Components All New MacOS Windows Linux iOS
Examples Mac & Win Server Client Guides Statistic FMM Blog Deprecated Old

LDAP.ModifyJSON

Changes an existing entry.

Component Version macOS Windows Linux Server iOS SDK
LDAP JSON 8.0 ✅ Yes ✅ Yes ✅ Yes ✅ Yes ❌ No
MBS( "LDAP.ModifyJSON"; LDAPRef; dn; JSON )   More

Parameters

Parameter Description Example
LDAPRef The reference number for the LDAP connection. $ldap
dn The name of the entry to add.
JSON The JSON to parse.
Must be a JSON array with entries. Each entry has an element operation with Add, Replace, Delete or Increment. Also a node with name "type" and the type to set. Than you can pass with value a single value or with values a list of values.

Result

Returns OK or error.

Description

Changes an existing entry.
If values are being added to or replaced in the entry, the function creates the attribute, if necessary. If values are being deleted, the function removes the attribute if no values remain.

Sample JSON for structure:

[{
    "operation": "Add",
    "type": "xxx",
    "values": ["Hello", "World"]
},
{
    "operation": "Replace",
    "type": "yyy",
    "value": "Other"
},
{
    "operation": "Delete",
    "type": "zzz"
}]

The operation entry in JSON can be Delete, Replace or Add to specify what to do. Type (or name) defines which value to change and value provides the new value, which can be an array or text.

Version 10.1 or newer accepts name instead of type for the key to match the search results.

Version 10.3 adds new boolean fields "hex" and "base64". If true, we decode value from hex/base64 encoding and pass them as binary values:

[{
"operation": "Replace",
"type": "unicodePwd",
"Hex": true,
"value": "2200570065006C0063006F006D00650032002200" // Welcome2 in 16 bit unicode as hex
}]

Examples

Change a value:

# Build the JSON for the modify
Set Variable [ $name ; Value: "John" ]
#
Set Variable [ $json ; Value: "[{   \"operation\": \"Replace\",   \"name\": \"fn\",   \"value\": \"\" }]" ]
Set Variable [ $json ; Value: JSONSetElement ( $json ; "[0].value" ; "John"; JSONString) ]
#
# Attempt to modify the groupDN record
Set Variable [ $result ; Value: MBS( "LDAP.ModifyJSON" ; $ldap ; $personDN ; $json ) ]
If [ MBS( "IsError" ) ]
    Show Custom Dialog [ "LDAP Error" ; "Failed to modify." & ¶ & $result ]
End If
Set Variable [ $releaseResult ; Value: MBS("LDAP.Release"; $ldap) ]

Example script to create an user:

# ========================================
# Purpose:
# If the user is not present in AD, create a new user in Pre-handover OU and add the groups defined in DySIS
# Returns:
# 0 for success
# Errot text if unsuccessful
# Parameters:
# $serverName
# $userName
# $userDomain
# $userEmail
# $fullName
# $surname
# $givenName
# $userOU
# $groups (base names only, excluding domain names)
# $userPassword
# Called from:
# (script) Create AD User account
# Author:
# John Munro (HJM) from Deutsche Schule Tokyo Yokohama
# Notes:
# none
# History:
# 2020-06-30 HJM - created
# 2020-09-10 HJM - modified to add parameter $userOU
# 2020-12-18 HJM - modified PasswordSet to use external subroutine rather than local code
# 2021-05-20 HJM - Replaced bind code with call to LDAPServerBind (including added parameter $serverDomain to all calls)
# ========================================
#
Set Variable [ $! ; Value: #Assign ( Get ( ScriptParameter ) ) ]
#
# ===============================================================================================
# If debugging these parameters will be empty so fill with test data
If [ $serverName = "" ]
    Set Variable [ $serverName ; Value: "sys-dc1" ]
End If
If [ $serverName = "" ]
    Set Variable [ $serverDomain ; Value: "dsty.ac.jp" ]
End If
If [ $userName = "" ]
    Set Variable [ $userName ; Value: "DySIStestUser" ]
End If
If [ $userDomain = "" ]
    Set Variable [ $userDomain ; Value: "dsty.ac.jp" ]
End If
If [ $userEmail = "" ]
    Set Variable [ $userEmail ; Value: "dysistestUser@dsty.test" ]
End If
If [ $userPassword = "" ]
    Set Variable [ $userPassword ; Value: "Welcome2" ]
End If
If [ $fullName = "" ]
    Set Variable [ $fullName ; Value: "DySIS testUser" ]
End If
If [ $surname = "" ]
    Set Variable [ $surname ; Value: "testUser" ]
End If
If [ $givenName = "" ]
    Set Variable [ $givenName ; Value: "DySIStest" ]
End If
If [ $userOU = "" ]
    Set Variable [ $userOU ; Value: "OU=Pre-handover,OU=DSTY Groups,DC=dsty,DC=ac,DC=jp" ]
End If
# Note $groups as an empty set is a valid condition so this should NOT be filled if empty
#
#
# Bind to LDAP
Perform Script [ Specified: From list ; “LDAPServerBind” ; Parameter: # ( "serverName" ; $serverName ) & # ( "serverDomain" ; $serverDomain ) ]
# Returns $error,$resultText, $ldap
#
Set Variable [ $! ; Value: #Assign ( Get ( ScriptResult ) ) ]
If [ $error <> 0 ]
    Go to Layout [ original layout ; Animation: None ]
    Show Custom Dialog [ "LDAP error" ; $resultText ]
    Exit Script [ Text Result: # ( "error" ; $error ) & # ( "resultText" ; "LDAP error: " & $resultText ) ]
End If
#
#
# Sanity check: Ensure that user is not already present in AD
#
Set Variable [ $LDAPFilter ; Value: "(sAMAccountName=" & $userName & ")" ]
Set Variable [ $result ; Value: MBS ( "LDAP.Search" ; $ldap ; $searchBase ; "subtree" ; $LDAPFilter ; "" ; 0 ; 20 ; 9999 ) ]
#
Set Variable [ $entryCount ; Value: MBS("LDAP.SearchResult.Count"; $ldap) ]
If [ $entryCount > 0 ]
    # The username is already present in AD so exit with error
    Set Variable [ $errorText ; Value: "The sAMAccountName is already present in AD: \" & $userName" ]
    Show Custom Dialog [ "LDAP Error" ; $errorText ]
    # Cleanup
    Set Variable [ $releaseResult ; Value: MBS("LDAP.Release"; $ldap) ]
    Exit Script [ Text Result: "LDAP error. " & $errorText ]
End If
#
# Sanity check: Ensure the DN is not already present in AD
#
Set Variable [ $personDN ; Value: "CN=" & $fullName & "," & $userOU ]
Set Variable [ $LDAPFilter ; Value: "" ]
Set Variable [ $result ; Value: MBS ( "LDAP.Search" ; $ldap ; $personDN ; "base" ; $LDAPFilter ; "" ; 0 ; 4 ; 1 ) ]
#
Set Variable [ $entryCount ; Value: MBS("LDAP.SearchResult.Count"; $ldap) ]
If [ $entryCount > 0 ]
    # The username is already present in AD so exit with error
    Set Variable [ $errorText ; Value: "The DN is already present in AD: " & $personDN ]
    Show Custom Dialog [ "LDAP Error" ; $errorText ]
    # Cleanup
    Set Variable [ $releaseResult ; Value: MBS("LDAP.Release"; $ldap) ]
    Exit Script [ Text Result: "LDAP error. " & $errorText ]
End If
#
#
# ===============================================================================================
# User is confirmed not present in AD so proceed to create it
# Build the JSON for the Add
#
# AD attributes
Set Variable [ $objectClass ; Value: "{ \"operation\": \"Add\", \"name\": \"objectClass\", \"values\": [ \"top\", \"person\", \"organizationalPerson\", \"user\" ] }" ]
Set Variable [ $sAMAccountName ; Value: "{ \"operation\": \"Add\", \"name\": \"sAMAccountName\", \"value\": \"" & $userName & "\" }" ]
Set Variable [ $userPrincipalName ; Value: "{ \"operation\": \"Add\", \"name\": \"userPrincipalName\", \"value\": \"" & $userName & "@" & $userDomain & "\" }" ]
Set Variable [ $userAccountControl ; Value: "{ \"operation\": \"Add\", \"name\": \"userAccountControl\", \"value\": \"" & 544 & "\" }" //NB: 544 is [ NoPasswordRequired, NormalAccount ] ]
Set Variable [ $cn ; Value: "{ \"operation\": \"Add\", \"name\": \"cn\", \"value\": \"" & $fullName & "\" }" ]
Set Variable [ $displayName ; Value: "{ \"operation\": \"Add\", \"name\": \"displayName\", \"value\": \"" & $fullName & "\" }" ]
Set Variable [ $sn ; Value: "{ \"operation\": \"Add\", \"name\": \"sn\", \"value\": \"" & $surname & "\" }" ]
Set Variable [ $givenName ; Value: "{ \"operation\": \"Add\", \"name\": \"givenName\", \"value\": \"" & $givenName & "\" }" ]
Set Variable [ $mail ; Value: "{ \"operation\": \"Add\", \"name\": \"mail\", \"value\": \"" & $userEmail & "\" }" ]
#
# Add the JSON components together
Set Variable [ $json ; Value: "[" & $objectClass & "," & $sAMAccountName & "," & $userPrincipalName & "," & $userAccountControl & "," & $cn & "," & $displayName & "," & $sn & "," & $givenName & "," & $mail & "]" ]
#
# Attempt to add the personDN record to the default OU
Set Variable [ $result ; Value: MBS( "LDAP.AddJSON" ; $ldap ; $personDN ; $json ) ]
If [ MBS( "IsError" ) ]
    Set Variable [ $errorText ; Value: "Failed to add user." & ¶ & $result & ¶ & $json ]
    Show Custom Dialog [ "LDAP Error" ; $errorText ]
    # Cleanup
    Set Variable [ $releaseResult ; Value: MBS("LDAP.Release"; $ldap) ]
    Exit Script [ Text Result: "LDAP error. " & $errorText ]
End If
#
# ===============================================================================================
# Set the password
#
Perform Script [ Specified: From list ; “Set AD Password (worker)” ; Parameter: # ( "serverName" ; $serverName ) & # ( "serverDomain" ; $serverDomain ) & # ( "personDN" ; $personDN ) & # ( "userPassword" ; $userPassword ) ]
#
Set Variable [ $result ; Value: Get ( ScriptResult ) ]
If [ $result <> 0 ]
    Show Custom Dialog [ "Error setting the password" ; $result ]
    # Exit with failure
    Exit Script [ Text Result: "Error setting the password:¶" & $result ]
End If
#
#
# ===============================================================================================
# Set the userAccountControl to NormalAccount (512)
# Prior to setting the password, the account has a password not required attribute
#
# Build the JSON for the modify
Set Variable [ $json ; Value: "[{ \"operation\": \"Replace\", \"name\": \"userAccountControl\", \"value\": \"512\" }]" ]
#
# Attempt to modify the groupDN record
Set Variable [ $result ; Value: MBS( "LDAP.ModifyJSON" ; $ldap ; $personDN ; $json ) ]
If [ MBS( "IsError" ) ]
    Set Variable [ $errorText ; Value: "Failed to set account to 'Normal account (type 512)'." & ¶ & $result & ¶ & $json ]
    Show Custom Dialog [ "LDAP Error" ; $errorText ]
    # Cleanup
    Set Variable [ $releaseResult ; Value: MBS("LDAP.Release"; $ldap) ]
    Exit Script [ Text Result: "LDAP error. " & $errorText ]
End If
#
#
# Cleanup
Set Variable [ $releaseResult ; Value: MBS("LDAP.Release"; $ldap) ]
#
#
# ===============================================================================================
# Add the person to all the groups passed in $groups
#
Set Variable [ $groupDomain ; Value: $userDomain ]
#
Set Variable [ $groupIndex ; Value: 1 ]
Set Variable [ $groupCount ; Value: ValueCount ( $groups ) ]
If [ $groupCount > 0 ]
    #
    Loop
        Set Variable [ $groupName ; Value: GetValue ( $groups ; $groupIndex ) ]
        #
        If [ $groupName <> "" ]
            #
            # This worker script is already running on the server so do not nest it to a sub server script as this does not make sense nor work.
            Perform Script [ Specified: From list ; “Set AD Group (worker)” ; Parameter: # ( "serverName" ; $serverName ) & # ( "serverDomain" ; $serverDomain ) & # ( "operation" ; "Add" ) & # ( "personDN" ; $personDN ) & # ( "groupName" ; $groupName ) & # ( "groupDomain" ; $groupDomain ) ]
            #
            Set Variable [ $result ; Value: Get ( ScriptResult ) ]
            If [ $result <> 0 ]
                Show Custom Dialog [ "Add group error" ; $result ]
                Exit Script [ Text Result: $result ]
            End If
        End If
    #
    Set Variable [ $groupIndex ; Value: $groupIndex + 1 ]
    Exit Loop If [ $groupIndex > $groupCount ]
    #
    End Loop
End If
#
# Exit with a success result
Exit Script [ Text Result: 0 ]

Example script to change password for an user:

# ========================================
# Purpose:
# Assigns the Password of a single AD user
# Returns:
# 0 for success
# Error text if unsuccessful
# Parameters:
# $serverName
# $serverDomain
# $personDN
# $userPassword (the password to assign to the personDN)
# Called from:
# (script) "Set AD Password"
# Author:
# John Munro (HJM) from Deutsche Schule Tokyo Yokohama
# Notes:
# none
# History:
# 2020-07-10 HJM - created
# 2021-05-20 HJM - Replaced bind code with call to LDAPServerBind (including added parameter $serverDomain to all calls)
# ========================================
#
Set Variable [ $! ; Value: #Assign ( Get ( ScriptParameter ) ) ]
#
# The branch in LDAP containing all active entries
Set Variable [ $searchBase ; Value: "ou=DSTY Groups,dc=dsty,dc=ac,dc=jp" ]
#
Set Error Capture [ On ]
#
# If debugging these parameters will be empty so fill with test data
If [ $serverName = "" ]
    Set Variable [ $serverName ; Value: "sys-dc1" ]
End If
If [ $serverName = "" ]
    Set Variable [ $serverDomain ; Value: "dsty.ac.jp" ]
End If
If [ $personDN = "" ]
    Set Variable [ $personDN ; Value: "CN=DySIS testUser,OU=VerwaltungOU,OU=DSTY Groups,DC=dsty,DC=ac,DC=jp" ]
End If
If [ $userPassword = "" ]
    Set Variable [ $userPassword ; Value: "Welcome" ]
End If
#
# Bind to LDAP
Perform Script [ Specified: From list ; “LDAPServerBind” ; Parameter: # ( "serverName" ; $serverName ) & # ( "serverDomain" ; $serverDomain ) ]
# Returns $error,$resultText, $ldap
#
Set Variable [ $! ; Value: #Assign ( Get ( ScriptResult ) ) ]
If [ $error <> 0 ]
    Go to Layout [ original layout ; Animation: None ]
    Show Custom Dialog [ "LDAP error" ; $resultText ]
    Exit Script [ Text Result: # ( "error" ; $error ) & # ( "resultText" ; "LDAP error: " & $resultText ) ]
End If
#
#
# Check the personDN is valid and update the dn to contain the targetOU
Set Variable [ $LDAPFilter ; Value: "" ]
Set Variable [ $result ; Value: MBS ( "LDAP.Search" ; $ldap ; $personDN ; "base" ; $LDAPFilter ; "" ; 0 ; 4 ; 1 ) ]
If [ MBS( "IsError" ) ]
    Set Variable [ $errorText ; Value: "Failed to locate the personDN." & ¶ & $personDN & ¶ & $result ]
    Show Custom Dialog [ "LDAP Error" ; $errorText ]
    # Cleanup
    Set Variable [ $releaseResult ; Value: MBS("LDAP.Release"; $ldap) ]
    Exit Script [ Text Result: "LDAP error. " & $errorText ]
End If
#
Set Variable [ $foundDN ; Value: MBS("LDAP.SearchResult.DistinguishedName"; $ldap; 0 ) ]
If [ $foundDN <> $personDN ]
    Set Variable [ $errorText ; Value: "The found record DN did not match personDN." & ¶ & "Found: " & $foundDN & ¶ & "PersonDN: " & $personDN & ¶ & $result ]
    Show Custom Dialog [ "LDAP Error" ; $errorText ]
    # Cleanup
    Set Variable [ $releaseResult ; Value: MBS("LDAP.Release"; $ldap) ]
    Exit Script [ Text Result: "LDAP error. " & $errorText ]
End If
#
# ===============================================================================================
# Set the password
#
# Add double quotes to the password passed as a parameter
Set Variable [ $encodedPW ; Value: "\"" & $userPassword & "\"" ]
# Change to 8 bit hex
Set Variable [ $encodedPW ; Value: HexEncode ( $encodedPW ) ]
# Change 8 bit hex to 16 bit hex
Set Variable [ $encodedPW ; Value: Hex8to16LE ( $encodedPW ) ]
#
# Build the JSON for the modify
Set Variable [ $json ; Value: "[{ \"operation\": \"Replace\", \"name\": \"unicodePwd\", \"hex\": true, \"value\": \"" & $encodedPW & "\" }]" ]
#
# Attempt to modify the password via the unicode attribute
Set Variable [ $result ; Value: MBS( "LDAP.ModifyJSON" ; $ldap ; $personDN ; $json ) ]
If [ MBS( "IsError" ) ]
    Set Variable [ $errorText ; Value: "Failed to set the password." & ¶ & $result & ¶ & $json ]
    Show Custom Dialog [ "LDAP Error" ; $errorText ]
    # Cleanup
    Set Variable [ $releaseResult ; Value: MBS("LDAP.Release"; $ldap) ]
    Exit Script [ Text Result: "LDAP error. " & $errorText ]
End If
#
#
# ===============================================================================================
# Require the password to be changed on the next login
#
Set Variable [ $pwdLastSet ; Value: "{ \"operation\": \"Replace\", \"name\": \"pwdLastSet\", \"value\": \"0\" }" ]
#
# Build the JSON for the modify
Set Variable [ $json ; Value: "[" & $pwdLastSet & "]" ]
#
# Attempt to modify the password via the unicode attribute
Set Variable [ $result ; Value: MBS( "LDAP.ModifyJSON" ; $ldap ; $personDN ; $json ) ]
If [ MBS( "IsError" ) ]
    Set Variable [ $errorText ; Value: "Failed to set 'User must change password at next logon'." & ¶ & $result & ¶ & $json ]
    Show Custom Dialog [ "LDAP Error" ; $errorText ]
    # Cleanup
    Set Variable [ $releaseResult ; Value: MBS("LDAP.Release"; $ldap) ]
    Exit Script [ Text Result: "LDAP error. " & $errorText ]
End If
#
#
# Cleanup
Set Variable [ $releaseResult ; Value: MBS("LDAP.Release"; $ldap) ]
Go to Layout [ original layout ; Animation: None ]
#
# Return error free result
Exit Script [ Text Result: 0 ]

Example script to set group for user:

# ========================================
# Purpose:
# Adds or removes membership in a AD Group of a single AD user
# Returns:
# $error = Error code if unsuccessful
# $error = 0 for success
# $resultText = Text summary of the success or error
# Parameters:
# $serverName
# $serverDomain
# $operation (ADD, DELETE)
# $personDN
# $groupName (base name only, excluding domain name)
# $groupDomain
# Called from:
# (script) "Toggle AD Group"
# Author:
# John Munro (HJM) from Deutsche Schule Tokyo Yokohama
# Notes:
# none
# History:
# 2020-06-19 HJM - created
# 2021-05-20 HJM - Replaced bind code with call to LDAPServerBind (including added parameter $serverDomain to all calls)
# 2021-05-21 HJM - modified result returned to be in #Assign variable method
# ========================================
#
Set Variable [ $! ; Value: #Assign ( Get ( ScriptParameter ) ) ]
#
# The branch in LDAP containing all active entries
Set Variable [ $searchBase ; Value: "dc=dsty,dc=ac,dc=jp" ]
#
Set Error Capture [ On ]
#
# If debugging these parameters will be empty so fill with test data
If [ $serverName = "" ]
    Set Variable [ $serverName ; Value: "sys-dc1" ]
End If
If [ $serverName = "" ]
    Set Variable [ $serverDomain ; Value: "dsty.ac.jp" ]
End If
If [ $operation = "" ]
    Set Variable [ $operation ; Value: "Add" ]
End If
If [ $personDN = "" ]
    Set Variable [ $personDN ; Value: "CN=John Munro,OU=SysAdmins,OU=VerwaltungOU,OU=DSTY Groups,DC=dsty,DC=ac,DC=jp" ]
End If
If [ $groupName = "" ]
    Set Variable [ $groupName ; Value: "IT-Admin-Staff" ]
End If
If [ $groupDomain = "" ]
    Set Variable [ $groupDomain ; Value: "dsty.ac.jp" ]
End If
#
#
# Bind to LDAP
Perform Script [ Specified: From list ; “LDAPServerBind” ; Parameter: # ( "serverName" ; $serverName ) & # ( "serverDomain" ; $serverDomain ) ]
# Returns $error,$resultText, $ldap
#
Set Variable [ $! ; Value: #Assign ( Get ( ScriptResult ) ) ]
If [ $error <> 0 ]
    Go to Layout [ original layout ; Animation: None ]
    Show Custom Dialog [ "LDAP error" ; $resultText ]
    Exit Script [ Text Result: # ( "error" ; $error ) & # ( "resultText" ; $resultText ) ]
End If
#
# Retreive the groupDN from the $groupName
Set Variable [ $LDAPFilter ; Value: "(&(objectClass=group)(sAMAccountName=" & $groupName & "))" ]
Set Variable [ $result ; Value: MBS ( "LDAP.Search" ; $ldap ; $searchBase ; "subtree" ; $LDAPFilter ; "" ; 0 ; 4 ; 99 ) ]
Set Variable [ $entryCount ; Value: MBS("LDAP.SearchResult.Count"; $ldap) ]
If [ $entryCount > 1 ]
    #
    # More than one group with the given name exists, there should only be one.
    Set Variable [ $error ; Value: 1 ]
    Set Variable [ $errorText ; Value: "More than 1 group found containing the name:" & ¶ & $groupName ]
    Show Custom Dialog [ "LDAP Error" ; $errorText ]
    # Cleanup
    Set Variable [ $releaseResult ; Value: MBS("LDAP.Release"; $ldap) ]
    Exit Script [ Text Result: # ( "error" ; $error ) & # ( "resultText" ; $errorText ) ]
    #
Else If [ $entryCount = 0 ]
    #
    # No such group found so create it
    #
    Set Variable [ $resultText ; Value: "No AD group found containing the name:" & ¶ & $groupName & ¶ & "OK to created it?" ]
    Show Custom Dialog [ "LDAP Warning" ; $resultText ]
    #
    If [ Get ( LastMessageChoice ) = 1 or PatternCount ( Get ( ApplicationVersion ) ; "Server" ) //script is running on server so create the group by default ]
        #
        # Create the new group
        Perform Script [ Specified: From list ; “Create AD Group (worker)” ; Parameter: # ( "serverName" ; $serverName ) & # ( "serverDomain" ; $serverDomain ) & # ( "baseOU" ; $searchBase ) & # ( "groupName" ; $groupName ) & # ( "groupDomain" ; $groupDomain ) ]
        #
        Set Variable [ $! ; Value: #Assign ( Get ( ScriptResult ) ) ]
        If [ $error <> 0 ]
            Show Custom Dialog [ "LDAP error" ; $resultText ]
            Set Variable [ $releaseResult ; Value: MBS("LDAP.Release"; $ldap) ]
            Go to Layout [ original layout ; Animation: None ]
            Exit Script [ Text Result: # ( "error" ; $error ) & # ( "resultText" ; "LDAP error: " & $resultText ) ]
        End If
        #
        Set Variable [ $warning ; Value: "New AD group: " & $groupName & " created at: " & $groupDN ]
        Set Variable [ $LDAPFilter ; Value: "(&(objectClass=group)(sAMAccountName=" & $groupName & "))" ]
        Set Variable [ $result ; Value: MBS ( "LDAP.Search" ; $ldap ; $searchBase ; "subtree" ; $LDAPFilter ; "" ; 0 ; 4 ; 99 ) ]
        #
    Else
        # Group creation not approved, so cannot proceed to add user to the group
        Set Variable [ $error ; Value: 2 ]
        Set Variable [ $errorText ; Value: "No AD group found containing the name:" & ¶ & $groupName & " and creation not approved by user" ]
        Show Custom Dialog [ "LDAP Error" ; $errorText ]
        # Cleanup
        Set Variable [ $releaseResult ; Value: MBS("LDAP.Release"; $ldap) ]
        Go to Layout [ original layout ; Animation: None ]
        Exit Script [ Text Result: # ( "error" ; $error ) & # ( "resultText" ; $errorText ) ]
    End If
End If
#
Set Variable [ $groupDN ; Value: MBS("LDAP.SearchResult.DistinguishedName"; $ldap; 0 ) ]
#
# Check the personDN is valid and add the personDN to the Group if so
Set Variable [ $LDAPFilter ; Value: "" ]
Set Variable [ $result ; Value: MBS ( "LDAP.Search" ; $ldap ; $personDN ; "base" ; $LDAPFilter ; "" ; 0 ; 4 ; 1 ) ]
If [ MBS("LDAP.SearchResult.DistinguishedName"; $ldap; 0 ) = $personDN ]
    #
    # Build the JSON for the modify
    Set Variable [ $json ; Value: "[{ \"operation\": \"" & $operation & "\", \"type\": \"member\", \"value\": \"" & $personDN & "\" }]" ]
    #
    # Attempt to modify the groupDN record
    Set Variable [ $result ; Value: MBS( "LDAP.ModifyJSON" ; $ldap ; $groupDN ; $json ) ]
    #
    If [ MBS( "IsError" ) ]
        Set Variable [ $error ; Value: 3 ]
        Set Variable [ $errorText ; Value: "Failed to modify the 'member' attribute of the Group record." & ¶ & $result ]
        Show Custom Dialog [ "LDAP Error" ; $errorText ]
        # Cleanup
        Set Variable [ $releaseResult ; Value: MBS("LDAP.Release"; $ldap) ]
        Exit Script [ Text Result: # ( "error" ; $error ) & # ( "resultText" ; $errorText ) ]
    End If
End If
#
# Cleanup
Set Variable [ $releaseResult ; Value: MBS("LDAP.Release"; $ldap) ]
Go to Layout [ original layout ; Animation: None ]
#
#
# Return error free result together with any non-fatal warnings if they exist
Exit Script [ Text Result: # ( "error" ; 0 ) & # ( "resultText" ; "Group set success. " & $warning ) ]

See also

Release notes

Blog Entries

This function is free to use.

Created 11st December 2017, last changed 27th July 2021


LDAP.Modify - LDAP.ModifyRecord