SOA Suite 12c: Querying LDAP directories using the LDAP Adapter image93

SOA Suite 12c: Querying LDAP directories using the LDAP Adapter

SOA Suite 12c introduced a number of new adapters. One of them is the LDAP Adapter. In several earlier articles on this blog (for example https://technology.amis.nl/2014/08/08/oracle-soa-suite-12c-ldapadapter-tutorial/ by Maarten Smeets), we have described how to set up and configure the LDAP adapter and how to use it in conjunction with the ApacheDS open source LDAP directory. Of course, this adapter is also supported with Microsoft Active Directory and Oracle’s OID, OVD and OUD.

In this article, I take the next step with the LDAP Adapter. I will demonstrate how to create a SOA composite that queries an LDAP directory for the details of a specific user account. This article continues where my earlier post – SOA Suite 12c: Creating user accounts in ApacheDS using the LDAP adapter (inspired by Maarten Smeets) – left off. I will assume the same set up, with ApacheDS as the LDAP Directory and the configuration of the LDAP Adapter connection already performed.

I want to create a service operation that takes a user id (uid attribute) as input and returns a selected set of details from the entry for that user in the LDAP directory. Here is an example of such an LDAP entry:

image

The service call – request and response – is executed in SoapUI:

image

and the resulting flow trace in the EM FMW Control:

image

The SOA Composite application is very simple – one additional component compared to the previous article: the outbound LDAP adapter reference binding, configured to search for LDAP details:

image

LDAP Adapter binding for Search operation

Let us check the configuration of this adapter binding.

SNAGHTML5ce1d7

Select the IDE connection and the JNDI name for the LDAP Adapter run time connection:

SNAGHTML5d5c44

Select the Search operation.

SNAGHTML5da748

Configure the search operation:

SNAGHTML5e011a

Select the attributes that this search should return. Only select attributes that apply to the object class(es) that the entries implement:

SNAGHTML5eb0c9

Accept defaults on the next two pages:

SNAGHTML5ee2f0

and

SNAGHTML5efbdd

and finally, press Finish:

SNAGHTML5f29b0

 

Data Structures and Transformations

The XSD generated as a result of the adapter binding configuration looks like this:

image

The LdapService has been extended with a two-way operation:

image

supported by an extended XSD definition:

image

The transformation for the search filter in the request message (from inbound request to the LDAP adapter):

image

The code for the query:

the baseDN (the tree under which the search should be executed) is set to the ExternalStaff “folder” in the saibot.airport “partition”

image

The filter string is composed according the LDAP specifications (about which there is plenty material on the internet, none of it trivial it seems – see for example LDAP Filter Tutorial). The filter is set to

concat(‘(&(objectClass=person)(uid=’,/ns0:FindUserAccountRequest/ns0:UserId,’))’) which resolves to strings such as (&(objectClass=person)(uid=hendrik.ido)) – which is LDAP speak for find all entries of objectClass person and the uid attribute set to the string value hendrik.ido.

 

image

and the transformation of the query result to the response

image

Note: we could perhaps have extracted a more elegant organizationUnitName and managerId. At the moment, some LDAP internals are exposed in these values.

The routing rule in the Mediator is configured like this:

image

 

Resources

Source code for this article: https://github.com/lucasjellema/soasuitehandbook/tree/master/ch18/LDAPAccessor.

7 Comments

  1. Chandru April 4, 2018
  2. meisam March 17, 2018
  3. sapmp1155 October 11, 2017
    • Lucas Jellema October 11, 2017
      • sapmp1155 October 12, 2017
  4. Tiago Vidigal December 9, 2016
  5. Kishore June 10, 2016