LDAPSearchValve

Valve for searching an LDAP Directory.

If no Items exist in the Current Item Set (CIS), the valve will perform the configured search and populate the CIS with the search result entries. If Items exist in CIS the Valve operates on them and will process all Items surviving the common item filtering rules.

Properties

Name Description Default value Mandatory Supports property expansion
connection_ref Id of LDAP connection to use. Must refer to a connection of type 'LDAP' Yes No
base_dn Search base DN Yes No
attributes List of attributes to perform operations on. If left blank, all attributes will be returned. For property expansion, use attributes_template. No No
attributes_template List of attributes to perform operations on. If left blank, all attributes will be returned. No Yes
item_id_pattern Regex pattern for item ids to perform operations on. Items with ids that doesnt match the regex will be filter out. '.*' (include all items ) No No
scope LDAP search scope. SUB, ONE or BASE SUB Yes No
size_limit Number of results. Set to 0 for unlimited matches 0 Yes No
filter The LDAP search filter to be used (objectclass=*) Yes Yes
binary_attrs List of attributes that should be treated as binary No No
allow_multiple Flag turning on support for multiple result entries when in item iteration mode false No No
multiple_use_first Flag turning on result entry truncation - if multiple result entries only the first will be returned. Works in both search and item iteration mode false No No

Example Configuration 1 – User with mail={{request.email}} 

{
        "name": "LDAPSearchValve",
        "config": { 
              "connection_ref":"b0f2ddff-9585-47c5-9286-2bee2b731197",
              "base_dn":"dc=example,dc=com",
              "scope":"SUB",
              "size_limit":"0",
              "filter_template":"(&(objectclass=*)(mail={{request.email}}))",
              "attributes":"cn,uid,mail,mobile" 
        }
}

Example Configuration 2 – Nested group membership 

{
        "name": "LDAPSearchValve",
        "config": { 
              "connection_ref":"b0f2ddff-9585-47c5-9286-2bee2b731197",
              "base_dn":"dc=example,dc=com",
              "scope":"SUB",
              "size_limit":"0",
              "filter_template":"(&(objectclass=*)(memberof:1.2.840.113556.1.4.1941:=cn=GroupWithNestedGroups,OU=groups,OU=PhenixID,DC=Org,DC=local))",
              "attributes":"cn,uid,mail,mobile" 
        }
}

Requirements