Skip to main content
Skip table of contents

LDAPLookup

The LDAPLookup component enables the lookup of information organized in a directory-like fashion on a Lightweight Directory Access Protocol (LDAP) server. This information could be encryption certificates, pointers to printers and other services on a network, and provide a single logon facility where one password for a user is shared between many services. The adapter performs the LDAP client operations by connecting and authenticating to the server. The operations performed are bind, lookup, modify, add, delete, rename, change password.

Points to note

  • In case of Authentication/Lookup/Binding failure, messages are sent to the output portwith the appropriate messages like Authentication failed/Lookup failed and so on... No message comes out onto the Error port.
  • In the Lookup operation, when you enter the Root node (in CPS), the substring starting with 'dc' is checked against the substring starting with 'dc' of the string'SECURITY_PRINCIPAL' specified in Managed Connection Factory panel. In case of mismatch, an appropriate error message is shown. If it matches, the Base node and Filter is cleared.
  • In the Bind operation, adding new attributes/ adding multiple values to an existing attribute can be achieved with the help of the attribute 'AdditionalAttribute'. Always make sure that 'cn' (at least one, if you are giving multiple 'cn's) holds the value of 'cn' given in 'dn'. Also make sure that 'sn' is provided if the value of 'objectClass' is 'person'. You can add multiple users at a time also.
  • The source code for this component is available with the installer.

Configuration

Managed Connection Factory

Drag the LDAPlookup adapter present in the Samples section of the Micro Service Palette. Double-click the component from Fiorano Orchestrator to launch the configuration wizard.


Figure 1 : Managed Connection Factory

Attributes

Initial Context Factory: Name of the initial context factory.
Provider URL: URL of the LDAP server.
Security Authentication: Specify the security level to use.
Security Principle: Specify the identity of the principal for authenticating the caller of the service. (Authentication id has to be specified in the case of SASL mechanisms).
Security Credentials: Specifies the credentials of the principal for authenticating the caller of the service.
Enable SSL: Specify if SSL is to be used during connection.
Connection Pool Params: Various parameters to be used in connection pooling of EIS connection.

Interaction Configurations


Figure 2: Interaction Configurations

Attributes

Operation

Choose the LDAP operation to be performed from the list of operations as below:

  • Authentication
  • Lookup
  • Compare
  • Bind
  • Modify
  • Delete
  • Rename
  • Change Password.

For the attributes Validate Input, Cleanup resources, Target Namespace and Monitoring configuration please refer the respective sections in the Common Configurations page.

There are separate attributes for different Operation options; each one is described below disabling Expert Properties as it appears the same for all options.

Authentication


Figure 3: Authentication Operation Attributes

The component acts as an authenticator. The properties configured in the Managed Connection Factory panel are the ones required for authentication.

Lookup


Figure 4: Lookup Operation Attributes

Root Node: Specify the Distinguished Name (DN) of an entry, the sub-tree of which you want to view in the editor that opens with the property.
Base Search Node : Choose the DN of the entry whose sub-tree and the entry by itself have to be searched for.
Filter: Specify the search constraints to be applied on the entry represented by 'Base Search Node' and the entries in its sub-tree.
Search Scope: Specify the scope of the search.
Alias Dereferencing: Specify how aliases are to be dereferencing during search operation.
Follow referrals: Specify whether referrals are to be followed or ignored.
Validate Input: Validate the input record
Cleanup Resources (excluding connection ) after each document: Close interaction after each request.
Target Namespace: Target Namespace used while generating the input and output schema.

Compare


Figure 5: Compare Operation Attributes

Follow Referrals: Specifies whether referrals are to be followed or ignored.

Bind


Figure 6: Bind Operation Attributes

Continuous Operation Mode: If true, operations on the subsequent nodes are continued if an exception occurs while processing some node, in case of processing multiple nodes in a single input. If false, operation is stopped if any exception occurs.
Output Type: Single- A single output for success of operations on all nodes. Multiple-Multiple outputs.
Unbind binded nodes on Exception: Specifies the action(Unbind already binded nodes/Leave them binded) when an exception occurs while adding some node. 

Modify


Figure 7: Modify Operation Attributes

Continuous Operation Mode and Output Type: Refer Bind section above.

Delete


Figure 8: Delete Operation Attributes

Delete Recursively: Specifies whether a recursive delete must be done. If true, and if the DN specified isn't a leaf, its children and all their children are deleted are down the tree. If false, only the leaf entries are deleted
Continuous Operation Mode and Output Type: Refer Bind section above.

Rename


Figure 9: Delete Operation Attributes

Delete old RDN: Delete previous Relative Distinguished Name
Continuous Operation Mode and Output Type: Refer Bind section above.

Change Password


Figure 10: Change Password Operation Attributes

The properties configured in the Managed Connection Factory panel are the ones required for Change Password operation.

Scheduler Configurations


Figure 11: Scheduler Configurations

On enabling scheduling, we can set the repeat interval in milliseconds/seconds/hours/minutes/days unit and the repeat period can be set as Repeat forever or the number times can be specified too as an alternative.
Another scheduling option is to set the start time and date which helps to control the start of scheduling process.

Please refer Scheduler Configurations section in the Common Configurations page.

Error Handling Configuration


Figure 12: Error Handling Configurations

The remedial actions to be taken when a particular error occurs can be configured here. Click on the ellipsis button against this property to configure Error Handling properties for different types of Errors. By default, the options Log to Error Logs and Send to error port are enabled

Refer Error Handling section in Common Configurations for more information.

Functional Scenario

Sample 1: Bind Configuration


Figure 13: LDAPlookup event flow

  1. Connect the LDAPLookup1 adapter to a Feeder and a Display as shown in the figure above.
  2. Launch the configuration wizard by double-clicking the LDAPlookup icon in the Fiorano Orchestrator.
  3. Set the fields in the Managed Connection Factory configuration page as shown in Figure 1.
  4. Choose the Operation as 'Bind' in Interaction Configuration panel.
  5. Save and close the wizard and open feeder CPS.
  6. To create a user in the server, enter the following in the feeder :

    XML
    <?xml version="1.0" encoding="UTF-8"?>
    <ns1:Input xmlns:ns1="http://www.fiorano.com/fesb/activity/LDAPLookup1/In">
       <Node>
          <dn>cn=testuser,dc=fiorano,dc=com</dn>
          <objectClass>person</objectClass>
          <cn>testname</cn>
          <sn>surnam</sn>
          <userPassword>fiorano</userPassword>
          <Description>Description</Description>
          <AdditionalAttribute>
             <Name>location</Name>
             <Value>hyd</Value>
          </AdditionalAttribute>
       </Node>
    </ns1:Input>

    The value of dn will depend on server type. The above is for 389-ds server .

  7. Perform CRC (resource and connectivity) and then launch the event process. This will create a new user in the 389-ds server.

Sample 2: Lookup configuration

  1. Follow steps 1-3 from sample 1.
  2. Choose the Operation as 'Lookup' in Interaction Configuration panel.
  3. Provide the following values:
    1. Root Node: dc=localdomain 
    2. Filter: cn=Directory Manager,dc=localdomain
  4. Save and close the LDAPLookup CPS and open the Feeder CPS.
  5. Copy the following and specify the filter .

    XML
    <?xml version="1.0" encoding="UTF-8"?>
    <ns1:Input xmlns:ns1="http://www.fiorano.com/fesb/activity/LDAPLookup1/In">
       <Filter>uid=brawal</Filter>
    </ns1:Input>
  6. Perform CRC and launch the event process. This will display all the details of the user.

    XML
    <?xml version="1.0" encoding="UTF-8"?>
    <ns1:Output xmlns:ns1="http://www.fiorano.com/fesb/activity/LDAPLookup1/Out">
       <Node>uid=brawal,cn=support_group,ou=Support Division,dc=localdomain 
     mail: bhuvan.mohan@in.fiorano.com 
     uid: brawal 
     objectClass: top, person, organizationalPerson, inetorgperson 
     givenName: bhuvan 
     sn: rawal 
     cn: bhuvan rawal</Node>
    </ns1:Output>

Sample 3: Authentication Configuration

  1. Follow steps 1-3 from sample 1.
  2. Choose the Operation as 'Authentication' in Interaction Configuration panel.
  3. Click the Test button.


    Figure 14: Authentication Configuration

  4. Enter the above details in the Input Message tab.
  5. Click the Validate button and then click the Execute button to get the following result.

     
    Figure 15: Authentication Configuration Result

Sample 4: Change Password Configuration

  1. Follow steps 1-3 from Sample 1.
  2. Choose the Operation as 'Change Password' in Interaction Configuration panel.
  3. Click the Test button.

     
    Figure 16: Password Change Configuration
     
  4. Specify the Distinguished Name, old password and new password
  5. Click Validate then click Execute to get the following result.


    Figure 17: Password Change Configuration – Result

Sample 5: Delete Configuration

  1. Follow steps 1-3 from Sample 1.
  2. Choose the Operation as 'Delete' in Interaction Configuration panel.
  3. Click the Test button.


    Figure 18: Delete Configuration specify-dn
     
  4. Specify the distinguished name of the entry to delete.
  5. Click Validate and then click Execute to get the following output.


    Figure 19: Delete Configuration - Result

Sample 6: Rename Configuration

  1. Follow steps 1-3 from Sample 1.
  2. Choose the Operation as 'Rename' in Interaction Configuration panel.


    Figure 20: Rename Configuration
     
  3. Enter the old Distinguished Name and the new relative distinguished name.
  4. Click Validate and click Execute to get the following result.


    Figure 21: Rename Configuration - Result

Continuous Operation Mode and Output Type: Refer Modify section above.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.