Modifying the Distinguished Name
The
cfldap
tag can modify the distinguished name
(DN
) for a given entry by setting the
action
attribute to ModifyDN
.
Our example LDAP directory uses a distinguished name
(DN
) consisting of three parts:
uid=x
, ou=People, dc=example,dc=com
The uid
portion of the dn
is
known as the leaf relative distinguished name
(RDN
). The LDAP protocol specifies that when
modifying the dn
, only the leaf
RDN
may be modified. This means that you can only
change the value of uid
using the
cfldap
tag with the action set to
ModifyDN
. If you need to change any of the
non-leaf RDN
values (effectively moving the
location of the entry in the directory), you have to delete the entry
and re-create it under the correct branch.
To better understand how this works, consider Example 15-7, in which we modify the distinguished name by
changing each entry’s current user ID
(uid
) to a unique one created with
ColdFusion’s CreateUUID( )
function. This method of generating a uid
guarantees a unique identifier (unlike concatenating strings like the
user’s given name and surname).
Example 15-7. Modifying the DN for each entry with a new uid
<!--- Query the LDAP directory for all of the user entries ---> <cfldap action="query" name="GetUsers" attributes="dn,cn" start="dc=example,dc=com" scope="Subtree" filter="sn>=a" server="localhost" timeout="90"> <!--- Output before changing the DN ---> <h3>Original list of user entries</h3> <cfoutput query="GetUsers"> #cn#: #dn#<br> </cfoutput> <!--- ...
Get Programming ColdFusion MX, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.