How to retrieve custom attributes while searching and retrieving LDAP directory server?
Article ID: KB0084806
Updated On:
| Products | Versions |
|---|---|
| TIBCO Collaborative Information Manager | - |
| Not Applicable | - |
Description
Resolution:
Description:
============
How to retrieve custom attributes associated with a user while searching and retrieving LDAP directory server?
Environment:
===========
TIBCO Collaborative Information Manager (CIM) 8.2.0
Symptoms:
========
None
Cause:
=====
None
Resolution:
==========
Add a property in the ConfigValues.xml for the custom attribute to be searched and retrieved from the LDAP directory server.
For instance, if roomnumber is a custom attribute to be searched and retrieved from the LDAP directory server, add a property called "authentication.ldap.roomnumber" in the ConfigValues.xml under the Authentication category.
Example: "authentication.ldap.roomnumber" property is added under Authentication category in the ConfigValues.xml.
<ConfValue description="Attribute name in LDAP output which identifies the room number" name="RoomNumber Attribute" propname="authentication.ldap.roomnumber" sinceVersion="8.2" visibility="Advanced">
<ConfString default="roomnumber" value="roomnumber"/>
</ConfValue>
And then, add the name of the custom attribute to be searched and retrieved from the LDAP directory server to the property which determines the attributes which are returned by the search operation done on the LDAP directory server.
Example: roomnumber is added to "com.tibco.cim.ldap.searchAttributes".
<ConfValue description="Attributes which are returned by the search operation done on an LDAP directory. Is set on the SearchControls object. Empty value means all." name="LDAP Search Attributes" propname="com.tibco.cim.ldap.searchAttributes" sinceVersion="7.0" visibility="Advanced">
<ConfString default="uid, cn, sn, objectClass, mail, telephonenumber, memberOf" value="uid, cn, sn, objectClass, mail, telephonenumber, memberOf, uniqueMember, roomnumber"/>
</ConfValue>
Following is the snippet of the log file showing how the custom attribute, in this case roomnumber is searched and retrieved.
===
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm._LdapHelper - +++++ Search Base/filterStr:ou=users,ou=system/(&(uid=user1)(objectClass=*))
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm.directory.member.LdapHelper - +++++ LDAP Properties:java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm.directory.member.LdapHelper - +++++ LDAP Properties:com.tibco.cim.ldap.sec.type = simple
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm.directory.member.LdapHelper - +++++ LDAP Properties:com.tibco.cim.ldap.scope = 2
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm.directory.member.LdapHelper - +++++ LDAP Properties:com.tibco.cim.ldap.factory = com.sun.jndi.ldap.LdapCtxFactory
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm.directory.member.LdapHelper - +++++ LDAP Properties:com.tibco.cim.ldap.url = ldap://localhost:10389
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm.directory.member.LdapHelper - +++++ LDAP Properties:com.tibco.cim.ldap.sec.principal = uid=admin,ou=system
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm.directory.member.LdapHelper - +++++ LDAP Properties:com.tibco.cim.ldap.filter.pattern = (&(uid=$)(objectClass=*))
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm.directory.member.LdapHelper - +++++ LDAP Properties:java.naming.provider.url = ldap://localhost:10389
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm.directory.member.LdapHelper - +++++ LDAP Properties:com.tibco.cim.ldap.searchAnchor = ou=users,ou=system
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm.directory.member.LdapHelper - +++++ LDAP Properties:com.tibco.cim.ldap.sec.credential = admin
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm.directory.member.LdapHelper - +++++ LDAP Properties:java.naming.security.authentication = simple
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm.directory.member.LdapHelper - +++++ LDAP Properties:com.tibco.cim.ldap.searchAttributes = uid, cn, sn, objectClass, mail, telephonenumber, memberOf, uniqueMember, roomnumber
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm.directory.member.LdapHelper - +++++ LDAP Properties:java.naming.security.credentials = user1
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm._LdapHelper - Trying LDAP bind with credentials ...
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm.infrastructure.encryption.EncrypterDecryptorUtil - +++++ Illegal block size error while trying to decrypt 'admin'. The string being decrypted may be a plain text. Returning the input string without decrypting.
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm._LdapHelper - Connected: Valid LDAP Context is created post bind:javax.naming.directory.InitialDirContext@4dd02afe
2011-12-07 15:35:48,175 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm._LdapHelper - extractUserDetails()->Found values ([organizationalPerson, person, inetOrgPerson, top]) for attribute 'OBJECTCLASS' for entity 'uid=user1,ou=users,ou=system'.
2011-12-07 15:35:48,175 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm._LdapHelper - extractUserDetails()->Retrieved value '+1 408 555 5555' for attribute 'TELEPHONENUMBER' from LDAP store.
2011-12-07 15:35:48,175 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm._LdapHelper - extractUserDetails()->Retrieved value 'user1@apachecon.comm' for attribute 'MAIL' from LDAP store.
2011-12-07 15:35:48,175 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm._LdapHelper - extractUserDetails()->Retrieved value '4613' for attribute 'ROOMNUMBER' from LDAP store.
===
Attachments:
===========
None
References:
==========
CIM sys admin guide.
Description:
============
How to retrieve custom attributes associated with a user while searching and retrieving LDAP directory server?
Environment:
===========
TIBCO Collaborative Information Manager (CIM) 8.2.0
Symptoms:
========
None
Cause:
=====
None
Resolution:
==========
Add a property in the ConfigValues.xml for the custom attribute to be searched and retrieved from the LDAP directory server.
For instance, if roomnumber is a custom attribute to be searched and retrieved from the LDAP directory server, add a property called "authentication.ldap.roomnumber" in the ConfigValues.xml under the Authentication category.
Example: "authentication.ldap.roomnumber" property is added under Authentication category in the ConfigValues.xml.
<ConfValue description="Attribute name in LDAP output which identifies the room number" name="RoomNumber Attribute" propname="authentication.ldap.roomnumber" sinceVersion="8.2" visibility="Advanced">
<ConfString default="roomnumber" value="roomnumber"/>
</ConfValue>
And then, add the name of the custom attribute to be searched and retrieved from the LDAP directory server to the property which determines the attributes which are returned by the search operation done on the LDAP directory server.
Example: roomnumber is added to "com.tibco.cim.ldap.searchAttributes".
<ConfValue description="Attributes which are returned by the search operation done on an LDAP directory. Is set on the SearchControls object. Empty value means all." name="LDAP Search Attributes" propname="com.tibco.cim.ldap.searchAttributes" sinceVersion="7.0" visibility="Advanced">
<ConfString default="uid, cn, sn, objectClass, mail, telephonenumber, memberOf" value="uid, cn, sn, objectClass, mail, telephonenumber, memberOf, uniqueMember, roomnumber"/>
</ConfValue>
Following is the snippet of the log file showing how the custom attribute, in this case roomnumber is searched and retrieved.
===
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm._LdapHelper - +++++ Search Base/filterStr:ou=users,ou=system/(&(uid=user1)(objectClass=*))
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm.directory.member.LdapHelper - +++++ LDAP Properties:java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm.directory.member.LdapHelper - +++++ LDAP Properties:com.tibco.cim.ldap.sec.type = simple
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm.directory.member.LdapHelper - +++++ LDAP Properties:com.tibco.cim.ldap.scope = 2
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm.directory.member.LdapHelper - +++++ LDAP Properties:com.tibco.cim.ldap.factory = com.sun.jndi.ldap.LdapCtxFactory
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm.directory.member.LdapHelper - +++++ LDAP Properties:com.tibco.cim.ldap.url = ldap://localhost:10389
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm.directory.member.LdapHelper - +++++ LDAP Properties:com.tibco.cim.ldap.sec.principal = uid=admin,ou=system
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm.directory.member.LdapHelper - +++++ LDAP Properties:com.tibco.cim.ldap.filter.pattern = (&(uid=$)(objectClass=*))
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm.directory.member.LdapHelper - +++++ LDAP Properties:java.naming.provider.url = ldap://localhost:10389
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm.directory.member.LdapHelper - +++++ LDAP Properties:com.tibco.cim.ldap.searchAnchor = ou=users,ou=system
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm.directory.member.LdapHelper - +++++ LDAP Properties:com.tibco.cim.ldap.sec.credential = admin
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm.directory.member.LdapHelper - +++++ LDAP Properties:java.naming.security.authentication = simple
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm.directory.member.LdapHelper - +++++ LDAP Properties:com.tibco.cim.ldap.searchAttributes = uid, cn, sn, objectClass, mail, telephonenumber, memberOf, uniqueMember, roomnumber
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm.directory.member.LdapHelper - +++++ LDAP Properties:java.naming.security.credentials = user1
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm._LdapHelper - Trying LDAP bind with credentials ...
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm.infrastructure.encryption.EncrypterDecryptorUtil - +++++ Illegal block size error while trying to decrypt 'admin'. The string being decrypted may be a plain text. Returning the input string without decrypting.
2011-12-07 15:35:48,160 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm._LdapHelper - Connected: Valid LDAP Context is created post bind:javax.naming.directory.InitialDirContext@4dd02afe
2011-12-07 15:35:48,175 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm._LdapHelper - extractUserDetails()->Found values ([organizationalPerson, person, inetOrgPerson, top]) for attribute 'OBJECTCLASS' for entity 'uid=user1,ou=users,ou=system'.
2011-12-07 15:35:48,175 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm._LdapHelper - extractUserDetails()->Retrieved value '+1 408 555 5555' for attribute 'TELEPHONENUMBER' from LDAP store.
2011-12-07 15:35:48,175 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm._LdapHelper - extractUserDetails()->Retrieved value 'user1@apachecon.comm' for attribute 'MAIL' from LDAP store.
2011-12-07 15:35:48,175 [http-0.0.0.0-8085-1] DEBUG com.tibco.mdm._LdapHelper - extractUserDetails()->Retrieved value '4613' for attribute 'ROOMNUMBER' from LDAP store.
===
Attachments:
===========
None
References:
==========
CIM sys admin guide.
Issue/Introduction
How to retrieve custom attributes while searching and retrieving LDAP directory server?
Feedback
Yes
No
Powered by
