LDAPSearchValve

Valve for searching an LDAP Directory.

If no items exist in the Current Item Set (CIS), the valve will perform the configured search and populate the CIS with the search result entries. If items exist in CIS the Valve operates on them and will process all items surviving the common item filtering rules.

Properties

Name Description Default value Mandatory Supports property expansion
connection_ref Id of LDAP connection to use. Must refer to a connection of type 'LDAP' Yes No
base_dn Search base DN. Yes Yes
attributes Comma separated list of attributes to include in the search. Use "*" to include all attributes. If left blank no attributes will be returned from the search. No Yes
item_id_pattern Regex pattern for item ids to perform operations on. Items with ids that doesnt match the regex will be filter out. '.*' (include all items ) No No
scope LDAP search scope. SUB, ONE or BASE can be used. SUB Yes No
size_limit Number of results. Set to 0 for unlimited matches. 0 Yes No
filter The LDAP search filter to be used. (objectclass=*) Yes Yes
binary_attrs List of attributes that should be treated as binary. No No
allow_multiple Flag turning on support for multiple result entries when in item iteration mode. false No No
multiple_use_first Flag turning on result entry truncation. If multiple result entries, only the first will be returned. Works in both search and item iteration mode. false No No

Example Configuration 1 – User with mail={{request.email}}

{
        "name": "LDAPSearchValve",
        "config": { 
              "connection_ref":"b0f2ddff-9585-47c5-9286-2bee2b731197",
              "base_dn":"dc=example,dc=com",
              "scope":"SUB",
              "size_limit":"0",
              "filter":"(&(objectclass=*)(mail={{request.email}}))",
              "attributes":"cn,uid,mail,mobile" 
        }
}

Example Configuration 2 – Nested group membership

{
        "name": "LDAPSearchValve",
        "config": { 
              "connection_ref":"b0f2ddff-9585-47c5-9286-2bee2b731197",
              "base_dn":"dc=example,dc=com",
              "scope":"SUB",
              "size_limit":"0",
              "filter":"(&(objectclass=*)(memberof:1.2.840.113556.1.4.1941:=cn=GroupWithNestedGroups,OU=groups,OU=Company,DC=Org,DC=local))",
              "attributes":"cn,uid,mail,mobile" 
        }
}

Requirements