Contact Us 1-800-596-4880

LDAP Connector 3.6 Reference - Mule 4

Anypoint Connector for Lightweight Directory Access Protocol (LDAP) enables you to interface with LDAP servers.

Default Configuration

Parameters

Name Type Description Default Value Required

Name

String

The name for this configuration. Connectors reference the configuration with this name.

x

Connection

  • Basic Configuration

  • SSL Configuration

  • TLS Configuration

The connection types to provide to this configuration.

x

Expiration Policy

ExpirationPolicy

Configures the minimum amount of time that a dynamic configuration instance can remain idle before Mule considers it eligible for expiration. This does not mean that the instance expires at the exact moment that it becomes eligible. Mule purges the instances as appropriate.

Show attributes as Objects

boolean

If set to true, the queries display the entity attributes as objects, containing the definition type, a flag to indicate wether or not the attribute is multi-value, and the value of the attribute. If set to false, the queries only display the attribute values.

false

Basic Configuration Type

For the Basic Configuration Type connection, the communications are not encrypted. If LDAP Connector runs in an instance configured with mule.security.model=fips140-2, attempting to use a Basic Configuration Type connection returns the LDAP:SECURITY error.

Parameters

Name Type Description Default Value Required

Principal DN

String

The DN (distinguished name) of the user.

x

Password

String

The password of the user.

Authentication

String

Specifies the authentication mechanism to use. Valid values are:

  • simple - Authenticates using the user DN and password

  • none - Does not authenticate

simple

URL

String

The connection URL to the LDAP server.

You can configure URL to specify multiple LDAP hosts, for example, ldap://ldap1.example.com ldap2.example.com/ou=intern-users,dc=acc,o=myorg.

x

Reconnection

Reconnection

When the application is deployed, a connectivity test is performed on all connectors. If set to true, deployment fails if the test doesn’t pass after exhausting the associated reconnection strategy.

Type

Enumeration, one of:

** JNDI

The implementation of the connection to use.

JNDI

Schema Enabled

Boolean

If set to true, the LDAP connector uses the LDAP schema (only works for LDAP v3) to define the structure of the LDAP entry or map. This must be 'true' to use DataSense because it affects the implementing class of org.mule.module.ldap.api.LDAPEntry attributes.

false

Referral

Enumeration, one of:

  • IGNORE

  • THROW

  • FOLLOW

Constant that holds the name of the environment property for specifying how referrals encountered by the service provider are to be processed (follow, ignore, throw).

IGNORE

Extended Configuration

Object

This is a Map instance holding extended configuration attributes to use in the Context environment. When working with TLS connections make sure that the native LDAP pooling functionality is turned off. For example, if using JNDI, do not use attributes such as com.sun.jndi.ldap.connect.pool=true, which causes problems when using TLS.

Initial Pool Size

Number

The string representation of an integer that represents the number of connections per connection identity to create when initially creating a connection for the identity. To disable pooling, just set this value to 0 (zero).

1

Max Pool Size

Number

The string representation of an integer that represents the maximum number of connections per connection identity that can be maintained concurrently.

5

Pool Timeout

Number

The string representation of an integer that represents the number of milliseconds that an idle connection may remain in the pool without being closed and removed from the pool.

60000

SSL Configuration Type

Parameters

Name Type Description Default Value Required

Principal DN

String

The DN (distinguished name) of the user.

x

Password

String

The password of the user.

Authentication

String

Specifies the authentication mechanism to use. Valid values are:

  • simple - Authenticates using the user DN and password

  • none - Does not authenticate

simple

URL

String

The connection URL to the LDAP server.

You can configure URL to specify multiple LDAP hosts, for example, ldap://ldap1.example.com ldap2.example.com/ou=intern-users,dc=acc,o=myorg.

x

Reconnection

When the application is deployed, a connectivity test is performed on all connectors. If set to true, deployment will fail if the test doesn’t pass after exhausting the associated reconnection strategy.

Type

Enumeration, one of:

  • JNDI

The implementation of the connection to use.

JNDI

Schema Enabled

Boolean

If set to true, the LDAP connector will use the LDAP schema (works only for LDAP v3) to define the structure of the LDAP entry or map. This parameter must be set to true to use DataSense, as it affects the implementing class of org.mule.module.ldap.api.LDAPEntry attributes.

false

Referral

Enumeration, one of:

  • IGNORE

  • THROW

  • FOLLOW

A constant that consists of the name of the environment property to specify how referrals encountered by the service provider must be processed (FOLLOW, IGNORE, THROW).

IGNORE

Extended Configuration

Object

A map instance that consists of extended configuration attributes used in the context environment. When working with TLS connections, ensure that the native LDAP pooling functionality is turned off. For example, if using JNDI, do not use attributes such as com.sun.jndi.ldap.connect.pool=true, as it will cause problems when using TLS.

Custom TrustStore Path

String

Path to the truststore that contains the certificates for secure authentication. To be FIPS 140-2 compliant, the keystore, truststore, and any custom truststore paths you are using, must be in PKCS#12 format.

Custom TrustStore Password

String

Password for the custom truststore.

TLS Configuration Type

Parameters

Name Type Description Default Value Required

Principal DN

String

The DN (distinguished name) of the user.

x

Password

String

The password of the user.

Authentication

String

Specifies the authentication mechanism to use. Valid values are:

  • simple - Authenticates using the user DN and password

  • none - Does not authenticate

simple

URL

String

The connection URL to the LDAP server.

You can configure URL to specify multiple LDAP hosts, for example, ldap://ldap1.example.com ldap2.example.com/ou=intern-users,dc=acc,o=myorg.

x

Reconnection

Reconnection

When the application is deployed, a connectivity test is performed on all connectors. If set to true, deployment fails if the test doesn’t pass after exhausting the associated reconnection strategy.

Type

Enumeration, one of:

  • JNDI

The implementation of the connection to use.

JNDI

Schema Enabled

Boolean

If set to true, the LDAP connector uses the LDAP schema (only works for LDAP v3) to define the structure of the LDAP entry (or map). This needs to be 'true' to use DataSense as it affects the implementing class of org.mule.module.ldap.api.LDAPEntry attributes.

false

Referral

Enumeration, one of:

  • IGNORE

  • THROW

  • FOLLOW

Constant that holds the name of the environment property for specifying how referrals encountered by the service provider are to be processed (follow, ignore, throw).

IGNORE

Extended Configuration

Object

This is a Map instance holding extended configuration attributes to use in the Context environment. When working with TLS connections, you need to ensure that the native LDAP pooling functionality is turned off. For example if using JNDI, do not use attributes such as com.sun.jndi.ldap.connect.pool=true, which causes problems when using TLS.

Custom TrustStore Path

String

Path to the truststore that contains the certificates needed for secure authentication. The custom truststore feature is not FIPS-compliant.

Custom TrustStore Password

String

Password for the custom truststore.

Operations

Add Entry

<ldap:add>

Creates a new LDAPEntry in the LDAP server. The entry should contain the distinguished name (DN), the objectClass attributes that define its structure and at least a value for all the required attributes. Required attributes depend on the object classes assigned to the entry. Refer to RFC 4519 for standard object classes and attributes.

Parameters

Name Type Description Default Value Required

Configuration

String

The name of the configuration to use.

x

Entry

Object

The LDAPEntry that should be added.

#[payload]

Structural Object Class

String

The type of entry to add. If the entry doesn’t have the objectClass attribute set, then this one is used to retrieve the whole objectClass hierarchy. If performance is a requirement, don’t rely on this functionality, as several calls to the LDAP server are done to traverse the object class hierarchy.

Reconnection Strategy

  • reconnect

  • reconnect-forever

A retry strategy in case of connectivity errors.

For Configurations

  • config

Throws

  • LDAP:COMMUNICATION

  • LDAP:CONNECTIVITY

  • LDAP:SECURITY

  • LDAP:CONTEXT_NOT_EMPTY

  • LDAP:INVALID_ATTRIBUTE

  • LDAP:INVALID_ENTRY

  • LDAP:NAME_ALREADY_BOUND

  • LDAP:NAME_NOT_FOUND

  • LDAP:OPERATION_NOT_SUPPORTED

  • LDAP:OPERATION_NOT_COMPLETED

  • LDAP:PERMISSION

  • LDAP:RETRY_EXHAUSTED

  • LDAP:UNKNOWN

Add Multi Value Attribute

<ldap:add-multi-value-attribute>

Adds all the values for an attribute in an existing LDAP entry. If the entry already contains a value (or values) for an attributeName, then these values are added. The attribute should allow multiple values, or an exception is raised.

Parameters

Name Type Description Default Value Required

Configuration

String

The name of the configuration to use.

x

DN

String

The DN of the LDAP entry to modify.

x

Attribute Name

String

The name of the attribute to add values to.

x

Attribute Values

Array of Any

The values for the attribute.

#[payload]

Ignore Invalid Attribute

Boolean

If the attribute value to add is already present, then don’t throw the INVALID_ATTRIBUTE error.

false

Reconnection Strategy

  • reconnect

  • reconnect-forever

A retry strategy in case of connectivity errors.

For Configurations

  • config

Throws

  • LDAP:COMMUNICATION

  • LDAP:CONNECTIVITY

  • LDAP:SECURITY

  • LDAP:CONTEXT_NOT_EMPTY

  • LDAP:INVALID_ATTRIBUTE

  • LDAP:INVALID_ENTRY

  • LDAP:NAME_ALREADY_BOUND

  • LDAP:NAME_NOT_FOUND

  • LDAP:OPERATION_NOT_SUPPORTED

  • LDAP:OPERATION_NOT_COMPLETED

  • LDAP:PERMISSION

  • LDAP:RETRY_EXHAUSTED

  • LDAP:UNKNOWN

Add Single Value Attribute

<ldap:add-single-value-attribute>

Adds a value for an attribute in an existing LDAP entry. If the entry already contains a value for the given attributeName, then this value is added (only if the attribute is multi value and the entry didn’t have the value already). If you want to add a value with a type different than String, then you can use the add-multi-value-attribute operation and define a single element list with the value.

Parameters

Name Type Description Default Value Required

Configuration

String

The name of the configuration to use.

x

DN

String

The DN of the LDAP entry to modify.

x

Attribute Name

String

The name of the attribute to add a value to.

x

Attribute Value

String

The value for the attribute.

x

Ignore Invalid Attribute

Boolean

If the attribute value to add is already present, then don’t throw InvalidAttributeException.

false

Reconnection Strategy

  • reconnect

  • reconnect-forever

A retry strategy in case of connectivity errors.

For Configurations

  • config

Throws

  • LDAP:COMMUNICATION

  • LDAP:CONNECTIVITY

  • LDAP:SECURITY

  • LDAP:CONTEXT_NOT_EMPTY

  • LDAP:INVALID_ATTRIBUTE

  • LDAP:INVALID_ENTRY

  • LDAP:NAME_ALREADY_BOUND

  • LDAP:NAME_NOT_FOUND

  • LDAP:OPERATION_NOT_SUPPORTED

  • LDAP:OPERATION_NOT_COMPLETED

  • LDAP:PERMISSION

  • LDAP:RETRY_EXHAUSTED

  • LDAP:UNKNOWN

Bind

<ldap:bind>

Performs an LDAP bind (login) operation. After login there will be an LDAP connection pool ready to use for other operations using the authenticated user. If no values are provided to override authDn and authPassword then using this operation will just re-bind (re-authenticate) the user/password defined in the config element. If new values are provided for authDn and authPassword, then authentication will be performed. Re-authenticating and returning the LDAP entry using config level credentials (authDn & authPassword).

Parameters

Name Type Description Default Value Required

Configuration

String

The name of the configuration to use.

x

Principal DN

String

The Principal DN of the user.

Password

String

The Password for Principal DN.

Authentication

String

Specifies the authentication mechanism to use. Valid values are:

  • simple - Authenticates using the user DN and password

  • none - Does not authenticate

simple

Target Variable

String

The name of a variable in which the operation’s output is placed

Target Value

String

An expression to evaluate against the operation’s output and the outcome of that expression stored in the target variable.

#[payload]

Reconnection Strategy

  • reconnect

  • reconnect-forever

A retry strategy in case of connectivity errors.

Output

Type

Object

For Configurations

  • config

Throws

  • LDAP:COMMUNICATION

  • LDAP:CONNECTIVITY

  • LDAP:SECURITY

  • LDAP:CONTEXT_NOT_EMPTY

  • LDAP:INVALID_ATTRIBUTE

  • LDAP:INVALID_ENTRY

  • LDAP:NAME_ALREADY_BOUND

  • LDAP:NAME_NOT_FOUND

  • LDAP:OPERATION_NOT_SUPPORTED

  • LDAP:OPERATION_NOT_COMPLETED

  • LDAP:PERMISSION

  • LDAP:RETRY_EXHAUSTED

  • LDAP:UNKNOWN

Delete Entry

<ldap:delete>

Deletes the LDAP entry represented by the provided distinguished name (DN). The entry should not have child entries, in which case a CONTEXT_NOT_EMPTY error is thrown. This operation is idempotent. The operations succeeds even if the terminal atomic name is not bound in the target context, but throws NAME_NOT_FOUND error if any of the intermediate contexts do not exist.

Parameters

Name Type Description Default Value Required

Configuration

String

The name of the configuration to use.

x

DN

String

The DN of the LDAP entry to delete.

x

Reconnection Strategy

  • reconnect

  • reconnect-forever

A retry strategy in case of connectivity errors.

For Configurations

  • config

Throws

  • LDAP:COMMUNICATION

  • LDAP:CONNECTIVITY

  • LDAP:SECURITY

  • LDAP:CONTEXT_NOT_EMPTY

  • LDAP:INVALID_ATTRIBUTE

  • LDAP:INVALID_ENTRY

  • LDAP:NAME_ALREADY_BOUND

  • LDAP:NAME_NOT_FOUND

  • LDAP:OPERATION_NOT_SUPPORTED

  • LDAP:OPERATION_NOT_COMPLETED

  • LDAP:PERMISSION

  • LDAP:RETRY_EXHAUSTED

  • LDAP:UNKNOWN

Delete Multi Value Attribute

<ldap:delete-multi-value-attribute>

Deletes all the values matching attributeValues of the attribute defined by attributeName. Values that are not present in the entry are ignored. If no values are specified, then the whole attribute is deleted from the entry.

Parameters

Name Type Description Default Value Required

Configuration

String

The name of the configuration to use.

x

DN

String

The DN of the LDAP entry to modify.

x

Attribute Name

String

The name of the attribute to delete its values.

x

Attribute Values

Array of Any

The values that should be deleted.

#[payload]

Ignore Invalid Attribute

Boolean

If the attribute or value to delete is not present, then don’t throw the INVALID_ATTRIBUTE error.

false

Reconnection Strategy

  • reconnect

  • reconnect-forever

A retry strategy in case of connectivity errors.

For Configurations

  • config

Throws

  • LDAP:COMMUNICATION

  • LDAP:CONNECTIVITY

  • LDAP:SECURITY

  • LDAP:CONTEXT_NOT_EMPTY

  • LDAP:INVALID_ATTRIBUTE

  • LDAP:INVALID_ENTRY

  • LDAP:NAME_ALREADY_BOUND

  • LDAP:NAME_NOT_FOUND

  • LDAP:OPERATION_NOT_SUPPORTED

  • LDAP:OPERATION_NOT_COMPLETED

  • LDAP:PERMISSION

  • LDAP:RETRY_EXHAUSTED

  • LDAP:UNKNOWN

Delete Single Value Attribute

<ldap:delete-single-value-attribute>

Deletes the value matching attributeValue of the attribute defined by attributeName. If the entry didn’t have the value, then the entry stays the same. If no value is specified, then the whole attribute is deleted from the entry. If you want to delete a value with a type different than String, then you can use the delete-multi-value-attribute operation and define a single element list with the value.

Parameters

Name Type Description Default Value Required

Configuration

String

The name of the configuration to use.

x

DN

String

The DN of the LDAP entry to modify.

x

Attribute Name

String

The name of the attribute to delete its value.

x

Attribute Value

String

The value that should be deleted.

Ignore Invalid Attribute

Boolean

If the attribute or value to delete is not present, then don’t throw the INVALID_ATTRIBUTE error.

false

Reconnection Strategy

  • reconnect

  • reconnect-forever

A retry strategy in case of connectivity errors.

For Configurations

  • config

Throws

  • LDAP:COMMUNICATION

  • LDAP:CONNECTIVITY

  • LDAP:SECURITY

  • LDAP:CONTEXT_NOT_EMPTY

  • LDAP:INVALID_ATTRIBUTE

  • LDAP:INVALID_ENTRY

  • LDAP:NAME_ALREADY_BOUND

  • LDAP:NAME_NOT_FOUND

  • LDAP:OPERATION_NOT_SUPPORTED

  • LDAP:OPERATION_NOT_COMPLETED

  • LDAP:PERMISSION

  • LDAP:RETRY_EXHAUSTED

  • LDAP:UNKNOWN

Exists

<ldap:exists>

Checks whether an LDAP entry exists in the LDAP server or not.

Parameters

Name Type Description Default Value Required

Configuration

String

The name of the configuration to use.

x

DN

String

The DN of the LDAP entry to retrieve.

x

Target Variable

String

The name of a variable in which the operation’s output is placed.

Target Value

String

An expression to evaluate against the operation’s output and the outcome of that expression stored in the target variable.

#[payload]

Reconnection Strategy

  • reconnect

  • reconnect-forever

A retry strategy in case of connectivity errors.

Output

Type

Boolean

For Configurations

  • config

Throws

  • LDAP:COMMUNICATION

  • LDAP:CONNECTIVITY

  • LDAP:SECURITY

  • LDAP:CONTEXT_NOT_EMPTY

  • LDAP:INVALID_ATTRIBUTE

  • LDAP:INVALID_ENTRY

  • LDAP:NAME_ALREADY_BOUND

  • LDAP:NAME_NOT_FOUND

  • LDAP:OPERATION_NOT_SUPPORTED

  • LDAP:OPERATION_NOT_COMPLETED

  • LDAP:PERMISSION

  • LDAP:RETRY_EXHAUSTED

  • LDAP:UNKNOWN

LDAPEntry To LDIF

<ldap:ldap-entry-to-ldif>

Transforms an LDAPEntry to a String in LDIF representation (RFC 2849).

Parameters

Name Type Description Default Value Required

Configuration

String

The name of the configuration to use.

x

Entry

Object

The LDAPEntry to transform to LDIF.

#[payload]

Target Variable

String

The name of a variable in which the operation’s output is placed.

Target Value

String

An expression to evaluate against the operation’s output and the outcome of that expression stored in the target variable.

#[payload]

Reconnection Strategy

  • reconnect

  • reconnect-forever

A retry strategy in case of connectivity errors.

Output

Type

String

For Configurations

  • config

Throws

  • LDAP:COMMUNICATION

  • LDAP:CONNECTIVITY

  • LDAP:SECURITY

  • LDAP:CONTEXT_NOT_EMPTY

  • LDAP:INVALID_ATTRIBUTE

  • LDAP:INVALID_ENTRY

  • LDAP:NAME_ALREADY_BOUND

  • LDAP:NAME_NOT_FOUND

  • LDAP:OPERATION_NOT_SUPPORTED

  • LDAP:OPERATION_NOT_COMPLETED

  • LDAP:PERMISSION

  • LDAP:RETRY_EXHAUSTED

  • LDAP:UNKNOWN

Lookup

<ldap:lookup>

Retrieves an entry from the LDAP server based on its distinguished name (DN). Distinguished Names are the unique identifiers of an LDAP entry, so this method performs a search based on this ID and returns a single entry as the result, or throws an exception if the DN is invalid or doesn’t exist.

When you know the DN of the object you want to retrieve, use this operation:

#searchOne(LDAPConfiguration, LDAPConnectionWrapper, String, String, List, SearchScope, int, long, boolean, String)

Parameters

Name Type Description Default Value Required

Configuration

String

The name of the configuration to use.

x

DN

String

The DN of the LDAP entry to retrieve.

x

Attributes

Array of String

A list of the attributes to return in the result. If the attributes list is empty or null, then by default all LDAP entry attributes are returned.

Structural Object Class

String

The type of entry to return. This is used for DataSense in Anypoint Studio IDE and has no impact on Mule.

Target Variable

String

The name of a variable in which the operation’s output is placed.

Target Value

String

An expression to evaluate against the operation’s output and the outcome of that expression stored in the target variable.

#[payload]

Reconnection Strategy

  • reconnect

  • reconnect-forever

A retry strategy in case of connectivity errors.

Output

Type

Object

For Configurations

  • config

Throws

  • LDAP:COMMUNICATION

  • LDAP:CONNECTIVITY

  • LDAP:SECURITY

  • LDAP:CONTEXT_NOT_EMPTY

  • LDAP:INVALID_ATTRIBUTE

  • LDAP:INVALID_ENTRY

  • LDAP:NAME_ALREADY_BOUND

  • LDAP:NAME_NOT_FOUND

  • LDAP:OPERATION_NOT_SUPPORTED

  • LDAP:OPERATION_NOT_COMPLETED

  • LDAP:PERMISSION

  • LDAP:RETRY_EXHAUSTED

  • LDAP:UNKNOWN

Modify Entry

<ldap:modify>

Updates an existing LDAPEntry in the LDAP server. The entry should contain an existing distinguished name (DN), and at least a value for all the required attributes. Required attributes depend on the object classes assigned to the entry. You can refer to RFC 4519 for standard object classes and attributes.

When updating an LDAP entry, only the attributes in the entry passed as parameters are updated or added. If you need to delete an attribute, you should use the delete attribute operation.

Example: Updating one attribute and adding another.

Original LDAP server entry:

dn: cn=entry,ou=group,dc=company,dc=org
cn: entry
attr1: Value1
attr2: Value2
multi1: Value3
multi1: Value4
objectclass: top
objectclass: myentry

Entry map passed as a parameter:

dn: cn=entry,ou=group,dc=company,dc=org
attr1: NewValue
attr3: NewAttributeValue `

Resulting LDAP server entry:

dn: cn=entry,ou=group,dc=company,dc=org
cn: entry
attr1: NewValue
attr2: Value2
multi1: Value3
multi1: Value4
attr3: NewAttributeValue
objectclass: top
objectclass: myentry

Parameters

Name Type Description Default Value Required

Configuration

String

The name of the configuration to use.

x

Entry

Object

The LDAPEntry that should be updated.

#[payload]

Structural Object Class

String

The type of entry to update. This is used for DataSense in Anypoint Studio IDE and has no impact on Mule.

Reconnection Strategy

  • reconnect

  • reconnect-forever

A retry strategy in case of connectivity errors.

For Configurations

  • config

Throws

  • LDAP:COMMUNICATION

  • LDAP:CONNECTIVITY

  • LDAP:SECURITY

  • LDAP:CONTEXT_NOT_EMPTY

  • LDAP:INVALID_ATTRIBUTE

  • LDAP:INVALID_ENTRY

  • LDAP:NAME_ALREADY_BOUND

  • LDAP:NAME_NOT_FOUND

  • LDAP:OPERATION_NOT_SUPPORTED

  • LDAP:OPERATION_NOT_COMPLETED

  • LDAP:PERMISSION

  • LDAP:RETRY_EXHAUSTED

  • LDAP:UNKNOWN

Modify Multi Value Attribute

<ldap:modify-multi-value-attribute>

Updates (replaces) the value or values of the attribute defined by attributeName with the new values defined by attributeValues. If the attribute is not present in the entry, then the value is added.

Parameters

Name Type Description Default Value Required

Configuration

String

The name of the configuration to use.

x

DN

String

The DN of the LDAP entry to modify.

x

Attribute Name

String

The name of the attribute to update its values.

x

Attribute Values

Array of Any

The new values for the attribute.

#[payload]

Ignore Invalid Attribute

Boolean

If the attribute value to modify is already present, then don’t throw the INVALID_ATTRIBUTE error.

false

Reconnection Strategy

  • reconnect

  • reconnect-forever

A retry strategy in case of connectivity errors.

For Configurations

  • config

Throws

  • LDAP:COMMUNICATION

  • LDAP:CONNECTIVITY

  • LDAP:SECURITY

  • LDAP:CONTEXT_NOT_EMPTY

  • LDAP:INVALID_ATTRIBUTE

  • LDAP:INVALID_ENTRY

  • LDAP:NAME_ALREADY_BOUND

  • LDAP:NAME_NOT_FOUND

  • LDAP:OPERATION_NOT_SUPPORTED

  • LDAP:OPERATION_NOT_COMPLETED

  • LDAP:PERMISSION

  • LDAP:RETRY_EXHAUSTED

  • LDAP:UNKNOWN

Modify Single Value Attribute

<ldap:modify-single-value-attribute>

Updates (replaces) the value or values of the attribute defined by attributeName with the new value defined by attributeValue. If the attribute is not present in the entry, then the value is added. To update a value with a type different than String, use the update-multi-value-attribute operation and define a single element list with the value.

Parameters

Name Type Description Default Value Required

Configuration

String

The name of the configuration to use.

x

DN

String

The DN of the LDAP entry to modify.

x

Attribute Name

String

The name of the attribute to update its value.

x

Attribute Value

String

The new value for the attribute.

x

Ignore Invalid Attribute

Boolean

If the attribute value to modify is already present, then don’t throw the INVALID_ATTRIBUTE error.

false

Reconnection Strategy

  • reconnect

  • reconnect-forever

A retry strategy in case of connectivity errors.

For Configurations

  • config

Throws

  • LDAP:COMMUNICATION

  • LDAP:CONNECTIVITY

  • LDAP:SECURITY

  • LDAP:CONTEXT_NOT_EMPTY

  • LDAP:INVALID_ATTRIBUTE

  • LDAP:INVALID_ENTRY

  • LDAP:NAME_ALREADY_BOUND

  • LDAP:NAME_NOT_FOUND

  • LDAP:OPERATION_NOT_SUPPORTED

  • LDAP:OPERATION_NOT_COMPLETED

  • LDAP:PERMISSION

  • LDAP:RETRY_EXHAUSTED

  • LDAP:UNKNOWN

Paged Result Search

<ldap:paged-result-search>

Performs an LDAP search and streams the result to the rest of the flow.

This means that if the LDAP server supports paging, this operation chunks the LDAP search request in pages, and then returns a list with all the results to the rest of the flow.

For queries returning large results, it is best to use pagination, however, not all LDAP servers support this or are configured to support it.

To use pagination, provide a page size value that’s less than or equal to the Max Results (count limit). If you get a size limit exceeded exception, ensure that the authenticated user has sufficient privileges, or that the LDAP server is not limited by its configuration, in which case, you should reduce the value of the fetch size.

Parameters

Name Type Description Default Value Required

Configuration

String

The name of the configuration to use.

x

Base DN

String

The base DN of the LDAP search.

x

Filter

String

A valid LDAP filter. LDAP connector supports LDAP search filters as defined in RFC 2254.

x

Attributes

Array of String

A list of the attributes to return in the result. If the attributes list is empty or null then, by default, all LDAP entry attributes are returned.

Scope

Enumeration, one of:

  • OBJECT

  • ONE_LEVEL

  • SUB_TREE

The scope of the search. Valid attributes are:

* OBJECT: Searches only the entry at the base DN so that only results from that entry are returned. This must meet the search filter criteria. * ONE_LEVEL: Searches all entries one level under the base DN and does not include entries in the base DN or any entries one level under the base DN. * SUB_TREE: Searches all entries at all levels under and including the specified base DN.

ONE_LEVEL

Timeout

Number

Search timeout in milliseconds. If the value is 0, this means to wait indefinitely.

0

Max Results

Number

The maximum number of entries to return as a result of the search. 0 indicates to return all entries.

0

Return Object

Boolean

Enables or disables returning objects that are returned as part of the result. If disabled, only the name and class of the object is returned. If enabled, the object is returned.

false

Page Size

Number

If the LDAP server supports paging results, set this attribute to the size of the page. If the pageSize is less than or equal to 0, paging is disabled.

0

Order by attribute

String

Name of the LDAP attribute used to sort results.

Ascending order?

Boolean

If orderBy is set, indicates whether to sort in ascending or descending order.

true

Structural Object Class

String

The type of entry to return. This is used for DataSense in Anypoint Studio IDE and has no impact on Mule.

Fetch Size

Number

The maximum number of LDAP entries retrieved at once per page.

200

Streaming Strategy

  • repeatable-in-memory-iterable

  • repeatable-file-store-iterable

  • non-repeatable-iterable

Configures how Mule processes streams. The default is to use repeatable streams.

Target Variable

String

Name of the variable that stores the operation’s output.

Target Value

String

Expression that evaluates the operation’s output. The outcome of the expression is stored in Target Variable.

#[payload]

Reconnection Strategy

  • reconnect

  • reconnect-forever

A retry strategy in case of connectivity errors.

Output

Type

Array of Object

For Configurations

  • config

Throws

  • LDAP:COMMUNICATION

  • LDAP:CONNECTIVITY

  • LDAP:SECURITY

  • LDAP:CONTEXT_NOT_EMPTY

  • LDAP:INVALID_ATTRIBUTE

  • LDAP:INVALID_ENTRY

  • LDAP:NAME_ALREADY_BOUND

  • LDAP:NAME_NOT_FOUND

  • LDAP:OPERATION_NOT_SUPPORTED

  • LDAP:OPERATION_NOT_COMPLETED

  • LDAP:PERMISSION

  • LDAP:UNKNOWN

Rename entry

<ldap:rename>

Renames an existing LDAP entry (moves an entry from a DN to another one).

Parameters

Name Type Description Default Value Required

Configuration

String

The name of the configuration to use.

x

Current DN

String

DN of the existing entry to rename.

x

New DN

String

Destination DN

x

Reconnection Strategy

  • reconnect

  • reconnect-forever

A retry strategy in case of connectivity errors.

For Configurations

  • config

Throws

  • LDAP:COMMUNICATION

  • LDAP:CONNECTIVITY

  • LDAP:SECURITY

  • LDAP:CONTEXT_NOT_EMPTY

  • LDAP:INVALID_ATTRIBUTE

  • LDAP:INVALID_ENTRY

  • LDAP:NAME_ALREADY_BOUND

  • LDAP:NAME_NOT_FOUND

  • LDAP:OPERATION_NOT_SUPPORTED

  • LDAP:OPERATION_NOT_COMPLETED

  • LDAP:PERMISSION

  • LDAP:RETRY_EXHAUSTED

  • LDAP:UNKNOWN

<ldap:search>

Performs an LDAP search that returns a list of all resulting LDAP entries. For queries returning large results, use pagination; however, not all LDAP servers support this or are configured to support it. To use pagination, provide a page size value that’s less than or equal to the max results (count limit). If you get a size limit exceeded exception, ensure that the authenticated user has sufficient privileges, or that the LDAP server is not limited by its configuration.

Parameters

Name Type Description Default Value Required

Configuration

String

The name of the configuration to use.

x

Base DN

String

The base DN of the LDAP search.

x

Filter

String

A valid LDAP filter. The LDAP connector supports LDAP search filters as defined in RFC 2254.

x

Attributes

Array of String

A list of the attributes to return in the result. If the attributes list is empty or null, by default all LDAP entry attributes are returned.

Scope

Enumeration, one of:

  • OBJECT

  • ONE_LEVEL

  • SUB_TREE

The scope of the search. Valid attributes are:

* OBJECT: This value is used to indicate searching only the entry at the base DN, resulting in only that entry being returned (keeping in mind that it also has to meet the search filter criteria) * ONE_LEVEL: This value is used to indicate searching all entries one level under the base DN - but not including the base DN and not including any entries under that one level under the base DN. * SUB_TREE: This value is used to indicate searching of all entries at all levels under and including the specified base DN.

ONE_LEVEL

Timeout

Number

Search timeout in milliseconds. If the value is 0, this means to wait indefinitely.

0

Max Results

Number

The maximum number of entries to return as a result of the search. 0 indicates to return all entries.

0

Return Object

Boolean

Enables or disables objects returned as part of the result. If disabled, only the name and class of the object is returned. If enabled, the object is also returned.

false

Page Size

Number

If the LDAP server supports paging results, set this attribute to the size of the page. If the pageSize is less than or equal to 0, then paging is disabled.

0

Structural Object Class

String

The type of entry to return. This is used for DataSense in Anypoint Studio IDE and has no impact on Mule.

Target Variable

String

The name of a variable in which the operation’s output is placed.

Target Value

String

An expression to evaluate against the operation’s output and the outcome of that expression stored in the target variable.

#[payload]

Reconnection Strategy

  • reconnect

  • reconnect-forever

A retry strategy in case of connectivity errors.

Output

Type

Array of Object

For Configurations

  • config

Throws

  • LDAP:COMMUNICATION

  • LDAP:CONNECTIVITY

  • LDAP:SECURITY

  • LDAP:CONTEXT_NOT_EMPTY

  • LDAP:INVALID_ATTRIBUTE

  • LDAP:INVALID_ENTRY

  • LDAP:NAME_ALREADY_BOUND

  • LDAP:NAME_NOT_FOUND

  • LDAP:OPERATION_NOT_SUPPORTED

  • LDAP:OPERATION_NOT_COMPLETED

  • LDAP:PERMISSION

  • LDAP:RETRY_EXHAUSTED

  • LDAP:UNKNOWN

Search One

<ldap:search-one>

Performs an LDAP search that is supposed to return a unique result. If the search returns more than one result, a warning log message is generated and the first element of the result is returned. Use this operation over #lookup(LDAPConfiguration, LDAPConnectionWrapper, String, List, String) when you don’t know the DN of the entry you need to retrieve but have a set of attributes that you know should return a single entry (for example an email address).

Parameters

Name Type Description Default Value Required

Configuration

String

The name of the configuration to use.

x

Base DN

String

The base DN of the LDAP search.

x

Filter

String

A valid LDAP filter. The LDAP connector supports LDAP search filters as defined in RFC 2254.

x

Attributes

Array of String

A list of the attributes to return in the result. If the attributes list is empty or null, then by default all LDAP entry attributes are returned.

Scope

Enumeration, one of:

  • OBJECT

  • ONE_LEVEL

  • SUB_TREE

The scope of the search. Valid attributes are:

* OBJECT: Indicates to search only for the entry at the base DN, resulting in only that entry being returned (keep in mind that it also has to meet the search filter criteria). * ONE_LEVEL: Indicates to search for all entries one level under the base DN - but not including the base DN and not including any entries under that one level under the base DN. * SUB_TREE: Indicates to search for all entries at all levels under and including the specified base DN.

ONE_LEVEL

Timeout

Number

Search timeout in milliseconds. If the value is 0, this means to wait indefinitely.

0

Max Results

Number

The maximum number of entries to return as a result of the search. 0 indicates to return all entries.

0

Return Object

Boolean

Enables or disables returning objects returned as part of the result. If disabled, only the name and class of the object is returned. If enabled, the object also returns.

false

Structural Object Class

String

The type of entry to return. This is used for DataSense in Anypoint Studio IDE and has no impact on Mule.

Target Variable

String

The name of a variable in which the operation’s output is placed.

Target Value

String

An expression to evaluate against the operation’s output and the outcome of that expression stored in the target variable.

#[payload]

Reconnection Strategy

  • reconnect

  • reconnect-forever

A retry strategy in case of connectivity errors.

Output

Type

Object

For Configurations

  • config

Throws

  • LDAP:COMMUNICATION

  • LDAP:CONNECTIVITY

  • LDAP:SECURITY

  • LDAP:CONTEXT_NOT_EMPTY

  • LDAP:INVALID_ATTRIBUTE

  • LDAP:INVALID_ENTRY

  • LDAP:NAME_ALREADY_BOUND

  • LDAP:NAME_NOT_FOUND

  • LDAP:OPERATION_NOT_SUPPORTED

  • LDAP:OPERATION_NOT_COMPLETED

  • LDAP:PERMISSION

  • LDAP:RETRY_EXHAUSTED

  • LDAP:UNKNOWN

Unbind

<ldap:unbind>

Closes the current connection, forcing the login operation (bind) the next time it is used.

Parameters

Name Type Description Default Value Required

Configuration

String

The name of the configuration to use.

x

Reconnection Strategy

  • reconnect

  • reconnect-forever

A retry strategy in case of connectivity errors.

For Configurations

  • config

Throws

  • LDAP:COMMUNICATION

  • LDAP:CONNECTIVITY

  • LDAP:SECURITY

  • LDAP:CONTEXT_NOT_EMPTY

  • LDAP:INVALID_ATTRIBUTE

  • LDAP:INVALID_ENTRY

  • LDAP:NAME_ALREADY_BOUND

  • LDAP:NAME_NOT_FOUND

  • LDAP:OPERATION_NOT_SUPPORTED

  • LDAP:OPERATION_NOT_COMPLETED

  • LDAP:PERMISSION

  • LDAP:RETRY_EXHAUSTED

  • LDAP:UNKNOWN

Reconnection

Field Type Description Default Value Required

Fails Deployment

Boolean

When the application is deployed, a connectivity test is performed on all connectors. If set to true, deployment fails if the test doesn’t pass after exhausting the associated reconnection strategy.

Reconnection Strategy

  • reconnect

  • reconnect-forever

The reconnection strategy to use.

Reconnect

Field Type Description Default Value Required

Frequency

Number

How often in milliseconds to reconnect.

Count

Number

How many reconnection attempts to make.

blocking

Boolean

If false, the reconnection strategy runs in a separate, non-blocking thread.

true

Reconnect Forever

Field Type Description Default Value Required

Frequency

Number

How often in milliseconds to reconnect.

blocking

Boolean

If false, the reconnection strategy runs in a separate, non-blocking thread.

true

Expiration Policy Type

Field Type Description Default Value Required

Max Idle Time

Number

A scalar time value for the maximum amount of time a dynamic configuration instance should be allowed to be idle before it’s considered eligible for expiration.

Time Unit

Enumeration, one of:

  • NANOSECONDS

  • MICROSECONDS

  • MILLISECONDS

  • SECONDS

  • MINUTES

  • HOURS

  • DAYS

A time unit that qualifies the maxIdleTime attribute.

Repeatable In-Memory Iterable Type

Field Type Description Default Value Required

Initial Buffer Size

Number

The amount of instances to initially allow to be kept in memory to consume the stream and provide random access to it. If the stream contains more data than can fit into this buffer, the buffer expands according to the bufferSizeIncrement attribute, with an upper limit of maxInMemorySize. Default value is 100 instances.

Buffer Size Increment

Number

This is by how much the buffer size expands if it exceeds its initial size. Setting a value of zero or lower means that the buffer should not expand, and to raise a STREAM_MAXIMUM_SIZE_EXCEEDED error when the buffer gets full. Default value is 100 instances.

Max Buffer Size

Number

The maximum amount of memory to use. If more than that is used, then a STREAM_MAXIMUM_SIZE_EXCEEDED error is raised. A value lower than or equal to zero means no limit.

Repeatable File Store Iterable Type

Field Type Description Default Value Required

Max In Memory Size

Number

The maximum amount of instances to keep in memory. If more than that is required, then it starts to buffer the content on disk.

Buffer Unit

Enumeration, one of:

  • BYTE

  • KB

  • MB

  • GB

The unit in which maxInMemorySize is expressed.

View on GitHub