×
LDAP / Active Directory

Overview

The LDAP / Active Directory (AD) Plugin provides for the management of users within groups.

Functionality

The LDAP / Active Directory Plugin provides the functionality to add users as members to existing groups and remove members from existing groups. To allow for the necessary functionality, the LDAP bind user must have permissions to perform changes on groups and be able to query for user information.

Instance Configuration Parameters

Property
Description

Instance Name

Name for the LDAP / Active Directory instance.


Unique ID

A system-wide unique identifier for this plugin instance used to locate the service.


Encryption Method

Drop down list of available transport encryption methods used when connecting to the LDAP / Active Directory server.

The following options are available:

  • None – Typically, the connection port is 389.
  • LDAP over SSL/TLS – Port 636 is typically used for SSL/TLS connections.
  • StartTLS – Typically, the connection port is 389.

Verify Certificates for StartTLS

When the Encryption Method is StartTLS, ensure the certificate is verified. Certificate verification is done against the Mozilla default set.


Domain Controller (LDAP) Server

Domain Controller (LDAP) IP address or hostname.


Domain Controller (LDAP) Port

Typically, port 389 is used for the ‘None’ and ‘StartTLS’ encryption methods. Port 636 is typically used for SSL/TLS connections.


Authentication (Bind) Username

Bind DN, sAMAccountName, or user principal name used to authenticate with the LDAP server. For example, DOMAIN\user or user@domain.com.


Authentication (Bind) Password

Password used to authenticate the Authentication Username.


Confirm Authentication (Bind) Password

Confirm the authentication password for the username.

Flow Node

This node provides LDAP /Active Directory capabilities for managing groups. Specifically, this node allows users to be added or removed from a group as a member.

Property
Description

Name

The display name of the node within the flows.


Unique ID

System-wide unique ID of the plugin instance.


Group Name

The Group Name value is used to search the common name of groups within the LDAP server.
The following contexts are supported:

  • msg: This selects part of the incoming message as the source of the data. This is the typical choice.
  • flow: This selects part of the flow context’s saved data as the source. This information is shared with only the nodes on a given tab.
  • global: This selects part of the global context’s saved data as the source. This information is shared by all nodes regardless of tab.
  • J: expression: JSONata expression language to perform query and transform operations on the payload.

Action

Configuration option determining the type of operation to perform:

  • Add User to Group: Adds a user to the group
  • Remove User from Group: Removes a user from the group

User

The User Principal Name or the sAMAccountName of the user to be affected.
The following contexts are supported:

  • msg: This selects part of the incoming message as the source of the data. This is the typical choice.
  • flow: This selects part of the flow context’s saved data as the source. This information is shared with only the nodes on a given tab.
  • global: This selects part of the global context’s saved data as the source. This information is shared by all nodes regardless of tab.
  • J: expression: JSONata expression language to perform query and transform operations on the payload.

Search DN

All searches are done within the Search DN.
The following contexts are supported:

  • a-z: This uses the input text directly. This is the typical choice for this field.
  • msg: This selects part of the incoming message as the source of the data.
  • flow: This selects part of the flow context’s saved data as the source. This information is shared with only the nodes on a given tab.
  • global: This selects part of the global context’s saved data as the source. This information is shared by all nodes regardless of tab.
  • J: expression: JSONata expression language to perform query and transform operations on the payload.

Learn More

JSON Message Format

The following samples show the JSON content added to the message payload, which conform to the Node Messaging Format. The content exists within the ldap object. The following examples use ad1 for the Unique Id of the plugin:

Add User to Group Success

The italicized, green text is inserted into the message payload upon a successful request to the LDAP server.

"payload": {
  "ldap": {
    "ad1": {
      "action": "add-user",
      "response": {
        "user": "user@domain.com",
        "group": "Test",
        "owner": "added",
        "member": "added",
        "userDn": "[DN of user]",
        "groupDn": "[DN of group]",
        "searchDn": "[DN of search]",
        "wasMember": false
      }
    }
  }
}

Remove User from Group Success

The italicized, green text is inserted into the message payload upon a successful request to the LDAP server.

"payload": {
  "ldap": {
    "ad1": {
      "action": "remove-user",
      "response": {
        "user": "user@domain.com",
        "group": "Test",
        "owner": "removed",
        "member": "removed",
        "userDn": "[DN of user]",
        "groupDn": "[DN of group]",
        "searchDn": "[DN of search]",
        "wasMember": true
      }
    }
  }
}

Error

The italicized, maroon text is inserted into the message payload upon a failed request. In the following example, a non-existent group called Random was tested against.

"payload": {
  "ldap": {
    "ad1": {
      "action": "remove-user",
      "error": {
        "errorCode": 5,
        "errorMessage": "No matching group found for Random."
      }
    }
  }
}
Nevelex Labs, Main Office

Metro Office Park
2950 Metro Drive, Suite 104
Bloomington, MN 55425
Phone: +1 952-500-8921

©Nevelex Labs, LLC. 2018-2021, All Rights Reserved.

EULA