LDAP

Overview

This component allows you to perform LDAP operations on directory services. You can search and retrieve information from LDAP directories. These directories are commonly used for user authentication, contact information, and organizational data.

This component has no trigger functions. It is not accessible to select as a first component during the integration flow design. You must use it as a subsequent component in your integration flow.

Prerequisites

To use this component you must:

  1. Have access to an LDAP directory server;

  2. Know the LDAP server URL and connection details;

  3. Have appropriate credentials to access the LDAP directory; and

  4. Understand LDAP search filters and base DN structure

Requirements

The platform supports the following LDAP versions:

  • LDAP v3

Credentials

This component requires LDAP authentication credentials to connect to your directory server.

Field name Mandatory Description

LDAP URL

true

The URL of your LDAP server (for example, ldap://ldap.example.com:389 or ldaps://ldap.example.com:636)

Username

true

The distinguished name (DN) of the user account for LDAP authentication

Password

true

The password for the LDAP user account

For secure authentication, LDAPS (LDAP over SSL) on port 636 is recommended when the LDAP server is a Microsoft Active Directory Server.

LDAPS is not part of the LDAP standard but is the preferred Active Directory authentication method.

For other LDAP servers, STARTTLS (LDAP over TLS) on port 389 is the likely supported authentication method. Check with your LDAP server vendor before implementation, however.

Connecting to the LDAP server in the clear on port 389 is also technically supported by this component.

This connection method is not recommended. There are enormous security risks sending user data, and especially user authentication data, as PLAINTEXT.

Usage

The LDAP component is used to search directory information. You can search for users, groups, or any other objects stored in your LDAP directory.

  1. Configure your LDAP credentials with the server URL, username, and password

    LDAP component configuration form showing URL
    Figure 1. LDAP component configuration form showing URL, username, and password fields
  2. Set up the search action with your desired base DN, filter, and scope

  3. Execute the search to retrieve directory information

  4. Process the returned LDAP entries in your integration flow

Triggers

This component has no trigger functions.

Actions

This component has one action.

Performs an LDAP search operation on the instance to retrieve directory information.

Search action configuration interface showing base
Figure 2. Search action configuration interface showing base, filter, and scope fields

Configuration fields

There are no configuration fields.

Input metadata

Base

A required string field.

The base object in the directory from which to start the search. This is typically the root DN of your directory structure (for example, "dc=example,dc=com").

Filter

A required string field.

Allows you to specify one or more LDAP filters to restrict the results of the search.

Common filters include the following: (objectClass=person)::: Find all person objects (uid=username)::: Find a specific user by UID (cn=John)::: Find entries with common name containing "John"

Scope

A required string field.

Refers to the search scope. Options are: base::: Search only the base object itself one::: Search one level below the base object sub::: Search the entire subtree below the base object

The subordinates (also known as subordinateSubtree) scope is not supported.

Output metadata

The output metadata includes the LDAP search results with the following structure:

{
  "dn": "distinguished name of the entry",
  "attributes": {
    "attributeName": ["attribute values"],
    "cn": ["Common Name"],
    "uid": ["user identifier"],
    "mail": ["email@example.com"]
  }
}

Usage example

Configuration

LDAP server: ldap://ldap.example.com:389 Base DN: dc=example,dc=com

Input data
{
  "base": "dc=example,dc=com",
  "filter": "(objectClass=person)",
  "scope": "sub"
}
Output data
{
  "dn": "uid=john.doe,ou=people,dc=example,dc=com",
  "attributes": {
    "uid": ["john.doe"],
    "cn": ["John Doe"],
    "mail": ["john.doe@example.com"],
    "objectClass": ["top", "person", "organizationalPerson", "inetOrgPerson"]
  }
}

Limitations

The limitations of this component are as follows:

  • The subordinates (also known as subordinateSubtree) scope is not supported;

  • Only LDAP v3 is supported;

  • No trigger functions are available;

  • Search results are returned individually for each matched entry; and

  • Complex LDAP filters may impact performance

API version

This component uses LDAP v3.

Authentication

Authentication is via LDAP bind using username (DN) and password credentials.

SASL authentication is not supported.

Setting credentials

To set the required credentials:

  1. Open the component configuration panel in your integration flow;

  2. Enter your LDAP server URL (use ldaps:// for secure connections);

  3. Provide the distinguished name (DN) of your LDAP user account;

  4. Enter the password for the LDAP user account; and

  5. Test the connection to verify credentials are correct.

Ensure your LDAP user account has read permissions for the directory structure you need to access.