2.2 Add Delete entries - rukichen/GrailsGroovyLDAP GitHub Wiki

Topics:
2.2.1 Adding an entry
2.2.2 Sending an AddRequest
2.2.3 General Rules for entries
2.2.4 Deleting entries

Full code for this part: SecondGroovy.groovy

2.2.1 Adding an entry

When adding entry you need to know your structure of your LDAP Server and which items are required if you want to add something. We will start with adding a new user Oskar Wild. We can do this with add(new DefaultEntry(). The first attribute needs to be the DN! The others depend on your DB. In our case we have four ObjectClasses and the cn and sn.

connection.add(new DefaultEntry(
            "cn=Oskar Wild,ou=Users,dc=example,dc=com",
	    "ObjectClass: inetOrgPerson",
	    "ObjectClass: organizationalPerson", 
            "ObjectClass: top",
            "ObjectClass: person",
            "cn: oskar wild",
            "sn: Oskar"))

if (connection.exists("cn=Oskar Wild,ou=Users,dc=example,dc=com")) {
    println "You added Oskar Wild"
}

I added a check whether the entry was added or not. It would make sense to make a second check before we try to add something if it already exists. We can do this in the same way as we just did. Preferable use assert as check, to abort if it really exists.

If you don't add a check afterwards, nothing will printed in the console, which might be frustrating sometimes. But you can always check in the LDAP View if the entry was added. ( right click on user->"refresh entry")

2.2.2 Sending an AddRequest

When we need more control we ask the server to add an entry by sending an AddRequest, which allows a Control to be included in the request. In the example the control is just injected to demonstrate the feature, it doesn't really do anything here.

Here I included some assertions. The first just checks the existence of the entry, the second checks if response is not empty and the third checks if the entry was successfully entered into the DB.

assert !connection.exists("cn=Mark Twain,ou=Users,dc=example,dc=com")
	
def entry = new DefaultEntry(
		"cn=Mark Twain,ou=Users,dc=example,dc=com",
	        "ObjectClass: inetOrgPerson",
	        "ObjectClass: organizationalPerson", 
		"ObjectClass: top",
		"ObjectClass: person",
		"cn: mark twain",
		"sn: Mark")
		
def addRequest = new AddRequestImpl()
addRequest.setEntry(entry)
addRequest.addControl(new ManageDsaITImpl())

def response = connection.add(addRequest)

assert response
assert ResultCodeEnum.SUCCESS == response.getLdapResult().getResultCode()	
if (connection.exists("cn=Mark Twain,ou=Users,dc=example,dc=com")) {
    println "You added Mark Twain"
}

2.2.3 General Rules for entries

  • The entry must have at least one Structural ObjectClass
  • If the entry has more than one Structural ObjectClass, then they must be hierarchically related
  • The ObjectClasses define the list of allowed Structural AttributeTypes that can be used
  • All the MUST AttributeTypes must be present
  • follow the AttributeType Syntax
  • If the AttributeType is single valued, then you can't add more than one value
  • The entry's Dn must have a parent
  • You are not allowed as a user to inject operational attributes, unless they have the USER-MODIFICATION flag set to true.

2.2.4 Deleting entries

simple deletion
Of course when we can add something, we need to be able to delete something. For deleting we need the DN of that entry. But be aware, if the entry has children this delete method won't work.

assert connection.exists("cn=Mark Twain,ou=Users,dc=example,dc=com") 
connection.delete("cn=Mark Twain,ou=Users,dc=example,dc=com")
if( !connection.exists("cn=Mark Twain,ou=Users,dc=example,dc=com")){
    println "Deleted Mark Twain successfully"
}

Recursive deletion
It will delete all the children and the entry itself. Some server might not accept this kind of tree deletion. Microsoft, OpenDS, OpenDJ have it implemented.
The server we use does not accept it. I still gave the example here in toggled it out in the code file.

To check what controls are supported: https://cwiki.apache.org/confluence/display/DIRxSRVx11/Supported+LDAP+Controls%2C+Extended+Operations+and+Features
or run the Sending a DeleteRequest with a control which will show you if it works or not.

assert connection.exists( "cn=Mark Twain,ou=Users,dc=example,dc=com" )
connection.deleteTree( "cn=Mark Twain,ou=Users,dc=example,dc=com" )
if(!connection.exists( "cn=Mark Twain,ou=Users,dc=example,dc=com" ) ){
    println "Deleted Mark Twain nad child successfully"
}

Sending a DeleteRequest with a control
Same goes for this. It won't work on the apache ds server (jet) but in general this is the way to send a request and check before hand of the control is supported.

assert connection.exists( "cn=Mark Twain,ou=Users,dc=example,dc=com" )

if ( connection.isControlSupported( "1.2.840.113556.1.4.805" ) ){
    def deleteRequest = new DeleteRequestImpl()
    deleteRequest.setName( new Dn( "cn=Mark Twain,ou=Users,dc=example,dc=com" ) )
    def deleteTreeControl = new OpaqueControl( "1.2.840.113556.1.4.805" )
    deleteRequest.addControl( deleteTreeControl )
    connection.delete( deleteRequest )

    if(!connection.exists( "cn=Mark Twain,ou=Users,dc=example,dc=com" ) ){
        println "Deleted Mark Twain nad child successfully"
    }
}else{
    println "Control 1.2.840.113556.1.4.805 is not supported"
}
<<< Back 2.1. Connect and Search in the LDAP Server 2.3 Modify Entries and Attributes Next >>>
⚠️ **GitHub.com Fallback** ⚠️