Solved: LDAP Policy with multiple search query

chrismca73 · 08-06-2020 01:31 AM

Hi Team,

We are having private cloud setup. There we configured out LDAP resource. Now in the Verify LDAP Policy we needs to validate the user credentials( That is done)

Now in the search Query we needs to search for the both samaccountname & particular MemberOf attributes.

Any one please suggest how I can search with multiple condition?

Thanks,
Christober Anantharaj.M

Report Inappropriate Content

The one you are trying will look like

<Ldap name="LdapPolicy">
    <!-- using a custom LDAP provider -->
    <LdapConnectorClass>com.custom.ldap.MyProvider</LdapConnectorClass>
    <LdapResource>MyLdap</LdapResource>
    <Authentication>
       <UserName ref="request.header.username"/>
       <Password ref="request.header.password"/>
       <Scope>subtree</Scope>
       <BaseDN></BaseDN> <!-- default is dc=apigee,dc=com -->
    </Authentication>
    <Search>
        <BaseDN></BaseDN> <!-- default is dc=apigee,dc=com -->
        <SearchQuery>mail={request.header.mail}</SearchQuery>
        <Attributes>
            <Attribute>address</Attribute>
            <Attribute>MemberOf</Attribute>
            <Attribute>title</Attribute>
        </Attributes>
        <Scope></Scope> <!-- default is ‘subtree’ -->
    </Search>
</Ldap>

you can add multiple attributes as you require.

View solution in original post

Report Inappropriate Content

The one you are trying will look like

<Ldap name="LdapPolicy">
    <!-- using a custom LDAP provider -->
    <LdapConnectorClass>com.custom.ldap.MyProvider</LdapConnectorClass>
    <LdapResource>MyLdap</LdapResource>
    <Authentication>
       <UserName ref="request.header.username"/>
       <Password ref="request.header.password"/>
       <Scope>subtree</Scope>
       <BaseDN></BaseDN> <!-- default is dc=apigee,dc=com -->
    </Authentication>
    <Search>
        <BaseDN></BaseDN> <!-- default is dc=apigee,dc=com -->
        <SearchQuery>mail={request.header.mail}</SearchQuery>
        <Attributes>
            <Attribute>address</Attribute>
            <Attribute>MemberOf</Attribute>
            <Attribute>title</Attribute>
        </Attributes>
        <Scope></Scope> <!-- default is ‘subtree’ -->
    </Search>
</Ldap>

you can add multiple attributes as you require.

chrismca73

Hi Priyadarshi Ajitav,

Thanks for your immediate reply, this thing I have already done. My current issue is I wants to filter the user by using multiple condition(currently 2 ).

In normal LDAP search query we can give multiple search filters something like,

(&(objectclass=testuser) (sAMAccountname = XYZ123321))

I wanted to implement like this in Verify LDAP Policy. Can you please suggest me?

Report Inappropriate Content

can you try the logic here like (objectclass=testuser) and (sAMAccountname = XYZ123321)

<SearchQuery>mail={request.header.mail}</SearchQuery>

dchiesa1

What you're describing should work. The SearchQuery is a Message Template. Which means Apigee will, at runtime, replace anything within a curly-brace pair, with the value of the context variable.

So you want something like

 (&(objectclass={userclass}) (sAMAccountname = {accountname}))

And the things within the curlies are names of context variables. But. there's a twist. the ampersand is an XML-excluded character, so you need to escape it with & amp; (but no spaces between the & and the 'amp') or you need to embed that into a CDATA section. The former looks like this:

<SearchQuery>(& amp;(objectclass={userclass}) (sAMAccountname = {accountname}))</SearchQuery>

The latter looks like this:

<SearchQuery><![CDATA[(&(objectclass={userclass}) (sAMAccountname = {accountname}))]]></SearchQuery>

...and then in either case, the respective values for the context variables "userclass" and "accountname" get replaced into the search query string.

chrismca73

Great ! Thanks Dino & Priyadarshi Ajitav.

It's working. I just added & amp; in the place of ampersand to escape it in XML.

<SearchQuery>(& amp;(objectclass=testuser) (sAMAccountname = XYZ123321)) </SearchQuery>