LDAP Cache (Aspire 2)
For Information on Aspire 3.1 Click Here
The LDAP Cache is an stage implementation that allows Aspire to cache the groups returned from LDAP Group Expansion and make them available to the different Group Expansion Clients like SharePoint Group Expansion for later use.
It's commonly used when the Group Expansion Manager is installed in Aspire. This component works directly with the LDAP Group Expansion to get the group expansion results from LDAP. Those results are stored in a internal database (cache) to make them available for later use. Later the Group Expansion Clients, will read that cache to expand those external groups in their respective repository.
This component has two types of operations.
- Store on disk the group expansion results from LDAP.
- Provide those results to the Group Expansion Clients.
Cache LDAP Group Expansion Results
LDAP Cache Request Message
LDAP Cache request messages read by AspireLdapCache.java have the following format:
<doc actionProperties="cacheGroups"> </doc>
Expose Cache to Group Expansion Clients
LDAP Cache exposes the cache to the different Group Expansion Clients through the interface ExternalGroupServer.java. The method List<UserOrGroup> getLDAPUserGroupsCache() throws AspireException provides the full list of LDAP users/groups. This list is passed to the Group Expansion Client to expand those users/groups in their respective repository. Allowing a true group expansion of the user, through all the repositories.
|ldapServerPath||string||Path to LDAP server (component) that is used to get the LDAP Users/Groups|
|server||string||LDAP server host address. Example: ldap//10.10.44.82:389. NOTE: if you're using the native AD group expansion, the host address protocol must be in upper case - LDAP://10.10.44.82:389|
|searchBase||string||dc=search,dc=local||Base for directory searches. Normally this is the domain of the LDAP server.|
|userFilter||string||(&(objectClass=person)(name=%s))||The LDAP query filter used to find users when a distinguished name is not available. The default filter is for Active Directory.|
|allUsersFilter||string||(&(objectClass=User)(objectCategory=Person))||The LDAP query filter used to find all users|
|groupFilter||string||(&(objectClass=group)(member=%s))||The LDAP query to get the groups a user belongs to.|
|scope||int||2||Scope to perform the queries on the LDAP server (Object=0 / One Level=1 / Subtree=2)|
|lowerCase||boolean||false||Tells if group names retrieved from LDAP should be changed to lower case.|
|nativeADExpansion||boolean||false||For AD servers, invoke native code to perform group expansion. This may provide more reliable operation when expanding groups from AD servers. This option will be ignored if the Aspire server is not running a Windows operating system. NOTE: if you're using the native AD group expansion, the host address protocol must be in upper case - LDAP://10.10.44.82:389|
|groupNameAttribute||string||sAMAccountName||The LDAP attribute that holds the group name to be returned.|
|userNameAttribute||string||sAMAccountName||The LDAP attribute that holds the group name to be returned.|