Child pages
  • LDAP Subject API example
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Current »

Public LDAP example

CMU has a public LDAP server.  We can hook up a subject source to it as an example

Server: ldap.andrew.cmu.edu
Base DN: dc=cmu,dc=edu
URL: ldap://ldap.andrew.cmu.edu:389/dc=cmu,dc=edu

Top OU: ou=person

Users: guid=ABC123

Attributes:

  • objectClass: cmuPerson
  • cn (First Last)
  • mail
  • eduPersonSchoolCollegeName
  • cmuAndrewId: netId

This example shows have a description that is the concatenation of the name and the school college name.  It will concatenate if it exists or not if there is no school college name.

 

 

Sources.xml

  <source adapterClass="edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter">
    <id>cmu</id>
    <name>cmu</name>
    <type>person</type>
    <init-param>
      <param-name>INITIAL_CONTEXT_FACTORY</param-name>
      <param-value>com.sun.jndi.ldap.LdapCtxFactory</param-value>
    </init-param>
    <init-param>
      <param-name>PROVIDER_URL</param-name>
      <param-value>ldap://ldap.andrew.cmu.edu:389/dc=cmu,dc=edu</param-value>
    </init-param>
    <init-param>
      <param-name>SECURITY_AUTHENTICATION</param-name>
      <param-value>none</param-value>
      <!-- param-value>simple</param-value -->
    </init-param>
    <!-- init-param>
      <param-name>SECURITY_PRINCIPAL</param-name>
      <param-value>CN=grouperad,OU=Service Accounts</param-value>
    </init-param>
    <init-param>
      <param-name>SECURITY_CREDENTIALS</param-name>
      <param-value>/etc/grouper/ADSource.pass</param-value>
    </init-param -->
     <init-param>
      <param-name>SubjectID_AttributeType</param-name>
      <param-value>guid</param-value>
    </init-param>
     <init-param>
      <param-name>SubjectID_formatToLowerCase</param-name>
      <param-value>false</param-value>
    </init-param>
    <init-param>
      <param-name>Name_AttributeType</param-name>
      <param-value>cn</param-value>
    </init-param>
    <init-param>
      <param-name>Description_AttributeType</param-name>
      <param-value>nameLong</param-value>
    </init-param>
    
    <!--  /// 
          /// For filter use  -->
    
    <search>
        <searchType>searchSubject</searchType>
        <param>
            <param-name>filter</param-name>
            <param-value>
                (&amp; (guid=%TERM%) (objectclass=cmuPerson))
            </param-value>
        </param>
        <param>
            <param-name>scope</param-name>
            <!--  Scope Values can be: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE  -->
            <param-value>
                ONELEVEL_SCOPE            
            </param-value>
        </param>
        <param>
            <param-name>base</param-name>
            <param-value>
                ou=person
            </param-value>
        </param>
         
    </search>
    <search>
        <searchType>searchSubjectByIdentifier</searchType>
        <param>
            <param-name>filter</param-name>
            <param-value>
                (&amp; (cmuAndrewId=%TERM%) (objectclass=cmuPerson))
            </param-value>
        </param>
        <param>
            <param-name>scope</param-name>
            <param-value>
                ONELEVEL_SCOPE            
            </param-value>
        </param>
        <param>
            <param-name>base</param-name>
            <param-value>
                ou=person
            </param-value>
        </param>
    </search>
    
    <search>
       <searchType>search</searchType>
         <param>
            <param-name>filter</param-name>
            <param-value>
                (&amp; (|(|(cmuAndrewId=%TERM%)(cn=*%TERM%*))(guid=%TERM%))(objectclass=cmuPerson))
            </param-value>
        </param>
        <param>
            <param-name>scope</param-name>
            <param-value>
                ONELEVEL_SCOPE            
            </param-value>
        </param>
         <param>
            <param-name>base</param-name>
            <param-value>
                ou=person
            </param-value>
        </param>
    </search>
    <!-- you need this to be able to reference GrouperUtilElSafe in scripts -->
    <init-param>
      <param-name>subjectVirtualAttributeVariable_grouperUtilElSafe</param-name>
      <param-value>edu.internet2.middleware.grouper.util.GrouperUtilElSafe</param-value>
    </init-param>    
    <!-- make sure subjectVirtualAttributeVariable_grouperUtilElSafe is set above -->
    <init-param>
      <param-name>subjectVirtualAttribute_0_nameLong</param-name>
      <param-value>${grouperUtilElSafe.appendIfNotBlankString(grouperUtilElSafe.defaultIfBlank(subject.getAttributeValue('cn'), ''), ' - ', grouperUtilElSafe.defaultIfBlank(subject.getAttributeValue('eduPersonSchoolCollegeName'), ''))}</param-value>
    </init-param>
    
    <init-param>
      <param-name>sortAttribute0</param-name>
      <param-value>nameLong</param-value>
    </init-param>
    <init-param>
      <param-name>searchAttribute0</param-name>
      <param-value>nameLong</param-value>
    </init-param>
    <internal-attribute>searchAttribute0</internal-attribute>
    <!-- ///Attributes you would like to display when doing a search  -->
    <attribute>eduPersonSchoolCollegeName</attribute>
    <attribute>sn</attribute>
    <attribute>cmuStudentClass</attribute>
    <attribute>givenName</attribute>
    <attribute>mail</attribute>
   
  </source>

 

this is the Java test case: LdapSubjectTest.java in Grouper API

      Subject subject = SubjectFinder.findByIdAndSource("00000000-0000-1000-2F4C-0800207F02E6", "cmu", true);
      
      assertEquals("Vincent Lun", subject.getName());
  
      assertEquals("vlun@andrew.cmu.edu", subject.getAttributeValue("mail"));
  
      assertEquals("Vincent Lun - Student Employment", subject.getDescription());
      
      assertEquals("Vincent Lun - Student Employment", subject.getAttributeValue("nameLong"));
      
      //check the search and sort attributes
      Member member = MemberFinder.findBySubject(GrouperSession.startRootSession(), subject, true);
      assertEquals("Vincent Lun - Student Employment", member.getSortString0());
      assertEquals("vincent lun - student employment", member.getSearchString0());
      
      Subject subject2 = SubjectFinder.findByIdentifierAndSource("vlun", "cmu", true);
      
      assertEquals(subject.getId(), subject2.getId());
      Set<Subject> subjects = SubjectFinder.findAll("Vincent Lun", "cmu");
      
      //hmmm, will this be one?  maybe
      assertEquals(1, GrouperUtil.length(subjects));
      assertEquals(subject.getId(), subjects.iterator().next().getId());

  • No labels