RapidIdentity Product Guide

LDAP Adapter Actions

Compare a Record field on the LDAP server.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

dn*

expression, variable

the DN of the Record

fieldName

text, expression, variable

name of the field to be compared

fieldValue

text, expression, variable

value of the field to be compared

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

mail = "testuser@test.local"
isEqual = compareLDAPField(conn, dn, "mail", mail)

if(isEqual == true) {
  log("mail = " + mail)
} else {
  log("mail <> " + mail)
}

Delete Record from the LDAP server.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

dn*

text, expression, variable

the DN of the Record

recursive

boolean, expression, variable

recursively delete subtree rooted at dn (default: false)

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

queryExample = createRecord()
setRecordValue(queryExample,"loginDisabled","TRUE")
inactiveRecords = getLDAPRecords(conn,"ou=people,o=data","sub",
    "(loginDisabled=TRUE)")
forEach(inactive,inactiveRecords) {
  delStatus = deleteLDAPRecord(conn,inactive["@dn"])
  if(Boolean(delStatus)) {
    log("Deletion Successful!")
  } else {
    log("Deletion Failed!")
  }
}

Get changed Records from an Active Directory server.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

baseDn*

text, expression, variable

the search base dn

scope*

choice (sub, one, base), text, expression, variable

the search scope

filter*

text, expression, variable

the search filter expression or an example Record

attributes

text, expression, variable

comma separated list of attributes to return (default: none)

cookie

expression, variable

cookie returned from previous invocation (default: none, which will return all objects)

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

cookieFile = "/cookie/studentsAD.cookie"
fileExists = isFile(cookieFile)

if(!fileExists) {
  saveToFile(cookieFile, "")
} else {
}

varCookie = loadFileAsBytes(cookieFile)

# getRecords
moreResults = 1
while(moreResults != 0) {
  recordChanges = getLDAPADChanges(conn, "OU=People,DC=test,DC=local", 
    "sub", "(employeeType=Student)", "cn,sn,givenName", varCookie)
  moreResults = 0

  if(recordChanges) {
    log("Count: " + recordChanges.length)
  } else {
  }

  # foreach
  forEach(recordChange, recordChanges) {
    if(recordChange.objectClass == "cookie") {
      saveToFile(cookieFile, recordChange.cookie)
      moreResults = Number(recordChange.moreResults)
    } else {
      record = getLDAPRecord(conn, recordChange['@dn'], "*")

      # transformations
      if(!record) {
        continue()
      } else {
        log("Name information has changed: " + record.sn + " 
            " + record.givenName)
      }
    }
  }
}

Gets password stored by RapidIdentity password filter from a Record in Active Directory.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

dn*

text, expression, variable

the DN of the Record

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

password = "password1"
dn = "CN=Test User,OU=People,DC=test,DC=local"
userPwd = getLDAPADPassword(conn, dn)

if(userPwd && userPwd == password) {
  log("User has not changed their default password!")
} else {
  log("Password has been changed from default.")
}
 

Get a Record from the LDAP server.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

dn*

expression, variable

the DN of the Record

attributes

text, expression, variable

comma separated list of attributes to return (default: none)

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

resultRecord = getLDAPRecord(conn,"cn=jdoe,ou=people,o=data","givenName")

Get Records from the LDAP server.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

baseDn*

text, expression, variable

the search base dn

scope*

choice (sub, one, base), text, expression, variable

the search scope

filter*

text, expression, variable

the search filter expression or an example Record

maxResults

expression, variable

maximum number of Records to return (default: the server maximum)

attributes

text, expression, variable

comma separated list of attributes to return (default: none)

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

inactiveRecords = getLDAPRecords(conn,"o=data","sub",
    "(&(objectclass=inetOrgPerson)(loginDisabled=TRUE))")
log("There are " + inactiveRecords.length + " inactive records.")

Returns the hostname or IP address of the LDAP server being used as the metadirectory.

Property

Value

Description

returnVariable

expression, variable

Name of the variable to be assigned to the return value.

Example

LDAP = getCurrentLDAPServerAddress()
log(LDAP)

Gets universal password from a Record on a Novell eDirectory LDAP server.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

dn*

text, expression, variable

the DN of the Record

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

up = getLDAPUniversalPassword(conn, "cn=user1,ou=people,o=data")
log("The password is " + up + ".")

Get changed Records from an OpenLDAP server.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

logDN*

text, expression, variable

the dn of the accesslog

baseDn*

text, expression, variable

the search base dn

scope*

choice (sub, one, base), text, expression, variable

the search scope

classes

text, expression, variable

comma separated list of classes to return (default: none)

attributes

text, expression, variable

comma separated list of attributes to check/return (default: all)

cookie

expression, variable

cookie returned from previous invocation (default: none, which will return all objects)

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

cookieFile = "/cookie/studentsOpenLDAP.cookie"
fileExists = isFile(cookieFile)

if(!fileExists) {
  saveToFile(cookieFile, "")
} else {
}

varCookie = loadFileAsString(cookieFile)

# getRecords
moreResults = 1
while(moreResults != 0) {
  recordChanges = getOpenLDAPChanges(conn, "o=changelog", 
    "ou=people,ou=data,o=meta", "sub", "inetOrgPerson", 
    "cn,sn,givenName", varCookie)
  moreResults = 0

  if(recordChanges) {
    log("Count: " + recordChanges.length)
  } else {
  }

# foreach
  forEach(recordChange, recordChanges) {
    if(recordChange.objectClass == "cookie") {
      saveToFile(cookieFile, recordChange.cookie)
      varCookie = recordChange.cookie
      moreResults = recordChange.moreResults
    } else {
      record = getLDAPRecord(conn, recordChange['@dn'], "*")

# transformations
      if(!record || record['employeeType'] != "Student") {
        continue()
      } else {
        log("Student record has changed: " + record['@dn'])
        log(" Change type: " + recordChange.changeType)
        log(" Added attribute values: " + recordChange.added)
        log(" Deleted attribute values: " + recordChange.deleted)
      }
    }
  }
}

Gets password stored by RapidIdentity password filter from a Record in OpenLDAP.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

dn*

text, expression, variable

the DN of the Record

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

password = "password1"
dn = "CN=Test User,OU=People,DC=test,DC=local"
userPwd = getOpenLDAPPassword(conn, dn)

if(userPwd && userPwd == password) {
  log("User has not changed their default password!")
} else {
  log("Password has been changed from default.")
}

Get changed Records from an UnboundID-DS server.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

baseDn*

text, expression, variable

the search base dn

scope*

choice (sub, one, base), text, expression, variable

the search scope

classes

text, expression, variable

comma separated list of classes to return (default: none)

attributes

text, expression, variable

comma separated list of attributes to check/return (default: all)

cookie

expression, variable

cookie returned from previous invocation (default: none, which will return all objects)

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

cookieFile = "/cookie/studentsUnboundId.cookie"
fileExists = isFile(cookieFile)

if(!fileExists) {
  saveToFile(cookieFile, "")
} else {
}

varCookie = loadFileAsBytes(cookieFile)

# getRecords
moreResults = 1

while(moreResults != 0) {
  recordChanges = getUnboundIDDSChanges(conn, 
    "ou=people,ou=Accounts,dc=meta", "sub", "inetOrgPerson", 
    "cn,sn,givenName", varCookie)
  moreResults = 0

  if(recordChanges) {
    log("Count: " + recordChanges.length)
  } else {
  }

  # foreach
  forEach(recordChange, recordChanges) {
    if(recordChange.objectClass == "cookie") {
      saveToFile(cookieFile, recordChange.cookie)
      varCookie = recordChange.cookie
      moreResults = recordChange.moreResults
    } else {
      record = getLDAPRecord(conn, recordChange['@dn'], "*")

      # transformations
      if(!record || record['employeeType'] != "Student") {
        continue()
      } else {
        log("Student record has changed: " + record['@dn'])
        log(" Change type: " + recordChange.changeType)
        log(" Added attribute values: " + recordChange.added)
        log(" Deleted attribute values: " + recordChange.deleted)
      }
    }
  }
}

Gets password stored by RapidIdentity password filter from a Record in UnboundIDDS.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

dn*

text, expression, variable

the DN of the Record

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

password = "password1"
dn = "CN=Test User,OU=People,DC=test,DC=local"
userPwd = getUnboundIDDSPassword(conn, dn)

if(userPwd && userPwd == password) {
  log("User has not changed their default password!")
} else {
  log("Password has been changed from default.")
}

Modify a Record on the LDAP server.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

dn*

expression, variable

the DN of the Record

removeRecord

expression, variable

a Record containing attributes/values to be removed

addRecord

expression, variable

a Record containing attribute values to be added

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

addRecord = createRecord()
removeRecord = createRecord()
setRecordFieldValue(addRecord, "objectClass", "customObjectClass")
addRecordField(removeRecord, "telephoneNumber")
dn = "cn=Test User,ou=People,o=test"
result = modifyLDAPRecord(conn, dn, removeRecord, addRecord)
if(result) {
  log("Record modified - Added " + addRecord)
  log("Record modified - Removed " + removeRecord)
} else {
  log("Record not modified - " + dn)

Open a connection to an LDAP server.

Property

Value

Description

ldapHost*

text, expression, variable

the host name or IP address of the LDAP server

ldapPort

expression, variable

the TCP port of the LDAP server (default: 636 if using SSL, 389 otherwise.)

useSSL

boolean, expression, variable

use SSL/TLS (default: false.)

userDn

text, expression, variable

the user DN for authenticating to the LDAP server

password

password, string, expression, variable

the user password for authenticating to the LDAP server

returnVariable

expression, variable

name of the variable to be assigned to the return value

extraProperties

expression, variable

Defined below as applicable

Table 312. Booleans

Property

Description

abandonOnTimeout

Indicates whether the LDAP SDK should attempt to abandon any request for which no response is received in the maximum response timeout period

captureConnectStackTrace

Indicates whether the LDAP SDK should capture a thread stack trace for each attempt made to establish a connection

useKeepAlive

Indicates whether to use the SO_KEEPALIVE option for the underlying sockets used by associated connections

useTCPNoDelay

Indicates whether to use the TCP_NODELAY option for the underlying sockets used by associated connections

followReferrals

Indicates whether associated connections should attempt to follow any referrals that they encounter

usePassiveSSLSocketVerifier

If true, corresponds to RapidIdentity setting a SSLSocketVerifier using a passive SSL socket verifier with the connection timeout milliseconds



Table 313. Integers

Property

Description

connectTimeoutMillis

The maximum length of time in milliseconds that a connection attempt should be allowed to continue before giving up

useLinger

The SO_LINGER timeout for the underlying sockets used by associated connections

referralHopLimit

The maximum number of hops that a connection should take when trying to follow a referral

responseTimeoutMillis

The maximum length of time in milliseconds that an operation should be allowed to block while waiting for a response from the server



Example

conn = openLDAPConnection("server1.company.com","636",true,
    "cn=admin,o=company","password")

if(outputLDAP) {
  log("LDAP connection successful!")
} else {
  log("LDAP connection failed!")
}

Open a connection to the MetaDirectory LDAP in scenarios where a Cloud Tenant's SharedGlobals.properties file is not populated in RapidIdentity Cloud versions 2021.4.9 or higher

Property

Value

Description

Assign To

Expression

Choose the variable type to assign the action to

Example

Input Parameters:
{
     sessionMeta = openMetadirLDAPConnection()
     if (sessionMeta) {
          log("Connection to MetaDirectory was successful: " + sessionMeta, "DEBUG")
     } else {
          log("Connection to Metadirectory failed: " + sessionMeta, "ERROR")
     }
     if (sessionMeta) {
          close(sessionMeta)
     } else {
     }
}

Open Change Iterator for OpenLDAP server.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

logDN*

text, expression, variable

the dn of the accesslog

baseDn*

text, expression, variable

the search base dn

scope*

choice (sub, one, base), text, expression, variable

the search scope

classes

text, expression, variable

comma separated list of classes to return (default: none)

attributes

text, expression, variable

comma separated list of attributes to check/return (default: all)

cookieFile*

text, expression, variable

path to file to load/save cookie

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

cookieFile = "/cookie/studentsOpenLDAP.cookie"
recordChanges = openOpenLDAPChangeIterator(conn, 
    "o=changelog", "ou=people,ou=data,o=meta", "sub", 
    "inetOrgPerson", "cn,sn,givenName", cookieFile)

forEach(recordChange, recordChanges) {
  record = getLDAPRecord(conn, recordChange['@dn'], "*")

  # transformations
  if(!record || record['employeeType'] != "Student") {
    continue()
  } else {
    log("Student record has changed: " + record['@dn'])
    log(" Change type: " + recordChange.changeType)
    log(" Added attribute values: " + recordChange.added)
    log(" Deleted attribute values: " + recordChange.deleted)
  }
}

Open Record Iterator for OpenLDAP server to sort large sets of records.

Property

Value

Description

filter*

text, expression, password, variable

the search filter expression or an example record

pageSize

expression, variable

the preferred number of records to fetch at a time from LDAP server. (default: 100)

attributes

text, expression, password, variable

comma-separated list of attributes to check/return (default: none)

sortKey

text, expression, password, variable

comma-separated list of attributes to use as sort keys, with optional +/- to indicate sort direction. (default: unsorted)

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

sessionLDAP = openLDAPConnection("10.100.70.28", "636", true, 
    "cn=doc-admin,ou=users,ou=system,o=meta",<Password>)

# Record Iterator
i = 0
recordChanges = openLDAPRecordIterator(sessionLDAP, 
    "ou=students,ou=people,ou=data,o=meta", "sub", 
    "(employeeType=Student)","cn")

recordIterator: forEach(recordChange, recordChanges) {
  log(recordChanges)
  i = i + 1

  if(i >= 30) {
    break(recordIterator)
  } else {
  }
}

# Close
close(sessionLDAP)

Open Change Iterator for an UnboundID-DS server.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

baseDn*

text, expression, variable

the search base dn

scope*

choice (sub, one, base), text, expression, variable

the search scope

classes

text, expression, variable

comma separated list of classes to return (default: none)

attributes

text, expression, variable

comma separated list of attributes to check/return (default: all)

cookieFile*

text, expression, variable

path to file to load/save cookie

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

cookieFile = "/cookie/studentsUnboundId.cookie"
recordChanges = openUnboundIDDSChangeIterator(conn, 
    "ou=people,ou=data,o=meta", "sub", "inetOrgPerson", 
    "cn,sn,givenName", cookieFile)

forEach(recordChange, recordChanges) {
  record = getLDAPRecord(conn, recordChange['@dn'], "*")

  # transformations
  if(!record || record['employeeType'] != "Student") {
    continue()
  } else {
    log("Student record has changed: " + record['@dn'])
    log(" Change type: " + recordChange.changeType)
    log(" Added attribute values: " + recordChange.added)
    log(" Deleted attribute values: " + recordChange.deleted)
  }
}

Rename and/or move object on the LDAP server.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

oldDn*

text, expression, variable

the original DN of the object

newDn*

text, expression, variable

the new DN of the object

keepOldRdn*

boolean, expression, variable

preserve that attribute values used by the old dn (default: false.)

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

oldDN = "cn=jdoe,ou=people,o=data"
newDN = "cn=xjdoe,ou=inactive,ou=people,o=data"
renameResult = renameLDAPRecord(conn, oldDN,newDN,false)

if(renameResult) {
  log(LDAP object rename successful!)
} else {
  log(LDAP object rename failed!)
}
  

Save a Record to the LDAP server.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

record*

expression, variable

the Record to save - must contain the dn in the @dn field

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

myRecord = createRecord()
setRecordFieldValue(myRecord,"@dn", "cn=jdoe,ou=people,o=data")
setRecordFieldValue(myRecord,"objectclass", "inetOrgPerson")
setRecordFieldValue(myRecord,"givenName", "John")
setRecordFieldValue(myRecord,"sn", "Doe")
saveResult = saveLDAPRecord(conn, myRecord)

if(Boolean(saveResult)) {
  log("Save Successful!")
} else {
  log("Save Failed!")
}

Sets password on a Record on the LDAP server.

Property

Value

Description

ldapConnection*

expression, variable

the LDAP connection

dn*

text, expression, variable

the DN of the Record

password*

password, string, expression, variable

the password

oldPassword

password, string, expression, variable

the old password (default: none)

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

result = setLDAPPassword(conn, "cn=user1,cn=Users,dc=acme,dc=org", 
    <password>)
# Input from text file
textInput = openDelimitedTextInput("/root/senators.csv",
      "LastName,FirstName,Title,Email,Phone,Description")

# Open LDAP connection (SSL)
outputLDAP = openLDAPConnection("ldap.company.com",true,"cn=admin,o=company",
    "P@ssw0rD")

# Loop through input records
forEach(inputRecord,textInput) {
  # Schema mapping
  renameRecordFields(inputRecord, "LastName, FirstName, Title, Email, Phone", 
      "sn, givenName, title, mail, telephoneNumber")
  cn = inputRecord['givenName'].substr(0,1) + inputRecord['sn']
  setRecordValue(inputRecord,"@dn","cn=" + cn + ",ou=people,o=data")

  # Check for existance in target
  queryRecord = createRecord()
  setRecordFieldValue(queryRecord,"cn",cn)
  matchingRecords = getLDAPRecords(outputLDAP,"ou=people,o=data","sub",queryRecord)
  if(matchingRecords.length == 1) {
    # Match found. Add DN to current record from source.
    matchingKeyValue = getRecordFieldValue(matchingRecords[0],"@dn")
    setRecordFieldValue(inputRecord,"@dn",matchingKeyValue)
  } else {
    # No match found. Add new object.
    setRecordValue(inputRecord,"objectclass","inetorgperson")
    setRecordValue(inputRecord,"userPassword",inputRecord['sn'])
  }

  # Write (add/modify) record to LDAP
  saveLDAPRecord(outputLDAP,inputRecord)
}

# Close LDAP and file connections
close(outputLDAP)
close(textInput)