Difference between revisions of "LDAP Cache (Aspire 2)"

From wiki.searchtechnologies.com
Jump to: navigation, search

For Information on Aspire 3.1 Click Here

Line 7: Line 7:
 
|subtype=default
 
|subtype=default
 
}}
 
}}
 +
{{Aspire 2.0 Enterprise}}
  
 
The ''LDAP Cache'' is an stage implementation that allows Aspire to cache the groups returned from [[Aspire_2.0 LDAP Group Expansion|LDAP Group Expansion]] and make them available to the different Group Expansion Clients like [[Aspire 2.0 Sharepoint Group Expansion|Sharepoint Group Expansion]] for later use.  
 
The ''LDAP Cache'' is an stage implementation that allows Aspire to cache the groups returned from [[Aspire_2.0 LDAP Group Expansion|LDAP Group Expansion]] and make them available to the different Group Expansion Clients like [[Aspire 2.0 Sharepoint Group Expansion|Sharepoint Group Expansion]] for later use.  

Revision as of 14:19, 9 July 2015


LDAP Cache (Aspire 2)
Factory Name  com.searchtechnologies.aspire:aspire-ldap-cache
subType  default
Inputs  A Job containing a LDAP cache request
Outputs  N/A
Feature only available with Aspire Enterprise

The LDAP Cache is an stage implementation that allows Aspire to cache the groups returned from LDAP Group Expansion and make them available to the different Group Expansion Clients like Sharepoint Group Expansion for later use.

It's commonly used when the Group Expansion Manager is installed in Aspire. This component works directly with the LDAP Group Expansion to get the group expansion results from LDAP. Those results are stored in a internal database (cache) to make them available for later use. Later the Group Expansion Clients, will read that cache to expand those external groups in their respective repository.


Operations

This component has two types of operations.

  • Store on disk the group expansion results from LDAP.
  • Provide those results to the Group Expansion Clients.


Cache LDAP Group Expansion Results

LDAP Cache acts as a stage that receives a request to perform the LDAP Group Expansion. Those results are stored in disk for later use (MapDB).

LDAP Cache Request Message

LDAP Cache request messages read by AspireLdapCache.java have the following format:

 <doc actionProperties="cacheGroups">
 </doc>

Expose Cache to Group Expansion Clients

LDAP Cache exposes the cache to the different Group Expansion Clients through the interface ExternalGroupServer.java. The method List<UserOrGroup> getLDAPUserGroupsCache() throws AspireException provides the full list of LDAP users/groups. This list is passed to the Group Expansion Client to expand those users/groups in their respective repository. Allowing a true group expansion of the user, through all the repositories.


Configuration

Element Type Default Description
ldapServerPath string   Path to LDAP server (component) that is used to get the LDAP Users/Groups
server string   LDAP server host address. Example: ldap//10.10.44.82:389. NOTE: if you're using the native AD group expansion, the host address protocol must be in upper case - LDAP://10.10.44.82:389
searchBase string dc=search,dc=local Base for directory searches. Normally this is the domain of the LDAP server.
userFilter string (&(objectClass=person)(name=%s)) The LDAP query filter used to find users when a distinguished name is not available. The default filter is for Active Directory.
allUsersFilter string (&(objectClass=User)(objectCategory=Person)) The LDAP query filter used to find all users
groupFilter string (&(objectClass=group)(member=%s)) The LDAP query to get the groups a user belongs to.
scope int 2 Scope to perform the queries on the LDAP server (Object=0 / One Level=1 / Subtree=2)
lowerCase boolean false Tells if group names retrieved from LDAP should be changed to lower case.
nativeADExpansion boolean false For AD servers, invoke native code to perform group expansion. This may provide more reliable operation when expanding groups from AD servers. This option will be ignored if the Aspire server is not running a Windows operating system. NOTE: if you're using the native AD group expansion, the host address protocol must be in upper case - LDAP://10.10.44.82:389
groupNameAttribute string sAMAccountName The LDAP attribute that holds the group name to be returned.
userNameAttribute string sAMAccountName The LDAP attribute that holds the group name to be returned.