Creating an LDAP Container Using an LDAP Query Source

An LDAP query is used to identify the directory entries that will be candidate resources.

The following diagram shows an example of how calls to the Directory Services APIs can be used to create an LDAP container using an LDAP Query Source.

Creating an LDAP Container Using an LDAP Query Source

The following step-by-step descriptions correspond to the numbered steps in Figure 3. Note that the descriptions are from a web service operation point of view, and provide an example of performing the operations using the web service API (SOAP). (For an equivalent example using the Service Connector API (Java), see Creating an LDAP Container Using an LDAP Query Source— Service Connector API Example (Java).)

Procedure

  1. Find out the LDAP Connection Shared Resources that are configured in ActiveMatrix Administrator by calling the listLdapConnections operation. Only those whose instance name is prefixed with "ldap/de/" are listed.

    One of the returned sources must be specified as the primary LDAP source when calling the saveContainer operation to create the LDAP container. 

    // Step 1 : Get a list of the LDAP Sources available
<soapenv:Body>
      <dir:listLdapConnections/>
</soapenv:Body>
    		 
    <SOAP-ENV:Body>
      <listLdapConnectionsResponse xmlns="http://directory.api.de.bpm.tibco.com">
         <ldap-connection ldap-alias="deLdap5" provider-url="ldap://servername01096:10801/o=goCarInsuranceHeadOffice" xmlns=""/>
         <ldap-connection ldap-alias="deLdap4" provider-url="ldap://servername01096:10801/o=insuranceCorporate" xmlns=""/>
         <ldap-connection ldap-alias="system" provider-url="ldap://servername01096:10801/ou=system" xmlns=""/>
         <ldap-connection ldap-alias="deLdap6" provider-url="ldap://servername01096:10801/o=goCarInsuranceSales" xmlns=""/>
         <ldap-connection ldap-alias="deLdap3" provider-url="ldap://servername01096:10801/o=insuranceSales" xmlns=""/>
         <ldap-connection ldap-alias="deLdap2" provider-url="ldap://servername01096:10801/o=insuranceServices" xmlns=""/>
         <ldap-connection ldap-alias="easyAs" provider-url="ldap://servername01096:10801/o=easyAsInsurance" xmlns=""/>
      </listLdapConnectionsResponse>
</SOAP-ENV:Body>
  2. Use the listAttributeNames operation to get LDAP attributes that can be used in the required LDAP search string when calling the saveContainer operation (see step 3). 
    // Step 2: Use the required LDAP Connection alias to get a list
// of possible attributes
<soapenv:Body>
      <dir:listAttributeNames ldap-alias="easyAs" base-dn="o=easyAsInsurance" ldap-query="(objectclass=person)" sample-size="10"/>
</soapenv:Body>
    		 
    <SOAP-ENV:Body>
      <listAttributeNamesResponse base-dn="o=easyAsInsurance" entry-count="8" ldap-alias="easyAs" ldap-query="(objectclass=person)" xmlns="http://directory.api.de.bpm.tibco.com">
         <attribute binary="false" name="givenname" xmlns=""/>
         <attribute binary="false" name="sn" xmlns=""/>
         <attribute binary="true" name="userpassword" xmlns=""/>
         <attribute binary="false" name="ou" xmlns=""/>
         <attribute binary="false" name="departmentnumber" xmlns=""/>
         <attribute binary="false" name="employeetype" xmlns=""/>
         <attribute binary="false" name="manager" xmlns=""/>
         <attribute binary="false" name="mail" xmlns=""/>
         <attribute binary="false" name="carlicense" xmlns=""/>
         <attribute binary="false" name="objectClass" xmlns=""/>
         <attribute binary="false" name="postaladdress" xmlns=""/>
         <attribute binary="false" name="cn" xmlns=""/>
         <attribute binary="false" name="preferredlanguage" xmlns=""/>
         <attribute binary="false" name="employeenumber" xmlns=""/>
         <attribute binary="true" name="photo" xmlns=""/>
         <sample-entry ldap-dn="OU=Clint Hill, OU=Swindon, OU=AllEmployees, O=easyAsInsurance" xmlns="">
            <attribute binary="false" name="givenname">
               <value>Clint</value>
            </attribute>
            <attribute binary="false" name="sn">
               <value>Hill</value>
            </attribute>
            <attribute binary="true" name="userpassword">
               <value>dGliY28xMjM=</value>
            </attribute>
                   .
                   .
                   .
<attribute binary="false" name="preferredlanguage">
               <value>English</value>
            </attribute>
            <attribute binary="false" name="employeenumber">
               <value>1310</value>
            </attribute>
         </sample-entry>
         <sample-entry ldap-dn="OU=Richard Cresswell, OU=London, OU=AllEmployees, O=easyAsInsurance" xmlns="">
            <attribute binary="false" name="givenname">
               <value>Richard</value>
            </attribute>
            <attribute binary="false" name="sn">
               <value>Cresswell</value>
            </attribute>
                   .
                   .
                   .
<attribute binary="false" name="preferredlanguage">
               <value>English, Welsh</value>
            </attribute>
    		 
     <attribute binary="false" name="employeenumber">
               <value>1320</value>
            </attribute>
         </sample-entry>
                   .
                   .
                   .
         <sample-entry ldap-dn="OU=Tony Pulis, OU=London, OU=AllEmployees, O=easyAsInsurance" xmlns="">
            <attribute binary="false" name="givenname">
               <value>Tony</value>
            </attribute>
            <attribute binary="false" name="sn">
               <value>Pulis</value>
            </attribute>
                   .
                   .
                   .
            <attribute binary="false" name="preferredlanguage">
               <value>English</value>
            </attribute>
            <attribute binary="false" name="employeenumber">
               <value>1345</value>
            </attribute>
         </sample-entry>
      </listAttributeNamesResponse>
   </SOAP-ENV:Body>
  3. Use the saveContainer operation to create and save a new LDAP container.

    The required parameters are:

    • name - This is the name you want assigned to the new LDAP container. It must be unique on the Directory Engine.
    • primary-ldap.ldap-alias - You must specify a primary LDAP source, and one that identifies a valid LDAP connection. A list of the available LDAP sources can be obtained using the listLdapConnections operation.
    • primary-ldap.ldap-query - Each LDAP source, whether primary or secondary, must specify a valid LDAP query. LDAP queries can be validated against a named LDAP connection using the executeLdapQuery operation.

      Additional optional parameters are also available for adding secondary LDAP sources, setting up organizational relationships, etc. For information about those parameters, see saveContainer.

Result

The following shows an example saveContainer request containing the minimal amount of information, as well as the new LDAP container ID that is returned if the container creation is successful: 

// Step 3: Create the new LDAP Container
<soapenv:Header/>
   <soapenv:Body>
      <dir:saveContainer name="Test Container" description="A test container">
         <primary-ldap ldap-alias="deLdap2" ldap-query="(objectclass=person)" resource-name-attributes="displayname"/>
         <!--Zero or more repetitions:-->
         <secondary-ldap ldap-alias="deLdap3" ldap-query="(objectclass=organizationalPerson)" base-dn="ou=GlobalSales,o=insuranceSales">
            <!--1 or more repetitions:-->
            <primary-link primary-attribute="cn" secondary-attribute="commonname"/>
            <primary-link primary-attribute="sn" secondary-attribute="surname"/>
         </secondary-ldap>
      </dir:saveContainer>
</soapenv:Body
 
<SOAP-ENV:Body>
      <saveContainerResponse container-id="52" xmlns="http://directory.api.de.bpm.tibco.com"/>
</SOAP-ENV:Body>