LDAP Processor
1. Introduction
The LDAP Processor allows PresentationServer to query an LDAP directory server. The
LDAP processor uses the Java Naming
and Directory Interface (JNDI) and should work with all compatible servers.
However, it has only been tested with Sun
ONE Directory Server and Open
LDAP.
2. Usage
You instantiate the LDAP Processor with the processor URI
oxf/processor/ldap. The Processor takes two inputs,
config and
filter, and one output,
data.
2.1 Configuration
The configuration of the LDAP Processor can be done in two ways: either
system-wide via the PresentationServer
Properties, or locally for a specific instance of the processor through
the config input. The local configuration takes precedence if
available.
Note
The
root-dn and
attribute
configuration elements cannot be specified system-wide.
2.1.1
config Input
The
config input document specifies the
host name and port number of the LDAP server, as well as
the credentials to use when connecting. The following
table describes the configuration elements.
Name |
Description |
host
|
LDAP Server Host |
port
|
LDAP Server Port Number |
protocol
|
Protocol to connect to the server, eg.
SSL
|
bind-dn
|
Distinguished Name to authenticate with the server |
password
|
Password to authenticate with the server |
root-dn
|
Root DN to bind to. |
attribute
|
LDAP attributes to include in the LDAP
response. If no attribute is specified, all
returned attributes are included.
|
This RelaxNG schema describes the expected
document.
<element name="config" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes"> <interleave> <optional> <element name="host"> </element> </optional> <optional> <element name="port"> </element> </optional> <optional> <element name="bind-dn"> </element> </optional> <optional> <element name="password"> </element> </optional> <element name="root-dn"> </element> <optional> <element name="protocol"> </element> </optional> <zeroOrMore> <element name="attribute"> </element> </zeroOrMore> </interleave> </element>
2.1.2 System-Wide Configuration
The LDAP Processor can be configured through the PresentationServer Properties, allowing
all instances to share the same configuration. The following properties are
allowed:
Name |
Description |
oxf.processor.ldap.host
|
LDAP Server Host |
oxf.processor.ldap.port
|
LDAP Server Port Number |
oxf.processor.ldap.protocol
|
Protocol to connect to the server, eg.
SSL
|
oxf.processor.ldap.bind-dn
|
Distinguished Name to authenticate with the server |
oxf.processor.ldap.password
|
Password to authenticate with the server |
2.2 Query
The
filter input takes the LDAP query sent to
the server. The single
filter element contains
a query string that follows the standard LDAP filter syntax
specified in
RFC 2254.
<element name="filter" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes"> </element>
2.3 Response
The LDAP processor outputs the query results in its
data output. The resulting document looks like
the example below:
<results> <result> <name>cn=John Smith</name>
<attribute> <name>sn</name>
<value>Smith</value>
</attribute> [...] </result> [...] </results>
3. Example
The following example shows a basic LDAP query. The LDAP
Processor connects to an LDAP server on the same machine using
the administrator account to log in. It then queries the server
for objects containing a
uid attribute with the
12345 value. Only the
cn and
description attributes are returned.
<p:processor name="oxf:ldap" xmlns:p="
http://www.orbeon.com/oxf/pipeline"
> <p:input name="config"> <config> <host>localhost</host>
<port>389</port>
<bind-dn>cn=Directory Manager</bind-dn>
<password>abcdef</password>
<root-dn>o=Company.com</root-dn>
<attribute>cn</attribute>
<attribute>description</attribute>
</config> </p:input> <p:input name="filter"> <filter>(uid=12345)</filter>
</p:input> <p:output name="data" id="ldap-results"/>
</p:processor>