ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » LDAP Query - IIB

Post new topic  Reply to topic
 LDAP Query - IIB « View previous topic :: View next topic » 
Author Message
meena05
PostPosted: Mon Aug 22, 2016 7:26 pm    Post subject: LDAP Query - IIB Reply with quote

Apprentice

Joined: 26 Feb 2016
Posts: 39

Can we view LDAP server as a persistent database, connect to it and run queries through IIB?
Back to top
View user's profile Send private message
martinb
PostPosted: Mon Aug 22, 2016 10:50 pm    Post subject: Reply with quote

Master

Joined: 09 Nov 2006
Posts: 210
Location: UK

IIB provides in-built support for using LDAP as a security provider.

For your requirement to perform data lookups to a LDAP server you could look to implement this using JNDI from a Java Compute Node.
Back to top
View user's profile Send private message
mqjeff
PostPosted: Tue Aug 23, 2016 3:53 am    Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447

LDAP is not a database. It's a registry of users and organizational structures that define roles and permissions for users.

It would be a terrible idea to try and store random business data in LDAP.
_________________
chmod -R ugo-wx /
Back to top
View user's profile Send private message
Vitor
PostPosted: Tue Aug 23, 2016 4:27 am    Post subject: Re: LDAP Query - IIB Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA

meena05 wrote:
Can we view LDAP server as a persistent database, connect to it and run queries through IIB?


Probably.

Why would you ever want to? The only thing you could query (because as my most worthy associate points out, you can only store specific datum there) can be queried much better by specific LDAP admin tools.
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
meena05
PostPosted: Tue Aug 23, 2016 5:09 pm    Post subject: Reply with quote

Apprentice

Joined: 26 Feb 2016
Posts: 39

Thanks for all your inputs.
Yeah retrieving business data in LDAP is a bad idea. We have this in place since years. JNDI java compute node seems appropriate.

Thanks again!
Back to top
View user's profile Send private message
shantanu1621
PostPosted: Thu Mar 14, 2019 8:47 pm    Post subject: Reply with quote

Novice

Joined: 24 May 2013
Posts: 10

meena05 wrote:
Thanks for all your inputs.
Yeah retrieving business data in LDAP is a bad idea. We have this in place since years. JNDI java compute node seems appropriate.

Thanks again!

Were you able to implement it using JNDI and JCN node ? We have a similar requirement , can you please help .javascript:emoticon('')
Back to top
View user's profile Send private message
dsteinmann
PostPosted: Tue Mar 26, 2019 12:33 pm    Post subject: Reply with quote

Novice

Joined: 09 Dec 2015
Posts: 15

I recently had to implement an LDAP query and did it like this:
Code:

package bar.foo.app;

import java.util.ArrayList;
import java.util.Hashtable;
import java.util.List;

import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;

import com.ibm.broker.javacompute.MbJavaComputeNode;
import com.ibm.broker.plugin.MbException;
import com.ibm.broker.plugin.MbMessage;
import com.ibm.broker.plugin.MbMessageAssembly;
import com.ibm.broker.plugin.MbUserException;

public class LdapMdmGroups extends MbJavaComputeNode {

    private static final String USER_BASE_DN = "OU=Personal,OU=Person,DC=foo,DC=bar";
    private static final String TECHNICAL_USER_BASE_DN = "OU=NonPersonal,OU=Person,DC=foo,DC=bar";
    private static final String GROUP_BASE_DN = "OU=MDM,OU=Servers,DC=foo,DC=bar";

    public void evaluate(MbMessageAssembly assembly) throws MbException {
        MbMessage outLocalEnv = new MbMessage(assembly.getLocalEnvironment());
        MbMessage inMessage = assembly.getMessage();
        MbMessageAssembly outAssembly = new MbMessageAssembly(
                assembly, outLocalEnv, assembly.getExceptionList(), inMessage);
        try {
            DirContext ctx = createContext();
            String userIdPath = "/Properties/IdentityMappedToken";
            String userId = inMessage.getRootElement().getFirstElementByPath(userIdPath).getValueAsString();
            List<String> groups = searchGroups(ctx, userId, USER_BASE_DN, GROUP_BASE_DN);
            for (String group : groups) {
                outLocalEnv.getRootElement().evaluateXPath("?LDAP/?$MdmGroup[set-value('" + group + "')]");
            }
        } catch (MbException e) {
            throw e;
        } catch (RuntimeException e) {
            throw e;
        } catch (Exception e) {
            throw new MbUserException(this, "evaluate()", "", "", e.toString(), null);
        }
        getOutputTerminal("out").propagate(outAssembly);
    }

    private DirContext createContext() throws NamingException {
        Hashtable<String, Object> env = new Hashtable<String, Object>();
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, "ldap://your.server.com:389");
        env.put(Context.SECURITY_AUTHENTICATION, "simple");
        env.put(Context.SECURITY_PRINCIPAL, "your-bind-user");
        env.put(Context.SECURITY_CREDENTIALS, "your-bind-password);
        return new InitialLdapContext(env, null);
    }

    private List<String> searchGroups(DirContext dirContext, String userId,
            String userBaseDn, String groupBaseDn) throws NamingException {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
        searchControls.setReturningAttributes(new String[]{"cn"});
        String userDn = String.format("cn=%s,%s", userId, userBaseDn);
        String techUserDn = String.format("cn=%s,%s", userId, TECHNICAL_USER_BASE_DN);
        String filter = String.format("(&(objectClass=group)(|(member=%s)(member=%s)))", userDn, techUserDn);
        NamingEnumeration<SearchResult> groups = dirContext.search(groupBaseDn, filter, searchControls);
        List<String> result = new ArrayList<>();
        while (groups.hasMore()) {
            SearchResult group = groups.next();
            Attribute cn = group.getAttributes().get("cn");
            result.add((String) cn.get());
        }
        return result;
    }
}


Configurable parameters like PROVIDER_URL and SECURITY_PRINCIPAL are in my real code not hard-coded, of course. They are read from a User Defined Configurable Service (see http://www.mqseries.net/phpBB2/viewtopic.php?p=376592).

I would have loved to read the password from what I could set with mqsisetdbparms, but I did not find out how to this. Therefore I had to store the password in the User Defined Configurable Service as well.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » LDAP Query - IIB
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.