Private Cloud LDAP search for user groups

deniska
Participant V

Hi,

I'm trying to implement logic where I need to check user belongins to specific group. I'm using LDAP query function, and my LDAP query is:

(&(objectClass=user)(sAMAccountName=denis)(memberof=CN=supergroup,CN=Users,dc=contoso,dc=internal))

I expect that {ldap.LDAP-Query.execution.success} will be true if user belogs to group and false if he doesn't. Also syntax of my LDAP query is highlighted as error from Apigee point if view.

I also tried to to regular search and use attributes, like

CN=denis

and extract attributes like

<Attributes>
            <Attribute>memberof</Attribute>

But I got error that these attributes not found:

{"fault":{"faultstring":"Unresolved variable : ldap.LDAP-Query.search.result.attribute.memberof","detail":{"errorcode":"entities.UnresolvedVariable"}}}

My question is, APigee LDAP can do only very simple queries, like XX=XX?

I don't want to use node.js, are there any other way to use stock LDAP query to determine use belonings to group? Maybe my syntax wrong?

D.

0 4 530
4 REPLIES 4

deniska
Participant V

When I do cn=user, and than extract vars (they seems to be case sensitive), so memberOf is working and brings me a lot of CN groups. How can I evaluate this and determine if user belongs to specific group and go on?

deniska
Participant V

I came out with some sort of solution:

1. Extract member of from context

2. Evaluate with python belongins to group:

groups = flow.getVariable("ldap.LDAP-Query.search.result.attribute.memberOf") 
if groups.find("CN=a") == -1:
flow.setVariable("res","no")
else:
flow.setVariable("res","yes")

deniska
Participant V

Another questions, it seems by documentation that array of variables (if I use the variable without index) is the first one. How can I automatically take every query result (multi-value) and create string from it? i++?

HI Denis, i have also same requirement. i tried as below, but didn't work. Can you please correct what was wrong and also please share sample search template.

<Search>

<BaseDN>dc=example,dc=com</BaseDN>

<Scope>subtree</Scope>

<SearchQuery>cn={request.header.username}</SearchQuery>

<Attributes> <Attribute>memberOf</Attribute> </Attributes>

</Search>