All docs This doc
Skip to end of metadata
Go to start of metadata


Overview

The following CRUD operations allow you to work with LDAP. Click an operation name to see details on how to use it.

For a sample proxy service that illustrates how to work with each operation, see Sample Configuration.

OperationDescription
addEntryCreates a new LDAP entry in the LDAP server.
searchEntryPerforms a search for one or more LDAP entities with the specified search keys.
updateEntryUpdates an existing LDAP entry in the LDAP server.
deleteEntryDeletes an existing LDAP entry from the LDAP server.

Operation details

This section provides details on each operation.

Creating a new LDAP entry

The addEntry operation creates a new LDAP entry in the LDAP server.

addEntry
<ldap.addEntry>
    <objectClass>{$ctx:objectClass}</objectClass>
    <dn>{$ctx:dn}</dn>
    <attributes>{$ctx:attributes}</attributes>
</ldap.addEntry>
Properties
  • objectClass : The object class of the new entry.

  • dn : The distinguished name of the new entry. This should be a unique DN that does not already exist in the LDAP server.
  • attributes : The other attributes of the entry other than the DN. These attributes should be specified as comma separated key-value pairs.
Sample Request
Sample Request for AddEntry
{  
   "providerUrl":"ldap://localhost:10389/",
   "securityPrincipal":"cn=admin,dc=wso2,dc=com",
   "securityCredentials":"comadmin",
   "secureConnection":"false",
   "disableSSLCertificateChecking":"false",
   "application":"ldap",
   "operation":"createEntity",
   "content":{  
      "objectClass":"inetOrgPerson",
      "dn":"uid=testDim20,ou=staff,dc=wso2,dc=com",
      "attributes":{  
         "mail":"testDim1s22c@wso2.com",
         "userPassword":"12345",
         "sn":"dim",
         "cn":"dim",
         "manager":"cn=dimuthuu,ou=Groups,dc=example,dc=com"
      }
   }
}

Searching an LDAP entry

The searchEntry operation performs a search for one or more LDAP entities based on the specified search keys.

searchEntry
<ldap.searchEntry>
    <objectClass>{$ctx:objectClass}</objectClass>
    <dn>{$ctx:dn}</dn>
    <filters>{$ctx:filters}</filters>
    <attributes>{$ctx:attributes}</attributes>
    <onlyOneReference>{$ctx:onlyOneReference}</onlyOneReference>
    <limit>1000</limit>
</ldap.searchEntry>
Properties
  • objectClass : The object class of the entry you need to search.

  • filtersThe keywords to use in the search. The parameters should be in JSON format as follow:
    "filters":{ "uid":"john", "mail":"testDim2@gmail.com"}
  • dn : The distinguished name of the entry you need to search.
  • attributes : The attributes of the LDAP entry that should be included in the search result.
  • onlyOneReference : Boolean value whether to guarantee or not only one reference.

  • limit : This allows you to set a limit on the number of search results. If this property is not defined the maximum no of search results will be returned.
 Sample Request 
Sample Request for Search Entry
{ 
   "providerUrl":"ldap://server.example.com",
   "securityPrincipal":"cn=admin,dc=example,dc=com",
   "securityCredentials":"admin",
   "secureConnection":"false",
   "disableSSLCertificateChecking":"false",
   "application":"ldap",
    "operation":"searchEntity",
    "content":{
        "dn":"ou=sales,dc=example,dc=com",
        "objectClass":"inetOrgPerson",
        "attributes":"mail,uid,givenName,manager,objectGUID",
      "filters":{
          "manager":"cn=sales-group,ou=sales,dc=example,dc=com","uid":"rajjaz"},
        "onlyOneReference":"false"
    }
}

Updating a LDAP entry

The updateEntry operation updates an existing LDAP entry in the LDAP server based on the specified changes.

updateEntry
<ldap.updateEntry>
    <mode>{$ctx:mode}</mode>
    <dn>{$ctx:dn}</dn>
    <attributes>{$ctx:attributes}</attributes>
</ldap.updateEntry>
Properties
  • mode : The mode of the update operation. Possible values are as follows:
    • replace : Replaces an existing attribute with the new attribute that is specified.
    • add : Adds a new attributes
    • remove : Removes an existing attribute.
  • dn : The distinguished name of the entry to be updated.
  • attributes : Attributes of the entry to be updated. The attributes to be updated should be specified as comma separated key-value pairs.
Sample Request
Sample Request for Update Entry
{
    "providerUrl":"ldap://localhost:10389/",
    "securityPrincipal":"cn=admin,dc=wso2,dc=com",
    "securityCredentials":"comadmin",
    "secureConnection":"false",
    "disableSSLCertificateChecking":"false",
    "application": "ldap",
    "operation": "updateEntity",
    "content":{
        "mode":"replace",
        "dn":"uid=testDim20,ou=staff,dc=wso2,dc=com",
        "attributes":{  
         "mail":"testDim1s22c@wso2.com",
         "userPassword":"12345",
         "sn":"dim",
         "cn":"dim",
         "manager":"cn=dimuthuu,ou=Groups,dc=example,dc=com"
      }
    }
}

Deleting a LDAP entry

The deleteEntry operation deletes an existing LDAP entry from the LDAP server.

deleteEntry
<ldap.deleteEntry>
    <dn>{$ctx:dn}</dn>
</ldap.deleteEntry>
properties
  • dn : The distinguished name of the entry to be deleted.
Sample Request
Sample Request For Delete Entry
{
    "providerUrl":"ldap://localhost:10389/",
    "securityPrincipal":"cn=admin,dc=wso2,dc=com",
    "securityCredentials":"comadmin",
    "secureConnection":"false",
    "disableSSLCertificateChecking":"false",
    "application": "ldap",
    "operation":"deleteEntity",
    "content":{
        "dn":"uid=testDim20,ou=staff,dc=wso2,dc=com"
    }
}

Sample configuration

Following is a sample proxy service that illustrates how to connect to LDAP with the init operation and use the addEntry operation. The sample request for this proxy can be found in addEntry sample request. You can use this sample as a template for using other operations in this category.

Sample Proxy
<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
       name="addEntry"
       transports="https,http"
       statistics="disable"
       trace="disable"
       startOnLoad="true">
   <target>
      <inSequence>
         <property name="objectClass" expression="json-eval($.content.objectClass)"/>
         <property name="dn" expression="json-eval($.content.dn)"/>
         <property name="attributes" expression="json-eval($.content.attributes)"/>
         <property name="providerUrl" expression="json-eval($.providerUrl)"/>
         <property name="securityPrincipal" expression="json-eval($.securityPrincipal)"/>
         <property name="securityCredentials"
                   expression="json-eval($.securityCredentials)"/>
         <property name="secureConnection"
                   expression="json-eval($.secureConnection)"/>
         <property name="disableSSLCertificateChecking"
                   expression="json-eval($.disableSSLCertificateChecking)"/>
         <ldap.init>
            <providerUrl>{get-property('providerUrl')}</providerUrl>
            <securityPrincipal>{get-property('securityPrincipal')}</securityPrincipal>
            <securityCredentials>{get-property('securityCredentials')}</securityCredentials>
            <secureConnection>{get-property('secureConnection')}</secureConnection>
            <disableSSLCertificateChecking>{get-property('disableSSLCertificateChecking')}</disableSSLCertificateChecking>
         </ldap.init>
         <ldap.addEntry>
            <objectClass>{get-property('objectClass')}</objectClass>
            <dn>{get-property('dn')}</dn>
            <attributes>{get-property('attributes')}</attributes>
         </ldap.addEntry>
         <respond/>
      </inSequence>
      <faultSequence>
         <respond/>
      </faultSequence>
   </target>
   <description/>
</proxy>
  • No labels