Skip to main content
Version: 7.2405.x.x LTS

LDAPDataSource

The LDAPDataSource is used to read data from an LDAP directory using JNDI. An LdapContextProvider is needed to access the LDAP directory. It supports reading of LDAP objects based on their distinguished name (DN) and a filter rule.

The scope of the search is an adjustable parameter which controls whether the search is carried out on the single object specified by the DN, in the first child level of the object or in the complete subtree.

The DN of the LDAP objects found is stored in the nevisDataPorter ObjectMap in the form of a list of DnHolders. Using the expression language it is possible to extract components of the DN path which are elements of this list. Every element provides access to the DN, RDN, base DN, or the attribute name or value.

The entity has to process the LDAP entries within the idle timeout of the LDAP server. This is due to limitations in JNDI. The LDAPDataSource fetches the data in pages of a configurable size if this feature is available on the server. However, the elements of one page still have to be processed within the server's idle timeout. If this is not possible, consider to use a cache (CachingFilter or BeanDataSink).

Configuration

NameType, usage constraints, defaultsDescription
dnrequired: paraVal
default: none
type: DN string
The DN of the object to read.
filterrequired: paraVal
default: none
type: LDAP filter string
The LDAP filtering rule used in the search.
searchScoperequired: paraVal
default: none
type: LDAP search scope string
Defines the scope of the search:
object: Only search the object specified by the DN.
onelevel: Search one level in the LDAP hierarchy.
subtree: Search the full subtree having the DN object as root.
ldapContextrequired: paraVal
default: none
type: ch.adnovum.dataporter.
dataobject.LdapContextProvider
A reference to an LdapContextProvider object. It refers to an LDAP connection pool defined in an initialization section of the configuration file, or an LdapContextProvider provided programmatically by the client application that is put into the configuration repository.
pageSizeoptional: paraVal
default: 100
type: integer
The number of entries fetched on the LDAP server in one go. As paged searching is an LDAP extension, it is not enforced.
attributesReturnedoptional: paraList
default: none
type: list of attribute IDs in a string
Specifies the LDAP attributes to be returned. If not set, the system will return all attributes except the operational attributes. If you specify a combination of * and + characters, the system will return all attributes including the relevant operational attributes.

Example

<dataSource type="LDAPDataSource">
<dp:paraVal name="ldapContext" value="${inst.ldapConnection}"/>
<dp:paraVal name="dn" value="o=nevisdp,dc=example,dc=com"/>
<dp:paraVal name="filter" value="objectClass=person"/>
<dp:paraVal name="searchscope" value="subtree"/>
<dp:paraList name="attributesReturned">
<value>*</value>
<value>modifyTimestamp</value>
</dp:paraList>
</dataSource>

Examples for DN access

Assume the DN of the object found is given by cn=user,ou=persons,o=nevisdp,dc=example,dc=com.

  • Get the full DN of the object found:
#{in.entity.dn[0]}
#{in.entity.dn[0].dn}
  • Get the DN of the parent object: ou=persons,o=nevisdp,dc=example,dc=com:
#{in.entity.dn[1].dn}
#{in.entity.dn[0].baseDn}
  • Get the RDN of the parent object: ou=persons:
#{in.entity.dn[1].rdn}
  • Get the key attribute name or value of the grand-parent object: o or nevisdp:
#{in.entity.dn[2].attributeName}
#{in.entity.dn[2].attributeKey}
  • Get the RDN of the second object from the root: dc=example:
#{in.entity.forwardDn[1].rdn}

Use dn to access elements in the DN from object to root. Use forwardDn to access them from root to object.

Example

dn="cn=user,ou=persons,o=nevisdp,dc=example,dc=com" forwardDn="dc=com,dc=example,o=nevisdp,ou=persons,cn=user"