The LDAP Connector will allow to connect to any LDAP server and perform every LDAP operation:

  • bind: Authenticate against the LDAP server. This occurs automatically before each operation but can also be performed on request
  • search: Perform a LDAP search in a base DN with a given filter
  • lookup: Retrieve a unique LDAP entry
  • add: Creates a new LDAP entry
  • add attribute/s: Add specific attributes to an existing LDAP entry
  • modify: Update an existing LDAP entry
  • modify attribute/s: Update specific attributes of an existing LDAP entry
  • delete: Delete an existing LDAP entry
  • delete attribute/s: Delete specific attributes of an existing LDAP entry

In order to be able to use any of the operations listed before, you must define a config element with the LDAP connection parameters:

URL The connection URL to the LDAP server. LDAP connection URLs have the following syntax: ldap[s]://hostname:port/base_dn

  • hostname: Name (or IP address in dotted format) of the LDAP server. For example, ldap.example.com or 192.202.185.90.
  • port: Port number of the LDAP server (for example, 696). If no port is specified, the standard LDAP port (389) or LDAPS port (636) is used.
  • base_dn: distinguished name (DN) of an entry in the directory. This DN identifies the entry that is the starting point of the search. If no base DN is specified, the search starts at the root of the directory tree.

Some examples are:
  • ldap://localhost:389/
  • ldap://localhost:389/dc=mulesoft,dc=org
  • ldaps://localhost:636/dc=mulesoft,dc=org
  • ldaps://ldap.mulesoft.org/
Type The implementation of the connection to be used. Right now the only available implementation is JNDI, though any other implementation can be used (For example using Novell libraries). If you want to create your own implementation you should extend the class LDAPConnection
  • JNDI: Implementation that uses the JNDI interfaces provided in the standard JRE.
Initial Pool Size The string representation of an integer that represents the number of connections per connection identity to create when initially creating a connection for the identity. To disable pooling, just set this value to 0 (zero).
Max Pool Size The string representation of an integer that represents the maximum number of connections per connection identity that can be maintained concurrently.
Pool Timeout The string representation of an integer that represents the number of milliseconds that an idle connection may remain in the pool without being closed and removed from the pool.
Referral Constant that holds the name of the environment property for specifying how referrals encountered by the service provider are to be processed. The value of the property is one of the following strings:
  • follow: Follow referrals automatically
  • ignore: Ignore referrals
  • throw: Throw ReferralException when a referral is encountered.
Extended Configuration This is a Map instance holding extended configuration attributes that will be used in the Context environment. Values configured here have less precedence than the other values that are allowed in the module configuration. Some examples of extended properties (key: value) are:
  • java.naming.language: Constant that holds the name of the environment property for specifying the preferred language to use with the service. The value of the property is a colon-separated list of language tags as defined in RFC 1766.
  • java.naming.security.authentication: Constant that holds the name of the environment property for specifying the security level to use. Its value is one of the following strings: "none", "simple", "strong".
  • java.naming.security.protocol: Constant that holds the name of the environment property for specifying the security protocol to use. Its value is a string determined by the service provider (e.g. "ssl").
  • com.sun.jndi.ldap.connect.pool.authentication: A list of space-separated authentication types of connections that may be pooled. Valid types are "none", "simple", and "DIGEST-MD5".
  • com.sun.jndi.ldap.connect.pool.debug: A string that indicates the level of debug output to produce. Valid values are "fine" (trace connection creation and removal) and "all" (all debugging information).
  • com.sun.jndi.ldap.connect.pool.prefsize: The string representation of an integer that represents the preferred number of connections per connection identity that should be maintained concurrently.
  • com.sun.jndi.ldap.connect.pool.protocol: A list of space-separated protocol types of connections that may be pooled. Valid types are "plain" and "ssl".
Use Schema If set to true, the LDAP connector will use the LDAP schema (only works for LDAP v3) to define the structure of the LDAP entry (or map). This needs to be 'true' in order to use DataSense.
If useSchema is true, then the LDAP server schema will be used to determine if attributes of the LDAPEntry will be Multi Valued (LDAPMultiValueEntryAttribute) or Single Value LDAPSingleValueEntryAttribute. This translates if the value will be a List or a single Object (String, byte[], etc.). In the past, attributes were Multi Valued only when the retrieved LDAP entry had more than one value.

Example:
Sample LDAP server entry:
dn: attr1=Value2,ou=group,dc=company,dc=org
attr1: Value1
attr2: Value2
multi1: Value3
multi1: Value4
objectclass: top
objectclass: myentry

Schema for objectClass myentry:
attr1: {SINGLE-VALUE=true}
attr2: {SINGLE-VALUE=false}
multi1: {SINGLE-VALUE=false}

If useSchema is false then the resulting LDAPEntry representing the payload will return:
payload.getAttribute("attr1") returns LDAPSingleValueEntryAttribute
payload.getAttribute("attr2") returns LDAPSingleValueEntryAttribute (The attribute has only one value)
payload.getAttribute("multi1") returns LDAPMultiValueEntryAttribute


payload.get("attr1") returns String
payload.get("attr2") returns String (The attribute has only one value)
payload.get("multi1") returns List

If useSchema is true then the resulting LDAPEntry representing the payload will return:
payload.getAttribute("attr1") returns LDAPSingleValueEntryAttribute
payload.getAttribute("attr2") returns LDAPMultiValueEntryAttribute (The attribute is multi value)
payload.getAttribute("multi1") returns LDAPMultiValueEntryAttribute


payload.get("attr1") returns String
payload.get("attr2") returns List (The attribute is multi value)
payload.get("multi1") returns List

Additional Info

Requires Mule Enterprise License

Yes  

Requires Entitlement

No  

Mule Version

3.6.0 or higher

Configs

Configuration

<ldap:config>

Connection Management

Attributes

Name Java Type Description Default Value Required

name

String

The name of this configuration. With this name can be later referenced.

x 

authDn

String

The DN (distinguished name) of the user (for example: uid=user,ou=people,dc=mulesoft,dc=org). If using Microsoft Active Directory, instead of the DN, you can provide the user@domain (for example: user@mulesoft.org)

x 

authPassword

String

The password of the user

 

authentication

String

Specifies the authentication mechanism to use. For the Sun LDAP service provider, this can be one of the following strings:

  • simple (DEFAULT): Used for user/password authentication.
  • none: Used for anonymous authentication.
  • sasl_mech (UNSUPPORTED): Where sasl_mech is a space-separated list of SASL mechanism names. SASL is the Simple Authentication and Security Layer (RFC 2222). It specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and establishment of a security layer on which to carry out subsequent communication. By using SASL, the LDAP can support any type of authentication agreed upon by the LDAP client and server.

 

initialPoolSize

int

The string representation of an integer that represents the number of connections per connection identity to create when initially creating a connection for the identity. To disable pooling, just set this value to 0 (zero).

1

 

maxPoolSize

int

The string representation of an integer that represents the maximum number of connections per connection identity that can be maintained concurrently.

5

 

poolTimeout

long

The string representation of an integer that represents the number of milliseconds that an idle connection may remain in the pool without being closed and removed from the pool.

60000

 

url

String

The connection URL to the LDAP server with the following syntax: ldap[s]://hostname:port/base_dn.

x 

type

Type

The implementation of the connection to be used.

JNDI

 

referral

Referral

Constant that holds the name of the environment property for specifying how referrals encountered by the service provider are to be processed (follow, ignore, throw).

IGNORE

 

extendedConfiguration

Map<String,String>

This is a Map instance holding extended configuration attributes that will be used in the Context environment. When working with TLS connections you need to make sure that the native LDAP pooling functionality is turned off. For example if using JNDI do not use attributes such as 'com.sun.jndi.ldap.connect.pool=true' will cause problems when using TLS.

 

schemaEnabled

boolean

If set to true, the LDAP connector will use the LDAP schema (only works for LDAP v3) to define the structure of the LDAP entry (or map). This needs to be 'true' in order to use DataSense as it will affect the implementing class of LDAPEntry attributes.

false

 

TLS Configuration

<ldap:tls-config>

Connection Management

Attributes

Name Java Type Description Default Value Required

name

String

The name of this configuration. With this name can be later referenced.

x 

authDn

String

The DN (distinguished name) of the user (for example: uid=user,ou=people,dc=mulesoft,dc=org). If using Microsoft Active Directory, instead of the DN, you can provide the user@domain (for example: user@mulesoft.org)

x 

authPassword

String

The password of the user

 

authentication

String

Specifies the authentication mechanism to use. For the Sun LDAP service provider, this can be one of the following strings:

  • simple (DEFAULT): Used for user/password authentication.
  • none: Used for anonymous authentication.
  • sasl_mech (UNSUPPORTED): Where sasl_mech is a space-separated list of SASL mechanism names. SASL is the Simple Authentication and Security Layer (RFC 2222). It specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and establishment of a security layer on which to carry out subsequent communication. By using SASL, the LDAP can support any type of authentication agreed upon by the LDAP client and server.

 

url

String

The connection URL to the LDAP server with the following syntax: ldap[s]://hostname:port/base_dn.

x 

type

Type

The implementation of the connection to be used.

JNDI

 

referral

Referral

Constant that holds the name of the environment property for specifying how referrals encountered by the service provider are to be processed (follow, ignore, throw).

IGNORE

 

extendedConfiguration

Map<String,String>

This is a Map instance holding extended configuration attributes that will be used in the Context environment. When working with TLS connections you need to make sure that the native LDAP pooling functionality is turned off. For example if using JNDI do not use attributes such as 'com.sun.jndi.ldap.connect.pool=true' will cause problems when using TLS.

 

schemaEnabled

boolean

If set to true, the LDAP connector will use the LDAP schema (only works for LDAP v3) to define the structure of the LDAP entry (or map). This needs to be 'true' in order to use DataSense as it will affect the implementing class of LDAPEntry attributes.

false

 

Processors

Bind

<ldap:bind>

Performs an LDAP bind (login) operation. After login there will be a LDAP connection pool ready to use for other operations using the authenticated user. If no values are provided to override authDn and authPassword then using this operation will just re-bind (re-authenticate) the user/password defined in the config element. If new values are provided for authDn and authPassword, then authentication will be performed.

XML Sample

<!-- Case 1: Re-authenticating and returning the LDAP entry using 'config' level credentials (authDn & authPassword) -->
        <ldap:bind config-ref="ldapConf"/>
<!-- Case 2: Authenticating and returning the LDAP entry using new credentials (authDn & authPassword) -->
        <ldap:bind config-ref="ldapConf" authDn="uid=anotherUser,ou=people,dc=mulesoft,dc=org" authPassword="secret"/>
<!-- Case 3: Authenticating as anonymous user (returns always null) -->
        <ldap:bind config-ref="ldapConf" authDn="ANONYMOUS" authentication="none"/>
<!-- Case 4: Authenticating and returning the LDAP entry using credentials (authDn & authPassword) from Mule Expression -->
        <ldap:bind config-ref="ldapConf" authDn="#[payload.getDN()]" authPassword="#[payload.getPassword()]"/>

Attributes

Name Java Type Description Default Value Required

config-ref

String

Specify which config to use

x 

Returns

Return Java Type Description

LDAPEntry

The LDAPEntry of the authenticated user.

Unbind

<ldap:unbind>

Closes the current connection, forcing the login operation (bind) the next time it is used.

XML Sample

<ldap:unbind config-ref="ldapConf"/>

Attributes

Name Java Type Description Default Value Required

config-ref

String

Specify which config to use

x 

Lookup

<ldap:lookup>

  DataSense enabled

Retrieves an entry from the LDAP server base on its distinguished name (DN). DNs are the unique identifiers of an LDAP entry, so this method will perform a search based on this ID and so return a single entry as result or throw an exception if the DN is invalid or inexistent.

Use this operation over #searchOne(String, String, List, SearchScope, int, long, boolean, String) when you know the DN of the object you want to retrieve.

XML Sample

<!-- Case 1: Lookup returning all attributes for the entry -->
    <ldap:lookup config-ref="ldapConf" dn="uid=aUser,ou=people,dc=mulesoft,dc=org"/>
<!-- Case 2: Lookup returning the attributes in the list obtained by expression -->
    <ldap:lookup config-ref="ldapConf" dn="#[header:dn]">
        <ldap:attributes ref="#[header:attributes]" />
    </ldap:lookup>
<!-- Case 3: Lookup returning the attributes defined in the XML config file -->
    <ldap:lookup config-ref="ldapConf" dn="#[header:dn]">
        <ldap:attributes>
                <ldap:attribute>uid</ldap:attribute>
                <ldap:attribute>mail</ldap:attribute>
                <ldap:attribute>cn</ldap:attribute>
        </ldap:attributes>
    </ldap:lookup>

Attributes

Name Java Type Description Default Value Required

config-ref

String

Specify which config to use

x 

dn

String

The DN of the LDAP entry that will be retrieved.

x 

attributes

List<String>

A list of the attributes that should be returned in the result. If the attributes list is empty or null, then by default all LDAP entry attributes are returned.

 

structuralObjectClass

String

The type of entry that will be returned. Only for DataSense purposes to be used in Anypoint Studio IDE. Has no impact on runtime, that's why it is optional.

 

Returns

Return Java Type Description

LDAPEntry

The LDAPEntry for the given dn parameter.

Exists

<ldap:exists>

Checks whether a LDAP entry exists in the LDAP server or not.

XML Sample

<!-- Check if LDAP entry exists -->
    <ldap:exists config-ref="ldapConf" dn="ou=people, dc=domain, dc=org"/>

Attributes

Name Java Type Description Default Value Required

config-ref

String

Specify which config to use

x 

dn

String

The DN of the LDAP entry that will be retrieved.

x 

Returns

Return Java Type Description

boolean

true if the LDAP entry represented by dn exists or false if not

Search

<ldap:search>

  DataSense enabled

Performs a LDAP search returning a list with all the resulting LDAP entries.

For queries returning large results it is recommended to use pagination (not all LDAP servers support this or are configured to support it). For that you need to provide a page size value that should be less or equal than max results (count limit). If you are getting a Sizelimit Exceeded exception then you should check that the authenticated user has enough privileges or the LDAP server is not limited by configuration.

XML Sample

<!-- Case 1: Returning all attributes for all persons that have Doe as surname -->
    <ldap:search config-ref="ldapConf" baseDn="ou=people,dc=mulesoft,dc=org" filter="(&amp;(objectClass=person)(sn=Doe))" scope="SUB_TREE"/>
<!-- Case 2: Returning username and fullname for the first 100 person entries -->
    <ldap:search config-ref="ldapConf" baseDn="ou=people,dc=mulesoft,dc=org" filter="(objectClass=person)" scope="SUB_TREE" maxResults="100">
        <ldap:attributes>
                <ldap:attribute>uid</ldap:attribute>
                <ldap:attribute>cn</ldap:attribute>
        </ldap:attributes>
    </ldap:search>
<!-- Case 3: Search that receives all configuration attributes using Mule Expressions -->
    <ldap:search config-ref="ldapConf"
                             baseDn="#[header:baseDn]"
                 filter="#[header:filter]"
                 scope="#[header:scope]"
                 timeout="#[header:timeout]"
                 maxResults="#[header:maxResults]"
                 returnObject="#[returnObject]">
        <ldap:attributes ref="#[header:attributes]" />
    </ldap:search>

Attributes

Name Java Type Description Default Value Required

config-ref

String

Specify which config to use

x 

baseDn

String

The base DN of the LDAP search.

x 

filter

String

A valid LDAP filter. The LDAP connector supports LDAP search filters as defined in RFC 2254. Some examples are:

  • (objectClass=*): All objects.
  • (&(objectClass=person)(!cn=andy)): All persons except for the one with common name (cn) "andy".
  • (sn=sm*): All objects with a surname that starts with "sm".
  • (&(objectClass=person)(|(sn=Smith)(sn=Johnson))): All persons with a surname equal to "Smith" or "Johnson".

x 

attributes

List<String>

A list of the attributes that should be returned in the result. If the attributes list is empty or null, then by default all LDAP entry attributes are returned.

 

scope

SearchScope

The scope of the search. Valid attributes are:

  • OBJECT: This value is used to indicate searching only the entry at the base DN, resulting in only that entry being returned (keeping in mind that it also has to meet the search filter criteria!)
  • ONE_LEVEL: This value is used to indicate searching all entries one level under the base DN - but not including the base DN and not including any entries under that one level under the base DN.
  • SUB_TREE: This value is used to indicate searching of all entries at all levels under and including the specified base DN.

ONE_LEVEL

 

timeout

int

Search timeout in milliseconds. If the value is 0, this means to wait indefinitely.

0

 

maxResults

long

The maximum number of entries that will be returned as a result of the search. 0 indicates that all entries will be returned.

0

 

returnObject

boolean

Enables/disables returning objects returned as part of the result. If disabled, only the name and class of the object is returned. If enabled, the object will be returned.

false

 

pageSize

int

If the LDAP server supports paging results set in this attribute the size of the page. If the pageSize is less or equals than 0, then paging will be disabled.

0

 

structuralObjectClass

String

The type of entry that will be returned. Only for DataSense purposes to be used in Anypoint Studio IDE. Has no impact on runtime, that's why it is optional.

 

Returns

Return Java Type Description

List<LDAPEntry>

A List of LDAPEntry objects with the results of the search. If the search throws no results, then this is an empty list.

Paged result search

<ldap:paged-result-search>

  Paged Operation

  DataSense enabled

Performs a LDAP search and streams result to the rest of the flow. This means that instead of returning a list with all results it partitions the LDAP search result into pages (individual entry if resultPageSize is 1) or lists of size resultPageSize.

This is an intercepting operation what means that for each result (individual entry if resultPageSize is 1 or List of resultPageSize size) the rest of the flow will be executed. Each of these executions will return a result that will be aggregated into a List of results.

For queries returning large results it is recommended to use pagination (not all LDAP servers support this or are configured to support it). For that you need to provide a fetch size (page size) value that should be less or equal than max results (count limit). If you are getting a Size Limit Exceeded exception message then you should check that the authenticated user has enough privileges or the LDAP server is not limited by configuration. In that case, just reduce the value of the fetch size.

XML Sample

<!-- Case 1: Paging control to retrieve pages of 100 entries from the LDAP server returning a consumer iterator with pages of 50 records -->
    <ldap:paged-result-search config-ref="ldapConf" baseDn="ou=people,dc=mulesoft,dc=org" filter="(objectClass=person)" scope="SUB_TREE" pageSize="100" fetchSize="50"/>

Attributes

Name Java Type Description Default Value Required

config-ref

String

Specify which config to use

x 

baseDn

String

The base DN of the LDAP search.

x 

filter

String

A valid LDAP filter. The LDAP connector supports LDAP search filters as defined in RFC 2254. Some examples are:

  • (objectClass=*): All objects.
  • (&(objectClass=person)(!cn=andy)): All persons except for the one with common name (cn) "andy".
  • (sn=sm*): All objects with a surname that starts with "sm".
  • (&(objectClass=person)(|(sn=Smith)(sn=Johnson))): All persons with a surname equal to "Smith" or "Johnson".

x 

attributes

List<String>

A list of the attributes that should be returned in the result. If the attributes list is empty or null, then by default all LDAP entry attributes are returned.

 

scope

SearchScope

The scope of the search. Valid attributes are:

  • OBJECT: This value is used to indicate searching only the entry at the base DN, resulting in only that entry being returned (keeping in mind that it also has to meet the search filter criteria!)
  • ONE_LEVEL: This value is used to indicate searching all entries one level under the base DN - but not including the base DN and not including any entries under that one level under the base DN.
  • SUB_TREE: This value is used to indicate searching of all entries at all levels under and including the specified base DN.

ONE_LEVEL

 

timeout

int

Search timeout in milliseconds. If the value is 0, this means to wait indefinitely.

0

 

maxResults

long

The maximum number of entries that will be returned as a result of the search. 0 indicates that all entries will be returned.

0

 

returnObject

boolean

Enables/disables returning objects returned as part of the result. If disabled, only the name and class of the object is returned. If enabled, the object will be returned.

false

 

pageSize

int

If the LDAP server supports paging results set in this attribute the size of the page. If the pageSize is less or equals than 0, then paging will be disabled.

0

 

orderBy

String

Name of the LDAP attribute used to sort results.

 

ascending

boolean

If orderBy was set, whether to sort in ascending or descending order.

true

 

structuralObjectClass

String

The type of entry that will be returned. Only for DataSense purposes to be used in Anypoint Studio IDE. Has no impact on runtime, that's why it is optional.

 

pagingConfiguration

PagingConfiguration

Paging configuration. The field fetchSize in this object represents the size of pages Mule will use while iterating (vs pageSize that is an LDAP related attribute used for the amount of LDAP entries retrieved at once while iterating at low level the LDAP results)

x 

Returns

Return Java Type Description

ProviderAwarePagingDelegate<LDAPEntry,LDAPConnector>

A list with individual results of executing the rest of flow with each results page.

Search one

<ldap:search-one>

  DataSense enabled

Performs a LDAP search that is supposed to return a unique result. If the search returns more than one result, then a warn log message is generated and the first element of the result is returned.

Use this operation over #lookup(String, List, String) when you know don't know the DN of the entry you need to retrieve but you have a set of attributes that you know should return a single entry (for example an email address)

XML Sample

<!-- Case 1: Simple SUB_TREE search returning the first result -->
    <ldap:search config-ref="ldapConf" baseDn="ou=people,dc=mulesoft,dc=org" filter="(&(objectClass=person)(mail=jdoe@mail.com))" scope="SUB_TREE"/>

Attributes

Name Java Type Description Default Value Required

config-ref

String

Specify which config to use

x 

baseDn

String

The base DN of the LDAP search.

x 

filter

String

A valid LDAP filter. The LDAP connector supports LDAP search filters as defined in RFC 2254. Some examples are:

  • (objectClass=*): All objects.
  • (&(objectClass=person)(!cn=andy)): All persons except for the one with common name (cn) "andy".
  • (sn=sm*): All objects with a surname that starts with "sm".
  • (&(objectClass=person)(|(sn=Smith)(sn=Johnson))): All persons with a surname equal to "Smith" or "Johnson".

x 

attributes

List<String>

A list of the attributes that should be returned in the result. If the attributes list is empty or null, then by default all LDAP entry attributes are returned.

 

scope

SearchScope

The scope of the search. Valid attributes are:

  • OBJECT: This value is used to indicate searching only the entry at the base DN, resulting in only that entry being returned (keeping in mind that it also has to meet the search filter criteria!)
  • ONE_LEVEL: This value is used to indicate searching all entries one level under the base DN - but not including the base DN and not including any entries under that one level under the base DN.
  • SUB_TREE: This value is used to indicate searching of all entries at all levels under and including the specified base DN.

ONE_LEVEL

 

timeout

int

Search timeout in milliseconds. If the value is 0, this means to wait indefinitely.

0

 

maxResults

long

The maximum number of entries that will be returned as a result of the search. 0 indicates that all entries will be returned.

0

 

returnObject

boolean

Enables/disables returning objects returned as part of the result. If disabled, only the name and class of the object is returned. If enabled, the object will be returned.

false

 

structuralObjectClass

String

The type of entry that will be returned. Only for DataSense purposes to be used in Anypoint Studio IDE. Has no impact on runtime, that's why it is optional.

 

Returns

Return Java Type Description

LDAPEntry

A LDAPEntry with the first element of the search result or null if there are no results.

Add entry

<ldap:add>

  DataSense enabled

Creates a new LDAPEntry in the LDAP server. The entry should contain the distinguished name (DN), the objectClass attributes that define its structure and at least a value for all the required attributes (required attributes depend on the object classes assigned to the entry. You can refer to RFC 4519 for standard object classes and attributes.

XML Sample

<!-- Case 1: LDAPEntry object is in a session variable -->
        <ldap:add config-ref="ldapConfig" entry-ref="#[header:session:entryToAdd]"/>
<!-- Case 2: LDAPEntry object is in the payload -->
        <ldap:add config-ref="ldapConfig"/>

Attributes

Name Java Type Description Default Value Required

config-ref

String

Specify which config to use

x 

entry

Map<String,Object>

The LDAPEntry that should be added.

#[payload]

 

structuralObjectClass

String

The type of entry that will be added. If the entry doesn't have the objectClass attribute set, then this one will be used to retrieved the whole objectClass hierarchy. If performance is a requirement, don't rely on this functionality as several calls to the LDAP server will be done to trasverse the object class hierarchy.

 

Modify entry

<ldap:modify>

  DataSense enabled

Updates an existing LDAPEntry in the LDAP server. The entry should contain an existing distinguished name (DN), and at least a value for all the required attributes (required attributes depend on the object classes assigned to the entry. You can refer to RFC 4519 for standard object classes and attributes.

When updating a LDAP entry, only the attributes in the entry passed as parameter are updated or added. If you need to delete an attribute, you should use the delete attribute operation.

Example: Updating one attributes and adding one.

Original LDAP server entry:
dn: cn=entry,ou=group,dc=company,dc=org
cn: entry
attr1: Value1
attr2: Value2
multi1: Value3
multi1: Value4
objectclass: top
objectclass: myentry

Entry map passed as parameter:
dn: cn=entry,ou=group,dc=company,dc=org
attr1: NewValue
attr3: NewAttributeValue

Resulting LDAP server entry:
dn: cn=entry,ou=group,dc=company,dc=org
cn: entry
attr1: NewValue
attr2: Value2
multi1: Value3
multi1: Value4
attr3: NewAttributeValue
objectclass: top
objectclass: myentry

XML Sample

<!-- Case 1: LDAP entry is in the payload -->
        <ldap:modify config-ref="ldapConfig"/>
<!-- Case 2: LDAP entry is in a session variable -->
        <ldap:modify config-ref="ldapConfig">
                <ldap:entry ref="#[header:session:entryToModify]"/>
        </ldap:modify>

Attributes

Name Java Type Description Default Value Required

config-ref

String

Specify which config to use

x 

entry

LDAPEntry

The LDAPEntry that should be updated.

#[payload]

 

structuralObjectClass

String

The type of entry that will be updated. Only for DataSense purposes to be used in Anypoint Studio IDE. Has no impact on runtime, that's why it is optional.

 

Delete entry

<ldap:delete>

Deletes the LDAP entry represented by the provided distinguished name. The entry should not have child entries, in which case a ContextNotEmptyException is thrown.

This operation is idempotent. It succeeds even if the terminal atomic name is not bound in the target context, but throws NameNotFoundException if any of the intermediate contexts do not exist.

XML Sample

<ldap:delete config-ref="ldapConf" dn="uid=userToDelete,ou=people,dc=mulesoft,dc=org"/>

Attributes

Name Java Type Description Default Value Required

config-ref

String

Specify which config to use

x 

dn

String

The DN of the LDAP entry to delete

#[payload]

 

Rename entry

<ldap:rename>

Renames and existing LDAP entry (moves and entry from a DN to another one).

XML Sample

<ldap:rename config-ref="ldapConf" oldDn="cn=origin, dc=domain, dc=org" newDn="cn=destination, dc=domain, dc=org" />

Attributes

Name Java Type Description Default Value Required

config-ref

String

Specify which config to use

x 

oldDn

String

DN of the existing entry that will be renamed.

x 

newDn

String

Destination DN

x 

Add single value attribute

<ldap:add-single-value-attribute>

Adds a value for an attribute in an existing LDAP entry. If the entry already contained a value for the given attributeName then this value will be added (only if the attribute is multi value and there entry didn't have the value already).

If you want to add a value with a type different than String, then you can use the add-multi-value-attribute operation and define a one element list with the value.

XML Sample

<ldap:add-single-value-attribute config-ref="ldapConf" dn="#[map-payload:dn]" attributeName="#[map-payload:attributeName]" attributeValue="#[map-payload:attributeValue]"/>

Attributes

Name Java Type Description Default Value Required

config-ref

String

Specify which config to use

x 

dn

String

The DN of the LDAP entry to modify

x 

attributeName

String

The name of the attribute to add a value to.

x 

attributeValue

String

The value for the attribute

x 

ignoreInvalidAttribute

boolean

If the attribute value to add is already present, then don't throw InvalidAttributeException

false

 

Add multi value attribute

<ldap:add-multi-value-attribute>

Adds all the values for an attribute in an existing LDAP entry. If the entry already contained a value (or values) for the given attributeName then these values will be added. The attribute should allow multiple values or an exception will be raised.

XML Sample

<ldap:add-multi-value-attribute config-ref="ldapConf" dn="#[map-payload:dn]" attributeName="#[map-payload:attributeName]" attributeValues-ref="#[map-payload:attributeValues]"/>

Attributes

Name Java Type Description Default Value Required

config-ref

String

Specify which config to use

x 

dn

String

The DN of the LDAP entry to modify

x 

attributeName

String

The name of the attribute to add values to.

x 

attributeValues

List<Object>

The values for the attribute

#[payload]

 

ignoreInvalidAttribute

boolean

If the attribute value to add is already present, then don't throw InvalidAttributeException

false

 

Modify single value attribute

<ldap:modify-single-value-attribute>

Updates (replaces) the value or values of the attribute defined by attributeName with the new value defined by attributeValue. If the attribute was not present in the entry, then the value is added.

If you want to update a value with a type different than String, then you can use the update-multi-value-attribute operation and define a one element list with the value.

XML Sample

<ldap:modify-single-value-attribute config-ref="ldapConf" dn="#[map-payload:dn]" attributeName="#[map-payload:attributeName]" attributeValue="#[map-payload:attributeValue]"/>

Attributes

Name Java Type Description Default Value Required

config-ref

String

Specify which config to use

x 

dn

String

The DN of the LDAP entry to modify

x 

attributeName

String

The name of the attribute to update its value.

x 

attributeValue

String

The new value for the attribute

x 

ignoreInvalidAttribute

boolean

If the attribute value to modify is already present, then don't throw InvalidAttributeException

false

 

Modify multi value attribute

<ldap:modify-multi-value-attribute>

Updates (replaces) the value or values of the attribute defined by attributeName with the new values defined by attributeValues. If the attribute was not present in the entry, then the value is added.

XML Sample

<ldap:modify-multi-value-attribute config-ref="ldapConf" dn="#[map-payload:dn]" attributeName="#[map-payload:attributeName]" attributeValues-ref="#[map-payload:attributeValues]"/>

Attributes

Name Java Type Description Default Value Required

config-ref

String

Specify which config to use

x 

dn

String

The DN of the LDAP entry to modify

x 

attributeName

String

The name of the attribute to update its values.

x 

attributeValues

List<Object>

The new values for the attribute

x 

ignoreInvalidAttribute

boolean

If the attribute value to modify is already present, then don't throw InvalidAttributeException

false

 

Delete single value attribute

<ldap:delete-single-value-attribute>

Deletes the value matching attributeValue of the attribute defined by attributeName. If the entry didn't have the value, then the entry stays the same. If no value is specified, then the whole attribute is deleted from the entry.

If you want to delete a value with a type different than String, then you can use the delete-multi-value-attribute operation and define a one element list with the value.

XML Sample

<ldap:delete-single-value-attribute config-ref="ldapConf" dn="#[map-payload:dn]" attributeName="#[map-payload:attributeName]" attributeValue="#[map-payload:attributeValue]"/>

Attributes

Name Java Type Description Default Value Required

config-ref

String

Specify which config to use

x 

dn

String

The DN of the LDAP entry to modify

x 

attributeName

String

The name of the attribute to delete its value.

x 

attributeValue

String

The value that should be deleted.

 

ignoreInvalidAttribute

boolean

If the attribute or value to delete is no present, then don't throw InvalidAttributeException

false

 

Delete multi value attribute

<ldap:delete-multi-value-attribute>

Deletes all the values matching attributeValues of the attribute defined by attributeName. Values that are not present in the entry are ignored. If no values are specified, then the whole attribute is deleted from the entry.

XML Sample

<ldap:delete-multi-value-attribute config-ref="ldapConf" dn="#[map-payload:dn]" attributeName="#[map-payload:attributeName]" attributeValues-ref="#[map-payload:attributeValues]"/>

Attributes

Name Java Type Description Default Value Required

config-ref

String

Specify which config to use

x 

dn

String

The DN of the LDAP entry to modify

x 

attributeName

String

The name of the attribute to delete its values.

x 

attributeValues

List<Object>

The values that should be deleted.

 

ignoreInvalidAttribute

boolean

If the attribute or value to delete is no present, then don't throw InvalidAttributeException

false

 

Ldap entry to ldif

<ldap:ldap-entry-to-ldif>

Transforms a LDAPEntry to a String in LDIF representation (RFC 2849).

XML Sample

<ldap:ldap-entry-to-ldif config-ref="ldapConf"></ldap:ldap-entry-to-ldif>

Attributes

Name Java Type Description Default Value Required

config-ref

String

Specify which config to use

x 

entry

LDAPEntry

The LDAPEntry to transform to LDIF.

#[payload]

 

Returns

Return Java Type Description

String

The LDIF representation of the entry.