The LDAP Connector will allow to connect to any LDAP server and perform every LDAP operation:
- bind: Authenticate against the LDAP server. This occurs automatically before each operation but can also be performed on request
- search: Perform a LDAP search in a base DN with a given filter
- lookup: Retrieve a unique LDAP entry
- add: Creates a new LDAP entry
- add attribute/s: Add specific attributes to an existing LDAP entry
- modify: Update an existing LDAP entry
- modify attribute/s: Update specific attributes of an existing LDAP entry
- delete: Delete an existing LDAP entry
- delete attribute/s: Delete specific attributes of an existing LDAP entry
URL |
The connection URL to the LDAP server. LDAP connection URLs have the following syntax: ldap[s]://hostname:port/base_dn
|
Type |
The implementation of the connection to be used. Right now the only available implementation is JNDI, though any other implementation can be used (For example using Novell
libraries). If you want to create your own implementation you should extend the class LDAPConnection
|
Initial Pool Size | The string representation of an integer that represents the number of connections per connection identity to create when initially creating a connection for the identity. To disable pooling, just set this value to 0 (zero). |
Max Pool Size | The string representation of an integer that represents the maximum number of connections per connection identity that can be maintained concurrently. |
Pool Timeout | The string representation of an integer that represents the number of milliseconds that an idle connection may remain in the pool without being closed and removed from the pool. |
Referral |
Constant that holds the name of the environment property for specifying how referrals encountered by the service provider are to be processed. The value of the property is one
of the following strings:
|
Extended Configuration |
This is a Map instance holding extended configuration attributes that will be used in the Context environment. Values configured here have less precedence than the other
values that are allowed in the module configuration. Some examples of extended properties (key: value) are:
|
Use Schema |
If set to true, the LDAP connector will use the LDAP schema (only works for LDAP v3) to define the structure of the LDAP entry (or map). This needs to be 'true' in order to use
DataSense. If useSchema is true, then the LDAP server schema will be used to determine if attributes of the LDAPEntry will be Multi Valued (LDAPMultiValueEntryAttribute) or Single Value LDAPSingleValueEntryAttribute. This translates if the value will be a List or a single Object (String, byte[], etc.). In the past, attributes were Multi Valued only when the retrieved LDAP entry had more than one value. Example: Sample LDAP server entry:
dn: attr1=Value2,ou=group,dc=company,dc=org Schema for objectClass myentry:
attr1: {SINGLE-VALUE=true} If useSchema is false then the resulting LDAPEntry representing the payload will return:
payload.getAttribute("attr1") returns LDAPSingleValueEntryAttribute If useSchema is true then the resulting LDAPEntry representing the payload will return:
payload.getAttribute("attr1") returns LDAPSingleValueEntryAttribute |
Additional Info
Requires Mule Enterprise License |
Yes |
Requires Entitlement |
No |
Mule Version |
3.5.0 or higher |
Configs
TLS Configuration
<ldap:tls-config>
Connection Management
Attributes
Name | Java Type | Description | Default Value | Required |
---|---|---|---|---|
name |
The name of this configuration. With this name can be later referenced. |
x |
||
authDn |
The DN (distinguished name) of the user (for example: uid=user,ou=people,dc=mulesoft,dc=org). If using Microsoft Active Directory, instead of the DN, you can provide the user@domain (for example: user@mulesoft.org). DevKit doesn't support null values for the @Connect parameters. In order to have an anonymous bind, the authentication parameter should be "none" and a default value should be provided as value for "authDn". |
x |
||
authPassword |
The password of the user |
|
||
authentication |
Specifies the authentication mechanism to use. For the Sun LDAP service provider, this can be one of the following strings:
|
|
||
url |
The connection URL to the LDAP server with the following syntax: |
x |
||
type |
The implementation of the connection to be used. |
JNDI |
|
|
referral |
Constant that holds the name of the environment property for specifying how referrals encountered by the service provider are to be processed (follow, ignore, throw). |
IGNORE |
|
|
extendedConfiguration |
This is a Map instance holding extended configuration attributes that will be used in the Context environment. When working with TLS connectionInfo you need to make sure that the native LDAP pooling functionality is turned off. For example if using JNDI do not use attributes such as 'com.sun.jndi.ldap.connect.pool=true' will cause problems when using TLS. |
|
||
schemaEnabled |
boolean |
If set to true, the LDAP connector will use the LDAP schema (only works for LDAP v3) to define the structure of the LDAP entry (or map). This needs to be 'true' in order to use DataSense as it will affect the implementing class of LDAPEntry attributes. |
false |
|
Configuration
<ldap:config>
Connection Management
Attributes
Name | Java Type | Description | Default Value | Required |
---|---|---|---|---|
name |
The name of this configuration. With this name can be later referenced. |
x |
||
authDn |
The DN (distinguished name) of the user (for example: uid=user,ou=people,dc=mulesoft,dc=org). If using Microsoft Active Directory, instead of the DN, you can provide the user@domain (for example: user@mulesoft.org). DevKit doesn't support null values for the @Connect parameters. In order to have an anonymous bind, the authentication parameter should be "none" and a default value should be provided as value for "authDn". |
x |
||
authPassword |
The password of the user |
|
||
authentication |
Specifies the authentication mechanism to use. For the Sun LDAP service provider, this can be one of the following strings:
|
|
||
initialPoolSize |
int |
The string representation of an integer that represents the number of connectionInfo per connection identity to create when initially creating a connection for the identity. To disable pooling, just set this value to 0 (zero). |
1 |
|
maxPoolSize |
int |
The string representation of an integer that represents the maximum number of connectionInfo per connection identity that can be maintained concurrently. |
5 |
|
poolTimeout |
long |
The string representation of an integer that represents the number of milliseconds that an idle connection may remain in the pool without being closed and removed from the pool. |
60000 |
|
url |
The connection URL to the LDAP server with the following syntax: |
x |
||
type |
The implementation of the connection to be used. |
JNDI |
|
|
referral |
Constant that holds the name of the environment property for specifying how referrals encountered by the service provider are to be processed (follow, ignore, throw). |
IGNORE |
|
|
extendedConfiguration |
This is a Map instance holding extended configuration attributes that will be used in the Context environment. When working with TLS connectionInfo you need to make sure that the native LDAP pooling functionality is turned off. For example if using JNDI do not use attributes such as 'com.sun.jndi.ldap.connect.pool=true' will cause problems when using TLS. |
|
||
schemaEnabled |
boolean |
If set to true, the LDAP connector will use the LDAP schema (only works for LDAP v3) to define the structure of the LDAP entry (or map). This needs to be 'true' in order to use DataSense as it will affect the implementing class of LDAPEntry attributes. |
false |
|
Processors
Bind
<ldap:bind>
Performs an LDAP bind (login) operation. After login there will be a LDAP connection pool ready to use for other operations using the authenticated user. If no values are provided to override authDn and authPassword then using this operation will just re-bind (re-authenticate) the user/password defined in the config element. If new values are provided for authDn and authPassword, then authentication will be performed. The operation supports the following four scenarios.
Re-authenticating and returning the LDAP entry using config level credentials (authDn & authPassword)
Authenticating and returning the LDAP entry using new credentials (authDn & authPassword)
Authenticating as anonymous user (returns always null)
Authenticating and returning the LDAP entry using credentials (authDn & authPassword) from Mule Expression
Attributes
Name | Java Type | Description | Default Value | Required |
---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
authDn |
|
|||
authPassword |
|
|||
authentication |
|
Unbind
<ldap:unbind>
Closes the current connection, forcing the login operation (bind) the next time it is used.
Lookup
<ldap:lookup>
DataSense enabled
Retrieves an entry from the LDAP server base on its distinguished name (DN). DNs are the unique identifiers of an LDAP entry, so this method will perform a search based on this ID and so return a single entry as result or throw an exception if the DN is invalid or inexistent.
Use this operation over #searchOne(String, String, List, SearchScope, int, long, boolean, String) when you know the DN of the object you want to retrieve.Lookup returning all attributes for the entry
Lookup returning the attributes in the list obtained by expression
Lookup returning the attributes defined in the XML config file
Attributes
Name | Java Type | Description | Default Value | Required |
---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
dn |
The DN of the LDAP entry that will be retrieved. |
x |
||
attributes |
A list of the attributes that should be returned in the result. If the attributes list is empty or null, then by default all LDAP entry attributes are returned. |
|
||
structuralObjectClass |
The type of entry that will be returned. Only for DataSense purposes to be used in Anypoint Studio IDE. Has no impact on runtime, that's why it is optional. |
|
Exists
<ldap:exists>
Checks whether a LDAP entry exists in the LDAP server or not.
Check if LDAP entry exists
Attributes
Name | Java Type | Description | Default Value | Required |
---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
dn |
The DN of the LDAP entry that will be retrieved. |
x |
Returns
Return Java Type | Description |
---|---|
boolean |
true if the LDAP entry represented by |
Search
<ldap:search>
DataSense enabled
Performs a LDAP search returning a list with all the resulting LDAP entries.
For queries returning large results it is recommended to use pagination (not all LDAP servers support this or are configured to support it). For that you need to provide a page size value that should be less or equal than max results (count limit). If you are getting a Sizelimit Exceeded exception then you should check that the authenticated user has enough privileges or the LDAP server is not limited by configuration.Returning all attributes for all persons that have Doe as surname
Returning username and fullname for the first 100 person entries
Search that receives all configuration attributes using Mule Expressions
Attributes
Name | Java Type | Description | Default Value | Required |
---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
baseDn |
The base DN of the LDAP search. |
x |
||
filter |
+++A valid LDAP filter. The LDAP connector supports LDAP search filters as defined in RFC 2254. Some examples are: <ul> <li>(objectClass=): All objects.</li> <li>(&(objectClass=person)(!cn=andy)): All persons except for the one with common name (cn) "andy".</li> <li>(sn=sm): All objects with a surname that starts with "sm".</li> <li>(&(objectClass=person)( |
(sn=Smith)(sn=Johnson))): All persons with a surname equal to "Smith" or "Johnson". </li> </ul>+ |
||
x |
attributes |
A list of the attributes that should be returned in the result. If the attributes list is empty or null, then by default all LDAP entry attributes are returned. |
||
|
scope |
The scope of the search. Valid attributes are:
|
ONE_LEVEL |
|
|
timeout |
int |
Search timeout in milliseconds. If the value is 0, this means to wait indefinitely. |
0 |
|
maxResults |
long |
The maximum number of entries that will be returned as a result of the search. 0 indicates that all entries will be returned. |
0 |
|
returnObject |
boolean |
Enables/disables returning objects returned as part of the result. If disabled, only the name and class of the object is returned. If enabled, the object will be returned. |
false |
|
pageSize |
int |
If the LDAP server supports paging results set in this attribute the size of the page. If the pageSize is less or equals than 0, then paging will be disabled. |
0 |
|
structuralObjectClass |
The type of entry that will be returned. Only for DataSense purposes to be used in Anypoint Studio IDE. Has no impact on runtime, that's why it is optional. |
Paged result search
<ldap:paged-result-search>
Paged Operation
DataSense enabled
Performs a LDAP search and streams result to the rest of the flow. This means that instead of returning a list with all results it partitions the LDAP search result into pages (individual entry if resultPageSize is 1) or lists of size resultPageSize.
This is an intercepting operation what means that for each result (individual entry if resultPageSize is 1 or List of resultPageSize size) the rest of the flow will be executed. Each of these executions will return a result that will be aggregated into a List of results. For queries returning large results it is recommended to use pagination (not all LDAP servers support this or are configured to support it). For that you need to provide a fetch size (page size) value that should be less or equal than max results (count limit). If you are getting a Size Limit Exceeded exception message then you should check that the authenticated user has enough privileges or the LDAP server is not limited by configuration. In that case, just reduce the value of the fetch size.Returning all persons LDAP entries in pages of 100 entries each
Attributes
Name | Java Type | Description | Default Value | Required |
---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
baseDn |
The base DN of the LDAP search. |
x |
||
filter |
+++A valid LDAP filter. The LDAP connector supports LDAP search filters as defined in RFC 2254. Some examples are: <ul> <li>(objectClass=): All objects.</li> <li>(&(objectClass=person)(!cn=andy)): All persons except for the one with common name (cn) "andy".</li> <li>(sn=sm): All objects with a surname that starts with "sm".</li> <li>(&(objectClass=person)( |
(sn=Smith)(sn=Johnson))): All persons with a surname equal to "Smith" or "Johnson". </li> </ul>+ |
||
x |
attributes |
A list of the attributes that should be returned in the result. If the attributes list is empty or null, then by default all LDAP entry attributes are returned. |
||
|
scope |
The scope of the search. Valid attributes are:
|
ONE_LEVEL |
|
|
timeout |
int |
Search timeout in milliseconds. If the value is 0, this means to wait indefinitely. |
0 |
|
maxResults |
long |
The maximum number of entries that will be returned as a result of the search. 0 indicates that all entries will be returned. |
0 |
|
returnObject |
boolean |
Enables/disables returning objects returned as part of the result. If disabled, only the name and class of the object is returned. If enabled, the object will be returned. |
false |
|
pageSize |
int |
If the LDAP server supports paging results set in this attribute the size of the page. If the pageSize is less or equals than 0, then paging will be disabled. |
0 |
|
orderBy |
Name of the LDAP attribute used to sort results. |
||
|
ascending |
boolean |
If orderBy was set, whether to sort in ascending or descending order. |
true |
|
structuralObjectClass |
The type of entry that will be returned. Only for DataSense purposes to be used in Anypoint Studio IDE. Has no impact on runtime, that's why it is optional. |
||
|
pagingConfiguration |
PagingConfiguration |
Paging configuration. The field fetchSize in this object represents the size of pages Mule will use while iterating (vs pageSize that is an LDAP related attribute used for the amount of LDAP entries retrieved at once while iterating at low level the LDAP results) |
Returns
Return Java Type | Description |
---|---|
ProviderAwarePagingDelegate<LDAPEntry,LDAPConnector> |
A list with individual results of executing the rest of flow with each results page. |
Search one
<ldap:search-one>
DataSense enabled
Performs a LDAP search that is supposed to return a unique result. If the search returns more than one result, then a warn log message is generated and the first element of the result is returned.
Use this operation over #lookup(String, List, String) when you know don't know the DN of the entry you need to retrieve but you have a set of attributes that you know should return a single entry (for example an email address)Attributes
Name | Java Type | Description | Default Value | Required |
---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
baseDn |
The base DN of the LDAP search. |
x |
||
filter |
+++A valid LDAP filter. The LDAP connector supports LDAP search filters as defined in RFC 2254. Some examples are: <ul> <li>(objectClass=): All objects.</li> <li>(&(objectClass=person)(!cn=andy)): All persons except for the one with common name (cn) "andy".</li> <li>(sn=sm): All objects with a surname that starts with "sm".</li> <li>(&(objectClass=person)( |
(sn=Smith)(sn=Johnson))): All persons with a surname equal to "Smith" or "Johnson". </li> </ul>+ |
||
x |
attributes |
A list of the attributes that should be returned in the result. If the attributes list is empty or null, then by default all LDAP entry attributes are returned. |
||
|
scope |
The scope of the search. Valid attributes are:
|
ONE_LEVEL |
|
|
timeout |
int |
Search timeout in milliseconds. If the value is 0, this means to wait indefinitely. |
0 |
|
maxResults |
long |
The maximum number of entries that will be returned as a result of the search. 0 indicates that all entries will be returned. |
0 |
|
returnObject |
boolean |
Enables/disables returning objects returned as part of the result. If disabled, only the name and class of the object is returned. If enabled, the object will be returned. |
false |
|
structuralObjectClass |
The type of entry that will be returned. Only for DataSense purposes to be used in Anypoint Studio IDE. Has no impact on runtime, that's why it is optional. |
Returns
Return Java Type | Description |
---|---|
A LDAPEntry with the first element of the search result or null if there are no results. |
Add entry
<ldap:add>
DataSense enabled
Creates a new LDAPEntry in the LDAP server. The entry should contain the distinguished name (DN), the objectClass attributes that define its structure and at least a value for all the required attributes (required attributes depend on the object classes assigned to the entry. You can refer to RFC 4519 for standard object classes and attributes.
LDAPEntry object provided with expression
LDAPEntry object provided in payload
Attributes
Name | Java Type | Description | Default Value | Required |
---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
entry |
The LDAPEntry that should be added. |
#[payload] |
|
|
structuralObjectClass |
The type of entry that will be added. If the entry doesn't have the objectClass attribute set, then this one will be used to retrieved the whole objectClass hierarchy. If performance is a requirement, don't rely on this functionality as several calls to the LDAP server will be done to trasverse the object class hierarchy. |
|
Modify entry
<ldap:modify>
DataSense enabled
Updates an existing LDAPEntry in the LDAP server. The entry should contain an existing distinguished name (DN), and at least a value for all the required attributes (required attributes depend on the object classes assigned to the entry. You can refer to RFC 4519 for standard object classes and attributes.
When updating a LDAP entry, only the attributes in the entry passed as parameter are updated or added. If you need to delete an attribute, you should use the delete attribute operation. Example: Updating one attributes and adding one.Original LDAP server entry:
dn: cn=entry,ou=group,dc=company,dc=org
cn: entry
attr1: Value1
attr2: Value2
multi1: Value3
multi1: Value4
objectclass: top
objectclass: myentry
Entry map passed as parameter:
dn: cn=entry,ou=group,dc=company,dc=org
attr1: NewValue
attr3: NewAttributeValue
Resulting LDAP server entry:
dn: cn=entry,ou=group,dc=company,dc=org
cn: entry
attr1: NewValue
attr2: Value2
multi1: Value3
multi1: Value4
attr3: NewAttributeValue
objectclass: top
objectclass: myentry
The LDAP entry is in the payload
The LDAP entry is in a session variable
Attributes
Name | Java Type | Description | Default Value | Required |
---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
entry |
The LDAPEntry that should be updated. |
#[payload] |
|
|
structuralObjectClass |
The type of entry that will be updated. Only for DataSense purposes to be used in Anypoint Studio IDE. Has no impact on runtime, that's why it is optional. |
|
Delete entry
<ldap:delete>
Deletes the LDAP entry represented by the provided distinguished name. The entry should not have child entries, in which case a ContextNotEmptyException is thrown.
This operation is idempotent. It succeeds even if the terminal atomic name is not bound in the target context, but throws NameNotFoundException if any of the intermediate contexts do not exist.Rename entry
<ldap:rename>
Renames and existing LDAP entry (moves and entry from a DN to another one).
Add single value attribute
<ldap:add-single-value-attribute>
Adds a value for an attribute in an existing LDAP entry. If the entry already contained a value for the given attributeName then this value will be added (only if the attribute is multi value and there entry didn't have the value already).
If you want to add a value with a type different than String, then you can use the add-multi-value-attribute operation and define a one element list with the value.Attributes
Name | Java Type | Description | Default Value | Required |
---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
dn |
The DN of the LDAP entry to modify |
x |
||
attributeName |
The name of the attribute to add a value to. |
x |
||
attributeValue |
The value for the attribute |
x |
||
ignoreInvalidAttribute |
boolean |
If the attribute value to add is already present, then don't throw InvalidAttributeException |
false |
|
Add multi value attribute
<ldap:add-multi-value-attribute>
Adds all the values for an attribute in an existing LDAP entry. If the entry already contained a value (or values) for the given attributeName then these values will be added. The attribute should allow multiple values or an exception will be raised.
Attributes
Name | Java Type | Description | Default Value | Required |
---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
dn |
The DN of the LDAP entry to modify |
x |
||
attributeName |
The name of the attribute to add values to. |
x |
||
attributeValues |
The values for the attribute |
#[payload] |
|
|
ignoreInvalidAttribute |
boolean |
If the attribute value to add is already present, then don't throw InvalidAttributeException |
false |
|
Modify single value attribute
<ldap:modify-single-value-attribute>
Updates (replaces) the value or values of the attribute defined by attributeName with the new value defined by attributeValue. If the attribute was not present in the entry, then the value is added.
If you want to update a value with a type different than String, then you can use the update-multi-value-attribute operation and define a one element list with the value.Attributes
Name | Java Type | Description | Default Value | Required |
---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
dn |
The DN of the LDAP entry to modify |
x |
||
attributeName |
The name of the attribute to update its value. |
x |
||
attributeValue |
The new value for the attribute |
x |
||
ignoreInvalidAttribute |
boolean |
If the attribute value to modify is already present, then don't throw InvalidAttributeException |
false |
|
Modify multi value attribute
<ldap:modify-multi-value-attribute>
Updates (replaces) the value or values of the attribute defined by attributeName with the new values defined by attributeValues. If the attribute was not present in the entry, then the value is added.
Attributes
Name | Java Type | Description | Default Value | Required |
---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
dn |
The DN of the LDAP entry to modify |
x |
||
attributeName |
The name of the attribute to update its values. |
x |
||
attributeValues |
The new values for the attribute |
x |
||
ignoreInvalidAttribute |
boolean |
If the attribute value to modify is already present, then don't throw InvalidAttributeException |
false |
|
Delete single value attribute
<ldap:delete-single-value-attribute>
Deletes the value matching attributeValue of the attribute defined by attributeName. If the entry didn't have the value, then the entry stays the same. If no value is specified, then the whole attribute is deleted from the entry.
If you want to delete a value with a type different than String, then you can use the delete-multi-value-attribute operation and define a one element list with the value.Attributes
Name | Java Type | Description | Default Value | Required |
---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
dn |
The DN of the LDAP entry to modify |
x |
||
attributeName |
The name of the attribute to delete its value. |
x |
||
attributeValue |
The value that should be deleted. |
|
||
ignoreInvalidAttribute |
boolean |
If the attribute or value to delete is no present, then don't throw InvalidAttributeException |
false |
|
Delete multi value attribute
<ldap:delete-multi-value-attribute>
Deletes all the values matching attributeValues of the attribute defined by attributeName. Values that are not present in the entry are ignored. If no values are specified, then the whole attribute is deleted from the entry.
Attributes
Name | Java Type | Description | Default Value | Required |
---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
dn |
The DN of the LDAP entry to modify |
x |
||
attributeName |
The name of the attribute to delete its values. |
x |
||
attributeValues |
The values that should be deleted. |
|
||
ignoreInvalidAttribute |
boolean |
If the attribute or value to delete is no present, then don't throw InvalidAttributeException |
false |
|
Ldap entry to ldif
<ldap:ldap-entry-to-ldif>
Transforms a LDAPEntry to a String in LDIF representation (RFC 2849).
Attributes
Name | Java Type | Description | Default Value | Required |
---|---|---|---|---|
config-ref |
Specify which config to use |
x |
||
entry |
The LDAPEntry to transform to LDIF. |
#[payload] |
|
Returns
Return Java Type | Description |
---|---|
The LDIF representation of the entry. |