• Software overview
• Json2Ldap
  • Introduction
  • Where to use?
  • Technical specification
  • Quick start
  • Configuration
  • Web API
  • Error codes
  • Reference book
  • FAQ
• JsWorld
  • Online demo
  • Quick start
  • Library design and features
  • Numeric formatting
  • Currency formatting
  • Date/time formatting
  • Parsing
  • Supported locales
• JSON-RPC 2.0
  • Introduction
  • Base Java classes
  • Console client
• Contact
• Download

Clients can send LDAP requests to the Json2Ldap web service using JSON-RPC 2.0 over HTTP (POST), the latest version of the simple protocol for remote procedure calls (RPC) with JSON encoded messages.

The Json2Ldap methods expect request parameters to be specified by name (as key-value pairs); positional parameters are not accepted. Using named parameters allows methods to have multiple optional parameters and makes it possible to introduce additional ones in future without breaking backward compatibility.

Clients start an LDAP session by requesting a connection to a specified directory server. Upon a successful connect Json2Ldap returns a connection identifier (CID) string which is used to reference the LDAP connection in subsequent directory requests. Clients should send a request to close the connection once they no longer need it; if not the connection will be closed automatically by Json2Ldap after a time value specified by the json2ldap.clients.maxIdleTime parameter.

Here is an example of a JSON-RPC 2.0 ldap.connect request to establish a plain connection to an LDAP server on host ldap.example.com that listens on port 1389.

{
  "method"  : "ldap.connect",
  "params"  : { "host" : "ldap.example.com", "port" : 1389 },
  "id"      : 1,
  "jsonrpc" : "2.0"
}

If the connect request is successful, Json2Ldap will return a JSON-RPC 2.0 response with the connection identifier (CID) representing the established LDAP connection. The CID value is contained in the result field of the response.

{
  "result"  : "74cd2a2b584f0535b1bfc5401c7ce2ed",
  "id"      : 1,
  "jsonrpc" : "2.0"
}

If, however, the connect request fails, a JSON-RPC 2.0 response with an error is returned. Here is an example error the client would get if Json2Ldap couldn't establish a network connection:

{
  "error"   : { "code"    : 1103,
                "message" : "LDAP server down or invalid host\/port" },
  "id"      : 1,
  "jsonrpc" : "2.0"
}

Once the connection is made, the client can send requests for various LDAP operations such as ldap.getEntry or ldap.search. The CID parameter must always be supplied, otherwise Json2Ldap wouldn't know which LDAP connection the client is referring to.

Here is an example of a ldap.getEntry request where the client wishes to retrieve the attributes of the directory entry with distinguished name (DN) uid=user.123,ou=People,dc=example,dc=com:

{
  "method"  : "ldap.getEntry",
  "params"  : { "CID" : "7af10fbb52ad093040bb58a7ca344206",
                "DN"  : "uid=user.123,ou=People,dc=example,dc=com" },
  "id"      : 2,
  "jsonrpc" :"2.0"
}

And the resulting example ldap.getEntry response:

{
  "result" : { "DN"              : "uid=user.123,ou=People,dc=example,dc=com",
               "objectClass"     : [ "top", 
                                     "person", 
                                     "inetorgperson", 
                                     "organizationalperson" ],
               "cn"              : ["Aili Aksel"],
               "sn"              : ["Aksel"],
               "uid"             : ["user.123"],               
               "mail"            : ["user.123@maildomain.net"],
               "telephoneNumber" : ["+1 558 831 4090"],
               "employeeNumber"  : ["123"] },
 "id"      : 1,
 "jsonrpc" : "2.0"
}

To close the LDAP connection send a ldap.close request to the Json2Ldap gateway/proxy.

{
  "method"  : "ldap.close",
  "params"  : { "CID":"7af10fbb52ad093040bb58a7ca344206" },
  "id"      : 3,
  "jsonrpc" : "2.0"
}

The close method doesn't return a result with the JSON-RPC 2.0 response, so the field will be null.

{
  "id"      : 3,
  "result"  : null,
  "jsonrpc" : "2.0"
}

The following table is an overview of the Json2Ldap web API. The calls can be grouped into seven categories according to operation type and have a close resemblance of the standard LDAP API.

Directory connection	Directory authentication	Directory read and search
ldap.connect ldap.isConnected ldap.close	ldap.simpleBind ldap.anonymousBind	ldap.getEntry ldap.search ldap.compare ldap.getRootDSE
Directory write operations	Extended directory operations	Web service information
ldap.add ldap.add (LDIF) ldap.delete ldap.deleteTree ldap.modify ldap.modify (multiple) ldap.modify (LDIF) ldap.modifyDN	ldap.ext.passwordModify ldap.ext.whoAmI	ws.getName ws.getVersion ws.getTime
Directory schema information
ldap.schema.getObjectClass ldap.schema.getObjectClasses ldap.schema.getAttributeType ldap.schema.getAttributeTypes ldap.schema.getMatchingRule ldap.schema.getMatchingRules ldap.schema.getMatchingRuleUse ldap.schema.getMatchingRuleUses ldap.schema.getSyntax ldap.schema.getSyntaxes

1. Directory connection

An LDAP session is started by making an ldap.connect request. To establish a secure LDAP connection over TLS or SSL set the optional request security parameter to the desired protocol.

Json2Ldap also allows clients to connect to a default LDAP server specified in the web.xml configuration file. To request a default connection simply send an ldap.connect request with the server host parameter omitted.

To check whether an LDAP connection is still usable use the ldap.isConnected method.

Once you no longer need an LDAP connection you should close it with ldap.close. Otherwise the connection will be closed automatically by Json2Ldap after an idle period of time.

ldap.connect

Creates a new LDAP server connection.

If the host parameter is omitted Json2Ldap will attempt to make a connection to the default LDAP server (specified by the json2ldap.defaultConnection.* configuration parameters).

To make a secure LDAP connection set the optional security parameter to "StartTLS" or "SSL". Always use secure connections when authenticating via ldap.simpleBind or when dealing with sensitive directory data.

This method also allows an optional simple bind (authentication) to be performed with the same request (requires the bindDN and bindPassword parameters to be set), otherwise the connection is started in anonymous mode. The bind (authentication) operation can also be performed later, after connection is established, with a separate request, or to switch the current user, using ldap.simpleBind or ldap.anonymousBind.

Note that if Json2Ldap is configured to require authentication (see configuration parameter json2ldap.clients.requireAuthentication) a bindDN and a bindPassword parameter must be included with the ldap.connect request, otherwise the connection will be refused.

Parameters:

• [host = null] {string} The host name or IP address of the LDAP server to which the connection should be established. If omitted or set to null Json2Ldap will attempt to make a connection to the default LDAP server (its details will be retrieved from the configuration file, overriding any port, timeout and security parameters here).
• [port = 389] {integer} The port number of the LDAP server. It should be a value between 1 and 65535, inclusive. LDAP servers are typically assigned port 389.
• [timeout = 0] {integer} The maximum length of time in milliseconds to wait for the connection to be established before failing, or zero to indicate that no timeout should be enforced (although if the attempt stalls long enough, then the underlying operating system may cause it to timeout).
• [security = "none"] {"none"|"StartTLS"|"SSL"} Specifies the connection security:
  • "none" for a plain unencrypted connection (default).
  • "StartTLS" for a secure connection using a StartTLS extended operation.
  • "SSL" for a secure connection over SSL.
• [trustSelfSignedCerts = false] {true|false} Determines whether to accept self-signed certificates presented by the LDAP server (applies to secure connections only).
• [bindDN = null] {string} If set, upon successful connection attempts a simple bind (authentication) to the directory server with the specified user distinguished name (DN). The bindPassword parameter must also be set then.
• [bindPassword = null] {string} If set, upon successful connection attempts a simple bind (authentication) to the directory server with the specified password. The bindDN parameter must also be set then.

Result:

• {string} A connection identifier (CID) representing the new connection. Use this value to refer to the LDAP connection in subsequent requests.

ldap.isConnected

Checks if the specified LDAP connection is still active. If the result is false or the response produces an -1000 error "Invalid/expired LDAP connection identifier (CID)" then you will need to start a new connection to continue work.

Parameters:

• CID {string} The connection identifier (CID).

Result:

• {true|false} true if the connection is active, otherwise false.

ldap.close

Closes the specified LDAP connection. The connection identifier (CID) becomes invalidated.

Parameters:

• CID {string} The connection identifier (CID) representing the connection.

Result:

• {null} This method doesn't return a result on success.

2. Authentication

User authentication to a directory is performed using an LDAP "bind" operation. Use the ldap.simpleBind method to request a simple bind with a user DN and password. To make an anonymous bind use the ldap.anonymousBind method. LDAP connections are normally started in anonymous mode, so you don't need to call this method unless you wish to switch the mode of an already authenticated connection back to anonymous.

Note that if Json2Ldap is configured to require authentication (see configuration parameter json2ldap.clients.requireAuthentication) clients will be required to provide a bind DN and password with the initial connection request. Requests for anonymous re-bind will be refused.

Also note that Json2Ldap will refuse to relay bind requests if the configuration parameter json2ldap.clients.denyBindRequests is set.

ldap.simpleBind

Makes a simple bind (authenticate) request for the specified connection, providing a user distinguished name (DN) and password.

Parameters:

• CID {string} The connection identifier (CID).
• DN {string} The user distinguished name (DN).
• password {string} The user bind password.

Result:

• {null} This method doesn't return a result on success.

ldap.anonymousBind

Makes an anonymous (authenticate) bind request for the specified connection. Essentially, this is a simple bind with an empty user DN and password. LDAP connections are normally started in anonymous mode, so you won't need to call this method unless you wish to switch the mode of an authenticated connection back to anonymous.

Parameters:

• CID {string} The connection identifier (CID).

Result:

• {null} This method doesn't return a result on success.

3. Directory read and search operations

Json2Ldap supports all standard LDAP operations for retrieving and searching directory entries. To obtain the attributes of a specific entry by its DN call the ldap.getEntry method. The ldap.compare method can be used to determine whether an entry contains a given attribute value. To request a directory search use ldap.search. The ldap.getRootDSE method allows clients to retrieve information about the capabilities of the directory server, server vendor and version information, and published naming contexts.

Note that Json2Ldap will refuse to relay read or search requests if the configuration parameter json2clients.clients.denyReadRequests is set.

ldap.getEntry

Retrieves the entry with the specified distinguished name (DN).

Parameters:

• CID {string} The connection identifier (CID).
• DN {string} The distinguished name (DN) of the entry to retrieve.
• [attributes = "*"] {array|string} The set of attributes to retrieve, specified as an array of strings or as a string containing the attribute names separated by space or commas. If omitted or set to "*" all attributes will be requested. If set to "+" the operational attributes will be requested. If empty no attributes will be requested.
• [output = "JSON"] {"JSON"|"LDIF"} Specifies the output format, which can be JSON (default) or LDIF.

Result:

• {object|string} A JSON object containing the entry DN and its attributes as attribute name/value array pairs. If the alternative output format was chosen, the result will be an LDIF string.

ldap.search

Requests a directory search. For most situations it is sufficient to specify the minimum CID, baseDN, scope and filter parameters. The matching entries may be sorted by one or more attributes using the optional sort parameter. The search result may be alternatively formatted as LDIF.

Parameters:

• CID {string} The connection identifier (CID).
• baseDN {string} The base distinguished name (DN) for the search request.
• scope {"BASE"|"ONE"|"SUB"|"SUBORDINATE_SUBTREE"} The scope that specifies the range of entries that should be examined for the search:
  • "BASE" Indicates that only the entry specified by the base DN should be considered.
  • "ONE" Indicates that only entries that are immediate subordinates of the entry specified by the base DN (but not the base entry itself) should be considered.
  • "SUB" Indicates that the base entry itself and any subordinate entries (to any depth) should be considered.
  • "SUBORDINATE_SUBTREE" Indicates that any subordinate entries (to any depth) below the entry specified by the base DN should be considered, but not the base entry itself.
• filter {string} The filter to use to identify matching entries.
• [attributes = "*"] {array|string} The set of attributes to retrieve, specified as an array of strings or as a string containing the attribute names separated by space or commas. If omitted or set to "*" all attributes will be requested. If set to "+" the operational attributes will be requested. If empty no attributes will be requested.
• [sort = [] ] {array} Allows for optional sorting of the matching entries. Requires directory support of the server-side sorting control (RFC 2891). To request a sort by one or more attributes specify an array including the corresponding number of sort key specification objects, each with the following properties:
  • key {string} The name of the attribute for which sorting is to be performed.
  • [reverseOrder = false] {true|false} Indicates whether the results should be sorted in ascending or descending order, defaults to false if omitted.
  • [orderingRule = null] {string} The name or OID of the ordering matching rule that should be used to perform the sort. If omitted or null the default ordering matching rule for the specified attribute will be used.
• [derefPolicy = "NEVER"] {"NEVER"|"SEARCHING"|"FINDING"|"ALWAYS"} The dereference policy the server should use for any aliases encountered while processing the search:
  • "NEVER" Indicates that the server should not dereference any aliases that it encounters.
  • "SEARCHING" Indicates that the server should dereference any aliases that it may encounter while examining candidate entries, but it should not dereference the base entry if it happens to be an alias entry.
  • "FINDING" Indicates that the server should dereference the base entry if it happens to be an alias entry, but it should not dereference any alias entries that may be encountered while examining candidate entries.
  • "ALWAYS" Indicates that the server should dereference the base entry if it happens to be an alias entry, and should also dereference any entries that may be encountered while examining candidates.
• [sizeLimit = 0] {integer} The maximum number of entries that the server should return for the search. A value of zero indicates that there should be no limit. Note that the LDAP server may impose a stricter overriding limit. If exceeded, the search request will return an "LDAP error: Size limit exceeded" (code 4), discarding any partially retrieved results.
• [timeLimit = 0] {integer} The maximum length of time in seconds that the server should spend processing this search request. A value of zero indicates that there should be no limit. Note that the LDAP server may impose a stricter overriding limit. If, exceeded the search requests will return an "LDAP error: Time limit exceeded" (code 3), discarding any partially retrieved results.
• [typesOnly = false] {true|false} Indicates whether to return only attribute names in matching entries, or both attribute names and values.
• [output = "JSON"] {"JSON"|"LDIF"} Specifies the output format, which can be JSON (default) or LDIF.

Result:

• {object|string} A JSON object with properties:
  • "matches" An array containing the matching entries, each represented as an object containing the DN and attribute properties; empty if none were found.
  • "referrals" A string array of the referral URLs, empty if none were returned.
  If the alternative LDIF output format was chosen, the result will be an LDIF string containing the matching entries.

ldap.compare

Determines whether the specified entry contains a given attribute value.

Parameters:

• CID {string} The connection identifier (CID).
• DN {string} The distinguished name (DN) of the entry in which to make the comparison.
• attribute {string} The attribute name for which to make the comparison.
• value {string} The assertion value to verify in the target entry.
• [binary = false] {true|false}If true the assertion value will be treated as a BASE-64 encoded binary value, if false it will be treated as text.

Result:

• {true|false} true if there was a match, otherwise false.

ldap.getRootDSE

Retrieves the directory server root DSE, which provides information about the capabilities of the directory server, server vendor and version information, and published naming contexts.

Parameters:

• CID {string} The connection identifier (CID).
• [output = "JSON"] {"JSON"| "LDIF"} Specifies the output format, which can be JSON (default) or LDIF.

Result:

• {object|string} A JSON object containing the root DSE attributes as attribute name/value array pairs. If the alternative output format was chosen, the result will be an LDIF string.

4. Directory Write Operations

Json2Ldap supports all standard LDAP operations for updating a directory. To add a new entry to a directory use the ldap.add method. Entry removal is done with a ldap.delete request. To remove a tree of entries with a single request use the powerful ldap.deleteTree method. To update an entry choose one of the ldap.modify variants. Finally, entry renaming and relocation are done with the ldap.modifyDN method.

The ldap.add and ldap.modify methods also have alternative parameter signatures which accept an LDIF record to specify the desired operation.

Note that Json2Ldap will refuse to relay write requests if the json2ldap.clients.denyWriteRequests configuration parameter is set.

ldap.add

Adds a new entry to the directory.

Parameters:

• CID {string} The connection identifier (CID).
• DN {string} The distinguished name (DN) for the entry to add.
• [attributes = null] {object} A JSON object containing name/string array pairs specifying the entry attributes. If null no text attributes will be added.
• [binaryAttributes = null] {object} A JSON object containing name/string array pairs specifying the binary attributes. The attribute values must be BASE-64 encoded. If null no binary attributes will be added.

Result:

• {null} This method doesn't return a result on success.

ldap.add (LDIF)

Adds a new entry to the directory specified as an LDIF string.

Parameters:

• CID {string} The connection identifier (CID).
• LDIF {string} An LDIF string representing a changetype ADD record.

Result:

• {null} This method doesn't return a result on success.

ldap.delete

Deletes the specified directory entry.

Parameters:

• CID {string} The connection identifier (CID).
• DN {string} The distinguished name (DN) of the entry to delete.

Result:

• {null} This method doesn't return a result on success.

ldap.deleteTree

Deletes the specified directory entry and all its children. Uses a subtree delete request control (OID 1.2.840.113556.1.4.805) which may not be supported by some LDAP servers.

Parameters:

• CID {string} The connection identifier (CID).
• DN {string} The distinguished name (DN) of the base entry to delete.

Result:

• {null} This method doesn't return a result on success.

ldap.modify

Modifies a directory entry.

Parameters:

• CID {string} The connection identifier (CID).
• DN {string} The distinguished name (DN) of the entry to modify.
• attribute {string} The name of the attribute to update.
• type {"ADD"|"DELETE"|"REPLACE"|"INCREMENT"} The type of change to apply:
  • "ADD" Indicates that the provided value(s) should be added to the specified attribute in the target entry. If the attribute does not already exist, it will be created. If it does exist, then the new values will be merged added to the existing values. At least one value must be provided with the "ADD" modification type, and none of those values will be allowed to exist in the entry.
  • "DELETE" Indicates that the specified attribute or attribute values should be removed from the entry. If no values are provided, then the entire attribute will be removed. If one or more values are given, then only those values will be removed. If any values are provided, then all of those values must exist in the target entry.
  • "REPLACE" Indicates that the set of values for the specified attribute should be replaced with the provided value(s). If no values are given, then the specified attribute will be removed from the entry if it exists, or no change will be made. If one or more values are provided, then those values will replace the existing values if the attribute already exists, or a new attribute will be added with those values if there was previously no such attribute in the entry.
  • "INCREMENT" Indicates that the value of the specified attribute should be incremented. The target entry must have exactly one value for the specified attribute and it must be an integer. The modification must include exactly one value, and it must be an integer which specifies the amount by which the existing value is to be incremented (or decremented, if the provided value is negative).
• [values = null] {array} One or more optional attribute values for this modification.
• [binary = false] {true|false} If true the value(s) will be treated as BASE-64 encoded binary value(s).

Result:

• {null} This method doesn't return a result on success.

ldap.modify (multiple)

Performs multiple modifications of a directory entry.

Parameters:

• CID {string} The connection identifier (CID).
• DN {string} The distinguished name (DN) of the entry to modify.
• mods {array} Array of one or more modification specifications:
  • attribute {string} The name of the attribute to update.
  • type {"ADD"|"DELETE"|"REPLACE"|"INCREMENT"} The type of change to apply:
    • "ADD" Indicates that the provided value(s) should be added to the specified attribute in the target entry. If the attribute does not already exist, it will be created. If it does exist, then the new values will be merged added to the existing values. At least one value must be provided with the "ADD" modification type, and none of those values will be allowed to exist in the entry.
    • "DELETE" Indicates that the specified attribute or attribute values should be removed from the entry. If no values are provided, then the entire attribute will be removed. If one or more values are given, then only those values will be removed. If any values are provided, then all of those values must exist in the target entry.
    • "REPLACE" Indicates that the set of values for the specified attribute should be replaced with the provided value(s). If no values are given, then the specified attribute will be removed from the entry if it exists, or no change will be made. If one or more values are provided, then those values will replace the existing values if the attribute already exists, or a new attribute will be added with those values if there was previously no such attribute in the entry.
    • "INCREMENT" Indicates that the value of the specified attribute should be incremented. The target entry must have exactly one value for the specified attribute and it must be an integer. The modification must include exactly one value, and it must be an integer which specifies the amount by which the existing value is to be incremented (or decremented, if the provided value is negative).
  • [values = null] {array} One or more optional attribute values for this modification.
  • [binary = false] {true|false} If true the value(s) will be treated as BASE-64 encoded binary value(s).

Result:

• {null} This method doesn't return a result on success.

ldap.modify (LDIF)

Modifies one or more attributes of a directory entry using the specified LDIF string.

Parameters:

• CID {string} The connection identifier (CID).
• DN {string} The distinguished name (DN) of the entry to modify.
• LDIF {string} An LDIF string representing a changetype MODIFY record.

Result:

• {null} This method doesn't return a result on success.

ldap.modifyDN

Renames and/or moves the specified entry or subtree in the directory.

Parameters:

• CID {string} The connection identifier (CID).
• DN {string} The current distinguished name (DN) of the entry to rename and/or move.
• newRDN {string} The new relative distinguished name (RDN) for the target entry.
• [deleteOldRDN = true] {true|false} Indicates whether to delete the current RDN value from the target entry.
• [newSuperiorDN = null] {string} The new superior DN for the entry. If null the entry is not to be moved below a new parent.

Result:

• {null} This method doesn't return a result on success.

5. Extended directory operations

Json2Ldap also provides support for two relatively common extended operations.

For LDAP servers that implement the password modify mechanism (RFC 3062) gateway clients can use the corresponding ldap.ext.passwordModify request.

The ldap.ext.whoAmI request (RFC 4532) allows clients to query their current authorisation identity.

ldap.ext.passwordModify

Makes a password modify extended request as defined in RFC 3062. It may be used to change the password for a user in the directory, and provides the ability to specify the current password for verification. It also offers the ability to request that the server generate a new password for the user.

Note that Json2Ldap will refuse to relay the request if the json2ldap.clients.denyPasswordModifyRequests configuration parameter is set.

Parameters:

• CID {string} The connection identifier (CID).
• [userID = null] {string} The user for which to change the password. It should generally be the distinguished name (DN) for the target user (the specification may allow other values). If no value is provided the server will attempt to change the password for the currently authenticated user.
• [oldPassword = null] {string} The current password for the user. Some servers may require that the old password be provided when a user is changing their own password. Generally not necessary when an administrator is resetting the password for another user.
• [newPassword = null] {string} The new password for the user. If no value is provided the server may attempt to generate a new password for the user, and in that case it will be included in result. Note that some servers may not support generating a new password, in which case the client will always be required to provide it.

Result:

• {string} If the LDAP server generated a new password, it will be provided in the response result.

ldap.ext.whoAmI

Makes a "Who am I?" extended request as defined in RFC 4532. It may be used to request the current authorisation identity associated with the client connection.

Note that Json2Ldap will refuse to relay the request if the json2ldap.clients.denyWhoAmIRequests configuration parameter is set.

Parameters:

• CID {string} The connection identifier (CID).

Result:

• {string} The current authorisation identity associated with the client connect, typically the distinguished name (DN) of the bound user. An empty string normally indicates an anonymous user.

6. Directory schema information

Json2Ldap provides a set of requests with the ldap.schema.* prefix that allow clients to query information about the schema of a directory. They can be used to get important details about the object classes as well as the attribute types and their syntaxes and matching rules.

If for some reason a directory server doesn't supply information on its schema a -1600 error "Schema not available" will be returned.

Note that Json2Ldap will refuse to relay a schema request if the json2ldap.clients.denyReadRequests configuration parameter is set.

ldap.schema.getObjectClass

Retrieves the object class with the specified name or OID from the server schema.

Parameters:

• CID {string} The connection identifier (CID).
• name {string} The name or OID of the object class to retrieve.

Result:

• {object} A JSON object with properties:
  • "OID" The object identifier (OID) for the object class.
  • "names" A string array with the names for the object class.
  • "description" The object class description, may be null.
  • "obsolete" true if this object class is declared obsolete, false if not.
  • "type" A string specifying the object class type, which can be "ABSTRACT", "STRUCTURAL" or "AUXILIARY". If not defined the value will be null.
  • "requiredAttributes" A string array with the names or OIDs of the attributes that are required to be present in entries containing the object class.
  • "optionalAttributes" A string array with the names or OIDs of the attributes that may optionally be present in entries containing the object class.
  • "superClasses" A string array with the names or OIDs of the superior classes for the object class, if available.
  • "rawDefinition" The string representation of the object class, in the format described in RFC 4512 section 4.1.1.

ldap.schema.getObjectClasses

Retrieves the object classes contained in the server schema or optionally just the ones that govern the specified entry.

Parameters:

• CID {string} The connection identifier (CID).
• [DN = null] {string} The DN of the entry for which to retrieve the governing schema. It may be null or an empty string in order to retrieve the schema that governs the server's root DSE.

Result:

• {array} A JSON array of the object classes, each defined as a JSON object with properties:
  • "OID" The object identifier (OID) for the object class.
  • "names" A string array with the names for the object class.
  • "description" The object class description, may be null.
  • "obsolete" true if this object class is declared obsolete, false if not.
  • "type" A string specifying the object class type, which can be "ABSTRACT", "STRUCTURAL" or "AUXILIARY". If not defined the value will be null.
  • "requiredAttributes" A string array with the names or OIDs of the attributes that are required to be present in entries containing the object class.
  • "optionalAttributes" A string array with the names or OIDs of the attributes that may optionally be present in entries containing the object class.
  • "superClasses" A string array with the names or OIDs of the superior classes for the object class, if available.
  • "rawDefinition" The string representation of the object class, in the format described in RFC 4512 section 4.1.1.

ldap.schema.getAttributeType

Retrieves the attribute type with the specified name or OID from the server schema.

Parameters:

• CID {string} The connection identifier (CID).
• name {string} The name or OID of the attribute type to retrieve.

Result:

• {object} A JSON object with properties:
  • "OID" The object identifier (OID) for the attribute type.
  • "names" A string array with the names for the attribute type.
  • "description" The attribute type description, may be null.
  • "usage" A string specifying the usage for the attribute type, which can be "userApplications", "directoryOperations", "distributedOperation" or "dSAOperation".
  • "obsolete" true if the object class is declared obsolete, false if not.
  • "singleValued" true if the attribute type is declared single-valued, false if not.
  • "readOnly" true if the attribute type is declared no-user-modification, false if not.
  • "collective" true if the attribute type is declared collective, false if not.
  • "syntaxOID" The OID of the syntax for the attribute type, or null if the syntax is inherited.
  • "equalityMatch" The name or OID of the equality matching rule for this attribute type, or null if no equality matching rule is defined or a default rule is inherited.
  • "orderingMatch" The name or OID of the ordering matching rule for this attribute type, or null if no ordering matching rule is defined or a default rule is inherited.
  • "substringMatch" The name or OID of the substring matching rule for this attribute type, or null if no substring matching rule is defined or a default rule is inherited.
  • "superType" The name or OID of the superior type for this attribute type, or null if no superior type is defined.
  • "rawDefinition" The string representation of the object class, in the format described in RFC 4512 section 4.1.2.

ldap.schema.getAttributeTypes

Retrieves the attribute types contained in the server schema or optionally just the ones that govern the specified entry.

Parameters:

• CID {string} The connection identifier (CID).
• [DN = null] {string} The DN of the entry for which to retrieve the governing schema. It may be null or an empty string in order to retrieve the schema that governs the server's root DSE.

Result:

• {array} A JSON array of the attribute types, each defined as a JSON object with properties:
  • "OID" The object identifier (OID) for the attribute type.
  • "names" A string array with the names for the attribute type.
  • "description" The attribute type description, may be null.
  • "usage" A string specifying the usage for the attribute type, which can be "userApplications", "directoryOperations", "distributedOperation" or "dSAOperation".
  • "obsolete" true if the object class is declared obsolete, false if not.
  • "singleValued" true if the attribute type is declared single-valued, false if not.
  • "readOnly" true if the attribute type is declared no-user-modification, false if not.
  • "collective" true if the attribute type is declared collective, false if not.
  • "syntaxOID" The OID of the syntax for the attribute type, or null if the syntax is inherited.
  • "equalityMatch" The name or OID of the equality matching rule for this attribute type, or null if no equality matching rule is defined or a default rule is inherited.
  • "orderingMatch" The name or OID of the ordering matching rule for this attribute type, or null if no ordering matching rule is defined or a default rule is inherited.
  • "substringMatch" The name or OID of the substring matching rule for this attribute type, or null if no substring matching rule is defined or a default rule is inherited.
  • "superType" The name or OID of the superior type for this attribute type, or null if no superior type is defined.
  • "rawDefinition" The string representation of the object class, in the format described in RFC 4512 section 4.1.2.

ldap.schema.getMatchingRule

Retrieves the matching rule with the specified name or OID from the server schema.

Parameters:

• CID {string} The connection identifier (CID).
• name {string} The name or OID of the matching rule to retrieve.

Result:

• {object} A JSON object with properties:
  • "OID" The object identifier (OID) for the matching rule.
  • "names" A string array with the names for the matching rule.
  • "description" The matching rule description, may be null.
  • "obsolete" true if the matching rule is declared obsolete, false if not.
  • "syntaxOID" The OID of the syntax for the matching rule.
  • "rawDefinition" The string representation of the matching rule, in the format described in RFC 4512 section 4.1.3.

ldap.schema.getMatchingRules

Retrieves the matching rules contained in the server schema or optionally just the ones that govern the specified entry.

Parameters:

• CID {string} The connection identifier (CID).
• [DN = null] {string} The DN of the entry for which to retrieve the governing schema. It may be null or an empty string in order to retrieve the schema that governs the server's root DSE.

Result:

• {array} A JSON array of the matching rules, each defined as a JSON object with properties:
  • "OID" The object identifier (OID) for the matching rule.
  • "names" A string array with the names for the matching rule.
  • "description" The matching rule description, may be null.
  • "obsolete" true if the matching rule is declared obsolete, false if not.
  • "syntaxOID" The OID of the syntax for the matching rule.
  • "rawDefinition" The string representation of the matching rule, in the format described in RFC 4512 section 4.1.3.

ldap.schema.getMatchingRuleUse

Retrieves the matching rule use with the specified name or OID from the server schema.

Parameters:

• CID {string} The connection identifier (CID).
• name {string} The name or OID of the matching rule use to retrieve.

Result:

• {object} A JSON object with properties:
  • "OID" The object identifier (OID) for the matching rule use.
  • "names" A string array with the names for the matching rule use.
  • "description" The matching rule use description, may be null.
  • "obsolete" true if the matching rule use is declared obsolete, false if not.
  • "applicableTypes" A string array with the names or OIDs of the attribute types to which this matching rule use applies.
  • "rawDefinition" The string representation of the matching rule, in the format described in RFC 4512 section 4.1.4.

ldap.schema.getMatchingRuleUses

Retrieves the matching rule uses contained in the server schema or optionally just the ones that govern the specified entry.

Parameters:

• CID {string} The connection identifier (CID).
• [DN = null] {string} The DN of the entry for which to retrieve the governing schema. It may be null or an empty string in order to retrieve the schema that governs the server's root DSE.

Result:

• {array} A JSON array of the matching rule uses, each defined as a JSON object with properties:
  • "OID" The object identifier (OID) for the matching rule use.
  • "names" A string array with the names for the matching rule use.
  • "description" The matching rule use description, may be null.
  • "obsolete" true if the matching rule use is declared obsolete, false if not.
  • "applicableTypes" A string array with the names or OIDs of the attribute types to which this matching rule use applies.
  • "rawDefinition" The string representation of the matching rule, in the format described in RFC 4512 section 4.1.4.

ldap.schema.getSyntax

Retrieves the attribute syntax with the specified OID from the server schema.

Parameters:

• CID {string} The connection identifier (CID).
• name {string} The name or OID of the attribute syntax to retrieve.

Result:

• {object} A JSON object with properties:
  • "OID" The object identifier (OID) for the attribute syntax.
  • "description" The attribute syntax description, may be null.
  • "rawDefinition" The string representation of the attribute syntax, in the format described in RFC 4512 section 4.1.5.

ldap.schema.getSyntaxes

Retrieves the attribute syntaxes contained in the server schema or optionally just the ones that govern the specified entry.

Parameters:

• CID {string} The connection identifier (CID).
• [DN = null] {string} The DN of the entry for which to retrieve the governing schema. It may be null or an empty string in order to retrieve the schema that governs the server's root DSE.

Result:

• {array} A JSON array of the matching rule uses, each defined as a JSON object with properties:
  • "OID" The object identifier (OID) for the attribute syntax.
  • "description" The attribute syntax description, may be null.
  • "rawDefinition" The string representation of the attribute syntax, in the format described in RFC 4512 section 4.1.5.

7. Web service information

Apart from the LDAP specific requests, Json2Ldap also provides three methods to obtain information about the gateway web service itself. There are the ws.getName and ws.getVersion methods to identify the software and its version, as well as the ws.getTime method that reports the local time at the web server.

ws.getName

Reports the name of web service software.

Parameters: none

Result:

• {string} A string identifying the gateway software, set to "Json2Ldap".

ws.getVersion

Reports the version of the web service software.

Parameters: none

Result:

• {string} A string identifying the version, e.g. "1.5.3 (2010-09-05)".

ws.getTime

Reports the local web service time in ISO 8601 format yyyy-MM-dd'T'HH:mm:ssZZ, for example "2010-03-31T23:59:59+03:00".

Parameters: none

Result:

• {string} The local web service time with timezone offset.