Hi,
I'm trying to implement logic where I need to check user belongins to specific group. I'm using LDAP query function, and my LDAP query is:
(&(objectClass=user)(sAMAccountName=denis)(memberof=CN=supergroup,CN=Users,dc=contoso,dc=internal))
I expect that {ldap.LDAP-Query.execution.success} will be true if user belogs to group and false if he doesn't. Also syntax of my LDAP query is highlighted as error from Apigee point if view.
I also tried to to regular search and use attributes, like
CN=denis
and extract attributes like
<Attributes> <Attribute>memberof</Attribute>
But I got error that these attributes not found:
{"fault":{"faultstring":"Unresolved variable : ldap.LDAP-Query.search.result.attribute.memberof","detail":{"errorcode":"entities.UnresolvedVariable"}}}
My question is, APigee LDAP can do only very simple queries, like XX=XX?
I don't want to use node.js, are there any other way to use stock LDAP query to determine use belonings to group? Maybe my syntax wrong?
D.
When I do cn=user, and than extract vars (they seems to be case sensitive), so memberOf is working and brings me a lot of CN groups. How can I evaluate this and determine if user belongs to specific group and go on?
I came out with some sort of solution:
1. Extract member of from context
2. Evaluate with python belongins to group:
groups = flow.getVariable("ldap.LDAP-Query.search.result.attribute.memberOf")
if groups.find("CN=a") == -1:
flow.setVariable("res","no")
else:
flow.setVariable("res","yes")
Another questions, it seems by documentation that array of variables (if I use the variable without index) is the first one. How can I automatically take every query result (multi-value) and create string from it? i++?
HI Denis, i have also same requirement. i tried as below, but didn't work. Can you please correct what was wrong and also please share sample search template.
<Search>
<BaseDN>dc=example,dc=com</BaseDN>
<Scope>subtree</Scope>
<SearchQuery>cn={request.header.username}</SearchQuery>
<Attributes> <Attribute>memberOf</Attribute> </Attributes>
</Search>
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |