{"id":20038000,"url":"https://github.com/perfectlysoft/perfect-ldap","last_synced_at":"2025-05-05T06:31:53.260Z","repository":{"id":63920161,"uuid":"79493104","full_name":"PerfectlySoft/Perfect-LDAP","owner":"PerfectlySoft","description":"A simple Swift class wrapper of OpenLDAP.","archived":false,"fork":false,"pushed_at":"2020-05-21T20:09:54.000Z","size":66,"stargazers_count":27,"open_issues_count":8,"forks_count":16,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-04-29T22:04:21.685Z","etag":null,"topics":["authentication","gssapi","kerberos","ldap","ldap-authentication","openldap","perfect","sasl","swift"],"latest_commit_sha":null,"homepage":"https://www.perfect.org","language":"Swift","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/PerfectlySoft.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-01-19T20:42:03.000Z","updated_at":"2024-08-20T11:49:48.000Z","dependencies_parsed_at":"2022-11-29T10:45:14.619Z","dependency_job_id":null,"html_url":"https://github.com/PerfectlySoft/Perfect-LDAP","commit_stats":null,"previous_names":[],"tags_count":17,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PerfectlySoft%2FPerfect-LDAP","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PerfectlySoft%2FPerfect-LDAP/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PerfectlySoft%2FPerfect-LDAP/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PerfectlySoft%2FPerfect-LDAP/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/PerfectlySoft","download_url":"https://codeload.github.com/PerfectlySoft/Perfect-LDAP/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252451595,"owners_count":21749955,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","gssapi","kerberos","ldap","ldap-authentication","openldap","perfect","sasl","swift"],"created_at":"2024-11-13T10:24:36.164Z","updated_at":"2025-05-05T06:31:53.009Z","avatar_url":"https://github.com/PerfectlySoft.png","language":"Swift","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Perfect-LDAP [简体中文](README.zh_CN.md)\n\n\u003cp align=\"center\"\u003e\n    \u003ca href=\"http://perfect.org/get-involved.html\" target=\"_blank\"\u003e\n        \u003cimg src=\"http://perfect.org/assets/github/perfect_github_2_0_0.jpg\" alt=\"Get Involed with Perfect!\" width=\"854\" /\u003e\n    \u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n    \u003ca href=\"https://github.com/PerfectlySoft/Perfect\" target=\"_blank\"\u003e\n        \u003cimg src=\"http://www.perfect.org/github/Perfect_GH_button_1_Star.jpg\" alt=\"Star Perfect On Github\" /\u003e\n    \u003c/a\u003e  \n    \u003ca href=\"http://stackoverflow.com/questions/tagged/perfect\" target=\"_blank\"\u003e\n        \u003cimg src=\"http://www.perfect.org/github/perfect_gh_button_2_SO.jpg\" alt=\"Stack Overflow\" /\u003e\n    \u003c/a\u003e  \n    \u003ca href=\"https://twitter.com/perfectlysoft\" target=\"_blank\"\u003e\n        \u003cimg src=\"http://www.perfect.org/github/Perfect_GH_button_3_twit.jpg\" alt=\"Follow Perfect on Twitter\" /\u003e\n    \u003c/a\u003e  \n    \u003ca href=\"http://perfect.ly\" target=\"_blank\"\u003e\n        \u003cimg src=\"http://www.perfect.org/github/Perfect_GH_button_4_slack.jpg\" alt=\"Join the Perfect Slack\" /\u003e\n    \u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n    \u003ca href=\"https://developer.apple.com/swift/\" target=\"_blank\"\u003e\n        \u003cimg src=\"https://img.shields.io/badge/Swift-4.0-orange.svg?style=flat\" alt=\"Swift 4.0\"\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://developer.apple.com/swift/\" target=\"_blank\"\u003e\n        \u003cimg src=\"https://img.shields.io/badge/Platforms-OS%20X%20%7C%20Linux%20-lightgray.svg?style=flat\" alt=\"Platforms OS X | Linux\"\u003e\n    \u003c/a\u003e\n    \u003ca href=\"http://perfect.org/licensing.html\" target=\"_blank\"\u003e\n        \u003cimg src=\"https://img.shields.io/badge/License-Apache-lightgrey.svg?style=flat\" alt=\"License Apache\"\u003e\n    \u003c/a\u003e\n    \u003ca href=\"http://twitter.com/PerfectlySoft\" target=\"_blank\"\u003e\n        \u003cimg src=\"https://img.shields.io/badge/Twitter-@PerfectlySoft-blue.svg?style=flat\" alt=\"PerfectlySoft Twitter\"\u003e\n    \u003c/a\u003e\n    \u003ca href=\"http://perfect.ly\" target=\"_blank\"\u003e\n        \u003cimg src=\"http://perfect.ly/badge.svg\" alt=\"Slack Status\"\u003e\n    \u003c/a\u003e\n\u003c/p\u003e\n\nThis project provides an express OpenLDAP class wrapper which enable access to OpenLDAP servers and Windows Active Directory server.\n\nThis package builds with Swift Package Manager and is part of the [Perfect](https://github.com/PerfectlySoft/Perfect) project.\n\nEnsure you have installed and activated the latest Swift 4.0 tool chain.\n\n*Caution*: for the reason that LDAP is widely using in many different operating systems with variable implementations, API marked with (⚠️EXPERIMENTAL⚠️) indicates that this method might not be fully applicable to certain context. However, as an open source software library, you may modify the source code to meet a specific requirement.\n\n## Quick Start\n\nAdd the following dependency to your project's Package.swift file:\n\n``` swift\n.package(url: \"https://github.com/PerfectlySoft/Perfect-LDAP.git\", \nfrom: \"3.0.0\")\n\n// in the target section:\ndepedencies: [\"PerfectLDAP\"]\n```\n\nThen import PerfectLDAP to your source code:\n\n\n``` swift\n\nimport PerfectLDAP\n\n```\n\n\n## Connect to LDAP Server\n\nYou can create actual connections as need with or without login credential. The full API is `LDAP(url:String, loginData: Login?, codePage: Iconv.CodePage)`. The `codePage` option is for those servers applying character set other than .UTF8, e.g., set `codePage: .GB2312` to connect to LDAP server in Simplified Chinese.\n\n### TLS Option\n\nPerfectLDAP provides TLS options for network security considerations, i.e, you can choose either `ldap://` or `ldaps://` for connections, as demo below:\n\n``` swift\n// this will connect to a 389 port without any encryption\nlet ld = try LDAP(url: \"ldap://perfect.com\")\n```\nor,\n\n``` swift\n// this will connect to a 636 port with certificates\nlet ld = try LDAP(url: \"ldaps://perfect.com\")\n```\n\n### Connection Timeout\n\nOnce connected, LDAP object could be set with timeout option, and the timing unit is second:\n\n``` swift\n// set the timeout for communication. In this example, connection will be timeout in ten seconds.\nconnection.timeout = 10\n```\n\n### Login or Anonymous\n\nMany servers mandate login before performing any actual LDAP operations, however, PerfectLDAP provides multiple login options as demo below:\n\n``` swift\n// this snippet demonstrate how to connect to LDAP server with a login credential\n// NOTE: this kind of connection will block the thread until server return or timeout.\n// create login credential\nlet credential = LDAP.login( ... )\nlet connection = try LDAP(url: \"ldaps://...\", loginData: login)\n```\nAside the above synchronous login option, a two phased threading login process could also bring more controls to the application:\n\n``` swift\n// first create a connection\nlet connection = try LDAP(url: \"ldaps:// ...\")\n\n// setup login info\nlet credential = LDAP.login( ... )\n\n// login in a separated thread\nconnection.login(info: credential) { err in\n  // if err is not nil, then something must be wrong in the login process.\n}\n```\n\n## Login Options\n\nPerfectLDAP provides a special object called `LDAP.Login` to store essential account information for LDAP connections and the form of constructor is subject to the authentication types:\n\n### Simple Login\n\nTo use simple login method, simply call `LDAP.login(binddn: String, password: String)`, as snippet below:\n\n``` swift\nlet credential = LDAP.Login(binddn: \"CN=judy,CN=Users,DC=perfect,DC=com\", password: \"0penLDAP\")\n```\n### GSSAPI\n\nTo apply GSSAPI authentication, call `LDAP.login(user:String, mechanism: AuthType)` to construct a login credential (assuming the user has already acquired a valid ticket):\n\n``` swift\n// this call will generate a GSSAPI login credential\nlet credential = LDAP.login(user: \"judy\", mechanism: .GSSAPI)\n```\n\n### GSS-SPNEGO and Digest-MD5 (⚠️EXPERIMENTAL⚠️)\n\nTo apply other SASL mechanisms, such as GSS-SPNEGO and Digest-MD5 interactive logins, call `LDAP.login(authname: String, user: String, password: String, realm: String, mechanism: AuthType)` as demo below:\n\n``` swift\n// apply DIGEST-MD5 mechanism.\nlet credential = LDAP.Login(authname: \"judy\", user: \"DN:CN=judy,CN=Users,DC=perfect,DC=com\", password: \"0penLDAP\", realm: \"PERFECT.COM\", mechanism: .DIGEST)\n```\n*⚠️NOTE⚠️* The `authname` is equivalent to `SASL_CB_AUTHNAME` and `user` is actually the macro of `SASL_CB_USER`. If any parameter above is not applicable to your case, simply assign an empty string \"\" to ignore it.\n\n## Search\n\nPerfectLDAP provides asynchronous and synchronous version of searching API with the same parameters:\n\n### Synchronous Search\n\nSynchronous search will block the thread until server returns, the full api is `LDAP.search(base:String, filter:String, scope:Scope, attributes: [String], sortedBy: String) throws -\u003e [String:[String:Any]]`. Here is an example:\n\n``` swift\n// perform an ldap search synchronously, which will return a full set of attributes\n// with a natural (unsorted) order, in form of a dictionary.\nlet res = try connection.search(base: \"CN=Users,DC=perfect,DC=com\", filter:\"(objectclass=*)\")\n\nprint(res)\n```\n\n### Asynchronous Search\n\nAsynchronous search allows performing search in an independent thread. Once completed, the thread will call back with the result set in a dictionary. Full api of asynchronous search is `LDAP.search(base:String, filter:String, scope:Scope, attributes: [String], sortedBy: String,  completion: @escaping ([String:[String:Any]])-\u003e Void)`. The equivalent example is:\n\n``` swift\n// perform an ldap search asynchronously, which will return a full set of attributes\n// with a natural (unsorted) order, in form of a dictionary.\nconnection.search(base: \"CN=Users,DC=perfect,DC=com\", filter:\"(objectclass=*)\") {\n  res in\n  print(res)\n}\n```\n\n### Parameters of Search\n- base: String, search base domain (dn), default = \"\"\n- filter: String, the filter of query, default is `\"(objectclass=*)\"`, means all possible results\n- scope: Searching Scope, i.e., .BASE, .SINGLE_LEVEL, .SUBTREE or .CHILDREN\n- sortedBy: a sorting string, may also be generated by `LDAP.sortingString()`\n- completion: callback with a parameter of dictionary, empty if failed\n\n#### Server Side Sort (⚠️EXPERIMENTAL⚠️)\nThe `sortedBy` parameters is a string that indicates the remote server to perform search with a sorted set. PerfectLDAP provides a more verbal way to build such a string, i.e, an array of tuples to describe what attributes would control the result set:\n\n``` swift\n// each tuple consists two parts: the sorting field and its order - .ASC or .DSC\nlet sort = LDAP.sortingString(sortedBy: [(\"description\", .ASC)])\n```\n\n### Limitation of Searching Result\n\nOnce connected, LDAP object could be set with an limitation option - `LDAP.limitation`. It is an integer which specifies the maximum number of entries that can be returned on a search operation.\n\n``` swift\n// set the limitation for searching result set. In this example, only the first 1000 entries will return.\nconnection.limitation = 1000\n```\n\n## Attribute Operations\n\nPerfectLDAP provides add() / modify() and delete() for attributes operations with both synchronous and asynchronous options.\n\n### Add Attributes (⚠️EXPERIMENTAL⚠️)\n\nFunction `LDAP.add()` can add attributes to a specific DN with parameters below:\n- distinguishedName: String, specific DN\n- attributes:[String:[String]], attributes as an dictionary to add. In this dictionary, every attribute, as a unique key in the dictionary, could have a series of values as an array.\n\nBoth asynchronous add() and synchronous add() share the same parameters above, take example:\n\n``` swift\n// try an add() synchronously.\ndo {\n  try connection.add(distinguishedName: \"CN=judy,CN=User,DC=perfect,DC=com\", attributes: [\"mail\":[\"judy@perfect.com\", \"judy@perfect.org\"]])\n}catch (let err) {\n    // failed for some reason\n}\n\n// try and add() asynchronously:\nconnection.add(distinguishedName: \"CN=judy,CN=User,DC=perfect,DC=com\", attributes: [\"mail\":[\"judy@perfect.com\", \"judy@perfect.org\"]]) { err in\n  // if nothing wrong, err will be nil\n}\n```\n\n### Modify Attributes\n\nFunction `LDAP.modify()` can modify attributes from a specific DN with parameters below:\n- distinguishedName: String, specific DN\n- attributes:[String:[String]], attributes as an dictionary to modify. In this dictionary, every attribute, as a unique key in the dictionary, could have a series of values as an array.\n- method: specify if an attribute should be added, removed or replaced (default)\n  - add: LDAP_MOD_ADD | LDAP_MOD_BVALUES\n  - remove: LDAP_MOD_DELETE | LDAP_MOD_BVALUES\n  - replace: LDAP_MOD_REPLACE | LDAP_MOD_BVALUES\n\nBoth asynchronous modify() and synchronous modify() share the same parameters above, take example:\n\n``` swift\n// try and modify() synchronously.\ndo {\n  try connection.modify(distinguishedName: \"CN=judy,CN=User,DC=perfect,DC=com\", attributes: [\"codePage\":[\"437\"]])\n}catch (let err) {\n    // failed for some reason\n}\n\n// try and modify() asynchronously:\nconnection.modify(distinguishedName: \"CN=judy,CN=User,DC=perfect,DC=com\", attributes:[\"codePage\":[\"437\"]]) { err in\n  // if nothing wrong, err will be nil\n}\n```\n\nExample: Add and remove user from group\n\n``` swift\n// add user to group\ndo {\n  try connection.modify(distinguishedName: \"CN=employee_group,CN=Group,DC=perfect,DC=com\", attributes: [\"member\":[\"CN=judy,CN=User,DC=perfect,DC=com\"]], method: LDAP_MOD_ADD | LDAP_MOD_BVALUES)\n}catch (let err) {\n    // failed for some reason\n}\n\n// remove user from group\ndo {\n  try connection.modify(distinguishedName: \"CN=employee_group,CN=Group,DC=perfect,DC=com\", attributes: [\"member\":[\"CN=judy,CN=User,DC=perfect,DC=com\"]], method: LDAP_MOD_DELETE | LDAP_MOD_BVALUES)\n}catch (let err) {\n    // failed for some reason\n}\n```\n\n### Delete Attributes (⚠️EXPERIMENTAL⚠️)\n\nFunction `LDAP.delete()` can delete attributes from a specific DN with only one parameter:\n- distinguishedName: String, specific DN\n\nBoth asynchronous delete() and synchronous delete() share the same parameter above, take example:\n\n``` swift\n// try an delete() synchronously.\ndo {\n  try connection.delete(distinguishedName: \"CN=judy,CN=User,DC=perfect,DC=com\")\n}catch (let err) {\n    // failed for some reason\n}\n\n// try and delete() asynchronously:\nconnection.delete(distinguishedName: \"CN=judy,CN=User,DC=perfect,DC=com\") { err in\n  // if nothing wrong, err will be nil\n}\n```\n\n## Further Information\nFor more information on the Perfect project, please visit [perfect.org](http://perfect.org).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fperfectlysoft%2Fperfect-ldap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fperfectlysoft%2Fperfect-ldap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fperfectlysoft%2Fperfect-ldap/lists"}