3.1.6.15 Search Using LDAP

This event MUST be generated with the following arguments:

• iObjectClass: the Active Directory schema class of the objects being searched for.

• iFilter: An array of attribute-filter expressions ([MS-MQDMPR] section 3.1.7.1.20), but modified so that the valid attributes comprise the set of Active Directory attributes associated with an Active Directory schema class instance of type iObjectClass instead of ADM element attributes. Each sublist that is returned in rValues MUST satisfy all attribute-filter expressions in this array.

• iAttributes: a list of attribute names.

Return Values:

• rStatus: A DirectoryOperationResult that indicates the result of this directory operation.

• rValues: if rStatus is Success, a list of sublists, where each sublist corresponds to one object found in Active Directory and is composed of values for that object of the attributes listed in iAttributes, in the same order. Otherwise, this value is undefined and MUST NOT be used.

The algorithm MUST perform the following actions to process this event:

• If the value of the CachedConfigurationNamingContext ADM element is an empty string, rStatus MUST be set to DirectoryOperationResult.DirectoryNotConnected, and processing MUST end.

• If the iAttributes list does not contain the attribute name "objectGuid", add it to the list. If the iAttributes list does not contain the attribute name "distinguishedName", add it to the list.

• Raise a Prepare an LDAP Connection (section 3.1.6.18) event. The event takes no arguments. If the rStatus returned is not DirectoryOperationResult.Success, rStatus MUST be set to DirectoryOperationResult.DirectoryNotConnected, and processing MUST end. Otherwise, let DirectoryServerConnection be a variable of type ADCONNECTION_HANDLE ([MS-DTYP] section 2.2.2), which is initialized to the value returned in rADConnection.

• Let BaseDN be a distinguished name composed depending on the class name in iObjectClass according to these rules:

  • If iObjectClass is "mSMQConfiguration", "mSMQQueue", or "user", BaseDN MUST be set to the value of the CachedConfigurationNamingContext ADM element.

  • If iObjectClass is "mSMQEnterpriseSettings", BaseDN MUST be set to a string formed by concatenating "CN=Services," and the value of the CachedConfigurationNamingContext ADM element.

  • If iObjectClass is "site", BaseDN MUST be set to a string formed by concatenating "CN=Sites," and the value of the CachedConfigurationNamingContext ADM element.

  • If iObjectClass is "mSMQSiteLink", BaseDN MUST be set to a string formed by concatenating "CN=MsmqServices,CN=Services," and the value of the CachedConfigurationNamingContext ADM element.

• Construct an LDAPMessage ([RFC2251] section 4.1):

  • messageID = set as described in [RFC2251] section 4.1.1.1.

  • protocolOp = searchRequest

  • controls = none

  • baseObject = BaseDN

  • scope = baseObject

  • derefAliases = neverDerefAliases

  • sizeLimit = 0

  • timeLimit = 0

  • typesOnly = FALSE

  • filter = "(objectClass=*)"

  • attributes = a one-element list consisting of the string "objectClass"

• Perform the Performing an LDAP Operation on an ADConnection ([MS-ADTS] section 7.6.1.6) task with the following parameters:

  • TaskInputADConnection = DirectoryServerConnection

  • TaskInputRequestMessage = the LDAPMessage constructed in the preceding step

• If the value of TaskReturnStatus is not success, as defined in [RFC2251] section 4.1.10, the algorithm MUST perform the following steps:

  • rStatus MUST be set to a DirectoryOperationResult enumeration value according to the conversion rules for TaskReturnStatus specified in section 2.2.6.

  • Raise a Shut Down an LDAP Connection (section 3.1.6.21) event.

  • Processing MUST end.

• Construct an LDAPMessage:

  • messageID = set as described in [RFC2251] section 4.1.1.1.

  • protocolOp = searchRequest

  • controls = none

  • baseObject = BaseDN

  • scope = wholeSubtree

  • derefAliases = neverDerefAliases

  • sizeLimit = 0

  • timeLimit = 120

  • typesOnly = FALSE

  • filter = iFilter

  • attributes = iAttributes

• Perform the Performing an LDAP Operation on an ADConnection task with the following parameters:

  • TaskInputADConnection = DirectoryServerConnection

  • TaskInputRequestMessage = the LDAPMessage constructed in the preceding step

• If the value of TaskReturnStatus is not success, as defined in [RFC2251] section 4.1.10, the algorithm MUST perform the following steps:

  • rStatus MUST be set to  a DirectoryOperationResult enumeration value according to the conversion rules for TaskReturnStatus specified in section 2.2.6.

  • Raise a Shut Down an LDAP Connection event.

  • Processing MUST end.

• TaskOutputResultMessages contains a list of attributes for each object in the directory matching the search filter. For each such list returned, perform the following steps:

  • Let Sublist be a list of values, initialized to be empty.

  • For each attribute name in iAttributes, find the value for that attribute in the results list and add it to Sublist. If there is no matching value in the results, add an empty entry to Sublist.

  • Add Sublist to rValues.

• Raise a Shut Down an LDAP Connection event.

• Processing MUST end.