterisk (*) to address all attributes, these are returned in upper-case.
Example
Example 1: An entry in the directory has the attributes SN, CN, and CERT.
Request:
NAME TYP
================
sn C
SN C
CN X
cert <space>
SN C
LDAP_READ Return
NAME TYP VALS XVALS
================================
PUBLIC
2014 SAP AG or an SAP affiliate company. All rights reserved.
Page 4 of 6
CN X - + (as requested)
SN C + - (only once, although requested twice)
cert <space> + + (as requested)
sn C + - (was also requested in lower case)
Example
Example 2:
Request:
NAME TYP
============
cert X
SN C
* C
LDAP_READ Return
NAME TYP VALS XVALS
================================
CERT C + - (result of "*")
CN C + - (result of "*")
N C + - (directly requested)
cert X - + (directly requested)
LDAP_DELETE (Deleting Entries)
DN_STRING: The complete Distinguished Name of the entry to be deleted.
SUBTREE: If this parameter is set to (X), all entries below the Distinguished Name are deleted. This function therefore allows the deletion of an entire
subtree.
LDAP_RENAME (Renaming Entries)
DN_STRING: The complete Distinguished Name of the entry to be renamed.
NEW_RDN_STRING: The new Relative Distinguished Name for the entry.
NEW_PARENT_STRING: If this parameter is filled, it specifies the new superordinate entry. In SAP's experience, this operation is not supported by all
directories.
DELETE_OLD: If this parameter is set to (X), the old entry is deleted after the renaming (moving), otherwise the operation is equivalent to copying.
Recommendation
Comparing Attribute Values
The comparison operation of the LDAP standard (ldap_compare_s) is not supported. We recommend that you use LDAP_READ to read the desired
attribute and perform the comparison in ABAP.
LDAP_UNBIND (Logging Off from the Directory)
With this function, you close the connection to the directory. You cannot then perform any further directory operations until you log on again.
Note
Using multiple LDAP connections in an application program
So that an application program can create and use multiple connections to directories, you can use the function module LDAP_CHECKOUT_CONNKEY to
"park" an existing connection. The returned parameter CKEY must be saved by the application program.
A new connection can then by created with LDAP_SIMPLEBIND or LDAP_SYSTEMBIND, and used.
To return to the old connection, the function module LDAP_CHECKIN_CONNKEY needs to be called with the stored value of CKEY.
LDAP_OPTIONS (Reading/Changing Options of the LDAP Interface)
You can use this function to read or change the option values of the operating system-side LDAP interface.
The functions LDAP_SIMPLEBIND and LDAP_SYSTEMBIND already set the LDAP protocol version in accordance with the Customizing specifications, so that
the use of LDAP_OPTIONS is only required in exceptional cases.
WRITEREAD: This parameter controls whether options are to be read R) or written (W).
OPTIONS_IO: A table with one row for each option that is to be read or written. In the NUM1 field, specify the option number (see below). To write options
(WRITEREAD = W), specify the option value to be set in field NUM2. After the function has been successfully called, the NUM2 field contains the read (R)
or written (W) option value.
PUBLIC
2014 SAP AG or an SAP affiliate company. All rights reserved.
Page 5 of 6
PUBLIC
2014 SAP AG or an SAP affiliate company. All rights reserved.
Page 6 of 6