org.mule.modules

mule-module-ldap

config

Namespace	http://www.mulesoft.org/schema/mule/ldap
Schema Location	http://www.mulesoft.org/schema/mule/ldap/current/mule-ldap.xsd (View Schema)
Schema Version	3.3
Minimum Mule Version	3.2.0

Module Overview

The LDAP Connector will allow to connect to any LDAP server and perform every LDAP operation:

bind: Authenticate against the LDAP server. This occurs automatically before each operation but can also be performed on request
search: Perform a LDAP search in a base DN with a given filter
lookup: Retrieve a unique LDAP entry
add: Creates a new LDAP entry
add attribute/s: Add specific attributes to an existing LDAP entry
modify: Update an existing LDAP entry
modify attribute/s: Update specific attributes of an existing LDAP entry
delete: Delete an existing LDAP entry
delete attribute/s: Delete specific attributes of an existing LDAP entry

In order to be able to use any of the operations listed before, you must define a config element with the LDAP connection parameters:

URL	The connection URL to the LDAP server. LDAP connection URLs have the following syntax: `ldap[s]://hostname:port/base_dn` hostname: Name (or IP address in dotted format) of the LDAP server. For example, ldap.example.com or 192.202.185.90. port: Port number of the LDAP server (for example, 696). If no port is specified, the standard LDAP port (389) or LDAPS port (636) is used. base_dn: distinguished name (DN) of an entry in the directory. This DN identifies the entry that is the starting point of the search. If no base DN is specified, the search starts at the root of the directory tree. Some examples are: ldap://localhost:389/ ldap://localhost:389/dc=mulesoft,dc=org ldaps://localhost:636/dc=mulesoft,dc=org ldaps://ldap.mulesoft.org/
Type	The implementation of the connection to be used. Right now the only available implementation is JNDI, though any other implementation can be used (For example using Novell libraries). If you want to create your own implementation you should extend the class `LDAPConnection` JNDI: Implementation that uses the JNDI interfaces provided in the standard JRE.
Initial Pool Size	The string representation of an integer that represents the number of connections per connection identity to create when initially creating a connection for the identity. To disable pooling, just set this value to 0 (zero).
Max Pool Size	The string representation of an integer that represents the maximum number of connections per connection identity that can be maintained concurrently.
Pool Timeout	The string representation of an integer that represents the number of milliseconds that an idle connection may remain in the pool without being closed and removed from the pool.
Referral	Constant that holds the name of the environment property for specifying how referrals encountered by the service provider are to be processed. The value of the property is one of the following strings: follow: Follow referrals automatically ignore: Ignore referrals throw: Throw ReferralException when a referral is encountered.
Extended Configuration	This is a Map instance holding extended configuration attributes that will be used in the Context environment. Values configured here have less precedence than the other values that are allowed in the module configuration. Some examples of extended properties (key: value) are: java.naming.language: Constant that holds the name of the environment property for specifying the preferred language to use with the service. The value of the property is a colon-separated list of language tags as defined in RFC 1766. java.naming.security.authentication: Constant that holds the name of the environment property for specifying the security level to use. Its value is one of the following strings: "none", "simple", "strong". java.naming.security.protocol: Constant that holds the name of the environment property for specifying the security protocol to use. Its value is a string determined by the service provider (e.g. "ssl"). com.sun.jndi.ldap.connect.pool.authentication: A list of space-separated authentication types of connections that may be pooled. Valid types are "none", "simple", and "DIGEST-MD5". com.sun.jndi.ldap.connect.pool.debug: A string that indicates the level of debug output to produce. Valid values are "fine" (trace connection creation and removal) and "all" (all debugging information). com.sun.jndi.ldap.connect.pool.prefsize: The string representation of an integer that represents the preferred number of connections per connection identity that should be maintained concurrently. com.sun.jndi.ldap.connect.pool.protocol: A list of space-separated protocol types of connections that may be pooled. Valid types are "plain" and "ssl".

Summary

Configuration
<ldap:config> Configure an instance of this module

Transformers
<ldap:ldap-entry-to-ldif> Transforms a `LDAPEntry` to a String in LDIF representation (RFC 2849).
<ldap:ldap-entry-to-map> Creates the Map representation of an `LDAPEntry`.
<ldap:map-to-ldap-entry> Creates a `LDAPEntry` from its Map representation.

Message Processors
<ldap:add> Creates a new `LDAPEntry` in the LDAP server.
<ldap:add-from-map> Creates a new entry in the LDAP server from a Map representation.
<ldap:add-multi-value-attribute> Adds all the values for an attribute in an existing LDAP entry.
<ldap:add-single-value-attribute> Adds a value for an attribute in an existing LDAP entry.
<ldap:bind> Performs an LDAP bind (login) operation.
<ldap:delete> Deletes the LDAP entry represented by the provided distinguished name.
<ldap:delete-multi-value-attribute> Deletes all the values matching attributeValues of the attribute defined by attributeName.
<ldap:delete-single-value-attribute> Deletes the value matching attributeValue of the attribute defined by attributeName.
<ldap:exists> Checks whether a LDAP entry exists in the LDAP server or not.
<ldap:lookup> Retrieves an entry from the LDAP server base on its distinguished name (DN).
<ldap:modify> Updates an existing `LDAPEntry` in the LDAP server.
<ldap:modify-from-map> Updates an existing entry in the LDAP server from a Map representation.
<ldap:modify-multi-value-attribute> Updates (replaces) the value or values of the attribute defined by attributeName with the new values defined by attributeValues.
<ldap:modify-single-value-attribute> Updates (replaces) the value or values of the attribute defined by attributeName with the new value defined by attributeValue.
<ldap:paged-result-search> Performs a LDAP search and streams result to the rest of the flow.
<ldap:rename> Renames and existing LDAP entry (moves and entry from a DN to another one).
<ldap:search> Performs a LDAP search returning a list with all the resulting LDAP entries.
<ldap:search-one> Performs a LDAP search that is supposed to return a unique result.

Configuration

To use the this module within a flow the namespace to the module must be included. The resulting flow will look similar to the following:

<mule xmlns="http://www.mulesoft.org/schema/mule/core"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xmlns:ldap="http://www.mulesoft.org/schema/mule/ldap"
      xsi:schemaLocation="
               http://www.mulesoft.org/schema/mule/core
               http://www.mulesoft.org/schema/mule/core/current/mule.xsd
               http://www.mulesoft.org/schema/mule/ldap
               http://www.mulesoft.org/schema/mule/ldap/current/mule-ldap.xsd">

      <!-- here goes your flows and configuration elements -->

</mule>

This module is configured using the config element. This element must be placed outside of your flows and at the root of your Mule application. You can create as many configurations as you deem necessary as long as each carries its own name.

Each message processor, message source or transformer carries a config-ref attribute that allows the invoker to specify which configuration to use.

Attributes
Type	Name	Default Value	Description	Java Type	MIME Type	Encoding
xs:string	name		Optional. Give a name to this configuration so it can be later referenced.
	extendedConfiguration		Optional. This is a Map instance holding extended configuration attributes that will be used in the Context environment.
xs:int	initialPoolSize	1	Optional. The string representation of an integer that represents the number of connections per connection identity to create when initially creating a connection for the identity.
xs:int	maxPoolSize	5	Optional. The string representation of an integer that represents the maximum number of connections per connection identity that can be maintained concurrently.
xs:long	poolTimeout	60000	Optional. The string representation of an integer that represents the number of milliseconds that an idle connection may remain in the pool without being closed and removed from the pool.
	referral	IGNORE	Optional. Constant that holds the name of the environment property for specifying how referrals encountered by the service provider are to be processed (follow, ignore, throw).
	type	JNDI	Optional. The implementation of the connection to be used.
xs:string	url		The connection URL to the LDAP server with the following syntax: `ldap[s]://hostname:port/base_dn`.

Example

<!-- Case 1: Simple Bind (User/Password) -->
<ldap:config name="ldapConf" url="ldap://localhost:389/" authDn="uid=admin,ou=people,dc=mulesoft,dc=org" authPassword="secret"/>

Example

<!-- Case 2: Anonymous Bind -->
<ldap:config name="ldapConf" url="ldap://localhost:389/" authentication="none" authDn="ANONYMOUS"/>

Example

<!-- Case 3: Active Directory providing username@domain instead of DN -->
<ldap:config name="ldapConf" url="ldap://dc1.company.com:389/" authDn="user@company.com" authPassword="secret"/>

Connection Pool

This connector offers automatic connection management via the use of a connection pool. The pool will act a storage mechanism for all the connections that are in-use by the user of this connector.

Prior to execution of a processor, the connector will attempt to lookup an already established connection and if one doesn't exists it will create one. That lookup mechanism is done in the connection pool via the use of connection variables declared as keys.

The user of the connector can configure the pool by adding a connection-pooling-profile to the connector configuration like this:

    <ldap:connection-pooling-profile maxActive="10" maxIdle="10"
                             exhaustedAction="WHEN_EXHAUSTED_GROW" maxWait="120" minEvictionMillis="60000" evictionCheckIntervalMillis="30000"/>

The following is a list of connection attributes, each connection attribute can be configured at the config element level or they can also be added to each processor. If they are used at the processor level they get the benefit of full expression resolution.

Connection Attributes
Name	Default Value	Description	Java Type	MIME Type	Encoding
config-ref		Optional. Specify which configuration to use.
authDn		The DN (distinguished name) of the user (for example: uid=user,ou=people,dc=mulesoft,dc=org). If using Microsoft Active Directory, instead of the DN, you can provide the user@domain (for example: user@mulesoft.org)	String	/	UTF-8
authPassword		Optional. The password of the user	String	/	UTF-8
authentication		Optional. Specifies the authentication mechanism to use. For the Sun LDAP service provider, this can be one of the following strings: simple (DEFAULT): Used for user/password authentication. none: Used for anonymous authentication. sasl_mech (UNSUPPORTED): Where sasl_mech is a space-separated list of SASL mechanism names. SASL is the Simple Authentication and Security Layer (RFC 2222). It specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and establishment of a security layer on which to carry out subsequent communication. By using SASL, the LDAP can support any type of authentication agreed upon by the LDAP client and server.	String	/	UTF-8

Reconnection Strategies

Reconnection Strategies specify how a connector behaves when its connection fails. You can control how Mule attempts to reconnect by specifying a number of criteria:

The type of exception
Number and frequency of reconnection attempts
The notifications generated, and more

With a reconnection strategy, you can better control the behavior of a failed connection, by configuring it, for example, to re-attempt the connection only once every 15 minutes, and to give up after 30 attempts. You can also send an automatic notification to your IT administrator whenever this reconnection strategy goes into effect. You can even define a strategy that attempts to reconnect only during business hours. Such a setting can prove useful if your server is frequently shut down for nightly maintenance.

Configuration

A reconnection strategy that allows the user to configure how many times a reconnection should be attempted and how long to wait between attempts.

    <ldap:config>
         <reconnect count="5" frequency="1000"/>
    </ldap:config>

Reconnect Attributes
Name	Default Value	Description
frequency	2000	Optional. How often (in ms) to reconnect
count	2	Optional. How many reconnection attempts to make

For more information about reconnection strategies in Mule, or even how to write your own custom reconnection strategy please check this section.

Message Processors

<ldap:add>

Creates a new LDAPEntry in the LDAP server. The entry should contain the distinguished name (DN), the objectClass attributes that define its structure and at least a value for all the required attributes (required attributes depend on the object classes assigned to the entry. You can refer to RFC 4519 for standard object classes and attributes.

LDAPEntry object provided with expression

XML Sample

<!-- Case 1: LDAPEntry object is in a session variable -->
<ldap:add config-ref="ldapConfig">
	<ldap:entry ref="#[header:session:entryToAdd]"/>
</ldap:add>

LDAPEntry object provided in payload

XML Sample

<!-- Case 2: LDAPEntry object is in the payload -->
<ldap:add config-ref="ldapConfig"/>

Attributes

Name	Default Value	Description	Java Type	MIME Type	Encoding
config-ref		Optional. Specify which configuration to use.
entry	#[payload:]	Optional. The `LDAPEntry` that should be added.	LDAPEntry	/
Connection Parameters This are only required if you didn't specified them at the configuration element. They are also useful for overriding the values of the configurations or even if you need to extract them from the Mule message since they support expression evaluation.
authDn		Optional. The DN (distinguished name) of the user (for example: uid=user,ou=people,dc=mulesoft,dc=org). If using Microsoft Active Directory, instead of the DN, you can provide the user@domain (for example: user@mulesoft.org)	String	/	UTF-8
authPassword		Optional. The password of the user	String	/	UTF-8
authentication		Optional. Specifies the authentication mechanism to use. For the Sun LDAP service provider, this can be one of the following strings: simple (DEFAULT): Used for user/password authentication. none: Used for anonymous authentication. sasl_mech (UNSUPPORTED): Where sasl_mech is a space-separated list of SASL mechanism names. SASL is the Simple Authentication and Security Layer (RFC 2222). It specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and establishment of a security layer on which to carry out subsequent communication. By using SASL, the LDAP can support any type of authentication agreed upon by the LDAP client and server.	String	/	UTF-8

Exception Payloads

Payload Class	Description
NoPermissionException	If the current binded user has no permissions to add entries under any of the RDN (relative DN) that compose the entry DN.
InvalidAttributeException	If the structure of the entry is invalid (for example there are missing required attributes or it has attributes that are not part of any of the defined object classes)
NameAlreadyBoundException	If there is already an existing entry with the same DN in the LDAP server tree.
LDAPException	In case there is any other exception, mainly related to connectivity problems or referrals.
Exception	In case there is any other error creating the entry.

<ldap:add-from-map>

Creates a new entry in the LDAP server from a Map representation. The distinguished name (DN) of the entry is first obtained from the optional parameter dn and if this value is blank (null, empty string or string with only space chars) then the DN should be a present in the entry map as a String value under the key "dn" (see MAP_DN_KEY).

In order to represent a LDAP entry as a map, you should consider the following rules for the map key/value pair:

Single Value Attributes: The key should be the name of the single value attribute (for example uid, cn, ...) as a String and the value is just the value of the attribute (most of the times represented by a String.
Multi-value Attributes: The key should be the name of the multiple values attribute (for example objectClass, memberOf, mail, ...) as a String and the value should be a List holding the multiple values of the attribute. Usually it will be a list of strings.
Distinguished name: As an alternative to passing the DN as a separate argument of the operation, you can include it in the entry map. In this case, the key should be the string "dn" (see MAP_DN_KEY) and the value a String representing the distinguished name (for example cn=andy,ou=people,dc=mulesoft,dc=org).

The map is provided as a reference and the DN is not in the map

XML Sample

<!-- Case 1: Reference an existing map object -->
<ldap:add-from-map dn="uid=newuser,ou=people,dc=mulesoft,dc=org" config-ref="ldapConfig">
	<ldap:entry ref="#[header:session:newUserMap]"/>
</ldap:add-from-map>

The map is created in the XML file and the DN is another map entry

XML Sample

<!-- Case 2: Reference an existing map object -->
<ldap:add-from-map config-ref="ldapConfig">
	<ldap:entry>
		<ldap:entry key="dn" value-ref="#[payload.getDn()]"/>
		<ldap:entry key="uid">newuser</ldap:entry>
		<ldap:entry key="sn">Doe</ldap:entry>
		<ldap:entry key="cn">John Doe</ldap:entry>
	</ldap:entry>
</ldap:add-from-map>

The map is provided in the payload and the DN is another map entry

XML Sample

<!-- Case 3: The map is in the payload and the DN is in the map -->
<ldap:add-from-map/>

Attributes

Name	Description	Java Type	MIME Type	Encoding
config-ref	Optional. Specify which configuration to use.
dn	Optional. The primary value to use as DN of the entry. If not set, then the DN will be retrieved from the map representing the entry under the key dn.	String	/	UTF-8
Connection Parameters This are only required if you didn't specified them at the configuration element. They are also useful for overriding the values of the configurations or even if you need to extract them from the Mule message since they support expression evaluation.
authDn	Optional. The DN (distinguished name) of the user (for example: uid=user,ou=people,dc=mulesoft,dc=org). If using Microsoft Active Directory, instead of the DN, you can provide the user@domain (for example: user@mulesoft.org)	String	/	UTF-8
authPassword	Optional. The password of the user	String	/	UTF-8
authentication	Optional. Specifies the authentication mechanism to use. For the Sun LDAP service provider, this can be one of the following strings: simple (DEFAULT): Used for user/password authentication. none: Used for anonymous authentication. sasl_mech (UNSUPPORTED): Where sasl_mech is a space-separated list of SASL mechanism names. SASL is the Simple Authentication and Security Layer (RFC 2222). It specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and establishment of a security layer on which to carry out subsequent communication. By using SASL, the LDAP can support any type of authentication agreed upon by the LDAP client and server.	String	/	UTF-8

Child Elements

Name	Default Value	Description	Java Type
<ldap:entry>	#[payload:]	Optional. Map representation of the LDAP entry.	Map<String, Object>

Exception Payloads

Payload Class	Description
NoPermissionException	If the current binded user has no permissions to add entries under any of the RDN (relative DN) that compose the entry DN.
InvalidAttributeException	If the structure of the entry is invalid (for example there are missing required attributes or it has attributes that are not part of any of the defined object classes)
NameAlreadyBoundException	If there is already an existing entry with the same DN in the LDAP server tree.
LDAPException	In case there is any other exception, mainly related to connectivity problems or referrals.
Exception	In case there is any other error creating the entry (for example if the DN is not passed as an argument nor in the entry map).

<ldap:add-multi-value-attribute>

Adds all the values for an attribute in an existing LDAP entry. If the entry already contained a value (or values) for the given attributeName then these values will be added. The attribute should allow multiple values or an exception will be raised.

XML Sample

<ldap:add-multi-value-attribute config-ref="ldapConf" dn="#[map-payload:dn]" attributeName="#[map-payload:attributeName]">
	<ldap:attribute-values ref="#[map-payload:attributeValues]" />
</ldap:add-multi-value-attribute>

Attributes

Name	Description	Java Type	MIME Type	Encoding
config-ref	Optional. Specify which configuration to use.
dn	The DN of the LDAP entry to modify	String	/	UTF-8
attributeName	The name of the attribute to add values to.	String	/	UTF-8
Connection Parameters This are only required if you didn't specified them at the configuration element. They are also useful for overriding the values of the configurations or even if you need to extract them from the Mule message since they support expression evaluation.
authDn	Optional. The DN (distinguished name) of the user (for example: uid=user,ou=people,dc=mulesoft,dc=org). If using Microsoft Active Directory, instead of the DN, you can provide the user@domain (for example: user@mulesoft.org)	String	/	UTF-8
authPassword	Optional. The password of the user	String	/	UTF-8
authentication	Optional. Specifies the authentication mechanism to use. For the Sun LDAP service provider, this can be one of the following strings: simple (DEFAULT): Used for user/password authentication. none: Used for anonymous authentication. sasl_mech (UNSUPPORTED): Where sasl_mech is a space-separated list of SASL mechanism names. SASL is the Simple Authentication and Security Layer (RFC 2222). It specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and establishment of a security layer on which to carry out subsequent communication. By using SASL, the LDAP can support any type of authentication agreed upon by the LDAP client and server.	String	/	UTF-8

Child Elements

Name	Default Value	Description	Java Type
<ldap:attribute-values>		The values for the attribute	List<Object>

Exception Payloads

Payload Class	Description
NoPermissionException	If the current binded user has no permissions to update the entry.
NameNotFoundException	If there is no existing entry for the given DN.
InvalidAttributeException	If the attribute value is invalid or the entry already has the provided value.
LDAPException	In case there is any other exception, mainly related to connectivity problems or referrals.
Exception	In case there is any other error updating the entry.

<ldap:add-single-value-attribute>

Adds a value for an attribute in an existing LDAP entry. If the entry already contained a value for the given attributeName then this value will be added (only if the attribute is multi value and there entry didn't have the value already).

If you want to add a value with a type different than String, then you can use the add-multi-value-attribute operation and define a one element list with the value.

XML Sample

<ldap:add-single-value-attribute config-ref="ldapConf" dn="#[map-payload:dn]" attributeName="#[map-payload:attributeName]" attributeValue="#[map-payload:attributeValue]"/>

Attributes

Name	Description	Java Type	MIME Type	Encoding
config-ref	Optional. Specify which configuration to use.
dn	The DN of the LDAP entry to modify	String	/	UTF-8
attributeName	The name of the attribute to add a value to.	String	/	UTF-8
attributeValue	The value for the attribute	String	/	UTF-8
Connection Parameters This are only required if you didn't specified them at the configuration element. They are also useful for overriding the values of the configurations or even if you need to extract them from the Mule message since they support expression evaluation.
authDn	Optional. The DN (distinguished name) of the user (for example: uid=user,ou=people,dc=mulesoft,dc=org). If using Microsoft Active Directory, instead of the DN, you can provide the user@domain (for example: user@mulesoft.org)	String	/	UTF-8
authPassword	Optional. The password of the user	String	/	UTF-8
authentication	Optional. Specifies the authentication mechanism to use. For the Sun LDAP service provider, this can be one of the following strings: simple (DEFAULT): Used for user/password authentication. none: Used for anonymous authentication. sasl_mech (UNSUPPORTED): Where sasl_mech is a space-separated list of SASL mechanism names. SASL is the Simple Authentication and Security Layer (RFC 2222). It specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and establishment of a security layer on which to carry out subsequent communication. By using SASL, the LDAP can support any type of authentication agreed upon by the LDAP client and server.	String	/	UTF-8

Exception Payloads

Payload Class	Description
NoPermissionException	If the current binded user has no permissions to update the entry.
InvalidAttributeException	If the attribute value is invalid or the entry already has the provided value.
NameNotFoundException	If there is no existing entry for the given DN.
LDAPException	In case there is any other exception, mainly related to connectivity problems or referrals.
Exception	In case there is any other error updating the entry.

<ldap:bind>

Performs an LDAP bind (login) operation. After login there will be a LDAP connection pool ready to use for other operations using the authenticated user. If no values are provided to override authDn and authPassword then using this operation will just re-bind (re-authenticate) the user/password defined in the config element. If new values are provided for authDn and authPassword, then authentication will be performed.

Re-authenticating and returning the LDAP entry using config level credentials (authDn & authPassword)

XML Sample

<!-- Case 1: Using Config Credentials -->
<ldap:bind config-ref="ldapConf"/>

Authenticating and returning the LDAP entry using new credentials (authDn & authPassword)

XML Sample

<!-- Case 2: Using New Credentials -->
<ldap:bind config-ref="ldapConf" authDn="uid=anotherUser,ou=people,dc=mulesoft,dc=org" authPassword="secret"/>

Authenticating as anonymous user (returns always null)

XML Sample

<!-- Case 3: Anonymous Bind -->
<ldap:bind config-ref="ldapConf" authDn="ANONYMOUS" authentication="none"/>

Authenticating and returning the LDAP entry using credentials (authDn & authPassword) from Mule Expression

XML Sample

<!-- Case 4: Using New Credentials provided in Mule Expressions -->
<ldap:bind config-ref="ldapConf" authDn="#[payload.getDN()]" authPassword="#[payload.getPassword()]"/>

Attributes

Name	Description	Java Type	MIME Type	Encoding
config-ref	Optional. Specify which configuration to use.
Connection Parameters This are only required if you didn't specified them at the configuration element. They are also useful for overriding the values of the configurations or even if you need to extract them from the Mule message since they support expression evaluation.
authDn	Optional. The DN (distinguished name) of the user (for example: uid=user,ou=people,dc=mulesoft,dc=org). If using Microsoft Active Directory, instead of the DN, you can provide the user@domain (for example: user@mulesoft.org)	String	/	UTF-8
authPassword	Optional. The password of the user	String	/	UTF-8
authentication	Optional. Specifies the authentication mechanism to use. For the Sun LDAP service provider, this can be one of the following strings: simple (DEFAULT): Used for user/password authentication. none: Used for anonymous authentication. sasl_mech (UNSUPPORTED): Where sasl_mech is a space-separated list of SASL mechanism names. SASL is the Simple Authentication and Security Layer (RFC 2222). It specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and establishment of a security layer on which to carry out subsequent communication. By using SASL, the LDAP can support any type of authentication agreed upon by the LDAP client and server.	String	/	UTF-8

Returns

Return Type	Description
LDAPEntry	The `LDAPEntry` of the authenticated user.

Exception Payloads

Payload Class	Description
NoPermissionException	If the current binded user has no permissions to perform the lookup for its own LDAP entry.
NameNotFoundException	If base DN is invalid (for example it doesn't exist)
LDAPException	In case there is any other exception, mainly related to connectivity problems or referrals.
Exception	In case there is any other error performing the login and posterior lookup.

<ldap:delete>

Deletes the LDAP entry represented by the provided distinguished name. The entry should not have child entries, in which case a ContextNotEmptyException is thrown.

This operation is idempotent. It succeeds even if the terminal atomic name is not bound in the target context, but throws NameNotFoundException if any of the intermediate contexts do not exist.

XML Sample

<ldap:delete dn="uid=userToDelete,ou=people,dc=mulesoft,dc=org"/>

Attributes

Name	Default Value	Description	Java Type	MIME Type	Encoding
config-ref		Optional. Specify which configuration to use.
dn	#[payload:]	Optional. The DN of the LDAP entry to delete	String	/	UTF-8
Connection Parameters This are only required if you didn't specified them at the configuration element. They are also useful for overriding the values of the configurations or even if you need to extract them from the Mule message since they support expression evaluation.
authDn		Optional. The DN (distinguished name) of the user (for example: uid=user,ou=people,dc=mulesoft,dc=org). If using Microsoft Active Directory, instead of the DN, you can provide the user@domain (for example: user@mulesoft.org)	String	/	UTF-8
authPassword		Optional. The password of the user	String	/	UTF-8
authentication		Optional. Specifies the authentication mechanism to use. For the Sun LDAP service provider, this can be one of the following strings: simple (DEFAULT): Used for user/password authentication. none: Used for anonymous authentication. sasl_mech (UNSUPPORTED): Where sasl_mech is a space-separated list of SASL mechanism names. SASL is the Simple Authentication and Security Layer (RFC 2222). It specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and establishment of a security layer on which to carry out subsequent communication. By using SASL, the LDAP can support any type of authentication agreed upon by the LDAP client and server.	String	/	UTF-8

Exception Payloads

Payload Class	Description
NoPermissionException	If the current binded user has no permissions to delete the entry.
NameNotFoundException	If an intermediate context does not exist.
ContextNotEmptyException	If the entry to delete has child entries.
LDAPException	In case there is any other exception, mainly related to connectivity problems or referrals.
Exception	In case there is any other error deleting the entry.

<ldap:delete-multi-value-attribute>

Deletes all the values matching attributeValues of the attribute defined by attributeName. Values that are not present in the entry are ignored. If no values are specified, then the whole attribute is deleted from the entry.

XML Sample

<ldap:delete-multi-value-attribute config-ref="ldapConf" dn="#[map-payload:dn]" attributeName="#[map-payload:attributeName]">
	<ldap:attribute-values ref="#[map-payload:attributeValues]" />
</ldap:delete-multi-value-attribute>

Attributes

Name	Description	Java Type	MIME Type	Encoding
config-ref	Optional. Specify which configuration to use.
dn	The DN of the LDAP entry to modify	String	/	UTF-8
attributeName	The name of the attribute to delete its values.	String	/	UTF-8
Connection Parameters This are only required if you didn't specified them at the configuration element. They are also useful for overriding the values of the configurations or even if you need to extract them from the Mule message since they support expression evaluation.
authDn	Optional. The DN (distinguished name) of the user (for example: uid=user,ou=people,dc=mulesoft,dc=org). If using Microsoft Active Directory, instead of the DN, you can provide the user@domain (for example: user@mulesoft.org)	String	/	UTF-8
authPassword	Optional. The password of the user	String	/	UTF-8
authentication	Optional. Specifies the authentication mechanism to use. For the Sun LDAP service provider, this can be one of the following strings: simple (DEFAULT): Used for user/password authentication. none: Used for anonymous authentication. sasl_mech (UNSUPPORTED): Where sasl_mech is a space-separated list of SASL mechanism names. SASL is the Simple Authentication and Security Layer (RFC 2222). It specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and establishment of a security layer on which to carry out subsequent communication. By using SASL, the LDAP can support any type of authentication agreed upon by the LDAP client and server.	String	/	UTF-8

Child Elements

Name	Default Value	Description	Java Type
<ldap:attribute-values>		Optional. The values that should be deleted.	List<Object>

Exception Payloads

Payload Class	Description
NoPermissionException	If the current binded user has no permissions to update the entry.
NameNotFoundException	If there is no existing entry for the given DN.
LDAPException	In case there is any other exception, mainly related to connectivity problems or referrals.
Exception	In case there is any other error updating the entry.

<ldap:delete-single-value-attribute>

Deletes the value matching attributeValue of the attribute defined by attributeName. If the entry didn't have the value, then the entry stays the same. If no value is specified, then the whole attribute is deleted from the entry.

If you want to delete a value with a type different than String, then you can use the delete-multi-value-attribute operation and define a one element list with the value.

XML Sample

<ldap:delete-single-value-attribute config-ref="ldapConf" dn="#[map-payload:dn]" attributeName="#[map-payload:attributeName]" attributeValue="#[map-payload:attributeValue]"/>

Attributes

Name	Description	Java Type	MIME Type	Encoding
config-ref	Optional. Specify which configuration to use.
dn	The DN of the LDAP entry to modify	String	/	UTF-8
attributeName	The name of the attribute to delete its value.	String	/	UTF-8
attributeValue	Optional. The value that should be deleted.	String	/	UTF-8
Connection Parameters This are only required if you didn't specified them at the configuration element. They are also useful for overriding the values of the configurations or even if you need to extract them from the Mule message since they support expression evaluation.
authDn	Optional. The DN (distinguished name) of the user (for example: uid=user,ou=people,dc=mulesoft,dc=org). If using Microsoft Active Directory, instead of the DN, you can provide the user@domain (for example: user@mulesoft.org)	String	/	UTF-8
authPassword	Optional. The password of the user	String	/	UTF-8
authentication	Optional. Specifies the authentication mechanism to use. For the Sun LDAP service provider, this can be one of the following strings: simple (DEFAULT): Used for user/password authentication. none: Used for anonymous authentication. sasl_mech (UNSUPPORTED): Where sasl_mech is a space-separated list of SASL mechanism names. SASL is the Simple Authentication and Security Layer (RFC 2222). It specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and establishment of a security layer on which to carry out subsequent communication. By using SASL, the LDAP can support any type of authentication agreed upon by the LDAP client and server.	String	/	UTF-8

Exception Payloads

Payload Class	Description
NoPermissionException	If the current binded user has no permissions to update the entry.
NameNotFoundException	If there is no existing entry for the given DN.
LDAPException	In case there is any other exception, mainly related to connectivity problems or referrals.
Exception	In case there is any other error updating the entry.

<ldap:exists>

Checks whether a LDAP entry exists in the LDAP server or not.

Check if LDAP entry exists

XML Sample

<ldap:exists dn="ou=people, dc=domain, dc=org"/>

Attributes

Name	Description	Java Type	MIME Type	Encoding
config-ref	Optional. Specify which configuration to use.
dn	The DN of the LDAP entry that will be retrieved.	String	/	UTF-8
Connection Parameters This are only required if you didn't specified them at the configuration element. They are also useful for overriding the values of the configurations or even if you need to extract them from the Mule message since they support expression evaluation.
authDn	Optional. The DN (distinguished name) of the user (for example: uid=user,ou=people,dc=mulesoft,dc=org). If using Microsoft Active Directory, instead of the DN, you can provide the user@domain (for example: user@mulesoft.org)	String	/	UTF-8
authPassword	Optional. The password of the user	String	/	UTF-8
authentication	Optional. Specifies the authentication mechanism to use. For the Sun LDAP service provider, this can be one of the following strings: simple (DEFAULT): Used for user/password authentication. none: Used for anonymous authentication. sasl_mech (UNSUPPORTED): Where sasl_mech is a space-separated list of SASL mechanism names. SASL is the Simple Authentication and Security Layer (RFC 2222). It specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and establishment of a security layer on which to carry out subsequent communication. By using SASL, the LDAP can support any type of authentication agreed upon by the LDAP client and server.	String	/	UTF-8

Returns

Return Type	Description
boolean	true if the LDAP entry represented by `dn` exists or false if not

Exception Payloads

Payload Class	Description
NoPermissionException	If the current binded user has no permissions to perform the lookup for the given DN.
LDAPException	In case there is any other exception, mainly related to connectivity problems or referrals.
NameNotFoundException	Only in case throwException is true and the LDAP entry does not exist.
Exception	In case there is any other error checking for entry existence.

<ldap:lookup>

Retrieves an entry from the LDAP server base on its distinguished name (DN). DNs are the unique identifiers of an LDAP entry, so this method will perform a search based on this ID and so return a single entry as result or throw an exception if the DN is invalid or inexistent.

Use this operation over searchOne(String, String, List, SearchScope, int, long, boolean) when you know the DN of the object you want to retrieve.

Lookup returning all attributes for the entry

XML Sample

<!-- Case 1: Returning all attributes of the entry -->
    <ldap:lookup dn="uid=aUser,ou=people,dc=mulesoft,dc=org"/>

Lookup returning the attributes in the list obtained by expression

XML Sample

<!-- Case 2: Returning only the attributes defined in the list provided with an expression -->
    <ldap:lookup dn="#[header:dn]">
        <ldap:attributes ref="#[header:attributes]" />
    </ldap:lookup>

Lookup returning the attributes defined in the XML config file

XML Sample

<!-- Case 3: Returning only the attributes defined in the list provided in the XML config -->
    <ldap:lookup dn="#[header:dn]">
        <ldap:attributes>
        	<ldap:attribute>uid</ldap:attribute>
        	<ldap:attribute>mail</ldap:attribute>
        	<ldap:attribute>cn</ldap:attribute>
        </ldap:attributes>
    </ldap:lookup>

Attributes

Name	Description	Java Type	MIME Type	Encoding
config-ref	Optional. Specify which configuration to use.
dn	The DN of the LDAP entry that will be retrieved.	String	/	UTF-8
Connection Parameters This are only required if you didn't specified them at the configuration element. They are also useful for overriding the values of the configurations or even if you need to extract them from the Mule message since they support expression evaluation.
authDn	Optional. The DN (distinguished name) of the user (for example: uid=user,ou=people,dc=mulesoft,dc=org). If using Microsoft Active Directory, instead of the DN, you can provide the user@domain (for example: user@mulesoft.org)	String	/	UTF-8
authPassword	Optional. The password of the user	String	/	UTF-8
authentication	Optional. Specifies the authentication mechanism to use. For the Sun LDAP service provider, this can be one of the following strings: simple (DEFAULT): Used for user/password authentication. none: Used for anonymous authentication. sasl_mech (UNSUPPORTED): Where sasl_mech is a space-separated list of SASL mechanism names. SASL is the Simple Authentication and Security Layer (RFC 2222). It specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and establishment of a security layer on which to carry out subsequent communication. By using SASL, the LDAP can support any type of authentication agreed upon by the LDAP client and server.	String	/	UTF-8

Child Elements

Name	Default Value	Description	Java Type
<ldap:attributes>		Optional. A list of the attributes that should be returned in the result. If the attributes list is empty or null, then by default all LDAP entry attributes are returned.	List<String>

Returns

Return Type	Description
LDAPEntry	The `LDAPEntry` for the given `dn` parameter.

Exception Payloads

Payload Class	Description
NoPermissionException	If the current binded user has no permissions to perform the lookup for the given DN.
NameNotFoundException	If base DN is invalid (for example it doesn't exist)
LDAPException	In case there is any other exception, mainly related to connectivity problems or referrals.
Exception	In case there is any other error performing the lookup.

<ldap:modify>

Updates an existing LDAPEntry in the LDAP server. The entry should contain an existing distinguished name (DN), the objectClass attributes that define its structure and at least a value for all the required attributes (required attributes depend on the object classes assigned to the entry. You can refer to RFC 4519 for standard object classes and attributes.

When updating a LDAP entry, only the attributes in the entry passed as parameter are updated or added. If you need to delete an attribute, you should use the delete attribute operation.

Example: Updating one attributes and adding one.

Original LDAP server entry:
dn: cn=entry,ou=group,dc=company,dc=org cn: entry attr1: Value1 attr2: Value2 multi1: Value3 multi1: Value4 objectclass: top objectclass: myentry

Entry map passed as parameter:
dn: cn=entry,ou=group,dc=company,dc=org attr1: NewValue attr3: NewAttributeValue

Resulting LDAP server entry:
dn: cn=entry,ou=group,dc=company,dc=org cn: entry attr1: NewValue attr2: Value2 multi1: Value3 multi1: Value4 attr3: NewAttributeValue objectclass: top objectclass: myentry

The LDAP entry is in the payload

XML Sample

<!-- Case 1: LDAP entry is in the payload -->
<ldap:modify config-ref="ldapConfig"/>

The LDAP entry is in a session variable

XML Sample

<!-- Case 2: LDAP entry is in a session variable -->
<ldap:modify config-ref="ldapConfig">
	<ldap:entry ref="#[header:session:entryToModify]"/>
</ldap:modify>

Attributes

Name	Default Value	Description	Java Type	MIME Type	Encoding
config-ref		Optional. Specify which configuration to use.
entry	#[payload:]	Optional. The `LDAPEntry` that should be updated.	LDAPEntry	/
Connection Parameters This are only required if you didn't specified them at the configuration element. They are also useful for overriding the values of the configurations or even if you need to extract them from the Mule message since they support expression evaluation.
authDn		Optional. The DN (distinguished name) of the user (for example: uid=user,ou=people,dc=mulesoft,dc=org). If using Microsoft Active Directory, instead of the DN, you can provide the user@domain (for example: user@mulesoft.org)	String	/	UTF-8
authPassword		Optional. The password of the user	String	/	UTF-8
authentication		Optional. Specifies the authentication mechanism to use. For the Sun LDAP service provider, this can be one of the following strings: simple (DEFAULT): Used for user/password authentication. none: Used for anonymous authentication. sasl_mech (UNSUPPORTED): Where sasl_mech is a space-separated list of SASL mechanism names. SASL is the Simple Authentication and Security Layer (RFC 2222). It specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and establishment of a security layer on which to carry out subsequent communication. By using SASL, the LDAP can support any type of authentication agreed upon by the LDAP client and server.	String	/	UTF-8

Exception Payloads

Payload Class	Description
NoPermissionException	If the current binded user has no permissions to update entries under any of the RDN (relative DN) that compose the entry DN.
InvalidAttributeException	If the structure of the entry is invalid (for example there are missing required attributes or it has attributes that are not part of any of the defined object classes)
NameNotFoundException	If there is no existing entry with the same DN in the LDAP server tree.
LDAPException	In case there is any other exception, mainly related to connectivity problems or referrals.
Exception	In case there is any other error updating the entry.

<ldap:modify-from-map>

Updates an existing entry in the LDAP server from a Map representation. The distinguished name (DN) of the entry is first obtained from the optional parameter dn and if this value is blank (null, empty string or string with only space chars) then the DN should be a present in the entry map as a String value under the key "dn" (see MAP_DN_KEY).

When updating a LDAP entry, only the attributes in the entry passed as parameter are updated or added. If you need to delete an attribute, you should use the delete attribute operation.

In order to represent a LDAP entry as a map, you should consider the following rules for the map key/value pair:

Single Value Attributes: The key should be the name of the single value attribute (for example uid, cn, ...) as a String and the value is just the value of the attribute (most of the times represented by a String.
Multi-value Attributes: The key should be the name of the multiple values attribute (for example objectClass, memberOf, mail, ...) as a String and the value should be a List holding the multiple values of the attribute. Usually it will be a list of strings.
Distinguished name: As an alternative to passing the DN as a separate argument of the operation, you can include it in the entry map. In this case, the key should be the string "dn" (see MAP_DN_KEY) and the value a String representing the distinguished name (for example cn=andy,ou=people,dc=mulesoft,dc=org).

The map is provided as a reference and the DN is not in the map

XML Sample

<!-- Case 1: Reference an existing map object -->
<ldap:modify-from-map dn="uid=user,ou=people,dc=mulesoft,dc=org" config-ref="ldapConfig">
	<ldap:entry ref="#[header:session:ldapUserMap]"/>
</ldap:modify-from-map>

The map is created in the XML file and the DN is another map entry

XML Sample

<!-- Case 2: Reference an existing map object -->
<ldap:modify-from-map config-ref="ldapConfig">
	<ldap:entry>
		<ldap:entry key="dn" value-ref="#[payload.getDn()]"/>
		<ldap:entry key="uid">user</ldap:entry>
		<ldap:entry key="sn">Doe</ldap:entry>
		<ldap:entry key="cn">John Doe</ldap:entry>
	</ldap:entry>
</ldap:modify-from-map>

The map is provided in the payload and the DN is another map entry

XML Sample

<!-- Case 3: The map is in the payload and the DN is in the map -->
<ldap:modify-from-map/>

Attributes

Name	Description	Java Type	MIME Type	Encoding
config-ref	Optional. Specify which configuration to use.
dn	Optional. The primary value to use as DN of the entry. If not set, then the DN will be retrieved from the map representing the entry under the key dn.	String	/	UTF-8
Connection Parameters This are only required if you didn't specified them at the configuration element. They are also useful for overriding the values of the configurations or even if you need to extract them from the Mule message since they support expression evaluation.
authDn	Optional. The DN (distinguished name) of the user (for example: uid=user,ou=people,dc=mulesoft,dc=org). If using Microsoft Active Directory, instead of the DN, you can provide the user@domain (for example: user@mulesoft.org)	String	/	UTF-8
authPassword	Optional. The password of the user	String	/	UTF-8
authentication	Optional. Specifies the authentication mechanism to use. For the Sun LDAP service provider, this can be one of the following strings: simple (DEFAULT): Used for user/password authentication. none: Used for anonymous authentication. sasl_mech (UNSUPPORTED): Where sasl_mech is a space-separated list of SASL mechanism names. SASL is the Simple Authentication and Security Layer (RFC 2222). It specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and establishment of a security layer on which to carry out subsequent communication. By using SASL, the LDAP can support any type of authentication agreed upon by the LDAP client and server.	String	/	UTF-8

Child Elements

Name	Default Value	Description	Java Type
<ldap:entry>	#[payload:]	Optional. Map representation of the LDAP entry.	Map<String, Object>

Exception Payloads

Payload Class	Description
NoPermissionException	If the current binded user has no permissions to update entries under any of the RDN (relative DN) that compose the entry DN.
InvalidAttributeException	If the structure of the entry is invalid (for example there are missing required attributes or it has attributes that are not part of any of the defined object classes)
NameNotFoundException	If there is no existing entry with the same DN in the LDAP server tree.
LDAPException	In case there is any other exception, mainly related to connectivity problems or referrals.
Exception	In case there is any other error updating the entry (for example if the DN is not passed as an argument nor in the entry map).

<ldap:modify-multi-value-attribute>

Updates (replaces) the value or values of the attribute defined by attributeName with the new values defined by attributeValues. If the attribute was not present in the entry, then the value is added.

XML Sample

<ldap:modify-multi-value-attribute config-ref="ldapConf" dn="#[map-payload:dn]" attributeName="#[map-payload:attributeName]">
	<ldap:attribute-values ref="#[map-payload:attributeValues]" />
</ldap:modify-multi-value-attribute>

Attributes

Name	Description	Java Type	MIME Type	Encoding
config-ref	Optional. Specify which configuration to use.
dn	The DN of the LDAP entry to modify	String	/	UTF-8
attributeName	The name of the attribute to update its values.	String	/	UTF-8
Connection Parameters This are only required if you didn't specified them at the configuration element. They are also useful for overriding the values of the configurations or even if you need to extract them from the Mule message since they support expression evaluation.
authDn	Optional. The DN (distinguished name) of the user (for example: uid=user,ou=people,dc=mulesoft,dc=org). If using Microsoft Active Directory, instead of the DN, you can provide the user@domain (for example: user@mulesoft.org)	String	/	UTF-8
authPassword	Optional. The password of the user	String	/	UTF-8
authentication	Optional. Specifies the authentication mechanism to use. For the Sun LDAP service provider, this can be one of the following strings: simple (DEFAULT): Used for user/password authentication. none: Used for anonymous authentication. sasl_mech (UNSUPPORTED): Where sasl_mech is a space-separated list of SASL mechanism names. SASL is the Simple Authentication and Security Layer (RFC 2222). It specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and establishment of a security layer on which to carry out subsequent communication. By using SASL, the LDAP can support any type of authentication agreed upon by the LDAP client and server.	String	/	UTF-8

Child Elements

Name	Default Value	Description	Java Type
<ldap:attribute-values>		The new values for the attribute	List<Object>

Exception Payloads

Payload Class	Description
NoPermissionException	If the current binded user has no permissions to update the entry.
NameNotFoundException	If there is no existing entry for the given DN.
LDAPException	In case there is any other exception, mainly related to connectivity problems or referrals.
Exception	In case there is any other error updating the entry.

<ldap:modify-single-value-attribute>

Updates (replaces) the value or values of the attribute defined by attributeName with the new value defined by attributeValue. If the attribute was not present in the entry, then the value is added.

If you want to update a value with a type different than String, then you can use the update-multi-value-attribute operation and define a one element list with the value.

XML Sample

<ldap:modify-single-value-attribute config-ref="ldapConf" dn="#[map-payload:dn]" attributeName="#[map-payload:attributeName]" attributeValue="#[map-payload:attributeValue]"/>

Attributes

Name	Description	Java Type	MIME Type	Encoding
config-ref	Optional. Specify which configuration to use.
dn	The DN of the LDAP entry to modify	String	/	UTF-8
attributeName	The name of the attribute to update its value.	String	/	UTF-8
attributeValue	The new value for the attribute	String	/	UTF-8
Connection Parameters This are only required if you didn't specified them at the configuration element. They are also useful for overriding the values of the configurations or even if you need to extract them from the Mule message since they support expression evaluation.
authDn	Optional. The DN (distinguished name) of the user (for example: uid=user,ou=people,dc=mulesoft,dc=org). If using Microsoft Active Directory, instead of the DN, you can provide the user@domain (for example: user@mulesoft.org)	String	/	UTF-8
authPassword	Optional. The password of the user	String	/	UTF-8
authentication	Optional. Specifies the authentication mechanism to use. For the Sun LDAP service provider, this can be one of the following strings: simple (DEFAULT): Used for user/password authentication. none: Used for anonymous authentication. sasl_mech (UNSUPPORTED): Where sasl_mech is a space-separated list of SASL mechanism names. SASL is the Simple Authentication and Security Layer (RFC 2222). It specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and establishment of a security layer on which to carry out subsequent communication. By using SASL, the LDAP can support any type of authentication agreed upon by the LDAP client and server.	String	/	UTF-8

Exception Payloads

Payload Class	Description
NoPermissionException	If the current binded user has no permissions to update the entry.
NameNotFoundException	If there is no existing entry for the given DN.
LDAPException	In case there is any other exception, mainly related to connectivity problems or referrals.
Exception	In case there is any other error updating the entry.

<ldap:paged-result-search>

Performs a LDAP search and streams result to the rest of the flow. This means that instead of returning a list with all results it partitions the LDAP search result into pages (individual entry if resultPageSize is 1) or lists of size resultPageSize.

For queries returning large results it is recommended to use pagination (not all LDAP servers support this or are configured to support it). For that you need to provide a page size value that should be less or equal than max results (count limit). If you are getting a Size Limit Exceeded exception message then you should check that the authenticated user has enough privileges or the LDAP server is not limited by configuration.

Returning all persons one LDAP entry at a time

XML Sample

<!-- Case 1: Paging control to retrieve pages of 100 entries from the LDAP server returning one entry at a time -->
    <ldap:paged-result-search baseDn="ou=people,dc=mulesoft,dc=org" filter="(objectClass=person)" scope="SUB_TREE" pageSize="100" resultPageSize="1"/>

Returning all persons in lists of 100 LDAP entries

XML Sample

<!-- Case 2: Return lists of 100 LDAP entries -->
    <ldap:paged-result-search baseDn="ou=people,dc=mulesoft,dc=org" filter="(objectClass=person)" scope="SUB_TREE" resultPageSize="100">
        <ldap:attributes>
        	<ldap:attribute>uid</ldap:attribute>
        	<ldap:attribute>cn</ldap:attribute>
        </ldap:attributes>    
    </ldap:paged-result-search>

Attributes

Name	Default Value	Description	Java Type	MIME Type	Encoding
config-ref		Optional. Specify which configuration to use.
baseDn		The base DN of the LDAP search.	String	/	UTF-8
filter		A valid LDAP filter. The LDAP connector supports LDAP search filters as defined in RFC 2254. Some examples are: (objectClass=): All objects. (&(objectClass=person)(!cn=andy)): All persons except for the one with common name (cn) "andy". (sn=sm): All objects with a surname that starts with "sm". (&(objectClass=person)(\|(sn=Smith)(sn=Johnson))): All persons with a surname equal to "Smith" or "Johnson".	String	/	UTF-8
scope	ONE_LEVEL	Optional. The scope of the search. Valid attributes are: OBJECT: This value is used to indicate searching only the entry at the base DN, resulting in only that entry being returned (keeping in mind that it also has to meet the search filter criteria!) ONE_LEVEL: This value is used to indicate searching all entries one level under the base DN - but not including the base DN and not including any entries under that one level under the base DN. SUB_TREE: This value is used to indicate searching of all entries at all levels under and including the specified base DN.	SearchScope	/
timeout	0	Optional. Search timeout in milliseconds. If the value is 0, this means to wait indefinitely.	int	/
maxResults	0	Optional. The maximum number of entries that will be returned as a result of the search. 0 indicates that all entries will be returned.	long	/
returnObject	false	Optional. Enables/disables returning objects returned as part of the result. If disabled, only the name and class of the object is returned. If enabled, the object will be returned.	boolean	/
pageSize	0	Optional. If the LDAP server supports paging results set in this attribute the size of the page. If the pageSize is less or equals than 0, then paging will be disabled.	int	/
resultPageSize	1	Optional. The size of the list this operation streams. If this value is less than 1, then it will be considered that the page size is 1.	int	/
resultOffset	0	Optional. Considering the results are paged in resultPageSize pages, then this is the first page that should be retrieved.	int	/
resultPageCount	0	Optional. How many pages of size resultPageSize starting at resultOffset should be returned/processed. If zero (0) or less or if resultPageCount is greater than the total amount of pages, then all pages are returned.	int	/
orderBy		Optional. Name of the LDAP attribute used to sort results.	String	/	UTF-8
callback		Used to stream results	SourceCallback	/
Connection Parameters This are only required if you didn't specified them at the configuration element. They are also useful for overriding the values of the configurations or even if you need to extract them from the Mule message since they support expression evaluation.
authDn		Optional. The DN (distinguished name) of the user (for example: uid=user,ou=people,dc=mulesoft,dc=org). If using Microsoft Active Directory, instead of the DN, you can provide the user@domain (for example: user@mulesoft.org)	String	/	UTF-8
authPassword		Optional. The password of the user	String	/	UTF-8
authentication		Optional. Specifies the authentication mechanism to use. For the Sun LDAP service provider, this can be one of the following strings: simple (DEFAULT): Used for user/password authentication. none: Used for anonymous authentication. sasl_mech (UNSUPPORTED): Where sasl_mech is a space-separated list of SASL mechanism names. SASL is the Simple Authentication and Security Layer (RFC 2222). It specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and establishment of a security layer on which to carry out subsequent communication. By using SASL, the LDAP can support any type of authentication agreed upon by the LDAP client and server.	String	/	UTF-8

Child Elements

Name	Default Value	Description	Java Type
<ldap:attributes>		Optional. A list of the attributes that should be returned in the result. If the attributes list is empty or null, then by default all LDAP entry attributes are returned.	List<String>

Returns

Return Type	Description
List<Object>	A list with individual results of executing the rest of flow with each results page.

Exception Payloads

Payload Class	Description
NoPermissionException	If the current binded user has no permissions to perform the search under the given base DN.
NameNotFoundException	If base DN is invalid (for example it doesn't exist)
LDAPException	In case there is any other exception, mainly related to connectivity problems or referrals.
Exception	In case there is any other error performing the search.

<ldap:rename>

Renames and existing LDAP entry (moves and entry from a DN to another one).

XML Sample

<ldap:rename oldDn="cn=origin, dc=domain, dc=org" newDn="cn=destination, dc=domain, dc=org" />

Attributes

Name	Description	Java Type	MIME Type	Encoding
config-ref	Optional. Specify which configuration to use.
oldDn	DN of the existing entry that will be renamed.	String	/	UTF-8
newDn	Destination DN	String	/	UTF-8
Connection Parameters This are only required if you didn't specified them at the configuration element. They are also useful for overriding the values of the configurations or even if you need to extract them from the Mule message since they support expression evaluation.
authDn	Optional. The DN (distinguished name) of the user (for example: uid=user,ou=people,dc=mulesoft,dc=org). If using Microsoft Active Directory, instead of the DN, you can provide the user@domain (for example: user@mulesoft.org)	String	/	UTF-8
authPassword	Optional. The password of the user	String	/	UTF-8
authentication	Optional. Specifies the authentication mechanism to use. For the Sun LDAP service provider, this can be one of the following strings: simple (DEFAULT): Used for user/password authentication. none: Used for anonymous authentication. sasl_mech (UNSUPPORTED): Where sasl_mech is a space-separated list of SASL mechanism names. SASL is the Simple Authentication and Security Layer (RFC 2222). It specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and establishment of a security layer on which to carry out subsequent communication. By using SASL, the LDAP can support any type of authentication agreed upon by the LDAP client and server.	String	/	UTF-8

Exception Payloads

Payload Class	Description
NameAlreadyBoundException	If there is already an existing entry with the same DN as newDn.
LDAPException	In case there is any other exception, mainly related to connectivity problems or referrals.
Exception	In case there is any other error deleting the entry.

<ldap:search>

Performs a LDAP search returning a list with all the resulting LDAP entries.

For queries returning large results it is recommended to use pagination (not all LDAP servers support this or are configured to support it). For that you need to provide a page size value that should be less or equal than max results (count limit). If you are getting a Sizelimit Exceeded exception then you should check that the authenticated user has enough privileges or the LDAP server is not limited by configuration.

Returning all attributes for all persons that have Doe as surname

XML Sample

<!-- Case 1: Simple SUB_TREE search -->
    <ldap:search baseDn="ou=people,dc=mulesoft,dc=org" filter="(&amp;(objectClass=person)(sn=Doe))" scope="SUB_TREE"/>

Returning username and fullname for the first 100 person entries

XML Sample

<!-- Case 2: Search that will return the username and fullname of at most 100 results -->
    <ldap:search baseDn="ou=people,dc=mulesoft,dc=org" filter="(objectClass=person)" scope="SUB_TREE" maxResults="100">
        <ldap:attributes>
        	<ldap:attribute>uid</ldap:attribute>
        	<ldap:attribute>cn</ldap:attribute>
        </ldap:attributes>    
    </ldap:search>

Search that receives all configuration attributes using Mule Expressions

XML Sample

<!-- Case 3: Search that receives all attributes from Mule Expressions -->
    <ldap:search baseDn="#[header:baseDn]"
                 filter="#[header:filter]"
                 scope="#[header:scope]"
                 timeout="#[header:timeout]"
                 maxResults="#[header:maxResults]"
                 returnObject="#[returnObject]">
        <ldap:attributes ref="#[header:attributes]" />
    </ldap:search>

Attributes

Name	Default Value	Description	Java Type	MIME Type	Encoding
config-ref		Optional. Specify which configuration to use.
baseDn		The base DN of the LDAP search.	String	/	UTF-8
filter		A valid LDAP filter. The LDAP connector supports LDAP search filters as defined in RFC 2254. Some examples are: (objectClass=): All objects. (&(objectClass=person)(!cn=andy)): All persons except for the one with common name (cn) "andy". (sn=sm): All objects with a surname that starts with "sm". (&(objectClass=person)(\|(sn=Smith)(sn=Johnson))): All persons with a surname equal to "Smith" or "Johnson".	String	/	UTF-8
scope	ONE_LEVEL	Optional. The scope of the search. Valid attributes are: OBJECT: This value is used to indicate searching only the entry at the base DN, resulting in only that entry being returned (keeping in mind that it also has to meet the search filter criteria!) ONE_LEVEL: This value is used to indicate searching all entries one level under the base DN - but not including the base DN and not including any entries under that one level under the base DN. SUB_TREE: This value is used to indicate searching of all entries at all levels under and including the specified base DN.	SearchScope	/
timeout	0	Optional. Search timeout in milliseconds. If the value is 0, this means to wait indefinitely.	int	/
maxResults	0	Optional. The maximum number of entries that will be returned as a result of the search. 0 indicates that all entries will be returned.	long	/
returnObject	false	Optional. Enables/disables returning objects returned as part of the result. If disabled, only the name and class of the object is returned. If enabled, the object will be returned.	boolean	/
pageSize	0	Optional. If the LDAP server supports paging results set in this attribute the size of the page. If the pageSize is less or equals than 0, then paging will be disabled.	int	/
Connection Parameters This are only required if you didn't specified them at the configuration element. They are also useful for overriding the values of the configurations or even if you need to extract them from the Mule message since they support expression evaluation.
authDn		Optional. The DN (distinguished name) of the user (for example: uid=user,ou=people,dc=mulesoft,dc=org). If using Microsoft Active Directory, instead of the DN, you can provide the user@domain (for example: user@mulesoft.org)	String	/	UTF-8
authPassword		Optional. The password of the user	String	/	UTF-8
authentication		Optional. Specifies the authentication mechanism to use. For the Sun LDAP service provider, this can be one of the following strings: simple (DEFAULT): Used for user/password authentication. none: Used for anonymous authentication. sasl_mech (UNSUPPORTED): Where sasl_mech is a space-separated list of SASL mechanism names. SASL is the Simple Authentication and Security Layer (RFC 2222). It specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and establishment of a security layer on which to carry out subsequent communication. By using SASL, the LDAP can support any type of authentication agreed upon by the LDAP client and server.	String	/	UTF-8

Child Elements

Name	Default Value	Description	Java Type
<ldap:attributes>		Optional. A list of the attributes that should be returned in the result. If the attributes list is empty or null, then by default all LDAP entry attributes are returned.	List<String>

Returns

Return Type	Description
List<LDAPEntry>	A java.util.List of `LDAPEntry` objects with the results of the search. If the search throws no results, then this is an empty list.

Exception Payloads

Payload Class	Description
NoPermissionException	If the current binded user has no permissions to perform the search under the given base DN.
NameNotFoundException	If base DN is invalid (for example it doesn't exist)
LDAPException	In case there is any other exception, mainly related to connectivity problems or referrals.
Exception	In case there is any other error performing the search.

<ldap:search-one>

Performs a LDAP search that is supposed to return a unique result. If the search returns more than one result, then a warn log message is generated and the first element of the result is returned.

Use this operation over lookup(String, List) when you know don't know the DN of the entry you need to retrieve but you have a set of attributes that you know should return a single entry (for example an email address)

XML Sample

<!-- Case 1: Simple SUB_TREE search returning the first result -->
    <ldap:search baseDn="ou=people,dc=mulesoft,dc=org" filter="(&amp;(objectClass=person)(mail=jdoe@mail.com))" scope="SUB_TREE"/>

Attributes

Name	Default Value	Description	Java Type	MIME Type	Encoding
config-ref		Optional. Specify which configuration to use.
baseDn		The base DN of the LDAP search.	String	/	UTF-8
filter		A valid LDAP filter. The LDAP connector supports LDAP search filters as defined in RFC 2254. Some examples are: (objectClass=): All objects. (&(objectClass=person)(!cn=andy)): All persons except for the one with common name (cn) "andy". (sn=sm): All objects with a surname that starts with "sm". (&(objectClass=person)(\|(sn=Smith)(sn=Johnson))): All persons with a surname equal to "Smith" or "Johnson".	String	/	UTF-8
scope	ONE_LEVEL	Optional. The scope of the search. Valid attributes are: OBJECT: This value is used to indicate searching only the entry at the base DN, resulting in only that entry being returned (keeping in mind that it also has to meet the search filter criteria!) ONE_LEVEL: This value is used to indicate searching all entries one level under the base DN - but not including the base DN and not including any entries under that one level under the base DN. SUB_TREE: This value is used to indicate searching of all entries at all levels under and including the specified base DN.	SearchScope	/
timeout	0	Optional. Search timeout in milliseconds. If the value is 0, this means to wait indefinitely.	int	/
maxResults	0	Optional. The maximum number of entries that will be returned as a result of the search. 0 indicates that all entries will be returned.	long	/
returnObject	false	Optional. Enables/disables returning objects returned as part of the result. If disabled, only the name and class of the object is returned. If enabled, the object will be returned.	boolean	/
Connection Parameters This are only required if you didn't specified them at the configuration element. They are also useful for overriding the values of the configurations or even if you need to extract them from the Mule message since they support expression evaluation.
authDn		Optional. The DN (distinguished name) of the user (for example: uid=user,ou=people,dc=mulesoft,dc=org). If using Microsoft Active Directory, instead of the DN, you can provide the user@domain (for example: user@mulesoft.org)	String	/	UTF-8
authPassword		Optional. The password of the user	String	/	UTF-8
authentication		Optional. Specifies the authentication mechanism to use. For the Sun LDAP service provider, this can be one of the following strings: simple (DEFAULT): Used for user/password authentication. none: Used for anonymous authentication. sasl_mech (UNSUPPORTED): Where sasl_mech is a space-separated list of SASL mechanism names. SASL is the Simple Authentication and Security Layer (RFC 2222). It specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and establishment of a security layer on which to carry out subsequent communication. By using SASL, the LDAP can support any type of authentication agreed upon by the LDAP client and server.	String	/	UTF-8

Child Elements

Name	Default Value	Description	Java Type
<ldap:attributes>		Optional. A list of the attributes that should be returned in the result. If the attributes list is empty or null, then by default all LDAP entry attributes are returned.	List<String>

Returns

Return Type	Description
LDAPEntry	A `LDAPEntry` with the first element of the search result or null if there are no results.

Exception Payloads

Payload Class	Description
NoPermissionException	If the current binded user has no permissions to perform the search under the given base DN.
NameNotFoundException	If base DN is invalid (for example it doesn't exist)
LDAPException	In case there is any other exception, mainly related to connectivity problems or referrals.
Exception	In case there is any other error performing the search.

Message Sources

Transformers

<ldap:ldap-entry-to-ldif>

Transforms a LDAPEntry to a String in LDIF representation (RFC 2849).

XML Sample

<ldap:ldap-entry-to-ldif/>

Attributes

Name	Description	Java Type	MIME Type	Encoding
config-ref	Optional. Specify which configuration to use.
entry	The `LDAPEntry` to transform to LDIF.	LDAPEntry	/
Connection Parameters This are only required if you didn't specified them at the configuration element. They are also useful for overriding the values of the configurations or even if you need to extract them from the Mule message since they support expression evaluation.
authDn	Optional. The DN (distinguished name) of the user (for example: uid=user,ou=people,dc=mulesoft,dc=org). If using Microsoft Active Directory, instead of the DN, you can provide the user@domain (for example: user@mulesoft.org)	String	/	UTF-8
authPassword	Optional. The password of the user	String	/	UTF-8
authentication	Optional. Specifies the authentication mechanism to use. For the Sun LDAP service provider, this can be one of the following strings: simple (DEFAULT): Used for user/password authentication. none: Used for anonymous authentication. sasl_mech (UNSUPPORTED): Where sasl_mech is a space-separated list of SASL mechanism names. SASL is the Simple Authentication and Security Layer (RFC 2222). It specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and establishment of a security layer on which to carry out subsequent communication. By using SASL, the LDAP can support any type of authentication agreed upon by the LDAP client and server.	String	/	UTF-8

Returns

Return Type	Description
String	The LDIF representation of the entry.

<ldap:ldap-entry-to-map>

Creates the Map representation of an LDAPEntry.

The resulting map has the name of the attributes as String keys and the values for these keys are:

Distinguished name: The DN is the value of the special string key "dn" (see MAP_DN_KEY).
Single Value Attributes: The value is an Object (most of the cases a String and in some cases, like userPassword, a byte[]).
Multi-value Attributes: The value is a List containing all the values for the attribute (most of the cases a String and in some cases, like userPassword, a byte[]).

XML Sample

<ldap:ldap-entry-to-map/>

Attributes

Name	Description	Java Type	MIME Type	Encoding
config-ref	Optional. Specify which configuration to use.
entry	The `LDAPEntry` to transform to map.	LDAPEntry	/
Connection Parameters This are only required if you didn't specified them at the configuration element. They are also useful for overriding the values of the configurations or even if you need to extract them from the Mule message since they support expression evaluation.
authDn	Optional. The DN (distinguished name) of the user (for example: uid=user,ou=people,dc=mulesoft,dc=org). If using Microsoft Active Directory, instead of the DN, you can provide the user@domain (for example: user@mulesoft.org)	String	/	UTF-8
authPassword	Optional. The password of the user	String	/	UTF-8
authentication	Optional. Specifies the authentication mechanism to use. For the Sun LDAP service provider, this can be one of the following strings: simple (DEFAULT): Used for user/password authentication. none: Used for anonymous authentication. sasl_mech (UNSUPPORTED): Where sasl_mech is a space-separated list of SASL mechanism names. SASL is the Simple Authentication and Security Layer (RFC 2222). It specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and establishment of a security layer on which to carry out subsequent communication. By using SASL, the LDAP can support any type of authentication agreed upon by the LDAP client and server.	String	/	UTF-8

Returns

Return Type	Description
Map<String, Object>	The Map representation of the entry.

<ldap:map-to-ldap-entry>

Creates a LDAPEntry from its Map representation. This transformer won't check that the entry is valid. The only validation that is performed is the presence of the distinguished name.

In order to represent a LDAP entry as a map, you should consider the following rules for the map key/value pair:

Distinguished name: The map should have a special attribute for the distinguish name. In this case, the key should be the string "dn" (see MAP_DN_KEY) and the value a String representing the distinguished name (for example cn=andy,ou=people,dc=mulesoft,dc=org).
Single Value Attributes: The key should be the name of the single value attribute (for example uid, cn, ...) as a String and the value is just the value of the attribute (most of the times represented by a String.
Multi-value Attributes: The key should be the name of the multiple values attribute (for example objectClass, memberOf, mail, ...) as a String and the value should be a List holding the multiple values of the attribute. Usually it will be a list of strings.

XML Sample

<ldap:map-to-ldap-entry/>

Attributes

Name	Description	Java Type	MIME Type	Encoding
config-ref	Optional. Specify which configuration to use.
Connection Parameters This are only required if you didn't specified them at the configuration element. They are also useful for overriding the values of the configurations or even if you need to extract them from the Mule message since they support expression evaluation.
authDn	Optional. The DN (distinguished name) of the user (for example: uid=user,ou=people,dc=mulesoft,dc=org). If using Microsoft Active Directory, instead of the DN, you can provide the user@domain (for example: user@mulesoft.org)	String	/	UTF-8
authPassword	Optional. The password of the user	String	/	UTF-8
authentication	Optional. Specifies the authentication mechanism to use. For the Sun LDAP service provider, this can be one of the following strings: simple (DEFAULT): Used for user/password authentication. none: Used for anonymous authentication. sasl_mech (UNSUPPORTED): Where sasl_mech is a space-separated list of SASL mechanism names. SASL is the Simple Authentication and Security Layer (RFC 2222). It specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and establishment of a security layer on which to carry out subsequent communication. By using SASL, the LDAP can support any type of authentication agreed upon by the LDAP client and server.	String	/	UTF-8

Child Elements

Name	Default Value	Description	Java Type
<ldap:entry>		Map representation of the LDAP entry.	Map<String, Object>

Returns

Return Type	Description
LDAPEntry	`LDAPEntry` object.

Exception Payloads

Payload Class	Description
Exception	If the map entry is invalid (for example, it doesn't contain the DN)