LDAP Code Samples

LDAP Search Examples

Below are code samples for connecting to the LDAP directory in various languages:

  • ASDI

  • Perl

  • Ruby

    • Ruby UCB::LDAP Module

      This module is maintained by the IST Web Applications group. Once you install it, you can access either the ri documentation, or the html-based documentation by running gemserver on your host.

  • Python attribute parsing example

    In the CalNet Directory, the most accurate reflection of what people would prefer to be called is in the displayName attribute. However, some systems require a first name and last name. This sample code uses the data in berkeleyEduLastName, sn, berkeleyEduFirstName, and givenName to split a displayName into first name and last name portions as sensibly as possible.

    # ------------------------------------------------
    # name split.py
    # Last Updated 2018-10-26 by Ian Crew
    # The purpose of this code snippet is to split the LDAP displayName into sensible first and last name
    # substrings, for use in systems that require a first name and last name field. This allows
    # those systems to reflect the user's preference for how they are referred to as closely as possible.
    # ------------------------------------------------


    #create some counters so we can report back the counts of how the displayNames were split.
    berkeleyEduFirstName_splits=0
    berkeleyEduLastName_splits=0
    givenName_splits=0
    sn_splits=0
    skipped_splits=0

    #Berkeley_People is a Python Dict of objects, that I fill elsewhere for performance reasons.
    #It contains the LDAP information about each UID.
    for curr_uid in Berkeley_People:
    #Get displayName, berkeleyEduFirstName, berkeleyEduLastName, sn, and givenName from the CalNet Directory.
    berkeleyEduFirstName=Berkeley_People[curr_uid].get_ldap_attribute("berkeleyEduFirstName")
    berkeleyEduLastName=Berkeley_People[curr_uid].get_ldap_attribute("berkeleyEduLastName")
    sn=Berkeley_People[curr_uid].get_ldap_attribute("sn")
    if sn != None: sn=sn[0]
    givenName=Berkeley_People[curr_uid].get_ldap_attribute("givenName")
    if givenName != None: givenName=givenName[0]
    displayName=str(Berkeley_People[curr_uid].get_ldap_attribute("displayName"))

    # Some of the entries in LDAP have different standards for representing an empty entry. Clean those up.
    if displayName=="Unknown" or displayName==", ," or displayName=="": displayName=None
    if berkeleyEduFirstName=="Unknown" or berkeleyEduFirstName=="," or berkeleyEduFirstName=="": berkeleyEduFirstName=None
    if berkeleyEduLastName=="Unknown" or berkeleyEduLastName=="," or berkeleyEduLastName=="": berkeleyEduLastName=None
    if givenName=="Unknown" or givenName=="," or givenName=="": givenName=None
    if sn=="Unknown" or sn=="," or sn=="" or sn=="new entry": sn=None


    if displayName==None and berkeleyEduFirstName == None and givenName == None and berkeleyEduLastName == None and sn == None:
    #if the displayName is blank, no point in trying to split it.
    skipped_splits+=1
    continue
    if (str(Berkeley_People[curr_uid].primary_affiliation)=="None" or str(Berkeley_People[curr_uid].primary_affiliation)=="STU-DELEGATE") and berkeleyEduFirstName == None and givenName == None and berkeleyEduLastName == None and sn == None:
    #The info for STU-DELEGATES and people with no affiliations is very spotty, so skip them if the rest of their info is blank
    skipped_splits+=1
    continue
    elif displayName==None and (berkeleyEduFirstName != None or givenName != None) and (berkeleyEduLastName != None or sn != None):
    #if the displayName is blank, but we have a berkeleyEduFirstName or givenName, and a berkeleyEduLastName or sn,
    #assemble a displayName for use in the rest of this script.
    build_displayName=""
    if berkeleyEduFirstName != None:
    build_displayName=str(berkeleyEduFirstName)+" "
    else:
    build_displayName=str(givenName)+" "

    if berkeleyEduLastName != None:
    build_displayName=build_displayName+str(berkeleyEduLastName)
    else:
    build_displayName=build_displayName+str(sn)
    displayName=build_displayName

    # Figure out where to split the string. First see if it's possible to split based on berkeleyEduLastName,
    # then sn, then berkeleyEduFirstName, then givenName. Doing it in this order keeps any middle names/
    # initials with the first name if at all possible.
    reversed_name=False
    displayName_split_position=-1

    if berkeleyEduLastName != None and displayName != None:
    displayName_split_position=displayName.lower().rfind(berkeleyEduLastName.lower())
    if displayName_split_position==0:
    #many users, especially SPAs, have a displayname in the form of 'last, first' or 'last first'
    displayName_split_position+=len(berkeleyEduLastName)
    reversed_name=True
    #sys.stderr.write("displayName_split_position: "+str(displayName_split_position)+"\n")
    berkeleyEduLastName_splits+=1

    if displayName_split_position == -1 and sn!=None and displayName != None:
    displayName_split_position=displayName.lower().rfind(sn.lower())
    if displayName_split_position==0:
    #many users, especially SPAs, have a displayname in the form of 'last, first' or 'last first'
    displayName_split_position+=len(sn)
    reversed_name=True
    sn_splits+=1

    if displayName_split_position == -1 and berkeleyEduFirstName!=None and displayName != None:
    displayName_split_position=displayName.lower().find(berkeleyEduFirstName.lower())+len(berkeleyEduFirstName)
    if displayName_split_position==len(displayName):
    #many users, especially SPAs, have a displayname in the form of 'last, first' or 'last first'
    displayName_split_position-=len(berkeleyEduFirstName)
    reversed_name=True
    berkeleyEduFirstName_splits+=1

    if displayName_split_position == -1 and givenName!=None and displayName != None:
    displayName_split_position=displayName.lower().find(givenName.lower())+len(givenName)
    if displayName_split_position==len(displayName):
    #many users, especially SPAs, have a displayname in the form of 'last, first' or 'last first'
    displayName_split_position-=len(givenName)
    reversed_name=True
    givenName_splits+=1

    # Once we've figured out where to split it, actually do the splitting into displayName_first
    # and displayName_last.
    displayName_first=None
    displayName_last=None
    if displayName_split_position != -1:
    if reversed_name!=True:
    displayName_first=displayName[:displayName_split_position].strip(", ")
    displayName_last=displayName[displayName_split_position:].strip(", ")
    else:
    displayName_last = displayName[:displayName_split_position].strip(", ")
    displayName_first = displayName[displayName_split_position:].strip(", ")

    #if we don't have a first or last name, but there's one elsewhere in the record, use it
    if displayName_first=="" and berkeleyEduFirstName !=None:
    displayName_first=berkeleyEduFirstName
    elif displayName_first=="" and givenName !=None:
    displayName_first=givenName

    if displayName_last=="" and berkeleyEduLastName !=None:
    displayName_last=berkeleyEduLastName
    elif displayName_last=="" and sn !=None:
    displayName_last=sn

    # Print an error if we can't successfully split a displayName
    if (displayName_split_position == -1 or displayName_first=="" or displayName_last=="") and str(curr_uid) != "0" :
    sys.stderr.write("Unable to split displayName at "+str(display_split_position)+" for "+ str(Berkeley_People[curr_uid].primary_affiliation) +" affiliate, UID "+str(curr_uid)+" into first and last. Displayname: "+str(directory_display_name)+", b_e_first: "+str(b_e_first)+", b_e_last: "+str(b_e_last)+", givenName: "+str(givenname)+", sn: "+str(sn)+"\n")

    sys.stderr.write("skipped splits: " + str(skipped_splits) + "\nberkeleyEduLastName_splits: " + str(berkeleyEduLastName_splits) + "\nsn_splits: " + str(sn_splits) + "\nberkeleyEduFirstName_splits: " + str(berkeleyEduFirstName_splits) + "\ngivenName_splits: " + str(givenName_splits) + "\n")

    # As of 2018-10-25, this results in the following when run across 1,092,480 records in LDAP:
    # skipped splits: 61,098
    # berkeleyEduLastName_splits: 31,164
    # sn_splits: 998,640
    # berkeleyEduFirstName_splits: 0
    # givenName_splits: 1,605
    # This technique doesn't work for 26 people in the directory, all of whom have only "sn"s, but no berkeleyEduFirstNames or givenNames, and single-word displayNames.
    # They are 20 Alumni, 2 attendees, 1 Trustee, and 3 people with no affiliation.

LDAP Referral Handling Examples

The follow examples show how to follow LDAP Referrals using: