Pipes
2024.80 Pipes
2024.80 Pipes
  • Introduction
  • Configuration
  • Valves
    • API
      • HTTP Response Format Valve
    • BankID
      • BidOperation
      • BidToItems
    • Cef event
    • Codecs
      • Base64 Encode
      • Base64 Decode
    • DateTime
      • Instant Generator
      • Instant Transformer
    • Debug
      • Dump Request
      • Dump Session
      • Dump State
      • Wait
    • Delivery
      • Clean Mobile Valve
      • SMS Valve
      • Voice Valve
      • SMTP Valve
    • EntraID
      • Users
        • Create User
        • Update User
        • Delete User
        • Get User
        • List Users
        • List Groups for a user
        • List Direct Reports
        • List Owned Objects
        • Reset Password
      • Groups
        • Create Group
        • Update Group
        • Delete Group
        • List Groups
      • Directory
        • Restore Deleted Item
    • Flow
      • Flow Fail
      • Flow State Add
      • Assert Value
      • Pipe Exec
      • Pipe Call
    • Freja
    • HTTP
      • GET
      • PUT
      • POST
      • DELETE
    • Item
      • Item Create
      • Item Merge
      • Item Remove
      • Items Remove
      • Item Property Add
      • Item Property Split
      • Item Property Rename
      • Item Property Token Replace
      • MV Property To Items
      • JSON To Items
      • MV Property Join
    • JDBC Query
    • JSON
      • JsonObjectCreate
    • JWT
      • CreateJwt
      • ParseJwt
    • LDAP
      • LDAP Search
      • LDAP Group Filter
      • LDAP Bind
      • LDAP Add
      • LDAP Delete
      • LDAP Modify
      • LDAP Move
      • DN Parse
    • Misc
      • Basic Auth
    • OTP
      • OTP Generation
      • OTP Validation
    • PKI
      • X509 Certificate Extractor
      • X509 Certificate Validator
      • Passcode Generator
    • Request
      • RequestParameterExist
      • RequestParameterRename
    • ScriptEval
    • MobilSITHS
    • Session
      • Session Put
      • Session Create
      • CopyFromSession
    • Tokens
      • Token Authentication
Powered by GitBook
On this page
  • Introduction
  • Prerequisites
  • Configuration
  • Search scopes
  • Filter
  • Attributes specification
  1. Valves
  2. LDAP

LDAP Search

Valve for searching LDAP v3 directories

PreviousLDAPNextLDAP Group Filter

Last updated 1 year ago

Introduction

Prerequisites

Before using this valve the module must be configured and deployed.

Configuration

Valve name: LDAPSearch

Common LDAP valve configuration can be found .

Name
Description
Default value
Mandatory
Expanded

base_dn

Search base DN.

scope

Search scope.

"SUB"

filter

Search filter.

attributes

Specification of attributes to include in search response.

("*" = all attributes)

"*"

filter_allow_wildcard

Allow filters with wildcard (*)

false

filter_escape

If special characters in the filter should be escaped.

true

expected_item_count

The valve will fail if this value is set (integer) and the result count differs from this value.

{
  "name" : "LDAPSearch",
  "config" : {
    "destination" : "default",
    "base_dn" : "dc=example,dc=com",
    "scope" : "SUB",
    "attributes" : [ {
      "name" : "uid",
      "multivalue" : false
    }, {
      "name" : "cn",
      "multivalue" : false
    }, {
      "name" : "mail",
      "multivalue" : true
    } ],
    "expected_item_count" : 1
  }
}

Search scopes

The following search scopes are supported:

  • BASE

  • SUB

  • SUBORDINATE_SUBTREE

  • ONE

Filter

{
    "filter": "uid=*"
}

Attributes specification

The attributes specification is used for defining the entry attributes to include in the search response. If not specified; all non-operational attributes will returned.

For single valued attributes, the specification can be a comma separated list ("uid,cn,mail") or an array (["uid","cn","mail"]) of attribute names.

To enable multi value attributes the specification must be an array of attribute spec objects:

{
    "attributes": [
        {
            "name": "uid",
            "multivalue": false
        },
        {
            "name": "cn",
            "multivalue": false
        },
        {
            "name": "mail",
            "multivalue": true
        }
    ]
}

All attributes are treated as single valued unless specifically configured as multi valued. If an attribute configured as single valued has multiple values in the directory; only the first value will be used.

here
LdapClient