Child pages
  • LDAP Subject API example
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Public LDAP example

CMU has a public LDAP server.  We can hook up a subject source to it as an example

Server: ldap.andrew.cmu.edu
Base DN: dc=cmu,dc=edu
URL: ldap://ldap.andrew.cmu.edu:389/dc=cmu,dc=edu

Top OU: ou=person

Users: guid=ABC123

Attributes:

  • objectClass: cmuPerson
  • cn (First Last)
  • mail
  • eduPersonSchoolCollegeName
  • cmuAndrewId: netId

Sources.xml

  <source adapterClass="edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter">
    <id>cmu</id>
    <name>cmu</name>
    <type>person</type>
    <init-param>
      <param-name>INITIAL_CONTEXT_FACTORY</param-name>
      <param-value>com.sun.jndi.ldap.LdapCtxFactory</param-value>
    </init-param>
    <init-param>
      <param-name>PROVIDER_URL</param-name>
      <param-value>ldap://ldap.andrew.cmu.edu:389/dc=cmu,dc=edu</param-value>
    </init-param>
    <init-param>
      <param-name>SECURITY_AUTHENTICATION</param-name>
      <param-value>none</param-value>
      <!-- param-value>simple</param-value -->
    </init-param>
    <!-- init-param>
      <param-name>SECURITY_PRINCIPAL</param-name>
      <param-value>CN=grouperad,OU=Service Accounts,OU=Admin,DC=clinlan,DC=local</param-value>
    </init-param>
    <init-param>
      <param-name>SECURITY_CREDENTIALS</param-name>
      <param-value>/etc/grouper/ADSource.pass</param-value>
    </init-param -->
     <init-param>
      <param-name>SubjectID_AttributeType</param-name>
      <param-value>guid</param-value>
    </init-param>
     <init-param>
      <param-name>SubjectID_formatToLowerCase</param-name>
      <param-value>false</param-value>
    </init-param>
    <init-param>
      <param-name>Name_AttributeType</param-name>
      <param-value>cn</param-value>
    </init-param>
    <init-param>
      <param-name>Description_AttributeType</param-name>
      <param-value>nameLong</param-value>
    </init-param>
    
    <!--  /// 
          /// For filter use  -->
    
    <search>
        <searchType>searchSubject</searchType>
        <param>
            <param-name>filter</param-name>
            <param-value>
                (&amp; (guid=%TERM%) (objectclass=cmuPerson))
            </param-value>
        </param>
        <param>
            <param-name>scope</param-name>
            <!--  Scope Values can be: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE  -->
            <param-value>
                ONELEVEL_SCOPE            
            </param-value>
        </param>
        <param>
            <param-name>base</param-name>
            <param-value>
                ou=person
            </param-value>
        </param>
         
    </search>
    <search>
        <searchType>searchSubjectByIdentifier</searchType>
        <param>
            <param-name>filter</param-name>
            <param-value>
                (&amp; (cmuAndrewId=%TERM%) (objectclass=cmuPerson))
            </param-value>
        </param>
        <param>
            <param-name>scope</param-name>
            <param-value>
                ONELEVEL_SCOPE            
            </param-value>
        </param>
        <param>
            <param-name>base</param-name>
            <param-value>
                ou=person
            </param-value>
        </param>
    </search>
    
    <search>
       <searchType>search</searchType>
         <param>
            <param-name>filter</param-name>
            <param-value>
                (&amp; (|(|(cmuAndrewId=%TERM%)(cn=*%TERM%*))(guid=%TERM%))(objectclass=cmuPerson))
            </param-value>
        </param>
        <param>
            <param-name>scope</param-name>
            <param-value>
                ONELEVEL_SCOPE            
            </param-value>
        </param>
         <param>
            <param-name>base</param-name>
            <param-value>
                ou=person
            </param-value>
        </param>
    </search>
    <!-- you need this to be able to reference GrouperUtilElSafe in scripts -->
    <init-param>
      <param-name>subjectVirtualAttributeVariable_grouperUtilElSafe</param-name>
      <param-value>edu.internet2.middleware.grouper.util.GrouperUtilElSafe</param-value>
    </init-param>    
    <!-- make sure this is set -->
    <init-param>
      <param-name>subjectVirtualAttribute_0_nameLong</param-name>
      <param-value>${grouperUtilElSafe.appendIfNotBlankString(grouperUtilElSafe.defaultIfBlank(subject.getAttributeValue('cn'), ''), ' - ', grouperUtilElSafe.defaultIfBlank(subject.getAttributeValue('eduPersonSchoolCollegeName'), ''))}</param-value>
    </init-param>
    
    <init-param>
      <param-name>sortAttribute0</param-name>
      <param-value>nameLong</param-value>
    </init-param>
    <init-param>
      <param-name>searchAttribute0</param-name>
      <param-value>nameLong</param-value>
    </init-param>
    <internal-attribute>searchAttribute0</internal-attribute>
    <!-- ///Attributes you would like to display when doing a search  -->
    <attribute>eduPersonSchoolCollegeName</attribute>
    <attribute>sn</attribute>
    <attribute>cmuStudentClass</attribute>
    <attribute>givenName</attribute>
    <attribute>mail</attribute>
   
  </source>

  • No labels