Layer 7 Identity Management

Identity Portal LDAP Search Plugin.docx 

05-16-2018 02:53 AM
Statistics
0 Favorited
2 Views
1 Files
0 Shares
3 Downloads
Attachment(s)
docx file
Identity Portal LDAP Search Plugin.docx   252K   1 version
Uploaded - 05-29-2019

Tags and Keywords

Comments

10-11-2018 10:19 AM

Hi Pedro,

 

Thanks for bringing up your concerns.

This document is very useful and even it has helped me that the reason I tried to upload it so that others can also make use of it.

 

I'll see how I can reflect that  "credit for this valuable document goes to you".

10-11-2018 08:58 AM

Hello, Massimo,

 

I am happy to know my document has been helpful.

 

I'm also glad somebody took the time to upload the document I made.

 

But to be completely honest, I am very disappointed that no credits were given to the one who took the time to write it and test it.

 

At least my name still appears as the Author in the document itself...

Regards,
Pedro 

10-11-2018 06:01 AM

Hi All,

 

Thank you for the LDAP code.

Does anyone have similar plugin code for connecting and pulling a list from an Oracle Database?

 

Thanks in advance.

06-09-2018 04:59 AM

To see a message in portal log (tail_ip_log) use "System.out.println("TEST LOGGING");"

to see console.log message open developer tool of the browser ( press key F12 on chrome) and then open "console" tab.

For more information on how to open console screen in browser check the following link:

https://kb.mailster.co/how-can-i-open-the-browsers-console/ 

 

06-09-2018 04:36 AM

Thanks again for further code and explanations.

 

I tried to put in the handler, in order to debug, console.log("TEST LOGGING");

 

I am in tail on the portal log (tail_ip_log) and also wildfly-console.log, but no message appears on the logs. The "init" plugin is called, as I see the results on the field.

 

So where is this "console.log" logging?

06-07-2018 08:01 PM

IDM Suite 14.X doesn't support INIT_PARAM for javascript plugin hence you have two options as follows

1- Provide the INIT Params values by directly infusing them into the LDAP code ( refer code at the bottom of this comment)

2- Transfer the INIT param to Portal FORM  associated with this plugin and pass them as LDAP function parameters.

 

Plugin Code

-------------------------------------------------------------

function LDAPSearch(query, attributes, baseDN) {
// Params:
// query LDAP filter - ex: '(cn=IAM_*)'
// attributes Comma-separeted list of attributes to retrieve - ex: 'cn,description,owner'
// baseDN base DN used for the search - ex: 'o=acme, c=br'

// Allows the usage of 'importPackage' with JRE8
try{
load("nashorn:mozilla_compat.js");
}
catch(e){}

 

// Import LDAP Packages
importPackage(Packages.java.util.Hashtable);
importPackage(Packages.java.util.HashMap);
importPackage(Packages.javax.naming.Context);
importPackage(Packages.javax.naming.NamingEnumeration);
importPackage(Packages.javax.naming.NamingException);
importPackage(Packages.javax.naming.directory.DirContext);
importPackage(Packages.javax.naming.directory.InitialDirContext);
importPackage(Packages.javax.naming.directory.SearchControls);

 

// Connexion and Search Control Variables
var host = "<enter IDM User Store server name>";  // i.e. "127.0.0.1"
var port = "< enter IDM User Store server port>"       //  i.e. "19289"
var bindDN =  "< enter IDM User Store user bind DN>"     //  i.e. "cn=dsaadmin,ou=im,ou=ca,o=com";
var pwd = "< enter IDM User Store user password>";
var cLimit = 100;
var tLimit = 60 * 1000;

 

// Formats the attribute list into a String Array
var attr = attributes.split(",");

 

// Connection info
var env = new java.util.Hashtable(11);
env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(javax.naming.Context.PROVIDER_URL, "ldap://" + host + ":" + port);
env.put(javax.naming.Context.SECURITY_PRINCIPAL, bindDN);
env.put(javax.naming.Context.SECURITY_CREDENTIALS, pwd);

 

// Start the context and launches the query
try {
var ctx = new javax.naming.directory.InitialDirContext(env);
var ctls = new javax.naming.directory.SearchControls();
ctls.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
ctls.setReturningAttributes(attr);
ctls.setCountLimit(cLimit);
ctls.setTimeLimit(tLimit);

 

var result = ctx.search(baseDN, query, ctls);

 

ctx.close();

 

var retvalMap = new java.util.HashMap();

 

// Iterates through results
while(result.hasMoreElements()){
var sr = result.next();

 

// gets the DN
var id = sr.getNameInNamespace();
var atbs = sr.getAttributes().getAll();

 

// HashMap used to store the result attributes as an independent object
var retAtbs = new java.util.HashMap();

// Iterates through all attributes 
while (atbs.hasMoreElements()){
var atb = atbs.next();

 

// For multi-valued attribute content
if(atb.size() > 1) {
var multi = atb.getAll();

 

// HashMap used to store the result attribute's values as an independent object
var retMulti = new java.util.HashMap();
// Counter used as Key in the key/value pair of the HashMaps
var i = 0;

 

// Iterates through all values
while(multi.hasMoreElements()){
retMulti.put(i, multi.next());
i++;
}

 

retAtbs.put(atb.getID(), retMulti);
}
// For single-valued attribute, just get the content
else { 
retAtbs.put(atb.getID(), atb.get());
}
}
// Sets the return as a key/Object containing the attributes
retvalMap.put(id, retAtbs);
}

 


return retvalMap;

 

}
catch (e) {
return 'Error: ' + e.toString();
}

 

}

 

 

--------------------------------------------------------------------------------------------------

Handler Code

--------------------------------------------------------------------------------------------------------

 

var usersLdapFilter = "(imManagerId=*" + searchMgrId + "*)";
var usersAttributes = "uid,cn,sn,mail,telephoneNumber,title,imManagerId";
var usersBaseDN = "ou=people,ou=im,ou=ca,o=com";

 

return api.server(['LDAPSearch', usersLdapFilter, usersAttributes, usersBaseDN]).then(

 

function(success) {

 

// First of all, get your return object
console.log(success);
var result = success.returnValue;
//console.log(result);

 

// Iterate through every entry in the result 
for (var dn in result){


// To use the entry's DN, just refer to the "dn" variable
var entry_dn = dn;
// Creates the object containing all attributes for that particular DN
var attributes = result[dn];
// To get one particular attribute value use the format attributes['attribute name']
//console.log(attributes['uid'] + " ; " + attributes['title'] + "; " + attributes['imManagerId']);
var csvRecord = attributes['uid'] + "," + attributes['cn'] + "," + attributes['sn'] + "," 
+ attributes['mail'] + "," + attributes['telephoneNumber'] + "," 
+ attributes['title'] + "," + attributes['imManagerId'];
api.getProp('refcsv').values.push(csvRecord);
}


console.log("CSV Data..............");
console.log(api.getProp('refcsv'));
return true;


},

 

function(error) {
// Do some eventual error handling like a message display
api.prompt("MSGXX- Error" );
return false;
}

);

06-07-2018 05:45 AM

Hi,

 

just wanted to thank you for this invaluable document and code! Allowed me to save a lot of time, as I would have implemented in Java (with many restarts for the Portal)!

 

Moreover, considering the absolute mediocrity (not to say something worse) of CA official documentation regarding Identity Portal plugins, this document is like gold! They should link the official manual to your doc.

 

Just one question: you talk about the INIT_PARAMS section for the plugin, but if I select javascript as the plugin language, the INIT_PARAMS section is greyed out. I am using 14.2, this might have been changed after you wrote the document. So, is there a way in the portal to define "portalwide" properties (i.e. in this case for the host address, port, etc.) and pick them from the plugin code?

 

Kind regards,

Massimo.

Related Entries and Links

No Related Resource entered.