DBMS_LDAP contains the functions and procedures that enable PL/SQL programmers to access data from LDAP servers. This chapter examines all of the API functions in detail.
The chapter contains these topics:
Table 9-1 DBMS_LDAP API Subprograms
| Function or Procedure | Description | 
|---|---|
| 
 | |
| The function  | |
| The function  | |
| The function  | |
| The function  | |
| The function  | |
| The function  | |
| The function first_entry is used to retrieve the first entry in the result set returned by either  | |
| The function  | |
| This function is used to count the number of entries in the result set. It can also be used to count the number of entries remaining during a traversal of the result set using a combination of the functions  | |
| The function  | |
| The function  | |
| The function  | |
| The function  | |
| The function  | |
| This function can be used to remove a leaf entry in the LDAP Directory Information Tree. | |
| The function  | |
| The function  | |
| The function  | |
| Populates one set of attribute information for add or modify operations. This procedure call has to happen after  | |
| Populates one set of attribute information for add or modify operations. This procedure call has to occur after  | |
| PROCEDURE populate_mod_array (Binary Version. Uses BLOB Data Type) | Populates one set of attribute information for add or modify operations. This procedure call has to happen after  | 
| The function  | |
| Counts the number of values returned by  | |
| Frees the memory associated with the  | |
| Performs a synchronous modification of an existing LDAP directory entry. Before calling  | |
| Adds a new entry to the LDAP directory synchronously. Before calling  | |
| Frees the memory allocated by  | |
| Counts the number of values returned by  | |
| Counts the number of values returned by  | |
| Renames an LDAP entry synchronously. | |
| Breaks a DN up into its components. | |
| Establishes an SSL (Secure Sockets Layer) connection over an existing LDAP connection. | |
| This function frees the chain of messages associated with the message handle returned by synchronous search functions. | |
| This function frees the memory associated with a handle to  | |
| The  | |
| The  | |
| The  | 
See Also:
Section 2.6, "Searching the Directory" for more about DBMS_LDAP.search_s() and DBMS_LDAP.search_st().
Section 2.7.2, "Terminating the Session by Using DBMS_LDAP" for more about DBMS_LDAP.unbind_s().
DBMS_LDAP can generate the exceptions described in Table 9-2.
Table 9-2 DBMS_LDAP Exception Summary
| Exception Name | Oracle Error Number | Cause of Exception | 
|---|---|---|
| general_error | 31202 | Raised anytime an error is encountered that does not have a specific PL/SQL exception associated with it. The error string contains the description of the problem in the user's language. | 
| init_failed | 31203 | Raised by  | 
| invalid_session | 31204 | Raised by all functions and procedures in the  | 
| invalid_auth_method | 31205 | Raised by  | 
| invalid_search_scope | 31206 | Raised by all search functions if the scope of the search is invalid. | 
| invalid_search_time_val | 31207 | Raised by  | 
| invalid_message | 31208 | Raised by all functions that iterate through a result-set for getting entries from a search operation if the message handle given to them is invalid. | 
| count_entry_error | 31209 | Raised by  | 
| get_dn_error | 31210 | Raised by  | 
| invalid_entry_dn | 31211 | Raised by all functions that modify, add, or rename an entry if they are presented with an invalid entry DN. | 
| invalid_mod_array | 31212 | Raised by all functions that take a modification array as an argument if they are given an invalid modification array. | 
| invalid_mod_option | 31213 | Raised by  | 
| invalid_mod_type | 31214 | Raised by  | 
| invalid_mod_value | 31215 | Raised by  | 
| invalid_rdn | 31216 | Raised by all functions and procedures that expect a valid RDN and are provided with an invalid one. | 
| invalid_newparent | 31217 | Raised by  | 
| invalid_deleteoldrdn | 31218 | Raised by  | 
| invalid_notypes | 31219 | Raised by  | 
| invalid_ssl_wallet_loc | 31220 | Raised by  | 
| invalid_ssl_wallet_password | 31221 | Raised by  | 
| invalid_ssl_auth_mode | 31222 | Raised by  | 
The DBMS_LDAP package uses the data types described in Table 9-3.
Table 9-3 DBMS_LDAP Data Type Summary
| Data-Type | Purpose | 
|---|---|
| SESSION | Used to hold the handle of the LDAP session. Nearly all of the functions in the API require a valid LDAP session to work. | 
| MESSAGE | Used to hold a handle to the message retrieved from the result set. This is used by all functions that work with entry attributes and values. | 
| MOD_ARRAY | Used to hold a handle to the array of modifications being passed to either  | 
| TIMEVAL | Used to pass time limit information to the LDAP API functions that require a time limit. | 
| BER_ELEMENT | Used to hold a handle to a  | 
| STRING_COLLECTION | Used to hold a list of  | 
| BINVAL_COLLECTION | Used to hold a list of  | 
| BERVAL_COLLECTION | Used to hold a list of  | 
| BLOB_COLLECTION | Used to hold a list of  | 
This section takes a closer look at each of the DBMS_LDAP subprograms.
init() initializes a session with an LDAP server. This actually establishes a connection with the LDAP server.
FUNCTION init (
hostname IN VARCHAR2, portnum IN PLS_INTEGER
)
RETURN SESSION;
Table 9-4 INIT Function Parameters
| Parameter | Description | 
|---|---|
| hostname | Contains a space-separated list of host names or dotted strings representing the IP address of hosts running an LDAP server to connect to. Each host name in the list may include a port number, which is separated from the host by a colon. The hosts are tried in the order listed, stopping with the first one to which a successful connection is made. | 
| portnum | Contains the TCP port number to connect to. If the port number is included with the host name, this parameter is ignored. If the parameter is not specified, and the host name does not contain the port number, a default port number of  | 
Table 9-5 INIT Function Return Values
| Value | Description | 
|---|---|
| SESSION | A handle to an LDAP session that can be used for further calls to the API. | 
Table 9-6 INIT Function Exceptions
| Exception | Description | 
|---|---|
| init_failed | Raised when there is a problem contacting the LDAP server. | 
| general_error | For all other errors. The error string associated with the exception describes the error in detail. | 
DBMS_LDAP.init() is the first function that should be called because it establishes a session with the LDAP server. Function DBMS_LDAP.init() returns a session handle, a pointer to an opaque structure that must be passed to subsequent calls pertaining to the session. This routine returns NULL and raises the INIT_FAILED exception if the session cannot be initialized. After init() has been called, the connection has to be authenticated using DBMS_LDAP.bind_s or DBMS_LDAP.simple_bind_s().
DBMS_LDAP.simple_bind_s(), DBMS_LDAP.bind_s().
The function simple_bind_s can be used to perform simple user name and password authentication to the directory server.
FUNCTION simple_bind_s (
ld IN SESSION, dn IN VARCHAR2, passwd IN VARCHAR2
)
RETURN PLS_INTEGER;
Table 9-7 SIMPLE_BIND_S Function Parameters
| Parameter | Description | 
|---|---|
| ld | A valid LDAP session handle. | 
| dn | The Distinguished Name of the User that we are trying to login as. | 
| passwd | A text string containing the password. | 
Table 9-8 SIMPLE_BIND_S Function Return Values
| Value | Description | 
|---|---|
| PLS_INTEGER | 
 | 
Table 9-9 SIMPLE_BIND_S Function Exceptions
| Exception | Description | 
|---|---|
| invalid_session | Raised if the session handle  | 
| general_error | For all other errors. The error string associated with this exception explains the error in detail. | 
DBMS_LDAP.simple_bind_s() can be used to authenticate a user whose directory distinguished name and directory password are known. It can be called only after a valid LDAP session handle is obtained from a call to DBMS_LDAP.init().
The function bind_s can be used to perform complex authentication to the directory server.
FUNCTION bind_s (
ld IN SESSION, dn IN VARCHAR2, cred IN VARCHAR2, meth IN PLS_INTEGER
)
RETURN PLS_INTEGER;
Table 9-10 BIND_S Function Parameters
| Parameter | Description | 
|---|---|
| ld | A valid LDAP session handle. | 
| dn | The distinguished name of the user. | 
| cred | A text string containing the credentials used for authentication. | 
| meth | The authentication method. The only valid value is  | 
Table 9-11 BIND_S Function Return Values
| Value | Description | 
|---|---|
| PLS_INTEGER | 
 | 
Table 9-12 BIND_S Function Exceptions
| Exception | Description | 
|---|---|
| invalid_session | Raised if the session handle  | 
| invalid_auth_method | Raised if the authentication method requested is not supported. | 
| general_error | For all other errors. The error string associated with this exception explains the error in detail. | 
DBMS_LDAP.bind_s() can be used to authenticate a user. It can be called only after a valid LDAP session handle is obtained from a call to DBMS_LDAP.init().
DBMS_LDAP.init(), DBMS_LDAP.simple_bind_s().
The function unbind_s is used for closing an active LDAP session.
FUNCTION unbind_s (
ld IN OUT SESSION
)
RETURN PLS_INTEGER;
Table 9-14 UNBIND_S Function Return Values
| Value | Description | 
|---|---|
| PLS_INTEGER | 
 | 
Table 9-15 UNBIND_S Function Exceptions
| Exception | Description | 
|---|---|
| invalid_session | Raised if the sessions handle  | 
| general_error | For all other errors. The error string associated with this exception explains the error in detail. | 
The unbind_s() function sends an unbind request to the server, closes all open connections associated with the LDAP session, and disposes of all resources associated with the session handle before returning. After a call to this function, the session handle ld is invalid.
DBMS_LDAP.bind_s(), DBMS_LDAP.simple_bind_s().
The function compare_s can be used to test if a particular attribute in a particular entry has a particular value.
FUNCTION compare_s (
ld IN SESSION, dn IN VARCHAR2, attr IN VARCHAR2, value IN VARCHAR2
)
RETURN PLS_INTEGER;
Table 9-16 COMPARE_S Function Parameters
| Parameter | Description | 
|---|---|
| ld | A valid LDAP session handle. | 
| dn | The name of the entry to compare against. | 
| attr | The attribute to compare against. | 
| value | A string attribute value to compare against. | 
Table 9-17 COMPARE_S Function Return Values
| Value | Description | 
|---|---|
| PLS_INTEGER | 
 
 | 
Table 9-18 COMPARE_S Function Exceptions
| Exception | Description | 
|---|---|
| invalid_session | Raised if the session handle  | 
| general_error | For all other errors. The error string associated with this exception explains the error in detail. | 
The function compare_s can be used to assert that an attribute in the directory has a certain value. This operation can be performed only on attributes whose syntax enables them to be compared. The compare_s function can be called only after a valid LDAP session handle has been obtained from the init() function and authenticated by the bind_s() or simple_bind_s() functions.
DBMS_LDAP.bind_s().
The function search_s performs a synchronous search in the directory. It returns control to the PL/SQL environment only after all of the search results have been sent by the server or if the search request is timed out by the server.
FUNCTION search_s (
ld IN SESSION, base IN VARCHAR2, scope IN PLS_INTEGER, filter IN VARCHAR2, attrs IN STRING_COLLECTION, attronly IN PLS_INTEGER, res OUT MESSAGE
)
RETURN PLS_INTEGER;
Table 9-19 SEARCH_S Function Parameters
| Parameter | Description | 
|---|---|
| ld | A valid LDAP session handle. | 
| base | The DN of the entry at which to start the search. | 
| scope | One of  | 
| filter | A character string representing the search filter. The value  | 
| attrs | A collection of strings indicating which attributes to return for each matching entry. Passing  | 
| attrsonly | A boolean value that must be zero if both attribute types and values are to be returned, and nonzero if only types are wanted. | 
| res | This is a result parameter that contains the results of the search upon completion of the call. If no results are returned,  | 
Table 9-20 SEARCH_S Function Return Value
| Value | Description | 
|---|---|
| PLS_INTEGER | 
 | 
| res | If the search succeeded and there are entries, this parameter is set to a non-null value which can be used to iterate through the result set. | 
Table 9-21 SEARCH_S Function Exceptions
| Exception | Description | 
|---|---|
| invalid_session | Raised if the session handle  | 
| invalid_search_scope | Raised if the search scope is not one of  | 
| general_error | For all other errors. The error string associated with this exception explains the error in detail. | 
The function search_s() issues a search operation and does not return control to the user environment until all of the results have been returned from the server. Entries returned from the search, if any, are contained in the res parameter. This parameter is opaque to the caller. Entries, attributes, and values can be extracted by calling the parsing routines described in this chapter.
DBMS_LDAP.search_st(), DBMS_LDAP.first_entry(), DBMS_LDAP.next_entry.
The function search_st() performs a synchronous search in the LDAP server with a client-side time out. It returns control to the PL/SQL environment only after all of the search results have been sent by the server or if the search request is timed out by the client or the server.
FUNCTION search_st (
ld IN SESSION, base IN VARCHAR2, scope IN PLS_INTEGER, filter IN VARCHAR2, attrs IN STRING_COLLECTION, attronly IN PLS_INTEGER, tv IN TIMEVAL, res OUT MESSAGE
)
RETURN PLS_INTEGER;
Table 9-22 SEARCH_ST Function Parameters
| Parameter | Description | 
|---|---|
| ld | A valid LDAP session handle. | 
| base | The DN of the entry at which to start the search. | 
| scope | One of  | 
| filter | A character string representing the search filter. The value  | 
| attrs | A collection of strings indicating which attributes to return for each matching entry. Passing  | 
| attrsonly | A boolean value that must be zero if both attribute types and values are to be returned, and nonzero if only types are wanted. | 
| tv | The time out value, expressed in seconds and microseconds, that should be used for this search. | 
| res | This is a result parameter which contains the results of the search upon completion of the call. If no results are returned,  | 
Table 9-23 SEARCH_ST Function Return Values
| Value | Description | 
|---|---|
| PLS_INTEGER | 
 | 
| res | If the search succeeded and there are entries, this parameter is set to a non-null value which can be used to iterate through the result set. | 
Table 9-24 SEARCH_ST Function Exceptions
| Exception | Description | 
|---|---|
| invalid_session | Raised if the session handle  | 
| invalid_search_scope | Raised if the search scope is not one of  | 
| invalid_search_time_value | Raised if the time value specified for the time out is invalid. | 
| general_error | For all other errors. The error string associated with this exception explains the error in detail. | 
This function is very similar to DBMS_LDAP.search_s() except that it requires a time out value to be given.
DBMS_LDAP.search_s(), DBML_LDAP.first_entry(), DBMS_LDAP.next_entry.
The function first_entry() is used to retrieve the first entry in the result set returned by either search_s() or search_st().
FUNCTION first_entry (
ld IN SESSION, msg IN MESSAGE
)
RETURN MESSAGE;
Table 9-25 FIRST_ENTRY Function Parameters
| Parameter | Description | 
|---|---|
| ld | A valid LDAP session handle. | 
| msg | The search result, as obtained by a call to one of the synchronous search routines. | 
Table 9-26 FIRST_ENTRY Return Values
| Value | Description | 
|---|---|
| MESSAGE | A handle to the first entry in the list of entries returned from the LDAP server. It is set to  | 
Table 9-27 FIRST_ENTRY Exceptions
| Exception | Description | 
|---|---|
| invalid_session | Raised if the session handle  | 
| invalid_message | Raised if the incoming  | 
The function first_entry() should always be the first function used to retrieve the results from a search operation.
DBMS_LDAP.next_entry(), DBMS_LDAP.search_s(), DBMS_LDAP.search_st().
The function next_entry() is used to iterate to the next entry in the result set of a search operation.
FUNCTION next_entry (
ld IN SESSION, msg IN MESSAGE
)
RETURN MESSAGE;
Table 9-28 NEXT_ENTRY Function Parameters
| Parameter | Description | 
|---|---|
| ld | A valid LDAP session handle. | 
| msg | The search result, as obtained by a call to one of the synchronous search routines. | 
Table 9-29 NEXT_ENTRY Function Return Values
| Value | Description | 
|---|---|
| MESSAGE | A handle to the next entry in the list of entries returned from the LDAP server. It is set to null if there was an error and an exception is raised. | 
Table 9-30 NEXT_ENTRY Function Exceptions
| Exception | Description | 
|---|---|
| invalid_session | Raised if the session handle,  | 
| invalid_message | Raised if the incoming  | 
The function next_entry() should always be called after a call to the function first_entry(). Also, the return value of a successful call to next_entry() should be used as msg argument used in a subsequent call to the function next_entry() to fetch the next entry in the list.
DBMS_LDAP.first_entry(), DBMS_LDAP.search_s(), DBMS_LDAP.search_st().
This function is used to count the number of entries in the result set. It can also be used to count the number of entries remaining during a traversal of the result set using a combination of the functions first_entry() and next_entry().
FUNCTION count_entries (
ld IN SESSION, msg IN MESSAGE
)
RETURN PLS_INTEGER;
Table 9-31 COUNT_ENTRY Function Parameters
| Parameter | Description | 
|---|---|
| ld | A valid LDAP session handle. | 
| msg | The search result, as obtained by a call to one of the synchronous search routines. | 
Table 9-32 COUNT_ENTRY Function Return Values
| Value | Description | 
|---|---|
| PLS_INTEGER | Nonzero if there are entries in the result set.  | 
Table 9-33 COUNT_ENTRY Function Exceptions
| Exception | Description | 
|---|---|
| invalid_session | Raised if the session handle  | 
| invalid_message | Raised if the incoming  | 
| count_entry_error | Raised if there was a problem in counting the entries. | 
count_entries() returns the number of entries contained in a chain of entries; if an error occurs such as the res parameter being invalid, -1 is returned. The count_entries() call can also be used to count the number of entries that remain in a chain if called with a message, entry, or reference returned by first_message(), next_message(), first_entry(), next_entry(), first_reference(), next_reference().
DBMS_LDAP.first_entry(), DBMS_LDAP.next_entry().
The function first_attribute() fetches the first attribute of a given entry in the result set.
FUNCTION first_attribute (
ld IN SESSION, ldapentry IN MESSAGE, ber_elem OUT BER_ELEMENT
)
RETURN VARCHAR2;
Table 9-34 FIRST_ATTRIBUTE Function Parameters
| Parameter | Description | 
|---|---|
| ld | A valid LDAP session handle. | 
| ldapentry | The entry whose attributes are to be stepped through, as returned by  | 
| ber_elem | A handle to a  | 
Table 9-35 FIRST_ATTRIBUTE Function Return Values
| Value | Description | 
|---|---|
| VARCHAR2 | The name of the attribute if it exists. 
 | 
| ber_elem | A handle used by  | 
Table 9-36 FIRST_ATTRIBUTE Function Exceptions
| Exception | Description | 
|---|---|
| invalid_session | Raised if the session handle  | 
| invalid_message | Raised if the incoming  | 
The handle to the BER_ELEMENT returned as a function parameter to first_attribute() should be used in the next call to next_attribute() to iterate through the various attributes of an entry. The name of the attribute returned from a call to first_attribute() can in turn be used in calls to the functions get_values() or get_values_len() to get the values of that particular attribute.
DBMS_LDAP.next_attribute(), DBMS_LDAP.get_values(), DBMS_LDAP.get_values_len(), DBMS_LDAP.first_entry(), DBMS_LDAP.next_entry().
The function next_attribute() retrieves the next attribute of a given entry in the result set.
FUNCTION next_attribute (
ld IN SESSION, ldapentry IN MESSAGE, ber_elem IN BER_ELEMENT
)
RETURN VARCHAR2;
Table 9-37 NEXT_ATTRIBUTE Function Parameters
| Parameter | Description | 
|---|---|
| ld | A valid LDAP session handle. | 
| ldapentry | The entry whose attributes are to be stepped through, as returned by  | 
| ber_elem | A handle to a  | 
Table 9-38 NEXT_ATTRIBUTE Function Return Values
| Value | Description | 
|---|---|
| VARCHAR2 (function return) | The name of the attribute if it exists. | 
Table 9-39 NEXT_ATTRIBUTE Function Exceptions
| Exception | Description | 
|---|---|
| invalid_session | Raised if the session handle  | 
| invalid_message | Raised if the incoming  | 
The handle to the BER_ELEMENT returned as a function parameter to first_attribute() should be used in the next call to next_attribute() to iterate through the various attributes of an entry. The name of the attribute returned from a call to next_attribute() can in turn be used in calls to the functions get_values() or get_values_len() to get the values of that particular attribute.
DBMS_LDAP.first_attribute(), DBMS_LDAP.get_values(), DBMS_LDAP.get_values_len(), DBMS_LDAP.first_entry(), DBMS_LDAP.next_entry().
The function get_dn() retrieves the X.500 distinguished name of given entry in the result set.
FUNCTION get_dn (
ld IN SESSION, ldapentrymsg IN MESSAGE
)
RETURN VARCHAR2;
Table 9-40 GET_DN Function Parameters
| Parameter | Description | 
|---|---|
| ld | A valid LDAP session handle. | 
| ldapentry | The entry whose DN is to be returned. | 
Table 9-41 GET_DN Function Return Values
| Value | Description | 
|---|---|
| VARCHAR2 | The X.500 Distinguished name of the entry as a PL/SQL string. 
 | 
Table 9-42 GET_DN Function Exceptions
| Exception | Description | 
|---|---|
| invalid_session | Raised if the session handle  | 
| invalid_message | Raised if the incoming  | 
| get_dn_error | Raised if there was a problem in determining the DN. | 
The function get_dn() can be used to retrieve the DN of an entry as the program logic is iterating through the result set. This can in turn be used as an input to explode_dn() to retrieve the individual components of the DN.
DBMS_LDAP.explode_dn().
The function get_values() can be used to retrieve all of the values associated with a given attribute in a given entry.
FUNCTION get_values (
ld IN SESSION, ldapentry IN MESSAGE, attr IN VARCHAR2
)
RETURN STRING_COLLECTION;
Table 9-43 GET_VALUES Function Parameters
| Parameter | Description | 
|---|---|
| ld | A valid LDAP session handle. | 
| ldapentry | A valid handle to an entry returned from a search result. | 
| attr | The name of the attribute for which values are being sought. | 
Table 9-44 GET_VALUES Function Return Values
| Value | Description | 
|---|---|
| STRING_COLLECTION | A PL/SQL string collection containing all of the values of the given attribute. 
 | 
Table 9-45 GET_VALUES Function Exceptions
| Exception | Description | 
|---|---|
| invalid_session | Raised if the session handle  | 
| invalid_message | Raised if the incoming entry handle is invalid. | 
The function get_values() can only be called after the handle to entry has been first retrieved by call to either first_entry() or next_entry(). The name of the attribute may be known beforehand or can be determined by a call to first_attribute() or next_attribute().The function get_values() always assumes that the data type of the attribute it is retrieving is a string. For retrieving binary data types, get_values_len() should be used.
DBMS_LDAP.first_entry(), DBMS_LDAP.next_entry(), DBMS_LDAP.count_values(), DBMS_LDAP.get_values_len().
The function get_values_len() can be used to retrieve values of attributes that have a binary syntax.
FUNCTION get_values_len (
ld IN SESSION, ldapentry IN MESSAGE, attr IN VARCHAR2
)
RETURN BINVAL_COLLECTION;
Table 9-46 GET_VALUES_LEN Function Parameters
| Parameter | Description | 
|---|---|
| ld | A valid LDAP session handle. | 
| ldapentrymsg | A valid handle to an entry returned from a search result. | 
| attr | The string name of the attribute for which values are being sought. | 
Table 9-47 GET_VALUES_LEN Function Return Values
| Value | Description | 
|---|---|
| BINVAL_COLLECTION | A PL/SQL 'Raw' collection containing all the values of the given attribute. 
 | 
Table 9-48 GET_VALUES_LEN Function Exceptions
| Exception | Description | 
|---|---|
| invalid_session | Raised if the session handle  | 
| invalid_message | Raised if the incoming entry handle is invalid. | 
The function get_values_len() can only be called after the handle to an entry has been retrieved by a call to either first_entry() or next_entry().The name of the attribute may be known beforehand or can also be determined by a call to first_attribute() or next_attribute().This function can be used to retrieve both binary and non-binary attribute values.
DBMS_LDAP.first_entry(), DBMS_LDAP.next_entry(), DBMS_LDAP.count_values_len(), DBMS_LDAP.get_values().
The function delete_s() can be used to remove a leaf entry in the DIT.
FUNCTION delete_s (
ld IN SESSION, entrydn IN VARCHAR2
)
RETURN PLS_INTEGER;
Table 9-49 DELETE_S Function Parameters
| Parameter Name | Description | 
|---|---|
| ld | A valid LDAP session. | 
| entrydn | The X.500 distinguished name of the entry to delete. | 
Table 9-50 DELETE_S Function Return Values
| Value | Description | 
|---|---|
| PLS_INTEGER | 
 | 
Table 9-51 DELETE_S Function Exceptions
| Exception | Description | 
|---|---|
| invalid_session | Raised if the session handle  | 
| invalid_entry_dn | Raised if the distinguished name of the entry is invalid. | 
| general_error | For all other errors. The error string associated with this exception explains the error in detail. | 
The function delete_s() can be used to remove only leaf entries in the DIT. A leaf entry is an entry that does not have any entries under it. This function cannot be used to delete non-leaf entries.
DBMS_LDAP.modrdn2_s().
The function modrdn2_s() can be used to rename the relative distinguished name of an entry.
FUNCTION modrdn2_s (
ld IN SESSION, entrydn in VARCHAR2 newrdn in VARCHAR2 deleteoldrdn IN PLS_INTEGER
)
RETURN PLS_INTEGER;
Table 9-52 MODRDN2_S Function Parameters
| Parameter | Description | 
|---|---|
| ld | A valid LDAP session handle. | 
| entrydn | The distinguished name of the entry (This entry must be a leaf node in the DIT.). | 
| newrdn | The new relative distinguished name of the entry. | 
| deleteoldrdn | A boolean value that, if nonzero, indicates that the attribute values from the old name should be removed from the entry. | 
Table 9-53 MODRDN2_S Function Return Values
| Value | Description | 
|---|---|
| PLS_INTEGER | 
 | 
Table 9-54 MODRDN2_S Function Exceptions
| Exception | Description | 
|---|---|
| invalid_session | Raised if the session handle  | 
| invalid_entry_dn | Raised if the distinguished name of the entry is invalid. | 
| invalid_rdn | Invalid LDAP RDN. | 
| invalid_deleteoldrdn | Invalid LDAP deleteoldrdn. | 
| general_error | For all other errors. The error string associated with this exception explains the error in detail. | 
The function nodrdn2_s() can be used to rename the leaf nodes of a DIT. It simply changes the relative distinguished name by which they are known. The use of this function is being deprecated in the LDAP v3 standard. Please use rename_s(), which fulfills the same purpose.
DBMS_LDAP.rename_s().
The function err2string() can be used to convert an LDAP error code to a string in the local language in which the API is operating.
FUNCTION err2string (
ldap_err IN PLS_INTEGER
)
RETURN VARCHAR2;
Table 9-55 ERR2STRING Function Parameters
| Parameter | Description | 
|---|---|
| ldap_err | An error number returned from one of the API calls. | 
Table 9-56 ERR2STRING Function Return Values
| Value | Description | 
|---|---|
| VARCHAR2 | A character string translated to the local language. The string describes the error in detail. | 
err2string() raises no exceptions.
In this release, the exception handling mechanism automatically invokes this function if any of the API calls encounter an error.
The function create_mod_array() allocates memory for array modification entries that are applied to an entry using the modify_s() or add_s() functions.
FUNCTION create_mod_array (
num IN PLS_INTEGER
)
RETURN MOD_ARRAY;
Table 9-57 CREATE_MOD_ARRAY Function Parameters
| Parameter | Description | 
|---|---|
| num | The number of the attributes that you want to add or modify. | 
Table 9-58 CREATE_MOD_ARRAY Function Return Values
| Value | Description | 
|---|---|
| MOD_ARRAY | The data structure holds a pointer to an LDAP mod array. Returns  | 
create_mod_array() raises no exceptions.
This function is one of the preparation steps for DBMS_LDAP.add_s and DBMS_LDAP.modify_s. It calls DBMS_LDAP.free_mod_array to free memory after the calls to add_s or modify_s have completed.
DBMS_LDAP.populate_mod_array(), DBMS_LDAP.modify_s(), DBMS_LDAP.add_s(), and DBMS_LDAP.free_mod_array().
Populates one set of attribute information for add or modify operations.
PROCEDURE populate_mod_array (
modptr IN DBMS_LDAP.MOD_ARRAY, mod_op IN PLS_INTEGER, mod_type IN VARCHAR2, modval IN DBMS_LDAP.STRING_COLLECTION
);
Table 9-59 POPULATE_MOD_ARRAY (String Version) Procedure Parameters
| Parameter | Description | 
|---|---|
| modptr | The data structure holds a pointer to an LDAP mod array. | 
| mod_op | This field specifies the type of modification to perform,  | 
| mod_type | This field indicates the name of the attribute type to which the modification applies. | 
| modval | This field specifies the attribute values to add, delete, or replace. It is for string values only. | 
Table 9-60 POPULATE_MOD_ARRAY (String Version) Procedure Exceptions
| Exception | Description | 
|---|---|
| invalid_mod_array | Invalid LDAP mod array | 
| invalid_mod_option | Invalid LDAP mod option | 
| invalid_mod_type | Invalid LDAP mod type | 
| invalid_mod_value | Invalid LDAP mod value | 
This function is one of the preparation steps for DBMS_LDAP.add_s and DBMS_LDAP.modify_s. It has to happen after DBMS_LDAP.create_mod_array is called.
DBMS_LDAP.create_mod_array(), DBMS_LDAP.modify_s(), DBMS_LDAP.add_s(), and DBMS_LDAP.free_mod_array().
Populates one set of attribute information for add or modify operations. This procedure call occurs after DBMS_LDAP.create_mod_array() is called.
PROCEDURE populate_mod_array (
modptr IN DBMS_LDAP.MOD_ARRAY, mod_op IN PLS_INTEGER, mod_type IN VARCHAR2, modbval IN DBMS_LDAP.BERVAL_COLLECTION
);
Table 9-61 POPULATE_MOD_ARRAY (Binary Version) Procedure Parameters
| Parameter | Description | 
|---|---|
| modptr | This data structure holds a pointer to an LDAP mod array. | 
| mod_op | This field specifies the type of modification to perform,  | 
| mod_type | This field indicates the name of the attribute type to which the modification applies. | 
| modbval | This field specifies the attribute values to add, delete, or replace. It is for the binary values. | 
Table 9-62 POPULATE_MOD_ARRAY (Binary Version) Procedure Exceptions
| Exception | Description | 
|---|---|
| invalid_mod_array | Invalid LDAP mod array. | 
| invalid_mod_option | Invalid LDAP mod option. | 
| invalid_mod_type | Invalid LDAP mod type. | 
| invalid_mod_value | Invalid LDAP mod value. | 
This function is one of the preparation steps for DBMS_LDAP.add_s and DBMS_LDAP.modify_s. It is invoked after DBMS_LDAP.create_mod_array is called.
DBMS_LDAP.create_mod_array(), DBMS_LDAP.modify_s(), DBMS_LDAP.add_s(), and DBMS_LDAP.free_mod_array().
Populates one set of attribute information for add or modify operations. This procedure call occurs after DBMS_LDAP.create_mod_array() is called.
PROCEDURE populate_mod_array ( modptr IN DBMS_LDAP.MOD_ARRAY, mod_op IN PLS_INTEGER, mod_type IN VARCHAR2, modbval IN DBMS_LDAP.BLOB_COLLECTION );
Table 9-63 POPULATE_MOD_ARRAY (Binary) Parameters
| Parameter | Description | 
|---|---|
| modptr | This data structure holds a pointer to an LDAP mod array. | 
| mod_op | This field specifies the type of modification to perform,  | 
| mod_type | This field indicates the name of the attribute type to which the modification applies. | 
| modbval | This field specifies the binary attribute values to add, delete, or replace. | 
Table 9-64 POPULATE_MOD_ARRAY (Binary) Exceptions
| Exception | Description | 
|---|---|
| invalid_mod_array | Invalid LDAP mod array. | 
| invalid_mod_option | Invalid LDAP mod option. | 
| invalid_mod_type | Invalid LDAP mod type. | 
| invalid_mod_value | Invalid LDAP mod value. | 
This function is one of the preparation steps for DBMS_LDAP.add_s and DBMS_LDAP.modify_s. It is invoked after DBMS_LDAP.create_mod_array is called.
DBMS_LDAP.create_mod_array(), DBMS_LDAP.modify_s(), DBMS_LDAP.add_s(), and DBMS_LDAP.free_mod_array().
The function get_values_blob() can be used to retrieve larger values of attributes that have a binary syntax.
Syntax FUNCTION get_values_blob ( ld IN SESSION, ldapentry IN MESSAGE, attr IN VARCHAR2 ) RETURN BLOB_COLLECTION;
Table 9-65 GET_VALUES_BLOB Parameters
| Parameter | Description | 
|---|---|
| ld | A valid LDAP session handle. | 
| ldapentrymsg | A valid handle to an entry returned from a search result. | 
| attr | The string name of the attribute for which values are being sought. | 
Table 9-66 get_values_blob Return Values
| Value | Description | 
|---|---|
| BLOB_COLLECTION | A PL/SQL BLOB collection containing all the values of the given attribute. | 
| NULL | No values are associated with the given attribute. | 
Table 9-67 get_values_blob Exceptions
| Exception | Description | 
|---|---|
| invalid_session | Raised if the session handle  | 
| invalid message | Raised if the incoming entry handle is invalid. | 
The function get_values_blob() can only be called after the handle to an entry has been retrieved by a call to either first_entry() or next_entry(). The name of the attribute may be known beforehand or can also be determined by a call to first_attribute() or next_attribute(). This function can be used to retrieve both binary and nonbinary attribute values.
DBMS_LDAP.first_entry(), DBMS_LDAP.next_entry(), DBMS_LDAP.count_values_blob(), DBMS_LDAP.get_values().
Counts the number of values returned by DBMS_LDAP.get_values_blob().
FUNCTION count_values_blob ( values IN DBMS_LDAP.BLOB_COLLECTION ) RETURN PLS_INTEGER;
Table 9-68 COUNT_VALUES_BLOB Parameters
| Parameter | Description | 
|---|---|
| values | The collection of large binary values. | 
Table 9-69 COUNT_VALUES_BLOB Return Values
| Values | Description | 
|---|---|
| PLS_INTEGER | Indicates the success or failure of the operation. | 
The function count_values_blob() raises no exceptions.
DBMS_LDAP.count_values(), DBMS_LDAP.get_values_blob().
Frees the memory associated with BLOB_COLLECTION returned by DBMS_LDAP.get_values_blob().
PROCEDURE value_free_blob ( vals IN OUT DBMS_LDAP.BLOB_COLLECTION );
Table 9-70 VALUE_FREE_BLOB Parameters
| Parameter | Description | 
|---|---|
| vals | The collection of large binary values returned by  | 
value_free_blob() raises no exceptions.
DBMS_LDAP.get_values_blob().
Performs a synchronous modification of an existing LDAP directory entry.
FUNCTION modify_s (
ld IN DBMS_LDAP.SESSION, entrydn IN VARCHAR2, modptr IN DBMS_LDAP.MOD_ARRAY
)
RETURN PLS_INTEGER;
Table 9-71 MODIFY_S Function Parameters
| Parameter | Description | 
|---|---|
| ld | This parameter is a handle to an LDAP session returned by a successful call to  | 
| entrydn | This parameter specifies the name of the directory entry whose contents are to be modified. | 
| modptr | This parameter is the handle to an LDAP mod structure, as returned by successful call to  | 
Table 9-72 MODIFY_S Function Return Values
| Value | Description | 
|---|---|
| PLS_INTEGER | Indicates the success or failure of the modification operation. | 
Table 9-73 MODIFY_S Function Exceptions
| Exception | Description | 
|---|---|
| invalid_session | Invalid LDAP session. | 
| invalid_entry_dn | Invalid LDAP entry dn. | 
| invalid_mod_array | Invalid LDAP mod array. | 
This function call has to follow successful calls of DBMS_LDAP.create_mod_array() and DBMS_LDAP.populate_mod_array().
DBMS_LDAP.create_mod_array(),DBMS_LDAP.populate_mod_array(), DBMS_LDAP.add_s(), and DBMS_LDAP.free_mod_array().
Adds a new entry to the LDAP directory synchronously. Before calling add_s, DBMS_LDAP.create_mod_array() and DBMS_LDAP.populate_mod_array() must be called.
FUNCTION add_s (
ld IN DBMS_LDAP.SESSION, entrydn IN VARCHAR2, modptr IN DBMS_LDAP.MOD_ARRAY
)
RETURN PLS_INTEGER;
Table 9-74 ADD_S Function Parameters
| Parameter | Description | 
|---|---|
| ld | This parameter is a handle to an LDAP session, as returned by a successful call to  | 
| entrydn | This parameter specifies the name of the directory entry to be created. | 
| modptr | This parameter is the handle to an LDAP mod structure, as returned by successful call to  | 
Table 9-75 ADD_S Function Return Values
| Value | Description | 
|---|---|
| PLS_INTEGER | Indicates the success or failure of the modification operation. | 
Table 9-76 ADD_S Function Exceptions
| Exception | Description | 
|---|---|
| invalid_session | Invalid LDAP session. | 
| invalid_entry_dn | Invalid LDAP entry dn. | 
| invalid_mod_array | Invalid LDAP mod array. | 
The parent entry of the entry to be added must already exist in the directory. This function call has to follow successful calls to DBMS_LDAP.create_mod_array() and DBMS_LDAP.populate_mod_array().
DBMS_LDAP.create_mod_array(), DBMS_LDAP.populate_mod_array(), DBMS_LDAP.modify_s(), and DBMS_LDAP.free_mod_array().
Frees the memory allocated by DBMS_LDAP.create_mod_array().
PROCEDURE free_mod_array (
modptr IN DBMS_LDAP.MOD_ARRAY
);
Table 9-77 FREE_MOD_ARRAY Procedure Parameters
| Parameter | Description | 
|---|---|
| modptr | This parameter is the handle to an LDAP mod structure returned by a successful call to  | 
free_mod_array raises no exceptions.
DBMS_LDAP.populate_mod_array(), DBMS_LDAP.modify_s(), DBMS_LDAP.add_s(), and DBMS_LDAP.create_mod_array().
Counts the number of values returned by DBMS_LDAP.get_values().
FUNCTION count_values (
values IN DBMS_LDAP.STRING_COLLECTION
)
RETURN PLS_INTEGER;
Table 9-78 COUNT_VALUES Function Parameters
| Parameter | Description | 
|---|---|
| values | The collection of string values. | 
Table 9-79 COUNT_VALUES Function Return Values
| Value | Description | 
|---|---|
| PLS_INTEGER | Indicates the success or failure of the operation. | 
count_values raises no exceptions.
DBMS_LDAP.count_values_len(), DBMS_LDAP.get_values().
Counts the number of values returned by DBMS_LDAP.get_values_len().
FUNCTION count_values_len (
values IN DBMS_LDAP.BINVAL_COLLECTION
)
RETURN PLS_INTEGER;
Table 9-80 COUNT_VALUES_LEN Function Parameters
| Parameter | Description | 
|---|---|
| values | The collection of binary values. | 
Table 9-81 COUNT_VALUES_LEN Function Return Values
| Value | Description | 
|---|---|
| PLS_INTEGER | Indicates the success or failure of the operation. | 
count_values_len raises no exceptions.
DBMS_LDAP.count_values(), DBMS_LDAP.get_values_len().
Renames an LDAP entry synchronously.
FUNCTION rename_s (
ld IN SESSION, dn IN VARCHAR2, newrdn IN VARCHAR2, newparent IN VARCHAR2, deleteoldrdn IN PLS_INTEGER, serverctrls IN LDAPCONTROL, clientctrls IN LDAPCONTROL
)
RETURN PLS_INTEGER;
Table 9-82 RENAME_S Function Parameters
| Parameter | Description | 
|---|---|
| ld | This parameter is a handle to an LDAP session returned by a successful call to  | 
| dn | This parameter specifies the name of the directory entry to be renamed or moved. | 
| newrdn | This parameter specifies the new RDN. | 
| newparent | This parameter specifies the DN of the new parent. | 
| deleteoldrdn | This parameter specifies whether the old RDN should be retained. If this value is  | 
| serverctrls | Currently not supported. | 
| clientctrls | Currently not supported. | 
Table 9-83 RENAME_S Function Return Values
| Value | Description | 
|---|---|
| PLS_INTEGER | The indication of the success or failure of the operation. | 
Table 9-84 RENAME_S Function Exceptions
| Exception | Description | 
|---|---|
| invalid_session | Invalid LDAP Session. | 
| invalid_entry_dn | Invalid LDAP DN. | 
| invalid_rdn | Invalid LDAP RDN. | 
| invalid_newparent | Invalid LDAP newparent. | 
| invalid_deleteoldrdn | Invalid LDAP deleteoldrdn. | 
DBMS_LDAP.modrdn2_s().
Breaks a DN up into its components.
FUNCTION explode_dn (
dn IN VARCHAR2, notypes IN PLS_INTEGER
)
RETURN STRING_COLLECTION;
Table 9-85 EXPLODE_DN Function Parameters
| Parameter | Description | 
|---|---|
| dn | This parameter specifies the name of the directory entry to be broken up. | 
| notypes | This parameter specifies whether the attribute tags are returned. If this value is not  | 
Table 9-86 EXPLODE_DN Function Return Values
| Value | Description | 
|---|---|
| STRING_COLLECTION | An array of strings. If the DN cannot be broken up,  | 
Table 9-87 EXPLODE_DN Function Exceptions
| Exception | Description | 
|---|---|
| invalid_entry_dn | Invalid LDAP DN. | 
| invalid_notypes | Invalid LDAP notypes value. | 
DBMS_LDAP.get_dn().
Establishes an SSL (Secure Sockets Layer) connection over an existing LDAP connection.
FUNCTION open_ssl (
ld IN SESSION, sslwrl IN VARCHAR2, sslwalletpasswd IN VARCHAR2, sslauth IN PLS_INTEGER
)
RETURN PLS_INTEGER;
Table 9-88 OPEN_SSL Function Parameters
| Parameter | Description | 
|---|---|
| ld | This parameter is a handle to an LDAP session that is returned by a successful call to  | 
| sslwrl | This parameter specifies the wallet location. The format is  | 
| sslwalletpasswd | This parameter specifies the wallet password. Required for one-way or two-way SSL connections. | 
| sslauth | This parameter specifies the SSL Authentication Mode. ( | 
Table 9-89 OPEN_SSL Function Return Values
| Value | Description | 
|---|---|
| PLS_INTEGER | Indicates the success or failure of the operation. | 
Table 9-90 OPEN_SSL Function Exceptions
| Exception | Description | 
|---|---|
| invalid_session | Invalid LDAP Session. | 
| invalid_ssl_wallet_loc | Invalid LDAP SSL wallet location. | 
| invalid_ssl_wallet_passwd | Invalid LDAP SSL wallet password. | 
| invalid_ssl_auth_mode | Invalid LDAP SSL authentication mode. | 
Need to call DBMS_LDAP.init() first to acquire a valid ldap session.
DBMS_LDAP.init().
This function frees the chain of messages associated with the message handle returned by synchronous search functions.
FUNCTION msgfree (
res IN MESSAGE
)
RETURN PLS_INTEGER;
Table 9-91 MSGFREE Function Parameters
| Parameter | Description | 
|---|---|
| res | The message handle obtained by a call to one of the synchronous search routines. | 
Table 9-92 MSGFREE Return Values
| Value | Description | 
|---|---|
| PLS_INTEGER | Indicates the type of the last message in the chain. The function might return any of the following values: 
 | 
msgfree raises no exceptions.
DBMS_LDAP.search_s(), DBMS_LDAP.search_st().
This function frees the memory associated with a handle to BER ELEMENT.
FUNCTION ber_free (
ber_elem IN BER_ELEMENT, freebuf IN PLS_INTEGER
)
Table 9-93 BER_FREE Function Parameters
| Parameter | Description | 
|---|---|
| ber_elem | A handle to  | 
| freebuf | The value of this flag should be  The default value of this parameter is zero. | 
ber_free returns no values.
ber_free raises no exceptions.
DBMS_LDAP.first_attribute(),DBMS_LDAP.next_attribute().
The nls_convert_to_utf8() function converts the input string containing database character set data to UTF-8 character set data and returns it.
Function nls_convert_to_utf8
(
        data_local IN VARCHAR2
)
        RETURN VARCHAR2;
Table 9-94 Parameters for nls_convert_to_utf8
| Parameter | Description | 
|---|---|
| data_local | Contains the database character set data. | 
Table 9-95 Return Values for nls_convert_to_utf8
| Value | Description | 
|---|---|
| VARCHAR2 | UTF-8 character set data string. | 
The functions in DBMS_LDAP package expect the input data to be UTF-8 character set data if the UTF8_CONVERSION package variable is set to FALSE. The nls_convert_to_utf8() function converts database character set data to UTF-8 character set data.
If the UTF8_CONVERSION package variable of the DBMS_LDAP package is set to TRUE, functions in the DBMS_LDAP package expect input data to be database character set data.
DBMS_LDAP.nls_convert_from_utf8(), DBMS_LDAP.nls_get_dbcharset_name().
The nls_convert_to_utf8() function converts the input string collection containing database character set data to UTF-8 character set data. It then returns the converted data.
Function nls_convert_to_utf8
(
        data_local IN STRING_COLLECTION
)
        RETURN STRING_COLLECTION;
Table 9-96 Parameters for nls_convert_to_utf8
| Parameter | Description | 
|---|---|
| data_local | Collection of strings containing database character set data. | 
Table 9-97 Return Values for nls_convert_to_utf8
| Value | Description | 
|---|---|
| STRING_COLLECTION | Collection of strings containing UTF-8 character set data. | 
The functions in the DBMS_LDAP package expect the input data to be in the UTF-8 character set if the UTF8_CONVERSION package variable is set to FALSE. The nls_convert_to_utf8() function converts the input data from the database character set to the UTF-8 character set.
If the UTF8_CONVERSION package variable of the DBMS_LDAP package is set to TRUE, functions in the DBMS_LDAP package expect the input data to be in the database character set.
DBMS_LDAP.nls_convert_from_utf8(), DBMS_LDAP.nls_get_dbcharset_name().
The nls_convert_from_utf8() function converts the input string containing UTF-8 character set to database character set data. It then returns this data.
Function nls_convert_from_utf8
(
        data_utf8 IN VARCHAR2
)
        RETURN VARCHAR2;
Table 9-98 Parameter for nls_convert_from_utf8
| Parameter | Description | 
|---|---|
| data_utf8 | Contains UTF-8 character set data. | 
Table 9-99 Return Value for nls_convert_from_utf8
| Value | Description | 
|---|---|
| VARCHAR2 | Data string in the database character set. | 
The functions in the DBMS_LDAP package return UTF-8 character set data if the UTF8_CONVERSION package variable is set to FALSE. The nls_convert_from_utf8() function converts the output data from the UTF-8 character set to the database character set.
If the UTF8_CONVERSION package variable of the DBMS_LDAP package is set to TRUE, functions in the DBMS_LDAP package return database character set data.
DBMS_LDAP.nls_convert_to_utf8(), DBMS_LDAP.nls_get_dbcharset_name().
The nls_convert_from_utf8() function converts the input string collection containing UTF-8 character set data to database character set data. It then returns this data.
Function nls_convert_from_utf8
(
        data_utf8 IN STRING_COLLECTION
)
        RETURN STRING_COLLECTION;
Table 9-100 Parameter for nls_convert_from_utf8
| Parameter | Description | 
|---|---|
| data_utf8 | Collection of strings containing UTF-8 character set data. | 
Table 9-101 Return Value for nls_convert_from_utf8
| Value | Description | 
|---|---|
| VARCHAR2 | Collection of strings containing database character set data. | 
The functions in the DBMS_LDAP package return UTF-8 character set data if the UTF8_CONVERSION package variable is set to FALSE. nls_convert_from_utf8() converts the output data from the UTF-8 character set to the database character set. If the UTF8_CONVERSION package variable of the DBMS_LDAP package is set to TRUE, functions in the DBMS_LDAP package return database character set data.
DBMS_LDAP.nls_convert_to_utf8(), DBMS_LDAP.nls_get_dbcharset_name().
The nls_get_dbcharset_name() function returns a string containing the database character set name.
Function nls_get_dbcharset_name
        RETURN VARCHAR2;
None.
Table 9-102 Return Value for nls_get_dbcharset_name
| Value | Description | 
|---|---|
| VARCHAR2 | String containing the database character set name. | 
DBMS_LDAP.nls_convert_to_utf8(), DBMS_LDAP.nls_convert_from_utf8().