LDAP Transport Project User Guide for Mule 2.0.x
The LDAP connector allows data to be read and written from/to an LDAP-enabled directory server via LDAP V3 (like openldap, novell e-directory, Microsoft Active Directory (ADS), Apache DS, ...). The communication can either be synchronous or asynchronous. The connector supports plain + anonymous + SSL/TLS + SASL (CRAM-MD5, DIGEST-MD5, GSSAPI, EXTERNAL) based authentication. Kerberos is supported via GSSAPI. DSML and LDIF is supported too. The following operations are currently implemented:
The LDAP connector is based on the Novell/Openldap JLDAP API.
Installation Instructions and Examples are also available.
LDAP Connector Properties (org.mule.transport.ldap.LdapConnector)
LDAPS Connector Properties (org.mule.transport.ldap.LdapSConnector)
LDAP SASL Connector Properties (org.mule.transport.ldap.LdapSASLConnector)
| Property |
Description |
Default |
Required |
| ldapHost |
Hostname of the LDAP server.
|
|
Yes |
| ldapPort |
Port on which the LDAP Server is listenting.
|
389 or 636 for ldaps
|
No |
| loginDN |
Login distinguished name. Leave blank ("") for anonymous bind.
|
|
Yes, for non-anonymous bind
|
| password |
|
<none>
|
No |
searchBase
|
Base DN. The base distinguished name to search from. |
|
Yes |
searchScope
|
- 0 - BASE
Used with search to specify that the scope of entrys to search is to search only the base obect.
- 1 - ONE
Used with search to specify that the scope of entrys to search is to search only the immediate subordinates of the base obect.
- 2 - SUB
Used with search to specify that the scope of entrys to search is to search the base object and all entries within its subtree.
- 4 - SUBORDINATESUBTREE
Used with search to specify that the scope of entries to search is to search the subordinate subtree object and all entries within it.
|
2
|
No |
startUnsolicitedNotificationListener
|
Starts unsolicited notification listener which listens for server messages like shutdown notice etc. |
false |
No
|
| attributes |
Which attributes should be returned in an serach response
|
null (all attributes are returnded)
|
No
|
dereference
|
Specifies when aliases should be dereferenced.
- 0 - NEVER
Indicates that aliases are never dereferenced.
- 1 - SEARCHING
Indicates that aliases are are derefrenced when searching the entries beneath the starting point of the search, but not when finding the starting entry.
- 2 - FINDING
Indicates that aliases are dereferenced when finding the starting point for the search, but not when searching under that starting entry.
- 3 - ALWAYS
Indicates that aliases are always dereferenced, both when finding the starting point for the search, and also when searching the entries beneath the starting entry.
|
0 |
No |
| maxResults |
The maximum number of search results to return for a search request. The search operation will be terminated by the server with an LDAPException.SIZE_LIMIT_EXCEEDED if the number of results exceed the maximum. |
Integer.MAX_VALUE
|
No
|
| timeLimit |
The maximum time in seconds that the server should spend returning search results. This is a server-enforced limit. A value of 0 means no time limit. |
0 (=no limit)
|
No |
| typesOnly |
If true, returns the names but not the values of the attributes found. If false, returns the names and values for attributes found. |
false
|
No |
| queries |
|
|
No |
| trustAll |
Only for LdapSConnector and LdapSASLConnector. If set to true all server certificates will be trusted. If this is set to false, the trustStore property must be set.
|
false
|
No
|
| trustStore |
Only for LdapSConnector and LdapSASLConnector. If trustAll ist set to false, the value of this property must point to the truststore where your server certificate is trusted.
|
|
Yes, if trustAll is set to false
|
| mechanism |
Only for LdapSASLConnector. The challenge mechanism. SASL is currently beta. Only DIGEST-MD5 is tested.
|
DIGEST-MD5
|
No
|
| startTLS |
Only for LdapSASLConnector.
|
false
|
No
|
| useSSL |
Only for LdapSASLConnector.
|
false
|
No
|
| forceJDK14 |
Only for LdapSASLConnector.
|
false
|
No
|
| alternativeSaslProvider |
Only for LdapSASLConnector.
|
|
No
|
| realm |
Only for LdapSASLConnector. Specify realm.
|
example.com
|
Yes
|
LDAP Endpoints
There are two ldap endpoint types available:
- ldap://ldap.in
- ldap://ldap.out[/searchquery]
1. ldap.in is the inbound endpoint for incoming ldap messages sended by the server (replies to asynchronous requests) like search responses, add responses ...
2. ldap.out ist outbound endpoint where either LDAPMessages, static search requests or arbitrary payload can be sent to. In the latter case an extra searchquery is reqiured.
Example:
2.1 ldap://ldap.out -> Payload must be of type LDAPMessage or com.novell.ldap.util.DN. In the latter case a single Entry is returned. This is only possible if the request is synchronous!
2.2 ldap://ldap.out/(cn=hsaly) -> static search query. Payload it ignored (can be used to poll directory for specific entries/modifications)
2.3 ldap://ldap.out/my.query -> arbitrary payload allowed, but you need to specifiy a query on the connector or endpoint (similar to JDBC connector)
For the ${} Syntax see Mule JDBC Connector and Expressions.
Transformers
| Transformer |
Description |
org.mule.transport.ldap.transformers.LDAPEntryToAddRequest
|
|
| org.mule.transport.ldap.transformers.LDAPMessageToString |
String means: DSML or LDIF
|
| org.mule.transport.ldap.transformers.LDAPSearchResultToString |
String means: DSML or LDIF |
| org.mule.transport.ldap.transformers.StringToDeleteRequest |
String means: dn |
| org.mule.transport.ldap.transformers.StringToLDAPMessage |
String means: DSML or LDIF |
| org.mule.transport.ldap.transformers.StringToSearchRequest |
String means: filter query
|
| org.mule.transport.ldap.transformers.JavaBeanToModiffyRequest |
Payload must be a JavaBean. All getter methods are introspected and the fields they correspondend are treated as attributes in the directory. They will eihter be added or modified with the contents of the JavaBean. Currently only Strings are supported, byte[] etc. will follow. Note that there must be a String field "dn" which denoted the entry to be modified or the transformer must be configured with an "uniqueField" (contributed by Tomas Blohm).
|
Example
<?xml version="1.0" encoding="UTF-8"?>
<mule xmlns="http:
xmlns:xsi="http:
xmlns:spring="http:
xsi:schemaLocation="
http: http:
<custom-connector name="ldapConnector" class="org.mule.transport.ldap.LdapConnector">
<spring:property name="ldapHost" value="localhost" />
<spring:property name="ldapPort" value="10389" />
<spring:property name="loginDN" value="uid=admin,ou=system" />
<spring:property name="password" value="secret" />
<spring:property name="searchBase" value="o=sevenseas" />
<spring:property name="searchScope" value="2" />
<spring:property name="startUnsolicitedNotificationListener"
value="false" />
<spring:property name="typesOnly" value="false" />
<spring:property name="dereference" value="0" />
<spring:property name="maxResults" value="0x7fffffff" />
<spring:property name="timeLimit" value="0" />
</custom-connector>
</mule>
<?xml version="1.0" encoding="UTF-8"?>
<mule xmlns="http:
xmlns:xsi="http:
xmlns:spring="http:
xmlns:vm="http:
xsi:schemaLocation="
http: http: http:
<vm:connector name="vmQueue">
</vm:connector>
<custom-transformer name="LDAPSearchResultToString"
class="org.mule.transport.ldap.transformers.LDAPSearchResultToString" />
<custom-transformer name="JavaBeanToModifyRequest"
class="org.mule.transport.ldap.transformers.JavaBeanToModifyRequest" />
<custom-transformer name="StringToSearchRequest"
class="org.mule.transport.ldap.transformers.StringToSearchRequest">
</custom-transformer>
<model name="LDAPTest">
<service name="asyncSearchAndResultAsDSML">
<inbound>
<vm:inbound-endpoint path="test_in_async"
responseTransformer-refs="LDAPSearchResultToString" />
</inbound>
<component class="org.mule.component.simple.EchoComponent" />
<outbound>
<outbound-pass-through-router>
<outbound-endpoint address="ldap:>
<transformer ref="StringToSearchRequest" />
</outbound-endpoint>
</outbound-pass-through-router>
</outbound>
</service>
<service name="asyncJavaBean">
<inbound>
<vm:inbound-endpoint path="test_in_bean" />
</inbound>
<component class="org.mule.component.simple.EchoComponent" />
<outbound>
<outbound-pass-through-router>
<outbound-endpoint address="ldap:>
<transformer ref="JavaBeanToModifyRequest" />
</outbound-endpoint>
</outbound-pass-through-router>
</outbound>
</service>
</model>
</mule>
<?xml version="1.0" encoding="UTF-8"?>
<mule xmlns="http:
xmlns:xsi="http:
xmlns:spring="http:
xmlns:vm="http:
xsi:schemaLocation="
http: http: http:
<model name="LDAPTest">
<service name="response-router-1">
<inbound>
<vm:inbound-endpoint path="test_in" synchronous="true" />
</inbound>
<component class="org.mule.component.simple.EchoComponent" />
<outbound>
<outbound-pass-through-router>
<outbound-endpoint
address="ldap:>
</outbound-endpoint>
<reply-to address="ldap: />
</outbound-pass-through-router>
</outbound>
<async-reply failOnTimeout="true" timeout="15000">
<inbound-endpoint address="ldap:></inbound-endpoint>
<custom-async-reply-router
class="org.mule.transport.ldap.routers.LdapResponseCorrelationAggregator" />
</async-reply>
</service>
</model>
</mule>
This page
Other pages
Account
Administration