The root-dn
and attribute
configuration elements
cannot be specified system-wide.
LDAP Processor
- 1. Introduction
- 2. Usage
- 2.1. Configuration
- 2.1.1. config Input
- 2.1.2. System-Wide Configuration
- 2.2. Query
- 2.3. Response
- 2.1. Configuration
- 3. Example
1. Introduction
The LDAP Processor allows Orbeon Forms to query an LDAP directory server. The LDAP processor uses the Java Naming and Directory Interface (JNDI) and should work with all compatible servers. However, it has only been tested with Sun ONE Directory Server and Open LDAP.
2. Usage
You instantiate the LDAP Processor with the processor URI
oxf/processor/ldap
. The Processor takes two inputs,
config
and
filter
, and one output,
data
.
2.1. Configuration
The configuration of the LDAP Processor can be done in two ways: either system-wide via the Properties, or locally for a specific instance of the processor
through the config
input. The local configuration takes precedence if available.
2.1.1. config Input
The
config
input document specifies the
host name and port number of the LDAP server, as well as
the credentials to use when connecting. The following
table describes the configuration elements.
Name | Description |
---|---|
host
|
LDAP Server Host |
port
|
LDAP Server Port Number |
protocol
|
Protocol to connect to the server, eg.
SSL
|
bind-dn
|
Distinguished Name to authenticate with the server |
password
|
Password to authenticate with the server |
root-dn
|
Root DN to bind to. |
attribute
|
LDAP attributes to include in the LDAP response. If no attribute is specified, all returned attributes are included. |
This RelaxNG schema describes the expected document.
2.1.2. System-Wide Configuration
The LDAP Processor can be configured through the Properties, allowing all instances to share the same configuration. The following properties are allowed:
Name | Description |
---|---|
oxf.processor.ldap.host
|
LDAP Server Host |
oxf.processor.ldap.port
|
LDAP Server Port Number |
oxf.processor.ldap.protocol
|
Protocol to connect to the server, eg.
SSL
|
oxf.processor.ldap.bind-dn
|
Distinguished Name to authenticate with the server |
oxf.processor.ldap.password
|
Password to authenticate with the server |
2.2. Query
The
filter
input takes the LDAP query sent to
the server. The single
filter
element contains
a query string that follows the standard LDAP filter syntax
specified in
RFC 2254.
2.3. Response
The LDAP processor outputs the query results in its
data
output. The resulting document looks like
the example below:
3. Example
The following example shows a basic LDAP query. The LDAP
Processor connects to an LDAP server on the same machine using
the administrator account to log in. It then queries the server
for objects containing a
uid
attribute with the
12345
value. Only the
cn
and
description
attributes are returned.