Layer 7 API Management

Expand all | Collapse all

APIGateway-LDAP User Group

Jump to Best Answer
  • 1.  APIGateway-LDAP User Group

    Posted 13 days ago
    Hi,

    We are looking to pass the User Group of username passed in the request from LDAP  to the target system.Could you please help  us  on how we can achieve this .

    Thanks in Anticipation
    Manasa

    ------------------------------
    Developer
    TCS
    ------------------------------


  • 2.  RE: APIGateway-LDAP User Group

    Posted 11 days ago
    Dear Manasa,
    I am not sure if I understand your question properly, are you trying to store some LDAP info in the request, and the gateway pass those info to the backend target server?

    if true, the requestor can store the ldap info in header(s),  or body, the default route via http(s) assertion will pass anything in the original request to the backend. The backend needs to know how to pick up the info from the request.

    Regards,
    Mark


  • 3.  RE: APIGateway-LDAP User Group

    Posted 8 days ago
    Hi Zhijun,

    We are trying to get the UserGroup of the User from LDAP configured in Gateway .Is there any possibility of doing this.

    Thanks
    Manasa


    ------------------------------
    Developer
    TCS
    ------------------------------



  • 4.  RE: APIGateway-LDAP User Group
    Best Answer

    Posted 8 days ago
    So, you want to extract a ldap user's attribute (UserGroup), right?
    If true,
    1. on ldap identity provider configuration, you would need to ensure the ldap IDP can retrieve the attribute you want, for example, select option "Retrieve all attributes in step 4. Advanced Configuration -> Attribute Options

    2. In your policy, you would need to authenticate against the ldap IDP first, and then use the Extract Attributes for Authenticated User Assertion to retrieve the custom attribute UserGroup,



  • 5.  RE: APIGateway-LDAP User Group

    Posted 8 days ago
    Something to be aware of here is that by enabling the "Retrieve all attributes" option you may be introducing a performance bottle neck with some LDAP configurations. If there are a lot of attributes for the user then you could be pulling a lot of unnecessary information across for the user. If you know the specific attributes you require then select the "Retrieve mapped and specified attributes only" and explicitly list the ones you require.

    ------------------------------
    Jay MacDonald - Adoption Architect - Broadcom API Management (Layer 7)
    ------------------------------



  • 6.  RE: APIGateway-LDAP User Group

    Posted 2 days ago
    Hi Mark,

    I have tried using the same,but unable to receive the Group.

    Accessing the variable with authenticatedUser.UserGroup
    Getting empty value.

    Thanks
    Manasa


    ------------------------------
    Developer
    TCS
    ------------------------------



  • 7.  RE: APIGateway-LDAP User Group

    Posted 2 days ago
    Dear Manasa,
    You might double check the following,
    1. on ldap server, is there UserGroup attribute for each user?
    2. on the ldap identity provider, did you configure to retrieve the UserGroup attribute, or retrieve all attributes?
    3. for the particular authenticate user during the API call, you may double check its data in ldap, does this user have an empty UserGroup attribute?

    Regards,
    Mark