Layer7 Identity Management

Expand all | Collapse all

Call Ldap from form handlers in Identity Portal

Jump to Best Answer
  • 1.  Call Ldap from form handlers in Identity Portal

    Posted 03-02-2018 06:57 AM

    Hello All,

     

    We have a requirement where we need to fetch certain attribute values from a LDAP while creating a user through Identitiy Portal.

     

    We have researched and found out that we can use server plugin modules to achieve this. But we need assistance in passing value(as argument) from form and catching the same at the base code. We are aware that we need to use annotation @ExportedServerFunction on the method which we wish to be triggered in the plugin. But we need assistance in catching the argument which is passed from form.

     

    Can anybody assist here ?

     

    Apart from this , using this plugin we will hit LDAP and return a set of attributes back to portal. Can anyone help us in how to catch the result back at portal's side and use that for our own requirement?

     

    If there is any other better approach to hit LDAP from Portal , do let us know. Any kind of guidance would be highly appreciated.

     

    Thanks,

    Shashank



  • 2.  Re: Call Ldap from form handlers in Identity Portal
    Best Answer

     
    Posted 03-04-2018 12:27 PM

    Hi Shashank,

     

     

    You can pass run time values from the form to the plugin's function in the array you pass to the api.server() method when you call the plugin. 

    For instance, this is how you execute a plugin named "getUserID" while passing it the value of the form property to which this handler belongs to: 

       api.server(['getUserID', prop.value])

    The first argument in the array is the name of the plugin and the second value is the argument passed to the plugin's function with the @ExportedServerFunction annotation. If you want to pass more values simply add them to this array. 

    Notice that the function with the @ExportedServerFunction annotation in the plugin must expect the right amount and types of arguments, matching to the values you passed in the form handler. 

    Moreover, if you have static values you wish to pass to the plugin's function, e.g. the connection details for you LDAP, you can add them to the INIT PARAMS tab of the plugin configuration. For example:

     

    In you plugin Java code, you can get these parameters by overriding the function "public void initPlugin()" (see example attached).

     

    The @ExportedServerFunction function is also responsible for the response returned from the plugin. If you wish the plugin to return a set of arguments, simply write the function such that it returns a map (e.g. "Map<String, String>") of the values and their names. In your case it will probably be a mapping between the LDAP attributes and their values. Then, in the form handler code you will receive this map in the the property "returnValue" of the response. For example, if the plugin function returns the map {"userid": "id-test", "email": "email-test"} then you can get the value of email in the following manner: response.returnValue.email;

     

    Attached is an example for a Java code plugin that connects to LDAP using the init params from the image above. A javascript sample that execute if from within a form handler is:

    api.server(['getUserID', prop.value]).then(function(result) {
       var userid = result.returnValue.userId[0];
       alert('The user id is ' + userid);
    });

     

     

    This is the plugin code:

     

    package com.ca;

    import java.util.ArrayList;
    import java.util.HashMap;
    import java.util.Hashtable;
    import java.util.List;
    import java.util.Map;

    import javax.naming.Context;
    import javax.naming.NamingEnumeration;
    import javax.naming.NamingException;
    import javax.naming.directory.DirContext;
    import javax.naming.directory.SearchControls;
    import javax.naming.directory.SearchResult;
    import javax.naming.ldap.InitialLdapContext;
    import javax.naming.ldap.LdapContext;

    import com.idmlogic.sigma.plugin.BasePlugin;
    import com.idmlogic.sigma.plugin.annotations.ExportedServerFunction;

    public class LdapPluginGetUserId extends BasePlugin{

    private LdapContext ctx = null;
    private String ldapServer = null; //"130.119.175.215";
    private String ldapPort = null; //"13389";
    private String ldapSearchBase = null; //"dc=IdM,dc=com";
    private String ldapUsername = null; //"uid=superuser,ou=users,ou=northamerica,dc=IdM,dc=com";
    private String ldapPassword = null; //"CAdemo123";
    private String ldapPersonObjectClass = null; //"imUser";
    private String ldapEmailAttribute = null; // "mail";
    private String ldapUserIdAttribute = null; // "userid";


    @Override
    public void initPlugin(){
    String server = getInitParamValues("server");
    String port = getInitParamValues("port");
    String searchBase = getInitParamValues("searchBase");
    String userName = getInitParamValues("userName");
    String password = getInitParamValues("password");
    String personObject = getInitParamValues("personObject");
    String emailAttribute = getInitParamValues("emailAttribute");
    String userIdAttribute = getInitParamValues("userIdAttribute");

    if (server == null || port == null || searchBase == null || userName == null || password == null ) {
    System.out.println("one or more parameters are Null.");
    }
    else{
    this.ldapServer = server;
    this.ldapPort = port;
    this.ldapSearchBase = searchBase;
    this.ldapUsername = userName;
    this.ldapPassword = password;
    this.ldapPersonObjectClass = personObject;
    this.ldapEmailAttribute = emailAttribute;
    this.ldapUserIdAttribute = userIdAttribute;
    }
    }


    private void connect() throws NamingException{

    Hashtable<String, Object> env = new Hashtable<String, Object>();
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    if(ldapUsername != null) {
    env.put(Context.SECURITY_PRINCIPAL, ldapUsername);
    }
    if(ldapPassword != null) {
    env.put(Context.SECURITY_CREDENTIALS, ldapPassword);
    }
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "ldap://" + ldapServer + ":" + ldapPort);


    ctx = new InitialLdapContext(env, null);


    }


    private List<String> getUsersByPersonalEmail(String personalEmail) throws NamingException{
    List<String> result = new ArrayList<String>();

    if(personalEmail == null || personalEmail.isEmpty())
    return result;

    String serachSyntex = "(&(objectClass=" + ldapPersonObjectClass + ")(" + ldapEmailAttribute + "=*" + personalEmail + "*))";

    List<SearchResult> case1SearchResults = findGroupsByString(ctx, ldapSearchBase, serachSyntex);
    for( SearchResult searchResult: case1SearchResults){
    //System.out.println(searchResult);
    result.add(searchResult.getName());
    }

    return result;
    }

    @ExportedServerFunction
    public Map<String, List<String>> getData(String personalEmail) throws NamingException{
    Map<String, List<String>> result = new HashMap<String, List<String>>();
    connect();

    List<String> queryResult = getUsersByPersonalEmail(personalEmail);

    result.put("userId", queryResult);
    return result;

    }

    public List<SearchResult> findGroupsByString(DirContext ctx, String ldapSearchBase, String serachSyntex) throws NamingException {

    List<SearchResult> result = new ArrayList<SearchResult>();

    String searchFilter = serachSyntex;

    SearchControls searchControls = new SearchControls();
    searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);

    NamingEnumeration<SearchResult> results = ctx.search(ldapSearchBase, searchFilter, searchControls);

    while(results .hasMoreElements()) {
    result.add((SearchResult) results.nextElement());
    }

    return result;
    }

    }

     

    Regards,

    David

     

     

     

     



  • 3.  Re: Call Ldap from form handlers in Identity Portal

    Posted 03-07-2018 07:56 AM

    Hello David,

     

    Thanks a lot for your mail , we are evaluating code suggestions and come back to you with outcomes and inputs.

     

    Reagrds,

    Shashank Agarwal



  • 4.  Re: Call Ldap from form handlers in Identity Portal

    Posted 08-14-2018 05:40 PM

    Hello,

     

    I had the following LDAP search, however, I have not been successful in ordering.

     

    function initialize(api, prop) {
       api.server(['LDAPSearch', '(cn=*)', 'cn,CostCenter,description', 'ou=area,ou=groups,ou=im,ou=ca,o=com']).then(
       function(success) {
             var saida = success.returnValue;
             var result = saida.sort(function(a,b) {return a.CostCenter-b.CostCenter});
             for (var dn in result){
                            var attributes = result[dn];

                            prop.options.push({name: attributes['CostCenter'], value: attributes['cn'], description:attributes['description']});
    }
    },
    function(error) {
    console.log('ERROR');
    }
    );

     

    any Idea?



  • 5.  Re: Call Ldap from form handlers in Identity Portal

    Posted 08-14-2018 10:41 PM

    try this 

    console.log(success.returnValue);

    var result= success.returnValue.sort();

    console.log(result);



  • 6.  Re: Call Ldap from form handlers in Identity Portal

    Posted 08-14-2018 10:44 PM

    To view the console output, goto ur Brower(Chrome->DeveloperTools->Console tab)

    others browser should be similar-Firefox->Web Developer->Console tab.