LDAP Transport Project User Guide
The LDAP connector allows data to be read and written from/to an LDAP-enabled directory server via LDAP V3 (like openldap, novell e-directory, Microsoft Active Directory (ADS), Apache DS, ...). The communication can either be synchronous or asynchronous. The connector supports plain + anonymous + SSL/TLS + SASL based authentication. DSML and LDIF is supported too. The following operations are currently implemented:
The LDAP connector is based on the Novell/Openldap JLDAP API.
Installation Instructions and Examples are also available.
LDAP Connector Properties
| Property |
Description |
Default |
Required |
| ldapHost |
Hostname of the LDAP server.
|
|
Yes |
| ldapPort |
Port on which the LDAP Server is listenting.
|
389 or 636 for ldaps
|
No |
| loginDN |
Login distinguished name. Leave blank ("") for anonymous bind.
|
|
Yes, for non-anonymous bind
|
| password |
|
<none>
|
No |
searchBase
|
Base DN. The base distinguished name to search from. |
|
Yes |
searchScope
|
- 0 - BASE
- 1 - ONE
- 2 - SUB
- 4 - SUBORDINATESUBTREE
- BASE: Used with search to specify that the scope of entrys to search is to search only the base obect.
- ONE: Used with search to specify that the scope of entrys to search is to search only the immediate subordinates of the base obect.
- SUB: Used with search to specify that the scope of entrys to search is to search the base object and all entries within its subtree.
- *SUBORDINATESUBTREE:*Used with search to specify that the scope of entries to search is to search the subordinate subtree object and all entries within it.
|
2
|
No |
startUnsolicitedNotificationListener
|
Starts unsolicited notification listener which listens for server messages like shutdown notice etc. |
false |
No
|
| attributes |
Which attributes should be returned in an serach response
|
null (all attributes are returnded)
|
No
|
dereference
|
Specifies when aliases should be dereferenced.
- 0 - NEVER
- 1 - SEARCHING
- 2 - FINDING
- 3 - ALWAYS
- NEVER: Indicates that aliases are never dereferenced.
- *SEARCHING:*Indicates that aliases are are derefrenced when searching the entries beneath the starting point of the search, but not when finding the starting entry.
- *FINDING:*Indicates that aliases are dereferenced when finding the starting point for the search, but not when searching under that starting entry.
- *ALWAYS:*Indicates that aliases are always dereferenced, both when finding the starting point for the search, and also when searching the entries beneath the starting entry.
|
0 |
No |
| maxResults |
The maximum number of search results to return for a search request. The search operation will be terminated by the server with an LDAPException.SIZE_LIMIT_EXCEEDED if the number of results exceed the maximum. |
Integer.MAX_VALUE
|
No
|
| timeLimit |
The maximum time in seconds that the server should spend returning search results. This is a server-enforced limit. A value of 0 means no time limit. |
0 (=no limit)
|
No |
| typesOnly |
If true, returns the names but not the values of the attributes found. If false, returns the names and values for attributes found. |
false
|
No |
| queries |
|
|
No |
| trustAll |
Only for LdapSConnector and LdapSASLConnector. If set to true all server certificates will be trusted. If this is set to false, the trustStore property must be set.
|
false
|
No
|
| trustStore |
Only for LdapSConnector. If trustAll ist set to false, the value of this property must point to the truststore where your server certificate is trusted.
|
|
Yes, if trustAll is set to false
|
| mechanism |
Only for LdapSASLConnector. The challenge mechanism. SASL is currently experimental. Only DIGEST-MD5 is tested.
|
DIGEST-MD5
|
No
|
LDAP Endpoints
There are two ldap endpoint types available:
- ldap://ldap.in
- ldap://ldap.out[/searchquery]
1. ldap.in is the inbound endpoint for incoming ldap messages sended by the server (replies to asynchronous requests) like search responses, add responses ...
2. ldap.out ist outbound endpoint where either LDAPMessages, static search requests or arbitrary payload can be sent to. In the latter case an extra searchquery is reqiured.
Example:
2.1 ldap://ldap.out -> Payload must be of type LDAPMessage or com.novell.ldap.util.DN. In the latter case a single Entry is returned. This is only possible if the request is synchronous!
2.2 ldap://ldap.out/(cn=hsaly) -> static search query. Payload it ignored (can be used to poll directory for specific entries/modifications)
2.3 ldap://ldap.out/my.query -> arbitrary payload allowed, but you need to specifiy a query on the connector or endpoint (similar to JDBC connector)
For the ${} Syntax see Mule JDBC Connector.
Transformers
| Transformer |
Description |
org.mule.providers.ldap.transformers.LDAPEntryToAddRequest
|
|
| org.mule.providers.ldap.transformers.LDAPMessageToString |
String means: DSML or LDIF
|
| org.mule.providers.ldap.transformers.LDAPSearchResultToString |
String means: DSML or LDIF |
| org.mule.providers.ldap.transformers.StringToDeleteRequest |
String means: dn |
| org.mule.providers.ldap.transformers.StringToLDAPMessage |
String means: DSML or LDIF |
| org.mule.providers.ldap.transformers.StringToSearchRequest |
String means: filter query
|
| org.mule.providers.ldap.transformers.JavaBeanToModiffyRequest |
Payload must be a JavaBean. All getter methods are introspected and the fields they correspondend are treated as attributes in the directory. They will eihter be added or modified with the contents of the JavaBean. Currently only Strings are supported, byte[] etc. will follow. Note that there must be a String field "dn" which denoted the entry to be modified or the transformer must be configured with an "uniqueField" (contributed by Tomas Blohm).
|
Example
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mule-configuration PUBLIC "-
"http:>
<mule-configuration id="SysinAddEntry" version="1.0">
<!-- serverUrl="" disables tcp port-->
<mule-environment-properties serverUrl=""/>
<connector name="ldapConnector" className="org.mule.providers.ldap.LdapSConnector">
<properties>
<property name="ldapHost" value="localhost"/>
<property name="ldapPort" value="10636"/>
<property name="loginDN" value="uid=admin,ou=system"/>
<property name="password" value="secret"/>
<property name="searchBase" value="o=sevenseas"/>
<property name="searchScope" value="2"/>
<property name="pollingFrequency" value="500"/>
<property name="startUnsolicitedNotificationListener" value="false"/>
<list name="attributes">
<entry value="cn"/>
<entry value="sn"/>
</list>
<property name="typesOnly" value="false"/>
<property name="dereference" value="0"/>
<property name="maxResults" value="0x7fffffff"/>
<property name="timeLimit" value="0"/>
<property name="trustAll" value="true"/>
</properties>
</connector>
<transformers>
<transformer name="LDAPMessageToString" className="org.mule.providers.ldap.transformers.LDAPMessageToString">
<properties>
<property name="format" value="DSML"/>
</properties>
</transformer>
</transformers>
<model name="SysinToSearchTest">
<mule-descriptor name="sysinSearch" implementation="org.mule.providers.ldap.components.RandomEntryComponent">
<inbound-router>
<endpoint address="stream:/>
</inbound-router>
<outbound-router>
<router className="org.mule.routing.outbound.OutboundPassThroughRouter">
<endpoint address="ldaps:>
</endpoint>
</router>
</outbound-router>
</mule-descriptor>
<mule-descriptor name="sysoutSearch" implementation="org.mule.components.simple.BridgeComponent">
<inbound-router>
<endpoint address="ldaps:/>
</inbound-router>
<outbound-router>
<router className="org.mule.routing.outbound.OutboundPassThroughRouter">
<endpoint address="stream: transformers="LDAPMessageToString">
</endpoint>
</router>
</outbound-router>
</mule-descriptor>
</model>
</mule-configuration>
This page
Other pages
Account
