LDAP Adapter Actions
Compare a Record field on the LDAP server.
Property | Value | Description |
|---|---|---|
ldapConnection* | expression, variable | the LDAP connection |
dn* | expression, variable | the DN of the Record |
fieldName | text, expression, variable | name of the field to be compared |
fieldValue | text, expression, variable | value of the field to be compared |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
mail = "testuser@test.local"
isEqual = compareLDAPField(conn, dn, "mail", mail)
if(isEqual == true) {
log("mail = " + mail)
} else {
log("mail <> " + mail)
}Delete Record from the LDAP server.
Property | Value | Description |
|---|---|---|
ldapConnection* | expression, variable | the LDAP connection |
dn* | text, expression, variable | the DN of the Record |
recursive | boolean, expression, variable | recursively delete subtree rooted at dn (default: false) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
queryExample = createRecord()
setRecordValue(queryExample,"loginDisabled","TRUE")
inactiveRecords = getLDAPRecords(conn,"ou=people,o=data","sub",
"(loginDisabled=TRUE)")
forEach(inactive,inactiveRecords) {
delStatus = deleteLDAPRecord(conn,inactive["@dn"])
if(Boolean(delStatus)) {
log("Deletion Successful!")
} else {
log("Deletion Failed!")
}
}Get changed Records from an Active Directory server.
Property | Value | Description |
|---|---|---|
ldapConnection* | expression, variable | the LDAP connection |
baseDn* | text, expression, variable | the search base dn |
scope* | choice (sub, one, base), text, expression, variable | the search scope |
filter* | text, expression, variable | the search filter expression or an example Record |
attributes | text, expression, variable | comma separated list of attributes to return (default: none) |
cookie | expression, variable | cookie returned from previous invocation (default: none, which will return all objects) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
cookieFile = "/cookie/studentsAD.cookie"
fileExists = isFile(cookieFile)
if(!fileExists) {
saveToFile(cookieFile, "")
} else {
}
varCookie = loadFileAsBytes(cookieFile)
# getRecords
moreResults = 1
while(moreResults != 0) {
recordChanges = getLDAPADChanges(conn, "OU=People,DC=test,DC=local",
"sub", "(employeeType=Student)", "cn,sn,givenName", varCookie)
moreResults = 0
if(recordChanges) {
log("Count: " + recordChanges.length)
} else {
}
# foreach
forEach(recordChange, recordChanges) {
if(recordChange.objectClass == "cookie") {
saveToFile(cookieFile, recordChange.cookie)
moreResults = Number(recordChange.moreResults)
} else {
record = getLDAPRecord(conn, recordChange['@dn'], "*")
# transformations
if(!record) {
continue()
} else {
log("Name information has changed: " + record.sn + "
" + record.givenName)
}
}
}
}Gets password stored by RapidIdentity password filter from a Record in Active Directory.
Property | Value | Description |
|---|---|---|
ldapConnection* | expression, variable | the LDAP connection |
dn* | text, expression, variable | the DN of the Record |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
password = "password1"
dn = "CN=Test User,OU=People,DC=test,DC=local"
userPwd = getLDAPADPassword(conn, dn)
if(userPwd && userPwd == password) {
log("User has not changed their default password!")
} else {
log("Password has been changed from default.")
}
Get a Record from the LDAP server.
Property | Value | Description |
|---|---|---|
ldapConnection* | expression, variable | the LDAP connection |
dn* | expression, variable | the DN of the Record |
attributes | text, expression, variable | comma separated list of attributes to return (default: none) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
resultRecord = getLDAPRecord(conn,"cn=jdoe,ou=people,o=data","givenName")
Get Records from the LDAP server.
Property | Value | Description |
|---|---|---|
ldapConnection* | expression, variable | the LDAP connection |
baseDn* | text, expression, variable | the search base dn |
scope* | choice (sub, one, base), text, expression, variable | the search scope |
filter* | text, expression, variable | the search filter expression or an example Record |
maxResults | expression, variable | maximum number of Records to return (default: the server maximum) |
attributes | text, expression, variable | comma separated list of attributes to return (default: none) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
inactiveRecords = getLDAPRecords(conn,"o=data","sub",
"(&(objectclass=inetOrgPerson)(loginDisabled=TRUE))")
log("There are " + inactiveRecords.length + " inactive records.")
Returns the hostname or IP address of the LDAP server being used as the metadirectory.
Property | Value | Description |
|---|---|---|
returnVariable | expression, variable | Name of the variable to be assigned to the return value. |
Example
LDAP = getCurrentLDAPServerAddress() log(LDAP)
Gets universal password from a Record on a Novell eDirectory LDAP server.
Property | Value | Description |
|---|---|---|
ldapConnection* | expression, variable | the LDAP connection |
dn* | text, expression, variable | the DN of the Record |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
up = getLDAPUniversalPassword(conn, "cn=user1,ou=people,o=data")
log("The password is " + up + ".")Get changed Records from an OpenLDAP server.
Property | Value | Description |
|---|---|---|
ldapConnection* | expression, variable | the LDAP connection |
logDN* | text, expression, variable | the dn of the accesslog |
baseDn* | text, expression, variable | the search base dn |
scope* | choice (sub, one, base), text, expression, variable | the search scope |
classes | text, expression, variable | comma separated list of classes to return (default: none) |
attributes | text, expression, variable | comma separated list of attributes to check/return (default: all) |
cookie | expression, variable | cookie returned from previous invocation (default: none, which will return all objects) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
cookieFile = "/cookie/studentsOpenLDAP.cookie"
fileExists = isFile(cookieFile)
if(!fileExists) {
saveToFile(cookieFile, "")
} else {
}
varCookie = loadFileAsString(cookieFile)
# getRecords
moreResults = 1
while(moreResults != 0) {
recordChanges = getOpenLDAPChanges(conn, "o=changelog",
"ou=people,ou=data,o=meta", "sub", "inetOrgPerson",
"cn,sn,givenName", varCookie)
moreResults = 0
if(recordChanges) {
log("Count: " + recordChanges.length)
} else {
}
# foreach
forEach(recordChange, recordChanges) {
if(recordChange.objectClass == "cookie") {
saveToFile(cookieFile, recordChange.cookie)
varCookie = recordChange.cookie
moreResults = recordChange.moreResults
} else {
record = getLDAPRecord(conn, recordChange['@dn'], "*")
# transformations
if(!record || record['employeeType'] != "Student") {
continue()
} else {
log("Student record has changed: " + record['@dn'])
log(" Change type: " + recordChange.changeType)
log(" Added attribute values: " + recordChange.added)
log(" Deleted attribute values: " + recordChange.deleted)
}
}
}
}Gets password stored by RapidIdentity password filter from a Record in OpenLDAP.
Property | Value | Description |
|---|---|---|
ldapConnection* | expression, variable | the LDAP connection |
dn* | text, expression, variable | the DN of the Record |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
password = "password1"
dn = "CN=Test User,OU=People,DC=test,DC=local"
userPwd = getOpenLDAPPassword(conn, dn)
if(userPwd && userPwd == password) {
log("User has not changed their default password!")
} else {
log("Password has been changed from default.")
}Get changed Records from an UnboundID-DS server.
Property | Value | Description |
|---|---|---|
ldapConnection* | expression, variable | the LDAP connection |
baseDn* | text, expression, variable | the search base dn |
scope* | choice (sub, one, base), text, expression, variable | the search scope |
classes | text, expression, variable | comma separated list of classes to return (default: none) |
attributes | text, expression, variable | comma separated list of attributes to check/return (default: all) |
cookie | expression, variable | cookie returned from previous invocation (default: none, which will return all objects) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
cookieFile = "/cookie/studentsUnboundId.cookie"
fileExists = isFile(cookieFile)
if(!fileExists) {
saveToFile(cookieFile, "")
} else {
}
varCookie = loadFileAsBytes(cookieFile)
# getRecords
moreResults = 1
while(moreResults != 0) {
recordChanges = getUnboundIDDSChanges(conn,
"ou=people,ou=Accounts,dc=meta", "sub", "inetOrgPerson",
"cn,sn,givenName", varCookie)
moreResults = 0
if(recordChanges) {
log("Count: " + recordChanges.length)
} else {
}
# foreach
forEach(recordChange, recordChanges) {
if(recordChange.objectClass == "cookie") {
saveToFile(cookieFile, recordChange.cookie)
varCookie = recordChange.cookie
moreResults = recordChange.moreResults
} else {
record = getLDAPRecord(conn, recordChange['@dn'], "*")
# transformations
if(!record || record['employeeType'] != "Student") {
continue()
} else {
log("Student record has changed: " + record['@dn'])
log(" Change type: " + recordChange.changeType)
log(" Added attribute values: " + recordChange.added)
log(" Deleted attribute values: " + recordChange.deleted)
}
}
}
}Gets password stored by RapidIdentity password filter from a Record in UnboundIDDS.
Property | Value | Description |
|---|---|---|
ldapConnection* | expression, variable | the LDAP connection |
dn* | text, expression, variable | the DN of the Record |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
password = "password1"
dn = "CN=Test User,OU=People,DC=test,DC=local"
userPwd = getUnboundIDDSPassword(conn, dn)
if(userPwd && userPwd == password) {
log("User has not changed their default password!")
} else {
log("Password has been changed from default.")
}Modify a Record on the LDAP server.
Property | Value | Description |
|---|---|---|
ldapConnection* | expression, variable | the LDAP connection |
dn* | expression, variable | the DN of the Record |
removeRecord | expression, variable | a Record containing attributes/values to be removed |
addRecord | expression, variable | a Record containing attribute values to be added |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
addRecord = createRecord()
removeRecord = createRecord()
setRecordFieldValue(addRecord, "objectClass", "customObjectClass")
addRecordField(removeRecord, "telephoneNumber")
dn = "cn=Test User,ou=People,o=test"
result = modifyLDAPRecord(conn, dn, removeRecord, addRecord)
if(result) {
log("Record modified - Added " + addRecord)
log("Record modified - Removed " + removeRecord)
} else {
log("Record not modified - " + dn)
Open a connection to an LDAP server.
Property | Value | Description |
|---|---|---|
ldapHost* | text, expression, variable | the host name or IP address of the LDAP server |
ldapPort | expression, variable | the TCP port of the LDAP server (default: 636 if using SSL, 389 otherwise.) |
useSSL | boolean, expression, variable | use SSL/TLS (default: false.) |
userDn | text, expression, variable | the user DN for authenticating to the LDAP server |
password | password, string, expression, variable | the user password for authenticating to the LDAP server |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
conn = openLDAPConnection("server1.company.com","636",true,
"cn=admin,o=company","password")
if(outputLDAP) {
log("LDAP connection successful!")
} else {
log("LDAP connection failed!")
}Open Change Iterator for OpenLDAP server.
Property | Value | Description |
|---|---|---|
ldapConnection* | expression, variable | the LDAP connection |
logDN* | text, expression, variable | the dn of the accesslog |
baseDn* | text, expression, variable | the search base dn |
scope* | choice (sub, one, base), text, expression, variable | the search scope |
classes | text, expression, variable | comma separated list of classes to return (default: none) |
attributes | text, expression, variable | comma separated list of attributes to check/return (default: all) |
cookieFile* | text, expression, variable | path to file to load/save cookie |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
cookieFile = "/cookie/studentsOpenLDAP.cookie"
recordChanges = openOpenLDAPChangeIterator(conn,
"o=changelog", "ou=people,ou=data,o=meta", "sub",
"inetOrgPerson", "cn,sn,givenName", cookieFile)
forEach(recordChange, recordChanges) {
record = getLDAPRecord(conn, recordChange['@dn'], "*")
# transformations
if(!record || record['employeeType'] != "Student") {
continue()
} else {
log("Student record has changed: " + record['@dn'])
log(" Change type: " + recordChange.changeType)
log(" Added attribute values: " + recordChange.added)
log(" Deleted attribute values: " + recordChange.deleted)
}
}Open Record Iterator for OpenLDAP server to sort large sets of records.
Property | Value | Description |
|---|---|---|
filter* | text, expression, password, variable | the search filter expression or an example record |
pageSize | expression, variable | the preferred number of records to fetch at a time from LDAP server. (default: 100) |
attributes | text, expression, password, variable | comma-separated list of attributes to check/return (default: none) |
sortKey | text, expression, password, variable | comma-separated list of attributes to use as sort keys, with optional +/- to indicate sort direction. (default: unsorted) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
sessionLDAP = openLDAPConnection("10.100.70.28", "636", true,
"cn=doc-admin,ou=users,ou=system,o=meta",<Password>)
# Record Iterator
i = 0
recordChanges = openLDAPRecordIterator(sessionLDAP,
"ou=students,ou=people,ou=data,o=meta", "sub",
"(employeeType=Student)","cn")
recordIterator: forEach(recordChange, recordChanges) {
log(recordChanges)
i = i + 1
if(i >= 30) {
break(recordIterator)
} else {
}
}
# Close
close(sessionLDAP)Open Change Iterator for an UnboundID-DS server.
Property | Value | Description |
|---|---|---|
ldapConnection* | expression, variable | the LDAP connection |
baseDn* | text, expression, variable | the search base dn |
scope* | choice (sub, one, base), text, expression, variable | the search scope |
classes | text, expression, variable | comma separated list of classes to return (default: none) |
attributes | text, expression, variable | comma separated list of attributes to check/return (default: all) |
cookieFile* | text, expression, variable | path to file to load/save cookie |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
cookieFile = "/cookie/studentsUnboundId.cookie"
recordChanges = openUnboundIDDSChangeIterator(conn,
"ou=people,ou=data,o=meta", "sub", "inetOrgPerson",
"cn,sn,givenName", cookieFile)
forEach(recordChange, recordChanges) {
record = getLDAPRecord(conn, recordChange['@dn'], "*")
# transformations
if(!record || record['employeeType'] != "Student") {
continue()
} else {
log("Student record has changed: " + record['@dn'])
log(" Change type: " + recordChange.changeType)
log(" Added attribute values: " + recordChange.added)
log(" Deleted attribute values: " + recordChange.deleted)
}
}Rename and/or move object on the LDAP server.
Property | Value | Description |
|---|---|---|
ldapConnection* | expression, variable | the LDAP connection |
oldDn* | text, expression, variable | the original DN of the object |
newDn* | text, expression, variable | the new DN of the object |
keepOldRdn* | boolean, expression, variable | preserve that attribute values used by the old dn (default: false.) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
oldDN = "cn=jdoe,ou=people,o=data"
newDN = "cn=xjdoe,ou=inactive,ou=people,o=data"
renameResult = renameLDAPRecord(conn, oldDN,newDN,false)
if(renameResult) {
log(LDAP object rename successful!)
} else {
log(LDAP object rename failed!)
}
Save a Record to the LDAP server.
Property | Value | Description |
|---|---|---|
ldapConnection* | expression, variable | the LDAP connection |
record* | expression, variable | the Record to save - must contain the dn in the @dn field |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
myRecord = createRecord()
setRecordFieldValue(myRecord,"@dn", "cn=jdoe,ou=people,o=data")
setRecordFieldValue(myRecord,"objectclass", "inetOrgPerson")
setRecordFieldValue(myRecord,"givenName", "John")
setRecordFieldValue(myRecord,"sn", "Doe")
saveResult = saveLDAPRecord(conn, myRecord)
if(Boolean(saveResult)) {
log("Save Successful!")
} else {
log("Save Failed!")
}Sets password on a Record on the LDAP server.
Property | Value | Description |
|---|---|---|
ldapConnection* | expression, variable | the LDAP connection |
dn* | text, expression, variable | the DN of the Record |
password* | password, string, expression, variable | the password |
oldPassword | password, string, expression, variable | the old password (default: none) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
result = setLDAPPassword(conn, "cn=user1,cn=Users,dc=acme,dc=org",
<password>)# Input from text file
textInput = openDelimitedTextInput("/root/senators.csv",
"LastName,FirstName,Title,Email,Phone,Description")
# Open LDAP connection (SSL)
outputLDAP = openLDAPConnection("ldap.company.com",true,"cn=admin,o=company",
"P@ssw0rD")
# Loop through input records
forEach(inputRecord,textInput) {
# Schema mapping
renameRecordFields(inputRecord, "LastName, FirstName, Title, Email, Phone",
"sn, givenName, title, mail, telephoneNumber")
cn = inputRecord['givenName'].substr(0,1) + inputRecord['sn']
setRecordValue(inputRecord,"@dn","cn=" + cn + ",ou=people,o=data")
# Check for existance in target
queryRecord = createRecord()
setRecordFieldValue(queryRecord,"cn",cn)
matchingRecords = getLDAPRecords(outputLDAP,"ou=people,o=data","sub",queryRecord)
if(matchingRecords.length == 1) {
# Match found. Add DN to current record from source.
matchingKeyValue = getRecordFieldValue(matchingRecords[0],"@dn")
setRecordFieldValue(inputRecord,"@dn",matchingKeyValue)
} else {
# No match found. Add new object.
setRecordValue(inputRecord,"objectclass","inetorgperson")
setRecordValue(inputRecord,"userPassword",inputRecord['sn'])
}
# Write (add/modify) record to LDAP
saveLDAPRecord(outputLDAP,inputRecord)
}
# Close LDAP and file connections
close(outputLDAP)
close(textInput)