2

I am trying to use spring LDAP /ODM to receive some attributes from LDAP. Is there a way to configure multiple base names in

 <ldap:context-source
          url="${ldap.url}"
          base="${ldap.base}" // here ..is there a prop that will take an array of base names
          username="${userdn}"
          password="${password}" />

<ldap:ldap-template id="ldapTemplate" />

or in

@Entry(objectClasses = { "person"} base={..CAN I GIVE MULTIPLE BASENames here..})
public class LdapUser {

    @Id
    private Name dn;

    //..
}

The app I am developing has users defined under one OU and internal TESTERs defined in another ou in our AD. So I am trying to see if I can use the same LDAP entry class for looking up everyone.

Saikat
  • 14,222
  • 20
  • 104
  • 125
Zak
  • 111
  • 3
  • 11
  • the below piece got edited out from my post above. I also wanted to know if there is a way to configure multiple base names in – Zak Sep 02 '14 at 22:27

3 Answers3

2

The ContextSource base is intended to specify the base of all operations on the ContextSource, and is typically set to the domain controller DN.

You can use ODM without specifying a base on the @Entry (or using a base DN higher up in the tree), but in that case you will typically use the @DnAttribute annotation in order to have the framework automatically build DNs for you (mainly needed when persisting entries back to LDAP).

If we assume your users are in the following structure:

dc=example,dc=com,ou=USERS

dc=example,dc=com,ou=TESTERS

Now, if you specify base dc=example,dc=com on the ContextSource you can have ODM handle this automatically as described briefly below:

@Entry(objectclasses={"person"})
public class Person {
  @Id
  private Name dn;

  @DnAttribute(name="ou", index=0)
  @Transient // Indicates that this is not an attribute on the entry
  private String userType;

  @Attribute(name="cn")
  private String name;

  // More attributes here
}

The above will handle automatic mapping of LDAP entries to and from the Person class. Now, if you want to find all persons, do:

List<Person> allPersons = ldapTemplate.findAll(Person.class);

If you want to find all testers you would do:

List<Person> testers = ldapTemplate.find(
                            query().base("ou=TESTERS"), 
                            Person.class);
marthursson
  • 3,242
  • 1
  • 18
  • 28
  • Thank you . I did get it to work yesterday . Defined two ldaptemplates/context source and the entry class without base name - and made a ldaptemplate1.findone().. And ldaptemplate2.findone() . My req is very simple ... Need to get fname and lname from ldap using email id ... I cache the info for subsequent reads ... Didn't want to over design It either . – Zak Sep 04 '14 at 12:45
0

I am not very familiar with Spring LDAP but (IIRC) LDAP itself can only search from a single node (base). So, looking at the documentation, you might have to do a search from the organization (o=xx) with an LDAPQueryBuilder, adding conditions for the ous. See the javadocs.

Gary Russell
  • 166,535
  • 14
  • 146
  • 179
  • Thanks Gary ! Ldapquerybuilder was my other option . I will probably implement it tomorow – Zak Sep 03 '14 at 02:30
0

No expert here, mind you. With XML config at least, you can wire an LdapTemplate instance. One suggestion might be to make a new implementation called something like DelegatingLdapTemplate that gets injected with two regular templates (one per basename) and then delegates to them appropriately (or just calls one, then the other if the first one return 0 results), and use this in place of a normal template instance. This of course makes sense only if your use case really warrants this behavior (e.g. if you never know where to search for the user and have to check both locations). Otherwise, just make two separate beans.

kaqqao
  • 12,984
  • 10
  • 64
  • 118
  • Thanks kaqqao! I did think about these options . I felt they were more workarounds. I was hoping the ldap:contextsource would take an array of base names , for simple lookups in ldap for entries under different nodes (ou) , and spare me of boiler plate code :)... – Zak Sep 03 '14 at 02:34
  • If you gave the ContextSource an array of base names, how would the framework know when to use which base? – marthursson Sep 04 '14 at 05:16