LDAP Integration - MuleSoft

Introduction

LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication. It provides the communication language that applications use to communicate with other directory services servers. Directory services store the users, passwords, and computer accounts, and share that information with other entities on the network.

LDAP’s primary function is enabling users to find data about organizations, persons, and more. It accomplishes this goal by storing data in the LDAP directory and authenticating users to access the directory.?

I wrote this blog to help you understand what is LDAP, Active Directory, how to integrate LDAP in Mule applications,?and what are the prerequisites and operations supported.

What is Active Directory?

Active Directory (AD) is a directory services implementation that provides all sorts of functionality like authentication, group and user management, policy administration and more.

It’s a database and set of services that connect users with the network resources they need to get their work done. The database (or directory) contains critical information about your environment, including what users and computers there are and who's allowed to do what.

Think of Active Directory as the “contacts” app on your mobile device. The “contacts” app itself would be your Active Directory. Your individual contacts would be the “objects”, and the address, email and phone information for each contact would be the “values” in your Active Directory. The “objects” aren’t just limited to people and users. It can also contain “group objects”such as computers, printers and so forth.

LDAP vs AD

Active Directory was developed by Microsoft for Windows domain networks. It is included as a set of services and processes in most Windows operating systems and contains information about each user account connected to the network.

LDAP is a tool for extracting and editing data stored in Active Directory and other compatible directory service providers. Each user account in an AD has several attributes, such as the user’s full name and email address. Extracting this information in a usable format requires LDAP.

LDAP is a way of speaking to Active Directory.

LDAP Connector 3.4 - Mule 4

Anypoint Connector for Lightweight Directory Access Protocol (LDAP) is a public standard that facilitates maintenance and access to distributed directories (such as network user privilege information) over an Internet Protocol (IP) network.

Using the LDAP Connector we can connect to any LDAP server and perform all of the LDAP operations.

Pre-requisites

To use the LDAP Connector, you must have the following:

• Access to either an OpenLDAP, Apache Directory, or MicroSoft Active Directory Instance
• Anypoint Studio version 7.0 (or higher) or Anypoint Design Center

To use the LDAP Connector in a production environment, you must have either:

• An Enterprise License to use Mule
• A CloudHub Starter, Professional, or Enterprise account

How to Install the extension in Anypoint Studio

To add and configure a connector in Studio:

• In Studio, create a Mule project
• In the Mule Palette view, click (X) Search in Exchange
• In the Add Dependencies to Project window, type LDAP in the search field

• Click LDAP Connector in Available modules
• Click Add
• Click Finish

Connector Configurations

The LDAP connector supports the following configurations:

Basic Configuration

SSL Configuration

TLS Configuration

Note:?

• For setting this configuration, in the LDAP over TLS configuration add the properties?
• org.mule.module.ldap.trustStorePath
• org.mule.module.ldap.trustStorePath (e.g.: /opt/mule/mule-CURRENT/apps/{api name}/{trustore file name})
• You should use LDAP in the URL (not LDAPS) for the TLS configuration of the LDAP connector. This will end up being LDAP over TLS.
• Starting from version 3.4.0, LDAP connector support LDAP over SSL (LDAPS)?

Operations Supported

The LDAP connector supports the following operations:

Use Cases

We need to consider these prerequisites to integrate LDAP connector:

• Anypoint Studio 7
• Java 8
• OpenLDAP, OUD (Oracle Unified Directory), OID (Oracle Internet Directory), Microsoft AD (Active Directory)
• For demo purposes I created AD using Apache Directory Studio. Please refer to this link for creating LDAP server using Apache Directory Studio.

Use Case 1: To search an entry from AD and add a new entry to the organizational unit.

Use Case 2: To update an existing entry form AD and delete an entry.

Conclusion

This document explained in detail about LDAP ,its usage and how to implement it using MuleSoft.I have shared a few notes based on my experience which will help you in connector configuration and deploying the connector on CloudHub.

Happy Learning!

Author

Preetam Deshmukh, MuleSoft Mentor, Apisero