Orbeon Forms User Guide

Getting Started
- Welcome
- Changes
- Installing
- Orbeon Forms Tutorial
- Frequently Asked Questions
Core Technologies Reference
- XForms
- Page Flow
  - Page Flow Controller
  - Page Flow Epilogue
- XML Pipelines (XPL)
  - Introduction to XPL
  - XPL 1.0 W3C Submission
Other Technologies Reference
Processors Reference
- Producing XML
- Serializing XML
  - HTTP Serializer
  - Other Serializers
- Transforming XML
- Querying Data
  - REST
  - SQL Databases
  - XML Databases
  - LDAP Directories
  - Directory Scanner
- Interoperability
  - Delegation
  - Java
- Document Formats
- Messaging
  - Email
  - Instant Messaging
- XML Pipelines (XPL)
  - Pipeline
- Validation
- Scheduler
- Other Processors
API Reference
- Processor API
- Pipeline Engine API
Integration

LDAP Processor

1. Introduction
2. Usage
- 2.1. Configuration
  - 2.1.1. config Input
  - 2.1.2. System-Wide Configuration
- 2.2. Query
- 2.3. Response
3. Example

1. Introduction

The LDAP Processor allows Orbeon Forms to query an LDAP directory server. The LDAP processor uses the Java Naming and Directory Interface (JNDI) and should work with all compatible servers. However, it has only been tested with Sun ONE Directory Server and Open LDAP.

2. Usage

You instantiate the LDAP Processor with the processor URI oxf/processor/ldap. The Processor takes two inputs, config and filter, and one output, data.

2.1. Configuration

The configuration of the LDAP Processor can be done in two ways: either system-wide via the Properties, or locally for a specific instance of the processor through the config input. The local configuration takes precedence if available.

Note

The root-dn and attribute configuration elements cannot be specified system-wide.

2.1.1. config Input

The config input document specifies the host name and port number of the LDAP server, as well as the credentials to use when connecting. The following table describes the configuration elements.

Name Description

host LDAP Server Host

port LDAP Server Port Number

protocol Protocol to connect to the server, eg. SSL

bind-dn Distinguished Name to authenticate with the server

password Password to authenticate with the server

root-dn Root DN to bind to.

attribute LDAP attributes to include in the LDAP response. If no attribute is specified, all returned attributes are included.

This RelaxNG schema describes the expected document.

2.1.2. System-Wide Configuration

The LDAP Processor can be configured through the Properties, allowing all instances to share the same configuration. The following properties are allowed:

Name Description

oxf.processor.ldap.host LDAP Server Host

oxf.processor.ldap.port LDAP Server Port Number

oxf.processor.ldap.protocol Protocol to connect to the server, eg. SSL

oxf.processor.ldap.bind-dn Distinguished Name to authenticate with the server

oxf.processor.ldap.password Password to authenticate with the server

2.2. Query

The filter input takes the LDAP query sent to the server. The single filter element contains a query string that follows the standard LDAP filter syntax specified in RFC 2254.

2.3. Response

The LDAP processor outputs the query results in its data output. The resulting document looks like the example below:

<results><result><name>cn=John Smith</name><attribute><name>sn</name><value>Smith</value></attribute>[...]</result>[...]</results>

3. Example

The following example shows a basic LDAP query. The LDAP Processor connects to an LDAP server on the same machine using the administrator account to log in. It then queries the server for objects containing a uid attribute with the 12345 value. Only the cn and description attributes are returned.

<p:processor name="oxf:ldap"><p:input name="config"><config><host>localhost</host><port>389</port><bind-dn>cn=Directory Manager</bind-dn><password>abcdef</password><root-dn>o=Company.com</root-dn><attribute>cn</attribute><attribute>description</attribute></config></p:input><p:input name="filter"><filter>(uid=12345)</filter></p:input><p:output name="data" id="ldap-results"/></p:processor>