LDAP Adapter Actions
- 20 Jun 2023
- 9 Minutes to read
- Print
- DarkLight
LDAP Adapter Actions
- Updated on 20 Jun 2023
- 9 Minutes to read
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
LDAP Adapter Actions
compareLDAPField
Compare a Record field on the LDAP server.
Property | Value | Description |
ldapConnection* | expression, variable | the LDAP connection |
dn* | expression, variable | the DN of the Record |
fieldName | text, expression, variable | name of the field to be compared |
fieldValue | text, expression, variable | value of the field to be compared |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
mail = "testuser@test.local"
isEqual = compareLDAPField(conn, dn, "mail", mail)
if(isEqual == true) {
log("mail = " + mail)
} else {
log("mail <> " + mail)
}deleteLDAPRecord
Delete Record from the LDAP server.
Property | Value | Description |
ldapConnection* | expression, variable | the LDAP connection |
dn* | text, expression, variable | the DN of the Record |
recursive | boolean, expression, variable | recursively delete subtree rooted at dn (default: false) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
queryExample = createRecord()
setRecordValue(queryExample,"loginDisabled","TRUE")
inactiveRecords = getLDAPRecords(conn,"ou=people,o=data","sub",
"(loginDisabled=TRUE)")
forEach(inactive,inactiveRecords) {
delStatus = deleteLDAPRecord(conn,inactive["@dn"])
if(Boolean(delStatus)) {
log("Deletion Successful!")
} else {
log("Deletion Failed!")
}
}getLDAPADChanges
Get changed Records from an Active Directory server.
Property | Value | Description |
ldapConnection* | expression, variable | the LDAP connection |
baseDn* | text, expression, variable | the search base dn |
scope* | choice (sub, one, base), text, expression, variable | the search scope |
filter* | text, expression, variable | the search filter expression or an example Record |
attributes | text, expression, variable | comma separated list of attributes to return (default: none) |
cookie | expression, variable | cookie returned from previous invocation (default: none, which will return all objects) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
cookieFile = "/cookie/studentsAD.cookie"
fileExists = isFile(cookieFile)
if(!fileExists) {
saveToFile(cookieFile, "")
} else {
}
varCookie = loadFileAsBytes(cookieFile)
# getRecords
moreResults = 1
while(moreResults != 0) {
recordChanges = getLDAPADChanges(conn, "OU=People,DC=test,DC=local",
"sub", "(employeeType=Student)", "cn,sn,givenName", varCookie)
moreResults = 0
if(recordChanges) {
log("Count: " + recordChanges.length)
} else {
}
# foreach
forEach(recordChange, recordChanges) {
if(recordChange.objectClass == "cookie") {
saveToFile(cookieFile, recordChange.cookie)
moreResults = Number(recordChange.moreResults)
} else {
record = getLDAPRecord(conn, recordChange['@dn'], "*")
# transformations
if(!record) {
continue()
} else {
log("Name information has changed: " + record.sn + "
" + record.givenName)
}
}
}
}getLDAPRecord
Get a Record from the LDAP server.
Property | Value | Description |
ldapConnection* | expression, variable | the LDAP connection |
dn* | expression, variable | the DN of the Record |
attributes | text, expression, variable | comma separated list of attributes to return (default: none) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
resultRecord = getLDAPRecord(conn,"cn=jdoe,ou=people,o=data","givenName")getLDAPRecords
Get Records from the LDAP server.
Property | Value | Description |
ldapConnection* | expression, variable | the LDAP connection |
baseDn* | text, expression, variable | the search base dn |
scope* | choice (sub, one, base), text, expression, variable | the search scope |
filter* | text, expression, variable | the search filter expression or an example Record |
maxResults | expression, variable | maximum number of Records to return (default: the server maximum) |
attributes | text, expression, variable | comma separated list of attributes to return (default: none) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
inactiveRecords = getLDAPRecords(conn,"o=data","sub",
"(&(objectclass=inetOrgPerson)(loginDisabled=TRUE))")
log("There are " + inactiveRecords.length + " inactive records.")getCurrentLDAPServerAddress
Returns the hostname or IP address of the LDAP server being used as the metadirectory.
Property | Value | Description |
returnVariable | expression, variable | Name of the variable to be assigned to the return value. |
LDAP = getCurrentLDAPServerAddress()
log(LDAP)getOpenLDAPChanges
Get changed Records from an OpenLDAP server.
Property | Value | Description |
ldapConnection* | expression, variable | the LDAP connection |
logDN* | text, expression, variable | the dn of the accesslog |
baseDn* | text, expression, variable | the search base dn |
scope* | choice (sub, one, base), text, expression, variable | the search scope |
classes | text, expression, variable | comma separated list of classes to return (default: none) |
attributes | text, expression, variable | comma separated list of attributes to check/return (default: all) |
cookie | expression, variable | cookie returned from previous invocation (default: none, which will return all objects) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
cookieFile = "/cookie/studentsOpenLDAP.cookie"
fileExists = isFile(cookieFile)
if(!fileExists) {
saveToFile(cookieFile, "")
} else {
}
varCookie = loadFileAsString(cookieFile)
# getRecords
moreResults = 1
while(moreResults != 0) {
recordChanges = getOpenLDAPChanges(conn, "o=changelog",
"ou=people,ou=data,o=meta", "sub", "inetOrgPerson",
"cn,sn,givenName", varCookie)
moreResults = 0
if(recordChanges) {
log("Count: " + recordChanges.length)
} else {
}
# foreach
forEach(recordChange, recordChanges) {
if(recordChange.objectClass == "cookie") {
saveToFile(cookieFile, recordChange.cookie)
varCookie = recordChange.cookie
moreResults = recordChange.moreResults
} else {
record = getLDAPRecord(conn, recordChange['@dn'], "*")
# transformations
if(!record || record['employeeType'] != "Student") {
continue()
} else {
log("Student record has changed: " + record['@dn'])
log(" Change type: " + recordChange.changeType)
log(" Added attribute values: " + recordChange.added)
log(" Deleted attribute values: " + recordChange.deleted)
}
}
}
}getUnboundIDDSChanges
Get changed Records from an UnboundID-DS server.
Property | Value | Description |
ldapConnection* | expression, variable | the LDAP connection |
baseDn* | text, expression, variable | the search base dn |
scope* | choice (sub, one, base), text, expression, variable | the search scope |
classes | text, expression, variable | comma separated list of classes to return (default: none) |
attributes | text, expression, variable | comma separated list of attributes to check/return (default: all) |
cookie | expression, variable | cookie returned from previous invocation (default: none, which will return all objects) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
cookieFile = "/cookie/studentsUnboundId.cookie"
fileExists = isFile(cookieFile)
if(!fileExists) {
saveToFile(cookieFile, "")
} else {
}
varCookie = loadFileAsBytes(cookieFile)
# getRecords
moreResults = 1
while(moreResults != 0) {
recordChanges = getUnboundIDDSChanges(conn,
"ou=people,ou=Accounts,dc=meta", "sub", "inetOrgPerson",
"cn,sn,givenName", varCookie)
moreResults = 0
if(recordChanges) {
log("Count: " + recordChanges.length)
} else {
}
# foreach
forEach(recordChange, recordChanges) {
if(recordChange.objectClass == "cookie") {
saveToFile(cookieFile, recordChange.cookie)
varCookie = recordChange.cookie
moreResults = recordChange.moreResults
} else {
record = getLDAPRecord(conn, recordChange['@dn'], "*")
# transformations
if(!record || record['employeeType'] != "Student") {
continue()
} else {
log("Student record has changed: " + record['@dn'])
log(" Change type: " + recordChange.changeType)
log(" Added attribute values: " + recordChange.added)
log(" Deleted attribute values: " + recordChange.deleted)
}
}
}
}modifyLDAPRecord
Modify a Record on the LDAP server.
Property | Value | Description |
ldapConnection* | expression, variable | the LDAP connection |
dn* | expression, variable | the DN of the Record |
removeRecord | expression, variable | a Record containing attributes/values to be removed |
addRecord | expression, variable | a Record containing attribute values to be added |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
addRecord = createRecord()
removeRecord = createRecord()
setRecordFieldValue(addRecord, "objectClass", "customObjectClass")
addRecordField(removeRecord, "telephoneNumber")
dn = "cn=Test User,ou=People,o=test"
result = modifyLDAPRecord(conn, dn, removeRecord, addRecord)
if(result) {
log("Record modified - Added " + addRecord)
log("Record modified - Removed " + removeRecord)
} else {
log("Record not modified - " + dn)openLDAPConnection
Open a connection to an LDAP server.
Property | Value | Description |
ldapHost* | text, expression, variable | the host name or IP address of the LDAP server |
ldapPort | expression, variable | the TCP port of the LDAP server (default: 636 if using SSL, 389 otherwise.) |
useSSL | boolean, expression, variable | use SSL/TLS (default: false.) |
userDn | text, expression, variable | the user DN for authenticating to the LDAP server |
password | password, string, expression, variable | the user password for authenticating to the LDAP server |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
extraProperties | expression, variable | Defined below as applicable |
Booleans
Property | Description |
abandonOnTimeout | Indicates whether the LDAP SDK should attempt to abandon any request for which no response is received in the maximum response timeout period |
captureConnectStackTrace | Indicates whether the LDAP SDK should capture a thread stack trace for each attempt made to establish a connection |
useKeepAlive | Indicates whether to use the SO_KEEPALIVE option for the underlying sockets used by associated connections |
useTCPNoDelay | Indicates whether to use the TCP_NODELAY option for the underlying sockets used by associated connections |
followReferrals | Indicates whether associated connections should attempt to follow any referrals that they encounter |
usePassiveSSLSocketVerifier | If true, corresponds to RapidIdentity setting a SSLSocketVerifier using a passive SSL socket verifier with the connection timeout milliseconds |
Integers
Property | Description |
connectTimeoutMillis | The maximum length of time in milliseconds that a connection attempt should be allowed to continue before giving up |
useLinger | The SO_LINGER timeout for the underlying sockets used by associated connections |
referralHopLimit | The maximum number of hops that a connection should take when trying to follow a referral |
responseTimeoutMillis | The maximum length of time in milliseconds that an operation should be allowed to block while waiting for a response from the server |
conn = openLDAPConnection("server1.company.com","636",true,
"cn=admin,o=company","password")
if(outputLDAP) {
log("LDAP connection successful!")
} else {
log("LDAP connection failed!")
}openMetadirLDAPConnection
Open a connection to the MetaDirectory LDAP in scenarios where a Cloud Tenant's SharedGlobals.properties file is not populated in RapidIdentity Cloud versions 2021.4.9 or higher
Property | Value | Description |
Assign To | Expression | Choose the variable type to assign the action to |
Input Parameters:
{
sessionMeta = openMetadirLDAPConnection()
if (sessionMeta) {
log("Connection to MetaDirectory was successful: " + sessionMeta, "DEBUG")
} else {
log("Connection to Metadirectory failed: " + sessionMeta, "ERROR")
}
if (sessionMeta) {
close(sessionMeta)
} else {
}
}openOpenLDAPChangeIterator
Open Change Iterator for OpenLDAP server.
Property | Value | Description |
ldapConnection* | expression, variable | the LDAP connection |
logDN* | text, expression, variable | the dn of the accesslog |
scope* | choice (sub, one, base), text, expression, variable | the search scope |
classes | text, expression, variable | comma separated list of classes to return (default: none) |
attributes | text, expression, variable | comma separated list of attributes to check/return (default: all) |
cookieFile* | text, expression, variable | path to file to load/save cookie |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
cookieFile = "/cookie/studentsOpenLDAP.cookie"
recordChanges = openOpenLDAPChangeIterator(conn,
"o=changelog", "ou=people,ou=data,o=meta", "sub",
"inetOrgPerson", "cn,sn,givenName", cookieFile)
forEach(recordChange, recordChanges) {
record = getLDAPRecord(conn, recordChange['@dn'], "*")
# transformations
if(!record || record['employeeType'] != "Student") {
continue()
} else {
log("Student record has changed: " + record['@dn'])
log(" Change type: " + recordChange.changeType)
log(" Added attribute values: " + recordChange.added)
log(" Deleted attribute values: " + recordChange.deleted)
}
}openLDAPRecordIterator
Open Record Iterator for OpenLDAP server to sort large sets of records.
Property | Value | Description |
filter* | text, expression, password, variable | the search filter expression or an example record |
pageSize | expression, variable | the preferred number of records to fetch at a time from LDAP server. (default: 100) |
attributes | text, expression, password, variable | comma-separated list of attributes to check/return (default: none) |
sortKey | text, expression, password, variable | comma-separated list of attributes to use as sort keys, with optional +/- to indicate sort direction. (default: unsorted) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
sessionLDAP = openLDAPConnection("10.100.70.28", "636", true,
"cn=doc-admin,ou=users,ou=system,o=meta",<Password>)
# Record Iterator
i = 0
recordChanges = openLDAPRecordIterator(sessionLDAP,
"ou=students,ou=people,ou=data,o=meta", "sub",
"(employeeType=Student)","cn")
recordIterator: forEach(recordChange, recordChanges) {
log(recordChanges)
i = i + 1
if(i >= 30) {
break(recordIterator)
} else {
}
}
# Close
close(sessionLDAP)openUnboundIDDSChangeIterator
Open Change Iterator for an UnboundID-DS server.
Property | Value | Description |
ldapConnection* | expression, variable | the LDAP connection |
baseDn* | text, expression, variable | the search base dn |
scope* | choice (sub, one, base), text, expression, variable | the search scope |
classes | text, expression, variable | comma separated list of classes to return (default: none) |
attributes | text, expression, variable | comma separated list of attributes to check/return (default: all) |
cookieFile* | text, expression, variable | path to file to load/save cookie |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
cookieFile = "/cookie/studentsUnboundId.cookie"
recordChanges = openUnboundIDDSChangeIterator(conn,
"ou=people,ou=data,o=meta", "sub", "inetOrgPerson",
"cn,sn,givenName", cookieFile)
forEach(recordChange, recordChanges) {
record = getLDAPRecord(conn, recordChange['@dn'], "*")
# transformations
if(!record || record['employeeType'] != "Student") {
continue()
} else {
log("Student record has changed: " + record['@dn'])
log(" Change type: " + recordChange.changeType)
log(" Added attribute values: " + recordChange.added)
log(" Deleted attribute values: " + recordChange.deleted)
}
}renameLDAPRecord
Rename and/or move object on the LDAP server.
Property | Value | Description |
ldapConnection* | expression, variable | the LDAP connection |
oldDn* | text, expression, variable | the original DN of the object |
newDn* | text, expression, variable | the new DN of the object |
keepOldRdn* | boolean, expression, variable | preserve that attribute values used by the old dn (default: false.) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
oldDN = "cn=jdoe,ou=people,o=data"
newDN = "cn=xjdoe,ou=inactive,ou=people,o=data"
renameResult = renameLDAPRecord(conn, oldDN,newDN,false)
if(renameResult) {
log(LDAP object rename successful!)
} else {
log(LDAP object rename failed!)
}saveLDAPRecord
Save a Record to the LDAP server.
Property | Value | Description |
ldapConnection* | expression, variable | the LDAP connection |
record* | expression, variable | the Record to save - must contain the dn in the @dn field |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
myRecord = createRecord()
setRecordFieldValue(myRecord,"@dn", "cn=jdoe,ou=people,o=data")
setRecordFieldValue(myRecord,"objectclass", "inetOrgPerson")
setRecordFieldValue(myRecord,"givenName", "John")
setRecordFieldValue(myRecord,"sn", "Doe")
saveResult = saveLDAPRecord(conn, myRecord)
if(Boolean(saveResult)) {
log("Save Successful!")
} else {
log("Save Failed!")
}setLDAPPassword
Sets password on a Record on the LDAP server.
Property | Value | Description |
ldapConnection* | expression, variable | the LDAP connection |
dn* | text, expression, variable | the DN of the Record |
password* | password, string, expression, variable | the password |
oldPassword | password, string, expression, variable | the old password (default: none) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
result = setLDAPPassword(conn, "cn=user1,cn=Users,dc=acme,dc=org",
<password>)Complete LDAP Adapter Example
# Input from text file
textInput = openDelimitedTextInput("/root/senators.csv",
"LastName,FirstName,Title,Email,Phone,Description")
# Open LDAP connection (SSL)
outputLDAP = openLDAPConnection("ldap.company.com",true,"cn=admin,o=company",
"P@ssw0rD")
# Loop through input records
forEach(inputRecord,textInput) {
# Schema mapping
renameRecordFields(inputRecord, "LastName, FirstName, Title, Email, Phone",
"sn, givenName, title, mail, telephoneNumber")
cn = inputRecord['givenName'].substr(0,1) + inputRecord['sn']
setRecordValue(inputRecord,"@dn","cn=" + cn + ",ou=people,o=data")
# Check for existance in target
queryRecord = createRecord()
setRecordFieldValue(queryRecord,"cn",cn)
matchingRecords = getLDAPRecords(outputLDAP,"ou=people,o=data","sub",queryRecord)
if(matchingRecords.length == 1) {
# Match found. Add DN to current record from source.
matchingKeyValue = getRecordFieldValue(matchingRecords[0],"@dn")
setRecordFieldValue(inputRecord,"@dn",matchingKeyValue)
} else {
# No match found. Add new object.
setRecordValue(inputRecord,"objectclass","inetorgperson")
setRecordValue(inputRecord,"userPassword",inputRecord['sn'])
}
# Write (add/modify) record to LDAP
saveLDAPRecord(outputLDAP,inputRecord)
}
# Close LDAP and file connections
close(outputLDAP)
close(textInput)Was this article helpful?