LDAP Adapter Actions

Prev Next

LDAP Adapter Actions

compareLDAPField

Compare a Record field on the LDAP server.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

dn*

expression, variable

the DN of the Record

fieldName

text, expression, variable

name of the field to be compared

fieldValue

text, expression, variable

value of the field to be compared

returnVariable

expression, variable

name of the variable to be assigned to the return value

mail = "testuser@test.local"
isEqual = compareLDAPField(conn, dn, "mail", mail)

if(isEqual == true) {
log("mail = " + mail)
} else {
log("mail <> " + mail)
}

deleteLDAPRecord

Delete Record from the LDAP server.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

dn*

text, expression, variable

the DN of the Record

recursive

boolean, expression, variable

recursively delete subtree rooted at dn (default: false)

returnVariable

expression, variable

name of the variable to be assigned to the return value

queryExample = createRecord()
setRecordValue(queryExample,"loginDisabled","TRUE")
inactiveRecords = getLDAPRecords(conn,"ou=people,o=data","sub",
"(loginDisabled=TRUE)")
forEach(inactive,inactiveRecords) {
delStatus = deleteLDAPRecord(conn,inactive["@dn"])
if(Boolean(delStatus)) {
log("Deletion Successful!")
} else {
log("Deletion Failed!")
}
}

getLDAPADChanges

Get changed Records from an Active Directory server.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

baseDn*

text, expression, variable

the search base dn

scope*

choice (sub, one, base), text, expression, variable

the search scope

filter*

text, expression, variable

the search filter expression or an example Record

attributes

text, expression, variable

comma separated list of attributes to return (default: none)

cookie

expression, variable

cookie returned from previous invocation (default: none, which will return all objects)

returnVariable

expression, variable

name of the variable to be assigned to the return value

cookieFile = "/cookie/studentsAD.cookie"
fileExists = isFile(cookieFile)

if(!fileExists) {
saveToFile(cookieFile, "")
} else {
}

varCookie = loadFileAsBytes(cookieFile)

# getRecords
moreResults = 1
while(moreResults != 0) {
recordChanges = getLDAPADChanges(conn, "OU=People,DC=test,DC=local",
"sub", "(employeeType=Student)", "cn,sn,givenName", varCookie)
moreResults = 0

if(recordChanges) {
log("Count: " + recordChanges.length)
} else {
}

# foreach
forEach(recordChange, recordChanges) {
if(recordChange.objectClass == "cookie") {
saveToFile(cookieFile, recordChange.cookie)
moreResults = Number(recordChange.moreResults)
} else {
record = getLDAPRecord(conn, recordChange['@dn'], "*")

# transformations
if(!record) {
continue()
} else {
log("Name information has changed: " + record.sn + "
" + record.givenName)
}
}
}
}

getLDAPRecord

Get a Record from the LDAP server.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

dn*

expression, variable

the DN of the Record

attributes

text, expression, variable

comma separated list of attributes to return (default: none)

returnVariable

expression, variable

name of the variable to be assigned to the return value

resultRecord = getLDAPRecord(conn,"cn=jdoe,ou=people,o=data","givenName")

getLDAPRecords

Get Records from the LDAP server.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

baseDn*

text, expression, variable

the search base dn

scope*

choice (sub, one, base), text, expression, variable

the search scope

filter*

text, expression, variable

the search filter expression or an example Record

maxResults

expression, variable

maximum number of Records to return (default: the server maximum)

attributes

text, expression, variable

comma separated list of attributes to return (default: none)

returnVariable

expression, variable

name of the variable to be assigned to the return value

inactiveRecords = getLDAPRecords(conn,"o=data","sub",
"(&(objectclass=inetOrgPerson)(loginDisabled=TRUE))")
log("There are " + inactiveRecords.length + " inactive records.")

getCurrentLDAPServerAddress

Returns the hostname or IP address of the LDAP server being used as the metadirectory.

Property

Value

Description

returnVariable

expression, variable

Name of the variable to be assigned to the return value.

LDAP = getCurrentLDAPServerAddress()
log(LDAP)

getOpenLDAPChanges

Get changed Records from an OpenLDAP server.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

logDN*

text, expression, variable

the dn of the accesslog

baseDn*

text, expression, variable

the search base dn

scope*

choice (sub, one, base), text, expression, variable

the search scope

classes

text, expression, variable

comma separated list of classes to return (default: none)

attributes

text, expression, variable

comma separated list of attributes to check/return (default: all)

cookie

expression, variable

cookie returned from previous invocation (default: none, which will return all objects)

returnVariable

expression, variable

name of the variable to be assigned to the return value

cookieFile = "/cookie/studentsOpenLDAP.cookie"
fileExists = isFile(cookieFile)

if(!fileExists) {
saveToFile(cookieFile, "")
} else {
}

varCookie = loadFileAsString(cookieFile)

# getRecords
moreResults = 1
while(moreResults != 0) {
recordChanges = getOpenLDAPChanges(conn, "o=changelog",
"ou=people,ou=data,o=meta", "sub", "inetOrgPerson",
"cn,sn,givenName", varCookie)
moreResults = 0

if(recordChanges) {
log("Count: " + recordChanges.length)
} else {
}

# foreach
forEach(recordChange, recordChanges) {
if(recordChange.objectClass == "cookie") {
saveToFile(cookieFile, recordChange.cookie)
varCookie = recordChange.cookie
moreResults = recordChange.moreResults
} else {
record = getLDAPRecord(conn, recordChange['@dn'], "*")

# transformations
if(!record || record['employeeType'] != "Student") {
continue()
} else {
log("Student record has changed: " + record['@dn'])
log(" Change type: " + recordChange.changeType)
log(" Added attribute values: " + recordChange.added)
log(" Deleted attribute values: " + recordChange.deleted)
}
}
}
}

getUnboundIDDSChanges

Get changed Records from an UnboundID-DS server.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

baseDn*

text, expression, variable

the search base dn

scope*

choice (sub, one, base), text, expression, variable

the search scope

classes

text, expression, variable

comma separated list of classes to return (default: none)

attributes

text, expression, variable

comma separated list of attributes to check/return (default: all)

cookie

expression, variable

cookie returned from previous invocation (default: none, which will return all objects)

returnVariable

expression, variable

name of the variable to be assigned to the return value

cookieFile = "/cookie/studentsUnboundId.cookie"
fileExists = isFile(cookieFile)

if(!fileExists) {
saveToFile(cookieFile, "")
} else {
}

varCookie = loadFileAsBytes(cookieFile)

# getRecords
moreResults = 1

while(moreResults != 0) {
recordChanges = getUnboundIDDSChanges(conn,
"ou=people,ou=Accounts,dc=meta", "sub", "inetOrgPerson",
"cn,sn,givenName", varCookie)
moreResults = 0

if(recordChanges) {
log("Count: " + recordChanges.length)
} else {
}

# foreach
forEach(recordChange, recordChanges) {
if(recordChange.objectClass == "cookie") {
saveToFile(cookieFile, recordChange.cookie)
varCookie = recordChange.cookie
moreResults = recordChange.moreResults
} else {
record = getLDAPRecord(conn, recordChange['@dn'], "*")

# transformations
if(!record || record['employeeType'] != "Student") {
continue()
} else {
log("Student record has changed: " + record['@dn'])
log(" Change type: " + recordChange.changeType)
log(" Added attribute values: " + recordChange.added)
log(" Deleted attribute values: " + recordChange.deleted)
}
}
}
}

modifyLDAPRecord

Modify a Record on the LDAP server.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

dn*

expression, variable

the DN of the Record

removeRecord

expression, variable

a Record containing attributes/values to be removed

addRecord

expression, variable

a Record containing attribute values to be added

returnVariable

expression, variable

name of the variable to be assigned to the return value

addRecord = createRecord()
removeRecord = createRecord()
setRecordFieldValue(addRecord, "objectClass", "customObjectClass")
addRecordField(removeRecord, "telephoneNumber")
dn = "cn=Test User,ou=People,o=test"
result = modifyLDAPRecord(conn, dn, removeRecord, addRecord)
if(result) {
log("Record modified - Added " + addRecord)
log("Record modified - Removed " + removeRecord)
} else {
log("Record not modified - " + dn)

openLDAPConnection

Open a connection to an LDAP server.

Property

Value

Description

ldapHost*

text, expression, variable

the host name or IP address of the LDAP server

ldapPort

expression, variable

the TCP port of the LDAP server (default: 636 if using SSL, 389 otherwise.)

useSSL

boolean, expression, variable

use SSL/TLS (default: false.)

userDn

text, expression, variable

the user DN for authenticating to the LDAP server

password

password, string, expression, variable

the user password for authenticating to the LDAP server

returnVariable

expression, variable

name of the variable to be assigned to the return value

extraProperties

expression, variable

Defined below as applicable

Booleans

Property

Description

abandonOnTimeout

Indicates whether the LDAP SDK should attempt to abandon any request for which no response is received in the maximum response timeout period

captureConnectStackTrace

Indicates whether the LDAP SDK should capture a thread stack trace for each attempt made to establish a connection

useKeepAlive

Indicates whether to use the SO_KEEPALIVE option for the underlying sockets used by associated connections

useTCPNoDelay

Indicates whether to use the TCP_NODELAY option for the underlying sockets used by associated connections

followReferrals

Indicates whether associated connections should attempt to follow any referrals that they encounter

usePassiveSSLSocketVerifier

If true, corresponds to RapidIdentity setting a SSLSocketVerifier using a passive SSL socket verifier with the connection timeout milliseconds

Integers

Property

Description

connectTimeoutMillis

The maximum length of time in milliseconds that a connection attempt should be allowed to continue before giving up

useLinger

The SO_LINGER timeout for the underlying sockets used by associated connections

referralHopLimit

The maximum number of hops that a connection should take when trying to follow a referral

responseTimeoutMillis

The maximum length of time in milliseconds that an operation should be allowed to block while waiting for a response from the server

conn = openLDAPConnection("server1.company.com","636",true,
"cn=admin,o=company","password")

if(outputLDAP) {
log("LDAP connection successful!")
} else {
log("LDAP connection failed!")
}

openMetadirLDAPConnection

Open a connection to the MetaDirectory LDAP in scenarios where a Cloud Tenant's SharedGlobals.properties file is not populated in RapidIdentity Cloud versions 2021.4.9 or higher

Property

Value

Description

Assign To

Expression

Choose the variable type to assign the action to

Input Parameters:
{
sessionMeta = openMetadirLDAPConnection()
if (sessionMeta) {
log("Connection to MetaDirectory was successful: " + sessionMeta, "DEBUG")
} else {
log("Connection to Metadirectory failed: " + sessionMeta, "ERROR")
}
if (sessionMeta) {
close(sessionMeta)
} else {
}
}

openOpenLDAPChangeIterator

Open Change Iterator for OpenLDAP server.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

logDN*

text, expression, variable

the dn of the accesslog

scope*

choice (sub, one, base), text, expression, variable

the search scope

classes

text, expression, variable

comma separated list of classes to return (default: none)

attributes

text, expression, variable

comma separated list of attributes to check/return (default: all)

cookieFile*

text, expression, variable

path to file to load/save cookie

returnVariable

expression, variable

name of the variable to be assigned to the return value

cookieFile = "/cookie/studentsOpenLDAP.cookie"
recordChanges = openOpenLDAPChangeIterator(conn,
"o=changelog", "ou=people,ou=data,o=meta", "sub",
"inetOrgPerson", "cn,sn,givenName", cookieFile)

forEach(recordChange, recordChanges) {
record = getLDAPRecord(conn, recordChange['@dn'], "*")

# transformations
if(!record || record['employeeType'] != "Student") {
continue()
} else {
log("Student record has changed: " + record['@dn'])
log(" Change type: " + recordChange.changeType)
log(" Added attribute values: " + recordChange.added)
log(" Deleted attribute values: " + recordChange.deleted)
}
}

openLDAPRecordIterator

Open Record Iterator for OpenLDAP server to sort large sets of records.

Property

Value

Description

filter*

text, expression, password, variable

the search filter expression or an example record

pageSize

expression, variable

the preferred number of records to fetch at a time from LDAP server. (default: 100)

attributes

text, expression, password, variable

comma-separated list of attributes to check/return (default: none)

sortKey

text, expression, password, variable

comma-separated list of attributes to use as sort keys, with optional +/- to indicate sort direction. (default: unsorted)

returnVariable

expression, variable

name of the variable to be assigned to the return value

sessionLDAP = openLDAPConnection("10.100.70.28", "636", true,
"cn=doc-admin,ou=users,ou=system,o=meta",<Password>)

# Record Iterator
i = 0
recordChanges = openLDAPRecordIterator(sessionLDAP,
"ou=students,ou=people,ou=data,o=meta", "sub",
"(employeeType=Student)","cn")

recordIterator: forEach(recordChange, recordChanges) {
log(recordChanges)
i = i + 1

if(i >= 30) {
break(recordIterator)
} else {
}
}

# Close
close(sessionLDAP)

openUnboundIDDSChangeIterator

Open Change Iterator for an UnboundID-DS server.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

baseDn*

text, expression, variable

the search base dn

scope*

choice (sub, one, base), text, expression, variable

the search scope

classes

text, expression, variable

comma separated list of classes to return (default: none)

attributes

text, expression, variable

comma separated list of attributes to check/return (default: all)

cookieFile*

text, expression, variable

path to file to load/save cookie

returnVariable

expression, variable

name of the variable to be assigned to the return value

cookieFile = "/cookie/studentsUnboundId.cookie"
recordChanges = openUnboundIDDSChangeIterator(conn,
"ou=people,ou=data,o=meta", "sub", "inetOrgPerson",
"cn,sn,givenName", cookieFile)

forEach(recordChange, recordChanges) {
record = getLDAPRecord(conn, recordChange['@dn'], "*")

# transformations
if(!record || record['employeeType'] != "Student") {
continue()
} else {
log("Student record has changed: " + record['@dn'])
log(" Change type: " + recordChange.changeType)
log(" Added attribute values: " + recordChange.added)
log(" Deleted attribute values: " + recordChange.deleted)
}
}

renameLDAPRecord

Rename and/or move object on the LDAP server.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

oldDn*

text, expression, variable

the original DN of the object

newDn*

text, expression, variable

the new DN of the object

keepOldRdn*

boolean, expression, variable

preserve that attribute values used by the old dn (default: false.)

returnVariable

expression, variable

name of the variable to be assigned to the return value

oldDN = "cn=jdoe,ou=people,o=data"
newDN = "cn=xjdoe,ou=inactive,ou=people,o=data"
renameResult = renameLDAPRecord(conn, oldDN,newDN,false)

if(renameResult) {
log(LDAP object rename successful!)
} else {
log(LDAP object rename failed!)
}

saveLDAPRecord

Save a Record to the LDAP server.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

record*

expression, variable

the Record to save - must contain the dn in the @dn field

returnVariable

expression, variable

name of the variable to be assigned to the return value

myRecord = createRecord()
setRecordFieldValue(myRecord,"@dn", "cn=jdoe,ou=people,o=data")
setRecordFieldValue(myRecord,"objectclass", "inetOrgPerson")
setRecordFieldValue(myRecord,"givenName", "John")
setRecordFieldValue(myRecord,"sn", "Doe")
saveResult = saveLDAPRecord(conn, myRecord)

if(Boolean(saveResult)) {
log("Save Successful!")
} else {
log("Save Failed!")
}

setLDAPPassword

Sets password on a Record on the LDAP server.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

dn*

text, expression, variable

the DN of the Record

password*

password, string, expression, variable

the password

oldPassword

password, string, expression, variable

the old password (default: none)

returnVariable

expression, variable

name of the variable to be assigned to the return value

result = setLDAPPassword(conn, "cn=user1,cn=Users,dc=acme,dc=org",
<password>)

Complete LDAP Adapter Example

# Input from text file
textInput = openDelimitedTextInput("/root/senators.csv",
"LastName,FirstName,Title,Email,Phone,Description")

# Open LDAP connection (SSL)
outputLDAP = openLDAPConnection("ldap.company.com",true,"cn=admin,o=company",
"P@ssw0rD")

# Loop through input records
forEach(inputRecord,textInput) {
# Schema mapping
renameRecordFields(inputRecord, "LastName, FirstName, Title, Email, Phone",
"sn, givenName, title, mail, telephoneNumber")
cn = inputRecord['givenName'].substr(0,1) + inputRecord['sn']
setRecordValue(inputRecord,"@dn","cn=" + cn + ",ou=people,o=data")

# Check for existance in target
queryRecord = createRecord()
setRecordFieldValue(queryRecord,"cn",cn)
matchingRecords = getLDAPRecords(outputLDAP,"ou=people,o=data","sub",queryRecord)
if(matchingRecords.length == 1) {
# Match found. Add DN to current record from source.
matchingKeyValue = getRecordFieldValue(matchingRecords[0],"@dn")
setRecordFieldValue(inputRecord,"@dn",matchingKeyValue)
} else {
# No match found. Add new object.
setRecordValue(inputRecord,"objectclass","inetorgperson")
setRecordValue(inputRecord,"userPassword",inputRecord['sn'])
}

# Write (add/modify) record to LDAP
saveLDAPRecord(outputLDAP,inputRecord)
}

# Close LDAP and file connections
close(outputLDAP)
close(textInput)