| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| LDAP Query - IIB |
« View previous topic :: View next topic » |
| Author |
Message
|
| meena05 |
 Posted: Mon Aug 22, 2016 7:26 pm Post subject: LDAP Query - IIB |
 |
|
Apprentice
Joined: 26 Feb 2016
Posts: 39
|
| Can we view LDAP server as a persistent database, connect to it and run queries through IIB? |
|
| Back to top |
|
 |
| martinb |
| Posted: Mon Aug 22, 2016 10:50 pm Post subject: |
|
|
Master
Joined: 09 Nov 2006
Posts: 210
Location: UK
|
IIB provides in-built support for using LDAP as a security provider.
For your requirement to perform data lookups to a LDAP server you could look to implement this using JNDI from a Java Compute Node. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Tue Aug 23, 2016 3:53 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
LDAP is not a database. It's a registry of users and organizational structures that define roles and permissions for users.
It would be a terrible idea to try and store random business data in LDAP.
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
| Vitor |
| Posted: Tue Aug 23, 2016 4:27 am Post subject: Re: LDAP Query - IIB |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| meena05 wrote: |
| Can we view LDAP server as a persistent database, connect to it and run queries through IIB? |
Probably.
Why would you ever want to? The only thing you could query (because as my most worthy associate points out, you can only store specific datum there) can be queried much better by specific LDAP admin tools.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| meena05 |
| Posted: Tue Aug 23, 2016 5:09 pm Post subject: |
|
|
Apprentice
Joined: 26 Feb 2016
Posts: 39
|
Thanks for all your inputs.
Yeah retrieving business data in LDAP is a bad idea. We have this in place since years. JNDI java compute node seems appropriate.
Thanks again! |
|
| Back to top |
|
|
| shantanu1621 |
| Posted: Thu Mar 14, 2019 8:47 pm Post subject: |
|
|
Novice
Joined: 24 May 2013
Posts: 10
|
| meena05 wrote: |
Thanks for all your inputs.
Yeah retrieving business data in LDAP is a bad idea. We have this in place since years. JNDI java compute node seems appropriate.
Thanks again! |
Were you able to implement it using JNDI and JCN node ? We have a similar requirement , can you please help .javascript:emoticon(' ') |
|
| Back to top |
|
|
| dsteinmann |
| Posted: Tue Mar 26, 2019 12:33 pm Post subject: |
|
|
Novice
Joined: 09 Dec 2015
Posts: 15
|
I recently had to implement an LDAP query and did it like this:
| Code: |
package bar.foo.app;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.List;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import com.ibm.broker.javacompute.MbJavaComputeNode;
import com.ibm.broker.plugin.MbException;
import com.ibm.broker.plugin.MbMessage;
import com.ibm.broker.plugin.MbMessageAssembly;
import com.ibm.broker.plugin.MbUserException;
public class LdapMdmGroups extends MbJavaComputeNode {
private static final String USER_BASE_DN = "OU=Personal,OU=Person,DC=foo,DC=bar";
private static final String TECHNICAL_USER_BASE_DN = "OU=NonPersonal,OU=Person,DC=foo,DC=bar";
private static final String GROUP_BASE_DN = "OU=MDM,OU=Servers,DC=foo,DC=bar";
public void evaluate(MbMessageAssembly assembly) throws MbException {
MbMessage outLocalEnv = new MbMessage(assembly.getLocalEnvironment());
MbMessage inMessage = assembly.getMessage();
MbMessageAssembly outAssembly = new MbMessageAssembly(
assembly, outLocalEnv, assembly.getExceptionList(), inMessage);
try {
DirContext ctx = createContext();
String userIdPath = "/Properties/IdentityMappedToken";
String userId = inMessage.getRootElement().getFirstElementByPath(userIdPath).getValueAsString();
List<String> groups = searchGroups(ctx, userId, USER_BASE_DN, GROUP_BASE_DN);
for (String group : groups) {
outLocalEnv.getRootElement().evaluateXPath("?LDAP/?$MdmGroup[set-value('" + group + "')]");
}
} catch (MbException e) {
throw e;
} catch (RuntimeException e) {
throw e;
} catch (Exception e) {
throw new MbUserException(this, "evaluate()", "", "", e.toString(), null);
}
getOutputTerminal("out").propagate(outAssembly);
}
private DirContext createContext() throws NamingException {
Hashtable<String, Object> env = new Hashtable<String, Object>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://your.server.com:389");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "your-bind-user");
env.put(Context.SECURITY_CREDENTIALS, "your-bind-password);
return new InitialLdapContext(env, null);
}
private List<String> searchGroups(DirContext dirContext, String userId,
String userBaseDn, String groupBaseDn) throws NamingException {
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
searchControls.setReturningAttributes(new String[]{"cn"});
String userDn = String.format("cn=%s,%s", userId, userBaseDn);
String techUserDn = String.format("cn=%s,%s", userId, TECHNICAL_USER_BASE_DN);
String filter = String.format("(&(objectClass=group)(|(member=%s)(member=%s)))", userDn, techUserDn);
NamingEnumeration<SearchResult> groups = dirContext.search(groupBaseDn, filter, searchControls);
List<String> result = new ArrayList<>();
while (groups.hasMore()) {
SearchResult group = groups.next();
Attribute cn = group.getAttributes().get("cn");
result.add((String) cn.get());
}
return result;
}
}
|
Configurable parameters like PROVIDER_URL and SECURITY_PRINCIPAL are in my real code not hard-coded, of course. They are read from a User Defined Configurable Service (see http://www.mqseries.net/phpBB2/viewtopic.php?p=376592).
I would have loved to read the password from what I could set with mqsisetdbparms, but I did not find out how to this. Therefore I had to store the password in the User Defined Configurable Service as well. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
