LDAPDataSource
The LDAPDataSource is used to read data from an LDAP directory using JNDI. An LdapContextProvider is needed to access the LDAP directory. It supports reading of LDAP objects based on their distinguished name (DN) and a filter rule.
The scope of the search is an adjustable parameter which controls whether the search is carried out on the single object specified by the DN, in the first child level of the object or in the complete subtree.
The DN of the LDAP objects found is stored in the nevisDataPorter ObjectMap in the form of a list of DnHolders. Using the expression language it is possible to extract components of the DN path which are elements of this list. Every element provides access to the DN, RDN, base DN, or the attribute name or value.
The entity has to process the LDAP entries within the idle timeout of the LDAP server. This is due to limitations in JNDI. The LDAPDataSource fetches the data in pages of a configurable size if this feature is available on the server. However, the elements of one page still have to be processed within the server's idle timeout. If this is not possible, consider to use a cache (CachingFilter or BeanDataSink).
Configuration
| Name | Type, usage constraints, defaults | Description |
|---|---|---|
| dn | required: paraVal default: none type: DN string | The DN of the object to read. |
| filter | required: paraVal default: none type: LDAP filter string | The LDAP filtering rule used in the search. |
| searchScope | required: paraVal default: none type: LDAP search scope string | Defines the scope of the search:object: Only search the object specified by the DN.onelevel: Search one level in the LDAP hierarchy.subtree: Search the full subtree having the DN object as root. |
| ldapContext | required: paraVal default: none type: ch.adnovum.dataporter. dataobject.LdapContextProvider | A reference to an LdapContextProvider object. It refers to an LDAP connection pool defined in an initialization section of the configuration file, or an LdapContextProvider provided programmatically by the client application that is put into the configuration repository. |
| pageSize | optional: paraVal default: 100 type: integer | The number of entries fetched on the LDAP server in one go. As paged searching is an LDAP extension, it is not enforced. |
| attributesReturned | optional: paraList default: none type: list of attribute IDs in a string | Specifies the LDAP attributes to be returned. If not set, the system will return all attributes except the operational attributes. If you specify a combination of * and + characters, the system will return all attributes including the relevant operational attributes. |
Example
<dataSource type="LDAPDataSource">
<dp:paraVal name="ldapContext" value="${inst.ldapConnection}"/>
<dp:paraVal name="dn" value="o=nevisdp,dc=example,dc=com"/>
<dp:paraVal name="filter" value="objectClass=person"/>
<dp:paraVal name="searchscope" value="subtree"/>
<dp:paraList name="attributesReturned">
<value>*</value>
<value>modifyTimestamp</value>
</dp:paraList>
</dataSource>
Examples for DN access
Assume the DN of the object found is given by cn=user,ou=persons,o=nevisdp,dc=example,dc=com.
- Get the full DN of the object found:
#{in.entity.dn[0]}
#{in.entity.dn[0].dn}
- Get the DN of the parent object:
ou=persons,o=nevisdp,dc=example,dc=com:
#{in.entity.dn[1].dn}
#{in.entity.dn[0].baseDn}
- Get the RDN of the parent object:
ou=persons:
#{in.entity.dn[1].rdn}
- Get the key attribute name or value of the grand-parent object:
oornevisdp:
#{in.entity.dn[2].attributeName}
#{in.entity.dn[2].attributeKey}
- Get the RDN of the second object from the root:
dc=example:
#{in.entity.forwardDn[1].rdn}
Use dn to access elements in the DN from object to root. Use forwardDn to access them from root to object.
Example
dn="cn=user,ou=persons,o=nevisdp,dc=example,dc=com" forwardDn="dc=com,dc=example,o=nevisdp,ou=persons,cn=user"