Skip to main content
Kinetic Community

LDAP Adapter

Overview

The LDAP Adapter is an adapter that is installed into Kinetic Bridgehub that allows data from LDAP to be pulled back using bridging.

Installation

Note: Check to ensure that this adapter isn't already installed into your bridgehub as part of the base installation before undertaking the installation tasks.

  • Download the kinetic-bridges-adapter-ldap.jar file and it's dependencies here
  • Put all of the downloaded files into the WEB-INF/lib folder for you kinetic-bridgehub installation
  • Restart the tomcat that your kinetic-bridgehub installation is located in

Setup

Configuration Values

Name Description
Server Location of the server
Port Port number of the server
Use SSL 'Yes' to use SSL; 'No' to not
Anonymous Authentication 'Yes' to use anonymous authentication; 'No' to not
Security Principal Security principal to search with
Security Credentials Security credentials
Search Base Search base to search against
Page Size Amount of records to pull pack at one time
Maximum Pages Maximum number of pages to retrieve

Example Configuration

Name Value
Server ldap.testathon.net
Port 389
Use SSL No
Anonymous Authentication No
Security Principal cn=stuart,ou=Users,dc=testathon,dc=net
Security Credentials secretpass
Search Base dc=testathon,dc=net
Page Size 50
Maximum Pages 20

Structures, Fields, and Queries

Structures

  • The structures for the LDAP Bridge are equivalent to LDAP Object Classes.

Fields

  • The fields for the LDAP Bridge are equivalent to LDAP Entity Attributes.

Queries

Filters 

LDAP query qualifications are referred to as "filters." You can construct filters based on some fairly simple syntax rules.

Filter Syntax 

Operator Name Character Purpose
Equals = Creates a filter that requires a specific value.
Any * A wildcard that means the value can be anything except null.
Parentheses () Logically separates discrete parts of the filter.
And & Joins two filters. Each part of the joined filter must be true.
Or | Joins two filters. At least one part of the filter must be true.
Not ! Excludes any object that matches the filter

Filter Examples 

The examples below show some of the most common LDAP queries. 


All objects (this unrestricted filter could cause load problems): 

objectclass=*

All user objects that are designated as a “person” 

(&(objectclass=user)(objectcategory=person))

Mailing Lists only 

(objectcategory=group)

Public Folders only 

(objectcategory=publicfolder)

All users who are members of the group identified by the DN of “CN=GRoup,OU=Users,DC=Domain,DC=com”: 

(&(objectcategory=user)(memberof=CN=Group,OU=Users,DC=Domain,DC=com))

Active Directory LDAP: All users 

(objectClass=person)

Active Directory LDAP: All email users (alternate) 

(&(objectclass=user)(objectcategory=person))

Active Directory LDAP: All active users 

(&(objectCategory=Person)(sAMAccountName=*)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

OpenLDAP: All users 

(objectClass=inetOrgPerson)

Lotus Domino LDAP: All users 

(objectClass=dominoPerson)

Lotus Domino LDAP: All objects with a mail address defined that are designated as a “person “or “group”: 

(&(|(objectclass=dominoPerson)(objectclass=dominoGroup)(objectclass=dominoServerMailInDatabase))(mail=*))

All user objects except for ones with primary email addresses that begin with “test” 

(&(&(objectclass=user)(objectcategory=person))(!(mail=test*)))

All user objects except for ones with primary email addresses that end with “test” 

(&(&(objectclass=user)(objectcategory=person))(!(mail=*test)))

All user objects except for ones with primary email addresses that contain the word “test” 

(&(&(objectclass=user)(objectcategory=person))(!(mail=*test*)))

All user objects (users and aliases) that are designated as a “person” and all group objects (distribution lists) 

(|(&(objectclass=user)(objectcategory=person))(objectcategory=group))

All user objects that are designated as a “person”, all group objects and all contacts, except those with any value defined for extensionAttribute9: 

(&(|(|(&(objectclass=user)(objectcategory=person))(objectcategory=group))(objectclass=contact))(!(extensionAttribute9=*)))

Adding Values to the Search Base using the Query 

In LDAP Bridge version 1.1.0, the ability to append values to the search base was added. Because of this, slightly new syntax was added onto the old query syntax. Query syntax now follows the form of <search base addition>(<filter>). The search base addition is not necessary to have a valid query, so all of the previous query examples work. But, if you want to use a search base query to speed up your searches, you can prepend a specific UID to the search base by doing UID=2001(ObjectClass=*).

Examples:

  • UID=20001(ObjectClass=*) -- Adds UID=20001 to the beginning of the Search Base
  • UID=2076,CN=Users(ObjectClass=*) -- Adds UID=2076,CN=Users to the beginning of the Search Base
  • (UID=1) -- A regular filter, keeps the Search Base the same
  • UID=204 -- Adds UID=204 to the Search Base and performs an empty query

Source: http://www.google.com/support/enterp...decisions.html

Tutorial

A Tutorial for bridging with LDAP is available here.​

Changelog

v1.0.1 (2016-10-17)

  • Added default configuration values
  • Changed Security Credentials to a sensitive property

v1.0.0 (2016-01-26)

  • Initial Version