LDAP Search
Valve for searching LDAP v3 directories
Valve for searching LDAP v3 directories
Before using this valve the module must be configured and deployed.
Valve name: LDAPSearch
Common LDAP valve configuration can be found here.
base_dn
Search base DN.
scope
Search scope.
"SUB"
filter
Search filter.
attributes
Specification of attributes to include in search response.
("*" = all attributes)
"*"
filter_allow_wildcard
Allow filters with wildcard (*)
false
filter_escape
If special characters in the filter should be escaped.
true
expected_item_count
The valve will fail if this value is set (integer) and the result count differs from this value.
The following search scopes are supported:
BASE
SUB
SUBORDINATE_SUBTREE
ONE
The attributes specification is used for defining the entry attributes to include in the search response. If not specified; all non-operational attributes will returned.
For single valued attributes, the specification can be a comma separated list or an array of attribute names:
"uid,cn,mail,userCertificate;binary"
["uid","cn","mail","userCertificate;binary"]
To enable multi value attributes the specification must be an array of attribute spec objects:
All attributes are treated as single valued unless specifically configured as multi valued. If an attribute configured as single valued has multiple values in the directory; only the first value will be used.
For correct treatment of binary attributes, they must be tagged as binary either by using the binary attribute option "attribute;binary" or by setting "binary": true in the attribute spec.
Binary attributes are encoded in base 64. To use them in another representation they must explicitly be converted.