The LDAP Server Connector accepts an LDAP connection request from an LDAP client on a well-known port set up in the configuration (usually 389). The LDAP Server Connector only operates in Server mode, and spawns a copy of itself to take care of any accepted connection until the connection is closed by the LDAP client.
This Connector can be used in conjunction with the IBM Password Synchronization plug-ins. For more information about installing and configuring the IBM Password Synchronization plug-ins, please see the IBM TDI V7.1 Password Synchronization Plug-ins Guide.
Each LDAP message received on the connection drives one cycle of the LDAP Server Connector logic. The main thread returns to listening for similar LDAP requests from other LDAP clients. At this point, Attribute Mapping will take place, and the appropriate attributes like the LDAP Operation should be mapped into the work object.
The rest of the AssemblyLine will be executed, and when the cycle reaches the Response channel the return message is built from Attributes mapped out, and sent back to the client. If it was an LDAP search command, the user will call the add method to build the data structure that is to be sent back to the client. The LDAP Server Connector goes back to listening for the next LDAP command on the existing connection.
The value of the LDAP operation is provided in the LDAP.operation attribute in the LDAP Server Connector conn entry, which should be mapped into the work entry for further processing (along with any other required attributes). Legal values are SEARCH, BIND, UNBIND, COMPARE, ADD, DELETE, MODIFY, and MODIFYRDN. The LDAP message provides a number of attributes for the specified LDAP operation.
The part of the AssemblyLine that follows the LDAP Server Connector must do work to determine the desired outcome of the LDAP message. The basic LDAP operations (SEARCH, BIND, UNBIND, COMPARE, ADD, DELETE, MODIFY, and MODIFYRDN) are provided as values in the LDAP Server Connector scripting environment to facilitate scripting, for example, if LDAP.operation equals BIND. The user code sends search result entries to the client by calling the add ( entry ) method in the LDAP Server Connector. The entry must be formatted with legal LDAP attribute names plus the special attribute $dn (the distinguished name of the entry).
The user-provided code in the AssemblyLine responds to each request by setting the ldap.status, ldap.matcheddn and ldap.errormessage entry attributes. ldap.matcheddn and ldap.errormessage are optional.
In the Response channel phase of the AssemblyLine, the LDAP Server Connector formats and returns some of the attributes of the work entry. These are:
Only string is supported. The resultCode is by default set to 0 (success). A resultCode indicating anything other than successful must be specifically set by the user.
The LDAP Server Connector terminates the connection and records an error if the received message does not conform to the LDAP v3 format
The LDAP Server Connector does not perform any validation on the incoming attributes. Any operation or parameter value is therefore accepted.
The Connector needs the following parameters:
Depending on the solution implementation, you may need to change the port number as well.
An AssemblyLine can have one list of binary attributes only. If we have several LDAP Connectors in an AssemblyLine, the last Connector must define the list of binary attributes for all the LDAP Connectors in this AssemblyLine (if you need to change this from the default).