LDAPLookup
The LDAPLookup component enables the lookup of information organized in a directory-like fashion on a Lightweight Directory Access Protocol (LDAP) server. This information could be encryption certificates, pointers to printers and other services on a network, and provide a single logon facility where one password for a user is shared between many services. The adapter performs the LDAP client operations by connecting and authenticating to the server. The operations performed are bind, lookup, modify, add, delete, rename, change password.
Points to note
- In case of Authentication/Lookup/Binding failure, messages are sent to the output portwith the appropriate messages like Authentication failed/Lookup failed and so on... No message comes out onto the Error port.
- In the Lookup operation, when you enter the Root node (in CPS), the substring starting with 'dc' is checked against the substring starting with 'dc' of the string'SECURITY_PRINCIPAL' specified in Managed Connection Factory panel. In case of mismatch, an appropriate error message is shown. If it matches, the Base node and Filter is cleared.
- In the Bind operation, adding new attributes/ adding multiple values to an existing attribute can be achieved with the help of the attribute 'AdditionalAttribute'. Always make sure that 'cn' (at least one, if you are giving multiple 'cn's) holds the value of 'cn' given in 'dn'. Also make sure that 'sn' is provided if the value of 'objectClass' is 'person'. You can add multiple users at a time also.
- The source code for this component is available with the installer.
Configuration
Managed Connection Factory
Drag the LDAPlookup adapter present in the Samples section of the Micro Service Palette. Double-click the component from Fiorano Orchestrator to launch the configuration wizard.
Figure 1 : Managed Connection Factory
Attributes
Initial Context Factory: Name of the initial context factory.
Provider URL: URL of the LDAP server.
Security Authentication: Specify the security level to use.
Security Principle: Specify the identity of the principal for authenticating the caller of the service. (Authentication id has to be specified in the case of SASL mechanisms).
Security Credentials: Specifies the credentials of the principal for authenticating the caller of the service.
Enable SSL: Specify if SSL is to be used during connection.
Connection Pool Params: Various parameters to be used in connection pooling of EIS connection.
Interaction Configurations
Figure 2: Interaction Configurations
Attributes
Operation
Choose the LDAP operation to be performed from the list of operations as below:
- Authentication
- Lookup
- Compare
- Bind
- Modify
- Delete
- Rename
- Change Password.
For the attributes Validate Input, Cleanup resources, Target Namespace and Monitoring configuration please refer the respective sections in the Common Configurations page.
There are separate attributes for different Operation options; each one is described below disabling Expert Properties as it appears the same for all options.
Authentication
Figure 3: Authentication Operation Attributes
The component acts as an authenticator. The properties configured in the Managed Connection Factory panel are the ones required for authentication.
Lookup
Figure 4: Lookup Operation Attributes
Root Node: Specify the Distinguished Name (DN) of an entry, the sub-tree of which you want to view in the editor that opens with the property.
Base Search Node : Choose the DN of the entry whose sub-tree and the entry by itself have to be searched for.
Filter: Specify the search constraints to be applied on the entry represented by 'Base Search Node' and the entries in its sub-tree.
Search Scope: Specify the scope of the search.
Alias Dereferencing: Specify how aliases are to be dereferencing during search operation.
Follow referrals: Specify whether referrals are to be followed or ignored.
Validate Input: Validate the input record
Cleanup Resources (excluding connection ) after each document: Close interaction after each request.
Target Namespace: Target Namespace used while generating the input and output schema.
Compare
Figure 5: Compare Operation Attributes
Follow Referrals: Specifies whether referrals are to be followed or ignored.
Bind
Figure 6: Bind Operation Attributes
Continuous Operation Mode: If true, operations on the subsequent nodes are continued if an exception occurs while processing some node, in case of processing multiple nodes in a single input. If false, operation is stopped if any exception occurs.
Output Type: Single- A single output for success of operations on all nodes. Multiple-Multiple outputs.
Unbind binded nodes on Exception: Specifies the action(Unbind already binded nodes/Leave them binded) when an exception occurs while adding some node.
Modify
Figure 7: Modify Operation Attributes
Continuous Operation Mode and Output Type: Refer Bind section above.
Delete
Figure 8: Delete Operation Attributes
Delete Recursively: Specifies whether a recursive delete must be done. If true, and if the DN specified isn't a leaf, its children and all their children are deleted are down the tree. If false, only the leaf entries are deleted
Continuous Operation Mode and Output Type: Refer Bind section above.
Rename
Figure 9: Delete Operation Attributes
Delete old RDN: Delete previous Relative Distinguished Name
Continuous Operation Mode and Output Type: Refer Bind section above.
Change Password
Figure 10: Change Password Operation Attributes
The properties configured in the Managed Connection Factory panel are the ones required for Change Password operation.
Scheduler Configurations
Figure 11: Scheduler Configurations
On enabling scheduling, we can set the repeat interval in milliseconds/seconds/hours/minutes/days unit and the repeat period can be set as Repeat forever or the number times can be specified too as an alternative.
Another scheduling option is to set the start time and date which helps to control the start of scheduling process.
Please refer Scheduler Configurations section in the Common Configurations page.
Error Handling Configuration
Figure 12: Error Handling Configurations
The remedial actions to be taken when a particular error occurs can be configured here. Click on the ellipsis button against this property to configure Error Handling properties for different types of Errors. By default, the options Log to Error Logs and Send to error port are enabled
Refer Error Handling section in Common Configurations for more information.
Functional Scenario
Sample 1: Bind Configuration
Figure 13: LDAPlookup event flow
- Connect the LDAPLookup1 adapter to a Feeder and a Display as shown in the figure above.
- Launch the configuration wizard by double-clicking the LDAPlookup icon in the Fiorano Orchestrator.
- Set the fields in the Managed Connection Factory configuration page as shown in Figure 1.
- Choose the Operation as 'Bind' in Interaction Configuration panel.
- Save and close the wizard and open feeder CPS.
To create a user in the server, enter the following in the feeder :
XML<?xml version="1.0" encoding="UTF-8"?> <ns1:Input xmlns:ns1="http://www.fiorano.com/fesb/activity/LDAPLookup1/In"> <Node> <dn>cn=testuser,dc=fiorano,dc=com</dn> <objectClass>person</objectClass> <cn>testname</cn> <sn>surnam</sn> <userPassword>fiorano</userPassword> <Description>Description</Description> <AdditionalAttribute> <Name>location</Name> <Value>hyd</Value> </AdditionalAttribute> </Node> </ns1:Input>
The value of dn will depend on server type. The above is for 389-ds server .
- Perform CRC (resource and connectivity) and then launch the event process. This will create a new user in the 389-ds server.
Sample 2: Lookup configuration
- Follow steps 1-3 from sample 1.
- Choose the Operation as 'Lookup' in Interaction Configuration panel.
- Provide the following values:
- Root Node: dc=localdomain
- Filter: cn=Directory Manager,dc=localdomain
- Save and close the LDAPLookup CPS and open the Feeder CPS.
Copy the following and specify the filter .
XML<?xml version="1.0" encoding="UTF-8"?> <ns1:Input xmlns:ns1="http://www.fiorano.com/fesb/activity/LDAPLookup1/In"> <Filter>uid=brawal</Filter> </ns1:Input>
Perform CRC and launch the event process. This will display all the details of the user.
XML<?xml version="1.0" encoding="UTF-8"?> <ns1:Output xmlns:ns1="http://www.fiorano.com/fesb/activity/LDAPLookup1/Out"> <Node>uid=brawal,cn=support_group,ou=Support Division,dc=localdomain mail: bhuvan.mohan@in.fiorano.com uid: brawal objectClass: top, person, organizationalPerson, inetorgperson givenName: bhuvan sn: rawal cn: bhuvan rawal</Node> </ns1:Output>
Sample 3: Authentication Configuration
- Follow steps 1-3 from sample 1.
- Choose the Operation as 'Authentication' in Interaction Configuration panel.
- Click the Test button.
Figure 14: Authentication Configuration - Enter the above details in the Input Message tab.
- Click the Validate button and then click the Execute button to get the following result.
Figure 15: Authentication Configuration Result
Sample 4: Change Password Configuration
- Follow steps 1-3 from Sample 1.
- Choose the Operation as 'Change Password' in Interaction Configuration panel.
- Click the Test button.
Figure 16: Password Change Configuration
- Specify the Distinguished Name, old password and new password
- Click Validate then click Execute to get the following result.
Figure 17: Password Change Configuration – Result
Sample 5: Delete Configuration
- Follow steps 1-3 from Sample 1.
- Choose the Operation as 'Delete' in Interaction Configuration panel.
- Click the Test button.
Figure 18: Delete Configuration specify-dn
- Specify the distinguished name of the entry to delete.
- Click Validate and then click Execute to get the following output.
Figure 19: Delete Configuration - Result
Sample 6: Rename Configuration
- Follow steps 1-3 from Sample 1.
- Choose the Operation as 'Rename' in Interaction Configuration panel.
Figure 20: Rename Configuration
- Enter the old Distinguished Name and the new relative distinguished name.
- Click Validate and click Execute to get the following result.
Figure 21: Rename Configuration - Result
Continuous Operation Mode and Output Type: Refer Modify section above.