LDAPSearchValve
Note
Valve for searching an LDAP Directory.
If no items exist in the Current Item Set (CIS), the valve will perform the configured search and populate the CIS with the search result entries. If items exist in CIS the Valve operates on them and will process all items surviving the common item filtering rules.
Properties
| Name | Description | Default value | Mandatory | Supports property expansion |
|---|---|---|---|---|
| connection_ref | Id of LDAP connection to use. Must refer to a connection of type 'LDAP' | Yes | No | |
| base_dn | Search base DNs. Can be multiple. | Yes | Yes | |
| attributes | Comma separated list of attributes to include in the search. Use "*" to include all attributes. If left blank no attributes will be returned from the search. | No | Yes | |
| item_id_pattern | Regex pattern for item ids to perform operations on. Items with ids that doesnt match the regex will be filter out. | '.*' (include all items ) | No | No |
| scope | LDAP search scope. SUB, ONE or BASE can be used. | SUB | Yes | No |
| size_limit | Number of results. Set to 0 for unlimited matches. | 0 | Yes | No |
| filter | The LDAP search filter to be used. | (objectclass=*) | Yes | Yes |
| binary_attrs | List of attributes that should be treated as binary. | No | No | |
| allow_multiple | Flag turning on support for multiple result entries when in item iteration mode. | false | No | No |
| multiple_use_first | Flag turning on result entry truncation. If multiple result entries, only the first will be returned. Works in both search and item iteration mode. | false | No | No |
Example Configuration 1 – User with mail={{request.email}}
{
"name": "LDAPSearchValve",
"config": {
"connection_ref":"b0f2ddff-9585-47c5-9286-2bee2b731197",
"base_dn":"dc=example,dc=com",
"scope":"SUB",
"size_limit":"0",
"filter":"(&(objectclass=*)(mail={{request.email}}))",
"attributes":"cn,uid,mail,mobile"
}
}
Example Configuration 2 – Nested group membership
{
"name": "LDAPSearchValve",
"config": {
"connection_ref":"b0f2ddff-9585-47c5-9286-2bee2b731197",
"base_dn":"dc=example,dc=com",
"scope":"SUB",
"size_limit":"0",
"filter":"(&(objectclass=*)(memberof:1.2.840.113556.1.4.1941:=cn=GroupWithNestedGroups,OU=groups,OU=Company,DC=Org,DC=local))",
"attributes":"cn,uid,mail,mobile"
}
}
Example configuration 3 - Multiple search bases
{
"name": "LDAPSearchValve",
"config": {
"connection_ref":"b0f2ddff-9585-47c5-9286-2bee2b731197",
"base_dn":["dc=example,dc=com", "dc=example,dc=org"],
"scope":"SUB",
"size_limit":"0",
"filter":"(&(objectclass=*)(mail={{request.email}}))",
"attributes":"cn,uid,mail,mobile"
}
}