Generating XML Schemas for LDAP Operations
|
Topics: |
The supported LDAP operations are:
- Create
- Update
- Delete
- Get
- Move
You must ensure that security access for these operations is granted. If not, then these operations will be denied when they are being executed, during run time.
Browse to an entry that will require a Move, Get, Update, or Delete operation to be performed. Right-click the entry and select Create Schema from the context menu. If an object is being created, then the parent object level should be selected.
Using an XML editor, the XML schemas that are generated can now be used to create the corresponding XML instance documents to execute these operations. Each schema has an attributes section with the attributes that the entry can use at the level in the tree where the schema was created, and a set of attribute conditions that can be used to select entries similar to a database selection clause.
Service Adapter Run-Time Operations
|
Topics: |
This section describes service adapter run-time operations (Get, Update, Delete, Create, and Move). This section also provides examples of XML instance documents generated from the LDAP schemas and sent to the adapter.
Get
The Get method is used to retrieve LDAP information based on specified conditions.
<m:LdapRequest operation="get">
<m:LdapEntry>
<m:Name> </m:Name>
<m:Parent>DC=iway</m:Parent>
<m:LdapAttributes>
<m:sn> </m:sn>
<m:cn> </m:cn>
<m:objectClass> </m:objectClass>
<m:userPassword> </m:userPassword>
<m:telephoneNumber> </m:telephoneNumber>
<m:seeAlso> </m:seeAlso>
<m:description> </m:description>
</m:LdapAttributes> <m:LdapCondition>
<m:sn>String</m:sn>
<m:cn>String</m:cn>
<m:objectClass>String</m:objectClass>
<m:userPassword>String</m:userPassword>
<m:telephoneNumber>String</m:telephoneNumber>
<m:seeAlso>String</m:seeAlso>
<m:description>String</m:description>
</m:LdapCondition>
</m:LdapEntry>
</m:LdapRequest>The LdapEntry element is the base element, which represents the LDAP request element.
Note: The Parent node is mandatory and is used to determine the LDAP search context.
The LdapAttributes node is used to filter the attributes required in the result document. The result will contain only those attributes as indicated by the child node names of the LdapAttribute node. Information for the LdapAttributes node is optional. If this information does not exist, by default, the adapter will return all populated nodes.
The LdapCondition Node is used to specify the criteria for the Get method.
For example:
<cn>*</cn>
This returns all entries in the parent context that have a cn attribute.
<cn>lyer</cn> <address>Toronto</address>
This returns all entries with a cn value of lyer and an address value of Toronto.
The response consists of a response header and a response body.
<LdapResponse>
<LdapResultHeader>
<Operation>get</Operation>
<Status>Success</Status>
</LdapResultHeader>
<LdapResultBody>
<LdapEntry>
<Name>cn=Ganesh Iyer,dc=toronto,dc=iway</Name>
<LdapAttributes>
<postalcode>654736</postalcode>
<description>I am Mr iyer</description>
<objectclass>top,person,organizationalPerson,
country,organizationalRole</objectclass>
<postaladdress>Toronto5023 Perennial Drive
Canada</postaladdress>
<sn>Iyer</sn>
<cn>Ganesh Iyer</cn>
<c>test</c>
</LdapAttributes>
</LdapEntry>
</LdapResultBody>
</LdapResponse>The name is the fully qualified Distinguished Name (DN) of the retrieved entry.
Update
The Update method is used to update LDAP information based on specified conditions.
Note: Attributes having multiple values can be set using commas ",". For example:
<telephoneNumber>12345,456767,778888</telephoneNumber>
This will add three values to the telephoneNumber attribute.
<m:LdapRequest operation="update">
<m:LdapEntry>
<m:Name> </m:Name>
<m:Parent>DC=iway</m:Parent>
<m:LdapAttributes>
<m:sn>newval1 </m:sn>
<m:cn> newval2</m:cn>
<m:userPassword> new password</m:userPassword>
<m:telephoneNumber> 3456753</m:telephoneNumber>
<m:description>Updated iway employee </m:description>
</m:LdapAttributes>
<m:LdapCondition>
<m:cn>Ganesh Iyer</m:cn>
</m:LdapCondition>
</m:LdapEntry>
</m:LdapRequest>The LdapEntry element is the base element, which represents the LDAP request element.
Note: The Parent node is mandatory and is used to determine the LDAP search context.
The LdapAttributes node is used to provide the attributes that need to be updated with updated values.
The LdapCondition node is used to specify the criteria for the Update operation.
For example:
<cn>lyer</cn> <address>Toronto</address>
This returns all entries with a cn value of lyer and an address value of Toronto.
The response consists of a response header:
<LdapResponse>
<LdapResultHeader>
<Operation>update</Operation>
<Status>Success</Status>
</LdapResultHeader>
</LdapResponse>Delete
The Delete method is used to delete LDAP information based on specified conditions.
<m:LdapRequest operation="delete">
<m:LdapEntry>
<m:Name> </m:Name>
<m:Parent>DC=iway</m:Parent>
<m:LdapCondition>
<m:cn>Ganesh Iyer</m:cn>
</m:LdapCondition>
</m:LdapEntry>
</m:LdapRequest>The LdapEntry element is the base element, which represents the LDAP request element.
Note: The Parent node is mandatory and is used to determine the LDAP search context.
The LdapCondition node is used to specify the criteria for the Update operation.
For example:
<cn>Ganesh lyer</cn>
This deletes all entries in the parent context which have a cn attribute of Ganesh lyer.
<cn>lyer</cn> <address>Toronto</address>
This deletes all entries with a cn value of lyer and an address value of Toronto.
The response consists of a response header:
<LdapResponse>
<LdapResultHeader>
<Operation>delete</Operation>
<Status>Success</Status>
</LdapResultHeader>
</LdapResponse>Create
The Create method is used to create an LDAP entry in the directory:
<m:LdapRequest operation="create">
<m:LdapEntry>
<m:Name>CN=Ganesh Iyer </m:Name>
<m:Parent>dc=Toronto, dc=iway</m:Parent>
<m:LdapAttributes>
<m:sn>newval1 </m:sn>
<m:cn> newval2</m:cn>
<m:userPassword> new password</m:userPassword>
<m:telephoneNumber> 3456753</m:telephoneNumber>
<m:description>Updated iway employee </m:description>
</m:LdapAttributes>
</m:LdapEntry>
</m:LdapRequest>The LdapEntry element is the base element, which represents the LDAP request element.
Note: The Parent node is mandatory and is used to determine the LDAP search context.
The LdapAttributes node is used to provide the attributes that need to be created.
The response consists of a response header:
<LdapResponse>
<LdapResultHeader>
<Operation>create</Operation>
<Status>Success</Status>
</LdapResultHeader>
</LdapResponse>
Move
The Move method is used to move an object within the tree (subject to permissions).
The following is an example of a move operation:
<iwldap:LdapRequest operation="move" xsi:schemaLocation="urn:iwaysoftware:adapter:iwldap:CN=iws3,CN=Computers,DC=aethni,DC=ibi,DC=com file:///G:/workspace/ldap/Schemas/CN=iws3_request.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:iwldap="urn:iwaysoftware:adapter:iwldap:CN=iws3,CN=Computers,DC=aethni,DC=ibi,DC=com">
<iwldap:LdapEntry>
<Operation>create</Operation>
<Status>Success</Status>
</LdapResultHeader>
</LdapResponse><iwldap:LdapRequest operation="move" xsi:schemaLocation="urn:iwaysoftware:adapter:iwldap:CN=iws3,CN=Computers, DC=aethni,DC=ibi,DC=com file:///G:/workspace/ldap/Schemas/CN=iws3_request.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:iwldap="urn:iwaysoftware:adapter:iwldap:CN=iws3,CN=Computers,DC=aet hni,DC=ibi,DC=com">
<iwldap:LdapEntry>
<iwldap:Name>CN=iws3,CN=Computers,DC=aethni,DC=ibi,DC=com
</iwldap:Name>
<iwldap:Parent>CN=Computers,DC=aethni,DC=ibi,DC=com
</iwldap:Parent>
<iwldap:NewParent>CN=Branch office,DC=aethni,DC=ibi,DC=com
</iwldap:NewParent>
Working With LDAP Action Dialogs
|
Topics: |
iWay Explorer allows you to introspect LDAP entries, generate XML schemas, and WSDL files for specific LDAP entries. In addition, iWay Explorer provides interactive dialogs for all LDAP operations, depending on the permission level of the user.
Creating New LDAP Entries
You can use this action to create a new LDAP entry.
Right-click an LDAP entry in the left pane and select Create New Ldap Entry from the context menu.
The Create New Ldap Entry dialog displays a list of objects available for creation at the selected entry level, as shown in the following image.
Select the desired objects and click Next. An interactive dialog with the available attributes is displayed, as shown in the following image.
Provide values for the fields that correspond to the new LDAP entry and click Create.
Updating LDAP Entries
You can use this action to update a selected LDAP entry.
Right-click an LDAP entry in the left pane and select Update Ldap Entry from the context menu.
The Update Ldap Entry dialog opens, as shown in the following image.
Provide updated values for the fields that correspond to the LDAP entry and click Update.
Note: Some entries cannot be changed, such as the name or object class.
See Understanding Active Directory Error Messages for Active Directory error codes, or RFC-4511 of the Internet Engineering Task Force, for more information on Active Directory or LDAP server error codes.
Deleting LDAP Entries
You can use this action to delete a selected LDAP entry.
Note: There is no undo option for the delete operation.
Right-click an LDAP entry in the left pane and select Delete Ldap Entry from the context menu.
The Delete Ldap Entry dialog opens, as shown in the following image.
Click Delete to confirm the delete action.
Moving LDAP Entries
You can use this action to move a selected LDAP entry.
Right-click an LDAP entry in the left pane and select Move Ldap Entry from the context menu.
The Move Ldap Entry dialog opens, as shown in the following image.
Enter the new parent destination to move the selected LDAP entry.
Schema Location
|
How to: |
By default, iWay Explorer stores the schemas it creates in subdirectories under the iWay home directory of the machine on which it is installed. However, using iWay Explorer, you can also export these schemas to any location that you specify on your file system.
The exact location of the schemas differs, depending on whether you deploy iWay Explorer with an iBSP.
When the adapter is used with an iBSP configuration, iWay Explorer stores the schemas in a subdirectory of the iWay installation directory, for example,
iWayHome\config\base\wsdl\schemas\service\LDAP\LDAP_Target
where:
- LDAP_Target
-
Is the name of the connection (target) to the LDAP system that you defined using iWay Explorer. Under this directory, iWay Explorer creates subdirectories containing schemas.
Procedure: How to Generate a Schema for an LDAP Entry
To generate a schema for an LDAP entry using iWay Explorer:
- Connect to an LDAP target, as described in Configuring and Managing Connections to LDAP.
- Expand an available node.
- Select a method under the expanded node.
The XML request and response schemas are automatically generated for this method by iWay Explorer.
- Click the Request Schema tab in
the right pane.
The XML request schema appears in the right pane.
- Click the Response Schema tab
in the right pane.
The XML response schema appears in the right pane.
- To export XML schemas, right-click a method in the left
pane, and select Export Schema(s).
The Select Export Directory dialog opens, as shown in the following image.
- Navigate to a directory on your file system where you
want to export the XML schemas.
The file path is displayed in the File Name field.
- Click OK.
The XML request and response schemas are now exported to your local file system.