Skip to main content
Skip table of contents

LDAP Connector

This adapter connects to a Lightweight Directory Access Protocol (LDAP) server to retrieve contact information, via LDAP Secure if required. Different operations can be performed using adapter-specific XML documents as input data.

You can configure LDAP Secure with self-signed certificates in the X4config.xml configuration file, see LDAPS Configuration.

Properties

Operation

Describes which operation the adapter performs.

Possible values: Execute: Runs the adapter

Parameters

Adapter

Main class of the adapter (do not change!)

Possible values: de.softproject.integration.adapter.ldap.Ldap: Main class (Default)

java.naming.factory.initial

Name of the class that provides the LDAP service

Possible values: Any class name, e.g. com.sun.jndi.ldap.ldapCtxFactory

java.naming.provider.url

URL of the LDAP(S) server

Possible values: Any webservice URL

java.naming.security.authentication

Authentication method

Possible values: Any valid string (e.g. simple)

java.naming.security.principal

Name of the user or authentication application (depending on the authentication method)

Possible values: Any valid string (e.g. cn=S. User, ou=NewHires, o=JNDITutorial)

java.naming.security.credentials

Associated password of the user or authentication application (depending on the type of authentication)

Possible values: Any string (e.g. mysecret)

java.naming.referral

Defines how to handle redirects.

Possible values:

  • ignore: Ignore redirects

  • follow: Follow all redirects automatically

  • throw: Triggers a ReferralException for each redirect (see Triggering a ReferralException)

attributesAsElements

Outputs the attributes of an object

Possible values:

  • true: Outputs the attributes of an object

  • false: Do not output any object attributes (default)

acceptAllCertificates

Disables security settings by accepting any certificate

Possible values:

  • true: Any certificate will be accepted

  • false: Only self-signed certificates are accepted (default)

Disables security settings by accepting any hostname included in the certificate.

Possible values:

  • true: Accepts any hostname

  • false: Security settings are enabled (default)

Status values

1

The adapter operation was executed successfully

2

Compare operation is required. LDAP entry matches the information in the input XML document.

3

Compare operation isrequired. LDAP entry does not match the input XML document.

-1

The operation failed due to a technical error.

Triggering a ReferralException

If you want to process redirects manually, follow these steps:

  1. Catch exception.

  2. Reads the routing information by using ReferralException.getReferralInfo(), for example, asking the user if the redirect should be followed.

    1. If you want to follow the redirect, read out the route context with ReferralException.getReferralContext() and re-invoke the original context method with the same arguments that should have been used for the original call.

    2. If you do not want to follow the redirect, call ReferralException.skipReferral().

      1. If this method returns true, it means that multiple redirects should be followed.

        If this is the case, call ReferralException.getReferralContext() to continue. If a context method calls the result, then an exception is triggered again for the next redirect. Resolve this exception following these steps from step 1.

      2. If the method returns false, then there are no more references and this procedure can be terminated.

For more information, visit https://docs.oracle.com/javase/jndi/tutorial/ldap/referral/throw.html.

Input

This function adapter expects specific input XML structures that contain LDAP commands. These input XML structures can be dynamically generated via XSL mappings depending on the data processed.

search command

The LDAP search command allows you to search for entries in the LDAP directory.

Input

The LDAP adapter expects the following input XML structure to run the search command:

HTML/XML 
<?xml version="1.0" encoding="UTF-8"?> <ldap> <search> <!-- Distinguish Name - base node in LDAP tree where to start search --> <name>OU=Accounts,DC=softproject,DC=local</name> <!-- Search filter - required --> <!-- filter that is applied on search result --> <filter>objectclass=user</filter> <!-- Search control settings --> <controls> <!-- Search scope. --> <!-- Keywords: object, subtree, onelevel --> <!-- object - Results from search will contain one or zero element. --> <!-- One element if the named object satisfies the search --> <!-- filter specified in search. --> <!-- subtree - Search the entire subtree rooted at the named object. --> <!-- onelevel - Search one level of the named context. --> <scope>subtree</scope> <!-- Time limit (ms) - for request duration --> <timeLimit>5000</timeLimit> <!-- List of attributes that should be returned, separated by colon. --> <attributes>uSNCreated,givenname,displayName,cn</attributes> <!-- Count limitation for result --> <countLimit>100</countLimit> </controls> </search> </ldap>

Output

If the adapter has been executed successfully, the following XML document is output:

HTML/XML 
 <ldap name="dc=sp-linux" filter="(objectclass=*)" scope="subtree" attributes="cn,sn" countLimit="4"> <entry dn="dc=sp-linux" /> <entry dn="cn=Manager,dc=sp-linux"> <cn>Manager</cn> </entry> <entry dn="o=softproject,dc=sp-linux" /> <entry dn="sn=Tester,o=SoftProject,dc=sp-linux"> <sn>Tester</sn> <cn>John</cn> </entry> </ldap>

Add command

The LDAP Add command allows you to add entries to the LDAP directory.

Input

The LDAP adapter expects the following input XML structure to run the Add command:

HTML/XML 
<ldap> <add> <name>sn=Tester, o=SoftProject, dc=sp-linux</name> <!--dn--> <attributes> <objectClass>person</objectClass> <sn>Tester</sn> <cn>John</cn> </attributes> <!--list of attributes that will be added--> </add> </ldap>

Output

If the function adapter has been executed successfully, the adapter does not output an XML document after executing the add command but only the 1 (successful) status or the -1 (error) status in case of an error.

modify command

You can use the LDAP modify command to modify entries in the LDAP directory. As in a transaction, all entries are either changed or, in the event of an error, no changes are made to the entries.

Input

The LDAP adapter expects the following input XML structure to execute the modify command:

HTML/XML 
<ldap>
    <modify>
        <name>dc=sp-linux</name>
        <!--dn-->
        <add>
            <o>Tester</o>
        </add>
        <replace>
            <o>SoftProject</o>
        </replace>
        <remove>
            <o>SoftProject</o>
        </remove>
    </modify>
    </ldap>

Example of a replace password:

XML 
<ldap>
 	<modify>
 		<name>dc=sp-linux</name>
 		<add>
 			<o>Tester</o>
 		</add>
 		<replace>
 			<unicodePW base64="true">dGVzdCE=</unicodePW>
 		</replace>
	</modify>
</ldap>

Output

If the function adapter has been executed successfully, the adapter does not output an XML document after executing the modify command but only the 1 (successful) status or the -1 (error) status in case of an error.

modifyDN-(RDN) command

The LDAP modifyDN (RDN) command allows you to edit entries in the LDAP directory.

Input

The LDAP adapter expects the following input XML structure to run the modifyDN-RDN command:

HTML/XML 
<ldap>
    <modifyDN-RDN>
        <oldName>sn=Tester, o=SoftProject, dc=sp-linux</oldName>
        <!--dn-->
        <newName>sn=TestUser, o=SoftProject, dc=sp-linux</newName>
        <!--dn-->
    </modifyDN-RDN>
    </ldap>

Output

If the function adapter has been executed successfully, the adapter does not output an XML document after executing the modifyDN-RDN command but only the 1 (successful) status or the -1 (error) status in case of an error.

delete command

The LDAP delete command allows you to delete entries in the LDAP directory.

Input

The LDAP adapter expects the following input XML structure to execute the delete command:

XML 
<ldap>
	<delete>
		<name>sn=Tester, o=SoftProject, dc=sp-linux</name>
		<!--dn-->
	</delete>
</ldap>

Output

If the function adapter has been executed successfully, the adapter does not output an XML document after executing the delete command but only the 1 (successful) status or the -1 (error) status in case of an error.

compare command

The LDAP compare command allows you to compare entries in the LDAP directory.

Input

The LDAP adapter expects the following input XML structure to run the compare command:

HTML/XML 
<ldap>
    <compare>
        <name>sn=Tester, o=SoftProject, dc=sp-linux</name>
        <!--dn-->
        <attributes>
            <objectClass>person</objectClass>
            <sn>Tester</sn>
            <cn>John</cn>
        </attributes>
        <!--list of attributes that will be compared by values-->
        <controls>
            <scope>subtree</scope>
            <!--keywords: object,subtree,onelevel-->
            <timeLimit />
            <!--timeLimit (ms)-->
        </controls>
    </compare>
    </ldap>

Output

If the function adapter has been executed successfully, the adapter does not output an XML document after executing the compare command, but only the CompareTRUE status if the LDAP entry matches the data in the input XML document or the CompareFALSE status.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close