FLAT
FLAT
Couper
Sevenval Technologies
Docker Image
Github
FLAT
Cookbook
Reference
Functions
xml-parse()
urldecode(), url-decode()
ends-with()
join()
split()
content()
array()
json-to-csv()
decrypt-xml()
json-stringify()
replace()
base64-encode()
verify-signature()
matches()
body()
ldap-query()
trim()
calc-signature()
array-reverse()
sort()
file-exists()
decrypt()
get-log()
jwt-encode()
apply-codecs()
base64-decode()
uuid3() and uuid4()
lookup()
json-to-xml()
fit-log()
toupper()
fit-document()
tolower()
has-class()
encrypt()
urlencode(), url-encode()
unixtime()
fit-serialize()
xml-to-json()
jwt-decode()
json-doc()
html-parse()
verify-xmldsig()
ldap-lookup()
capitalize-first()
md5()
json-parse()
Flow Actions
OpenAPI / Swagger Integration
Templating
Variables
Flow
Configuration
Testing
flat CLI
Debugging
Administration
Tutorial
Changelog
Powered by GitBook

ldap-lookup()

OXN-node-set ldap-lookup(string url, string rdn, string rdnPassword, string base_dn, string userSearch, string userPassword, string attributes)

The ldap-lookup() function connects to an LDAP server with the given url, rdn and rdnPassword. It then searches for a user by the given userSearch. If a user is found, it connects with the user's DN and the given userPassword. If the password is correct, an OXN JSON document is returned with at least the user's dn and additional attributes given by attributes. Otherwise an empty node-set is returned.

Parameters

  • url The ldap URL (string)

  • rdn The (relative) distinguished name of the (system) user (string)

  • rdnPassword The password of the (system) user (string)

  • base_dn The base distinguished name for the directory, used for the search (string)

  • userSearch The filter for searching a user (string)

  • userPassword The user's password (string)

  • attributes A comma-separated list of attributes to return (string)

Example

In the following example, the LDAP server is connected with the DN given in $ldap_settings/bind_dn and the password from $env/FLAT_SYSTEM_PASSWORD. The given filter is used to search for an entry of a person which is a member of a group Users and has the email address [email protected]. In addition to the (default) dn, the sAMAccountName and mail from the entry are added to the result.

<flow>
  <eval out="$userSearch">concat("(&amp;(objectClass=person)(memberOf=CN=Users,ou=People,dc=example,dc=com)([email protected]))")</eval>
  <eval out="$attributes">"sAMAccountName,mail"</eval>
  <eval out="$ldap">ldap-lookup($ldap_settings/url, $ldap_settings/bind_dn, $env/FLAT_SYSTEM_PASSWORD, "dc=example,dc=com", $userSearch, "myP4s5w0rD", $attributes)</eval>
  <error if="not($ldap)">
  {
    "status": 403,
    "message": "ldap-lookup() failed"
  }
  </error>
</flow>

The result in the case of success, is

{
  "dn": "cn=John Doe,ou=People,dc=example,dc=com",
  "sAMAccountName": "john.doe",
  "mail": "[email protected]"
}

In a real setup you would read the user (here [email protected]) and password parameters from user input, such as the JSON request body (e.g. $body/json/username and $body/json/password).

The attributes returned from the function can then be used to set claims in a JWT token with jwt-encode().

See also

Previous
verify-xmldsig()
Next
capitalize-first()
Last updated 6 months ago
Edit on GitHub
Contents
Parameters
Example
See also