-
Basic Configuration
-
TLS Configuration
LDAP Connector 3.3 Reference - Mule 4
Release Notes: LDAP Connector Release Notes
Default Configuration
Parameters
Name | Type | Description | Default Value | Required |
---|---|---|---|---|
Name |
String |
The name for this configuration. Connectors reference the configuration with this name. |
x |
|
Connection |
The connection types to provide to this configuration. |
x |
||
Expiration Policy |
ExpirationPolicy |
Configures the minimum amount of time that a dynamic configuration instance can remain idle before Mule considers it eligible for expiration. This does not mean that the instance expires at the exact moment that it becomes eligible. Mule purges the instances as appropriate. |
||
Show attributes as Objects |
boolean |
If set to true, the queries display the entity attributes as objects, containing the definition type, a flag to indicate wether or not the attribute is multi-value, and the value of the attribute. If set to false, the queries only display the attribute values. |
false |
Basic Configuration Type
Parameters
Name | Type | Description | Default Value | Required |
---|---|---|---|---|
Principal DN |
String |
x |
||
Password |
String |
|||
Authentication |
String |
|||
URL |
String |
x |
||
Reconnection |
Reconnection |
When the application is deployed, a connectivity test is performed on all connectors. If set to true, deployment fails if the test doesn’t pass after exhausting the associated reconnection strategy. |
||
Type |
Enumeration, one of: ** JNDI |
The implementation of the connection to use. |
JNDI |
|
Schema Enabled |
Boolean |
If set to true, the LDAP connector uses the LDAP schema (only works for LDAP v3) to define the structure of the LDAP entry or map. This must be 'true' to use DataSense because it affects the implementing class of org.mule.module.ldap.api.LDAPEntry attributes. |
false |
|
Referral |
Enumeration, one of:
|
Constant that holds the name of the environment property for specifying how referrals encountered by the service provider are to be processed (follow, ignore, throw). |
IGNORE |
|
Extended Configuration |
Object |
This is a Map instance holding extended configuration attributes to use in the Context environment. When working with TLS connections make sure that the native LDAP pooling functionality is turned off. For example, if using JNDI, do not use attributes such as |
||
Initial Pool Size |
Number |
The string representation of an integer that represents the number of connections per connection identity to create when initially creating a connection for the identity. To disable pooling, just set this value to 0 (zero). |
1 |
|
Max Pool Size |
Number |
The string representation of an integer that represents the maximum number of connections per connection identity that can be maintained concurrently. |
5 |
|
Pool Timeout |
Number |
The string representation of an integer that represents the number of milliseconds that an idle connection may remain in the pool without being closed and removed from the pool. |
60000 |
TLS Configuration Type
Parameters
Name | Type | Description | Default Value | Required |
---|---|---|---|---|
Principal DN |
String |
x |
||
Password |
String |
|||
Authentication |
String |
|||
URL |
String |
x |
||
Reconnection |
Reconnection |
When the application is deployed, a connectivity test is performed on all connectors. If set to true, deployment fails if the test doesn’t pass after exhausting the associated reconnection strategy. |
||
Type |
Enumeration, one of: ** JNDI |
The implementation of the connection to use. |
JNDI |
|
Schema Enabled |
Boolean |
If set to true, the LDAP connector uses the LDAP schema (only works for LDAP v3) to define the structure of the LDAP entry (or map). This needs to be 'true' to use DataSense as it affects the implementing class of |
false |
|
Referral |
Enumeration, one of:
|
Constant that holds the name of the environment property for specifying how referrals encountered by the service provider are to be processed (follow, ignore, throw). |
IGNORE |
|
Extended Configuration |
Object |
This is a Map instance holding extended configuration attributes to use in the Context environment. When working with TLS connections, you need to ensure that the native LDAP pooling functionality is turned off. For example if using JNDI, do not use attributes such as |
Add Entry
<ldap:add>
Creates a new LDAPEntry in the LDAP server. The entry should contain the distinguished name (DN), the objectClass attributes that define its structure and at least a value for all the required attributes. Required attributes depend on the object classes assigned to the entry. Refer to RFC 4519 for standard object classes and attributes.
Parameters
Name | Type | Description | Default Value | Required |
---|---|---|---|---|
Configuration |
String |
The name of the configuration to use. |
x |
|
Entry |
Object |
The LDAPEntry that should be added. |
|
|
Structural Object Class |
String |
The type of entry to add. If the entry doesn’t have the objectClass attribute set, then this one is used to retrieve the whole objectClass hierarchy. If performance is a requirement, don’t rely on this functionality, as several calls to the LDAP server are done to traverse the object class hierarchy. |
||
Reconnection Strategy |
|
A retry strategy in case of connectivity errors. |
Add Multi Value Attribute
<ldap:add-multi-value-attribute>
Adds all the values for an attribute in an existing LDAP entry. If the entry already contains a value (or values) for an attributeName, then these values are added. The attribute should allow multiple values, or an exception is raised.
Parameters
Name | Type | Description | Default Value | Required |
---|---|---|---|---|
Configuration |
String |
The name of the configuration to use. |
x |
|
DN |
String |
The DN of the LDAP entry to modify. |
x |
|
Attribute Name |
String |
The name of the attribute to add values to. |
x |
|
Attribute Values |
Array of Any |
The values for the attribute. |
|
|
Ignore Invalid Attribute |
Boolean |
If the attribute value to add is already present, then don’t throw the INVALID_ATTRIBUTE error. |
false |
|
Reconnection Strategy |
|
A retry strategy in case of connectivity errors. |
Add Single Value Attribute
<ldap:add-single-value-attribute>
Adds a value for an attribute in an existing LDAP entry. If the entry already contains a value for the given attributeName, then this value is added (only if the attribute is multi value and the entry didn’t have the value already). If you want to add a value with a type different than String, then you can use the add-multi-value-attribute operation and define a single element list with the value.
Parameters
Name | Type | Description | Default Value | Required |
---|---|---|---|---|
Configuration |
String |
The name of the configuration to use. |
x |
|
DN |
String |
The DN of the LDAP entry to modify. |
x |
|
Attribute Name |
String |
The name of the attribute to add a value to. |
x |
|
Attribute Value |
String |
The value for the attribute. |
x |
|
Ignore Invalid Attribute |
Boolean |
If the attribute value to add is already present, then don’t throw InvalidAttributeException. |
false |
|
Reconnection Strategy |
|
A retry strategy in case of connectivity errors. |
Bind
<ldap:bind>
Performs an LDAP bind (login) operation. After login there will be an LDAP connection pool ready to use for other operations using the authenticated user. If no values are provided to override authDn and authPassword then using this operation will just re-bind (re-authenticate) the user/password defined in the config element. If new values are provided for authDn and authPassword, then authentication will be performed. Re-authenticating and returning the LDAP entry using config level credentials (authDn & authPassword).
Parameters
Name | Type | Description | Default Value | Required |
---|---|---|---|---|
Configuration |
String |
The name of the configuration to use. |
x |
|
Principal DN |
String |
The Principal DN of the user. |
||
Password |
String |
The Password for Principal DN. |
||
Authentication |
String |
The type of authentication. |
||
Target Variable |
String |
The name of a variable in which the operation’s output is placed |
||
Target Value |
String |
An expression to evaluate against the operation’s output and the outcome of that expression stored in the target variable. |
|
|
Reconnection Strategy |
|
A retry strategy in case of connectivity errors. |
Delete Entry
<ldap:delete>
Deletes the LDAP entry represented by the provided distinguished name (DN). The entry should not have child entries, in which case a CONTEXT_NOT_EMPTY error is thrown. This operation is idempotent. The operations succeeds even if the terminal atomic name is not bound in the target context, but throws NAME_NOT_FOUND error if any of the intermediate contexts do not exist.
Delete Multi Value Attribute
<ldap:delete-multi-value-attribute>
Deletes all the values matching attributeValues of the attribute defined by attributeName. Values that are not present in the entry are ignored. If no values are specified, then the whole attribute is deleted from the entry.
Parameters
Name | Type | Description | Default Value | Required |
---|---|---|---|---|
Configuration |
String |
The name of the configuration to use. |
x |
|
DN |
String |
The DN of the LDAP entry to modify. |
x |
|
Attribute Name |
String |
The name of the attribute to delete its values. |
x |
|
Attribute Values |
Array of Any |
The values that should be deleted. |
|
|
Ignore Invalid Attribute |
Boolean |
If the attribute or value to delete is not present, then don’t throw the INVALID_ATTRIBUTE error. |
false |
|
Reconnection Strategy |
|
A retry strategy in case of connectivity errors. |
Delete Single Value Attribute
<ldap:delete-single-value-attribute>
Deletes the value matching attributeValue of the attribute defined by attributeName. If the entry didn’t have the value, then the entry stays the same. If no value is specified, then the whole attribute is deleted from the entry. If you want to delete a value with a type different than String, then you can use the delete-multi-value-attribute operation and define a single element list with the value.
Parameters
Name | Type | Description | Default Value | Required |
---|---|---|---|---|
Configuration |
String |
The name of the configuration to use. |
x |
|
DN |
String |
The DN of the LDAP entry to modify. |
x |
|
Attribute Name |
String |
The name of the attribute to delete its value. |
x |
|
Attribute Value |
String |
The value that should be deleted. |
||
Ignore Invalid Attribute |
Boolean |
If the attribute or value to delete is not present, then don’t throw the INVALID_ATTRIBUTE error. |
false |
|
Reconnection Strategy |
|
A retry strategy in case of connectivity errors. |
Exists
<ldap:exists>
Checks whether an LDAP entry exists in the LDAP server or not.
Parameters
Name | Type | Description | Default Value | Required |
---|---|---|---|---|
Configuration |
String |
The name of the configuration to use. |
x |
|
DN |
String |
The DN of the LDAP entry to retrieve. |
x |
|
Target Variable |
String |
The name of a variable in which the operation’s output is placed. |
||
Target Value |
String |
An expression to evaluate against the operation’s output and the outcome of that expression stored in the target variable. |
|
|
Reconnection Strategy |
|
A retry strategy in case of connectivity errors. |
LDAPEntry To LDIF
<ldap:ldap-entry-to-ldif>
Transforms an LDAPEntry to a String in LDIF representation (RFC 2849).
Parameters
Name | Type | Description | Default Value | Required |
---|---|---|---|---|
Configuration |
String |
The name of the configuration to use. |
x |
|
Entry |
Object |
The LDAPEntry to transform to LDIF. |
|
|
Target Variable |
String |
The name of a variable in which the operation’s output is placed. |
||
Target Value |
String |
An expression to evaluate against the operation’s output and the outcome of that expression stored in the target variable. |
|
|
Reconnection Strategy |
|
A retry strategy in case of connectivity errors. |
Lookup
<ldap:lookup>
Retrieves an entry from the LDAP server based on its distinguished name (DN). Distinguished Names are the unique identifiers of an LDAP entry, so this method performs a search based on this ID and returns a single entry as the result, or throws an exception if the DN is invalid or doesn’t exist.
When you know the DN of the object you want to retrieve, use this operation:
#searchOne(LDAPConfiguration, LDAPConnectionWrapper, String, String, List, SearchScope, int, long, boolean, String)
Parameters
Name | Type | Description | Default Value | Required |
---|---|---|---|---|
Configuration |
String |
The name of the configuration to use. |
x |
|
DN |
String |
The DN of the LDAP entry to retrieve. |
x |
|
Attributes |
Array of String |
A list of the attributes to return in the result. If the attributes list is empty or null, then by default all LDAP entry attributes are returned. |
||
Structural Object Class |
String |
The type of entry to return. This is used for DataSense in Anypoint Studio IDE and has no impact on Mule. |
||
Target Variable |
String |
The name of a variable in which the operation’s output is placed. |
||
Target Value |
String |
An expression to evaluate against the operation’s output and the outcome of that expression stored in the target variable. |
|
|
Reconnection Strategy |
|
A retry strategy in case of connectivity errors. |
Modify Entry
<ldap:modify>
Updates an existing LDAPEntry in the LDAP server. The entry should contain an existing distinguished name (DN), and at least a value for all the required attributes. Required attributes depend on the object classes assigned to the entry. You can refer to RFC 4519 for standard object classes and attributes.
When updating an LDAP entry, only the attributes in the entry passed as parameters are updated or added. If you need to delete an attribute, you should use the delete attribute operation.
Example: Updating one attribute and adding another.
Original LDAP server entry:
dn: cn=entry,ou=group,dc=company,dc=org
cn: entry
attr1: Value1
attr2: Value2
multi1: Value3
multi1: Value4
objectclass: top
objectclass: myentry
Entry map passed as a parameter:
dn: cn=entry,ou=group,dc=company,dc=org
attr1: NewValue
attr3: NewAttributeValue `
Resulting LDAP server entry:
dn: cn=entry,ou=group,dc=company,dc=org
cn: entry
attr1: NewValue
attr2: Value2
multi1: Value3
multi1: Value4
attr3: NewAttributeValue
objectclass: top
objectclass: myentry
Parameters
Name | Type | Description | Default Value | Required |
---|---|---|---|---|
Configuration |
String |
The name of the configuration to use. |
x |
|
Entry |
Object |
The LDAPEntry that should be updated. |
|
|
Structural Object Class |
String |
The type of entry to update. This is used for DataSense in Anypoint Studio IDE and has no impact on Mule. |
||
Reconnection Strategy |
|
A retry strategy in case of connectivity errors. |
Modify Multi Value Attribute
<ldap:modify-multi-value-attribute>
Updates (replaces) the value or values of the attribute defined by attributeName with the new values defined by attributeValues. If the attribute is not present in the entry, then the value is added.
Parameters
Name | Type | Description | Default Value | Required |
---|---|---|---|---|
Configuration |
String |
The name of the configuration to use. |
x |
|
DN |
String |
The DN of the LDAP entry to modify. |
x |
|
Attribute Name |
String |
The name of the attribute to update its values. |
x |
|
Attribute Values |
Array of Any |
The new values for the attribute. |
|
|
Ignore Invalid Attribute |
Boolean |
If the attribute value to modify is already present, then don’t throw the INVALID_ATTRIBUTE error. |
false |
|
Reconnection Strategy |
|
A retry strategy in case of connectivity errors. |
Modify Single Value Attribute
<ldap:modify-single-value-attribute>
Updates (replaces) the value or values of the attribute defined by attributeName with the new value defined by attributeValue. If the attribute is not present in the entry, then the value is added. To update a value with a type different than String, use the update-multi-value-attribute operation and define a single element list with the value.
Parameters
Name | Type | Description | Default Value | Required |
---|---|---|---|---|
Configuration |
String |
The name of the configuration to use. |
x |
|
DN |
String |
The DN of the LDAP entry to modify. |
x |
|
Attribute Name |
String |
The name of the attribute to update its value. |
x |
|
Attribute Value |
String |
The new value for the attribute. |
x |
|
Ignore Invalid Attribute |
Boolean |
If the attribute value to modify is already present, then don’t throw the INVALID_ATTRIBUTE error. |
false |
|
Reconnection Strategy |
|
A retry strategy in case of connectivity errors. |
Paged Result Search
<ldap:paged-result-search>
Performs an LDAP search and streams the result to the rest of the flow.
This means that instead of returning a list with all results, if the LDAP server supports paging, this operation partitions the LDAP search result into pages or lists, the size of which are specified by the Page Size parameter. If the Page Size value is set to 1
, results are returned as an individual entry.
This is an intercepting operation, which means that for each search result, the rest of the Mule flow executes. Each execution returns a result that aggregates into a list of results.
For queries returning large results, it is best to use pagination, however, not all LDAP servers support this or are configured to support it.
To use pagination, provide a page size value that’s less than or equal to the Max Results (count limit). If you get a size limit exceeded exception, ensure that the authenticated user has sufficient privileges, or that the LDAP server is not limited by its configuration, in which case, you should reduce the value of the fetch size.
Parameters
Name | Type | Description | Default Value | Required |
---|---|---|---|---|
Configuration |
String |
The name of the configuration to use. |
x |
|
Base DN |
String |
The base DN of the LDAP search. |
x |
|
Filter |
String |
A valid LDAP filter. LDAP connector supports LDAP search filters as defined in RFC 2254. |
x |
|
Attributes |
Array of String |
A list of the attributes to return in the result. If the attributes list is empty or null then, by default, all LDAP entry attributes are returned. |
||
Scope |
Enumeration, one of:
|
The scope of the search. Valid attributes are: * OBJECT: Searches only the entry at the base DN so that only results from that entry are returned. This must meet the search filter criteria. * ONE_LEVEL: Searches all entries one level under the base DN and does not include entries in the base DN or any entries one level under the base DN. * SUB_TREE: Searches all entries at all levels under and including the specified base DN. |
ONE_LEVEL |
|
Timeout |
Number |
Search timeout in milliseconds. If the value is 0, this means to wait indefinitely. |
0 |
|
Max Results |
Number |
The maximum number of entries to return as a result of the search. 0 indicates to return all entries. |
0 |
|
Return Object |
Boolean |
Enables or disables returning objects that are returned as part of the result. If disabled, only the name and class of the object is returned. If enabled, the object is returned. |
false |
|
Page Size |
Number |
If the LDAP server supports paging results, set this attribute to the size of the page. If the pageSize is less than or equal to 0, paging is disabled. |
0 |
|
Order by attribute |
String |
Name of the LDAP attribute used to sort results. |
||
Ascending order? |
Boolean |
If orderBy is set, indicates whether to sort in ascending or descending order. |
true |
|
Structural Object Class |
String |
The type of entry to return. This is used for DataSense in Anypoint Studio IDE and has no impact on Mule. |
||
Fetch Size |
Number |
The maximum number of LDAP entries retrieved at once per page. |
200 |
|
Streaming Strategy |
|
Configures how Mule processes streams. The default is to use repeatable streams. |
||
Target Variable |
String |
Name of the variable that stores the operation’s output. |
||
Target Value |
String |
Expression that evaluates the operation’s output. The outcome of the expression is stored in Target Variable. |
|
|
Reconnection Strategy |
|
A retry strategy in case of connectivity errors. |
Rename entry
<ldap:rename>
Renames an existing LDAP entry (moves an entry from a DN to another one).
Parameters
Name | Type | Description | Default Value | Required |
---|---|---|---|---|
Configuration |
String |
The name of the configuration to use. |
x |
|
Current DN |
String |
DN of the existing entry to rename. |
x |
|
New DN |
String |
Destination DN |
x |
|
Reconnection Strategy |
|
A retry strategy in case of connectivity errors. |
Search
<ldap:search>
Performs an LDAP search that returns a list of all resulting LDAP entries. For queries returning large results, use pagination; however, not all LDAP servers support this or are configured to support it. To use pagination, provide a page size value that’s less than or equal to the max results (count limit). If you get a size limit exceeded exception, ensure that the authenticated user has sufficient privileges, or that the LDAP server is not limited by its configuration.
Parameters
Name | Type | Description | Default Value | Required |
---|---|---|---|---|
Configuration |
String |
The name of the configuration to use. |
x |
|
Base DN |
String |
The base DN of the LDAP search. |
x |
|
Filter |
String |
A valid LDAP filter. The LDAP connector supports LDAP search filters as defined in RFC 2254. |
x |
|
Attributes |
Array of String |
A list of the attributes to return in the result. If the attributes list is empty or null, by default all LDAP entry attributes are returned. |
||
Scope |
Enumeration, one of:
|
The scope of the search. Valid attributes are: * OBJECT: This value is used to indicate searching only the entry at the base DN, resulting in only that entry being returned (keeping in mind that it also has to meet the search filter criteria) * ONE_LEVEL: This value is used to indicate searching all entries one level under the base DN - but not including the base DN and not including any entries under that one level under the base DN. * SUB_TREE: This value is used to indicate searching of all entries at all levels under and including the specified base DN. |
ONE_LEVEL |
|
Timeout |
Number |
Search timeout in milliseconds. If the value is 0, this means to wait indefinitely. |
0 |
|
Max Results |
Number |
The maximum number of entries to return as a result of the search. 0 indicates to return all entries. |
0 |
|
Return Object |
Boolean |
Enables or disables objects returned as part of the result. If disabled, only the name and class of the object is returned. If enabled, the object is also returned. |
false |
|
Page Size |
Number |
If the LDAP server supports paging results, set this attribute to the size of the page. If the pageSize is less than or equal to 0, then paging is disabled. |
0 |
|
Structural Object Class |
String |
The type of entry to return. This is used for DataSense in Anypoint Studio IDE and has no impact on Mule. |
||
Target Variable |
String |
The name of a variable in which the operation’s output is placed. |
||
Target Value |
String |
An expression to evaluate against the operation’s output and the outcome of that expression stored in the target variable. |
|
|
Reconnection Strategy |
|
A retry strategy in case of connectivity errors. |
Search One
<ldap:search-one>
Performs an LDAP search that is supposed to return a unique result. If the search returns more than one result, a warning log message is generated and the first element of the result is returned. Use this operation over #lookup(LDAPConfiguration, LDAPConnectionWrapper, String, List, String)
when you don’t know the DN of the entry you need to retrieve but have a set of attributes that you know should return a single entry (for example an email address).
Parameters
Name | Type | Description | Default Value | Required |
---|---|---|---|---|
Configuration |
String |
The name of the configuration to use. |
x |
|
Base DN |
String |
The base DN of the LDAP search. |
x |
|
Filter |
String |
A valid LDAP filter. The LDAP connector supports LDAP search filters as defined in RFC 2254. |
x |
|
Attributes |
Array of String |
A list of the attributes to return in the result. If the attributes list is empty or null, then by default all LDAP entry attributes are returned. |
||
Scope |
Enumeration, one of:
|
The scope of the search. Valid attributes are: * OBJECT: Indicates to search only for the entry at the base DN, resulting in only that entry being returned (keep in mind that it also has to meet the search filter criteria). * ONE_LEVEL: Indicates to search for all entries one level under the base DN - but not including the base DN and not including any entries under that one level under the base DN. * SUB_TREE: Indicates to search for all entries at all levels under and including the specified base DN. |
ONE_LEVEL |
|
Timeout |
Number |
Search timeout in milliseconds. If the value is 0, this means to wait indefinitely. |
0 |
|
Max Results |
Number |
The maximum number of entries to return as a result of the search. 0 indicates to return all entries. |
0 |
|
Return Object |
Boolean |
Enables or disables returning objects returned as part of the result. If disabled, only the name and class of the object is returned. If enabled, the object also returns. |
false |
|
Structural Object Class |
String |
The type of entry to return. This is used for DataSense in Anypoint Studio IDE and has no impact on Mule. |
||
Target Variable |
String |
The name of a variable in which the operation’s output is placed. |
||
Target Value |
String |
An expression to evaluate against the operation’s output and the outcome of that expression stored in the target variable. |
|
|
Reconnection Strategy |
|
A retry strategy in case of connectivity errors. |
Unbind
<ldap:unbind>
Closes the current connection, forcing the login operation (bind) the next time it is used.
Reconnection Type
Field | Type | Description | Default Value | Required |
---|---|---|---|---|
Fails Deployment |
Boolean |
When the application is deployed, a connectivity test is performed on all connectors. If set to true, deployment fails if the test doesn’t pass after exhausting the associated reconnection strategy. |
||
Reconnection Strategy |
|
The reconnection strategy to use. |
Expiration Policy Type
Field | Type | Description | Default Value | Required |
---|---|---|---|---|
Max Idle Time |
Number |
A scalar time value for the maximum amount of time a dynamic configuration instance should be allowed to be idle before it’s considered eligible for expiration. |
||
Time Unit |
Enumeration, one of:
|
A time unit that qualifies the maxIdleTime attribute. |
Repeatable In-Memory Iterable Type
Field | Type | Description | Default Value | Required |
---|---|---|---|---|
Initial Buffer Size |
Number |
The amount of instances to initially allow to be kept in memory to consume the stream and provide random access to it. If the stream contains more data than can fit into this buffer, the buffer expands according to the bufferSizeIncrement attribute, with an upper limit of maxInMemorySize. Default value is 100 instances. |
||
Buffer Size Increment |
Number |
This is by how much the buffer size expands if it exceeds its initial size. Setting a value of zero or lower means that the buffer should not expand, and to raise a STREAM_MAXIMUM_SIZE_EXCEEDED error when the buffer gets full. Default value is 100 instances. |
||
Max Buffer Size |
Number |
The maximum amount of memory to use. If more than that is used, then a STREAM_MAXIMUM_SIZE_EXCEEDED error is raised. A value lower than or equal to zero means no limit. |
Repeatable File Store Iterable Type
Field | Type | Description | Default Value | Required |
---|---|---|---|---|
Max In Memory Size |
Number |
The maximum amount of instances to keep in memory. If more than that is required, then it starts to buffer the content on disk. |
||
Buffer Unit |
Enumeration, one of:
|
The unit in which maxInMemorySize is expressed. |