Message Image  

Using IBM App Connect to interact with the Lightweight Directory Access Protocol

 View Only
Fri July 31, 2020 06:30 AM

Lightweight Directory Access Protocol (LDAP) is software protocol that enables applications to share information with other directory services on the same network. It’s popular with many directory services because it is platform agnostic and it allows organizations to find and access data that might be spread across different servers, such as user accounts, email addresses and device information.

You can use the following open-source LDAP server implementations with App Connect:

  • OpenLDAP
  • ApacheDS

Using LDAP with App Connect

You can use App Connect to perform actions on the following objects:

  • Entries
  • Devices
  • InetOrgPerson objects
  • Organizational persons
  • Organizational units
  • Persons
  • Rooms

To use App Connect to integrate LDAP with your other applications, you need to connect App Connect to your LDAP account. To do that, you’ll need to provide the following information:

  • Administrator distinguished name: The distinguished name for the administrator account.
  • Administrator password: The password for the administrator account.
  • LDAP URL: The URL of the LDAP server.
  • Network name: The name of the network that App Connect uses to connect to your system. This field is required only if you are connecting to a system in a private network.

Scenario: Retrieve new employees from NetSuite SuitePeople HCM, create accounts for each employee in LDAP and update NetSuite SuitePeople HCM with an employee email address

As an example, consider this scenario: when a new employee joins your organization, you want to automatically create an email address for that employee according to your company’s business rules and then update the employee record in your HR application with the new email address.

The following diagram displays how this can be achieved in App Connect. In this scenario, an event-driven flow has been created to retrieve employee details, create an email address and then update your HR application, which in this example is NetSuite SuitePeople HCM.

A Scheduler node from the App Connect toolbox runs the flow every day at a specified time to retrieve the details of employees who joined the company on a specified date. A For Each node is used to process each record because we want to perform an action for each retrieved employee, that is, to create an email address according to the business rules as defined by the organization, for example

Then, two Set variable nodes are used.

  • The first Set variable node ensures that the last name is always unique. For instance, if 2 employees have the same surname then an underscore 1 (_1) is appended to the surname.
  • The second Set variable node is used to define the email address. This variable is called myemail.

In the LDAP node, the create InetOrgPerson object is used to create a user and the email address for each new user, as defined in the Set variable 2 node, is mapped to the email property in LDAP.

The flow then proceeds to update the email address in the NetSuite SuitePeople HCM employee record by mapping the Email property to the myemail variable that you created in the Set variable 2 node.

Figure 1. Event-driven flow to retrieve new employees from NetSuite SuitePeople HCM, create accounts for each employee in LDAP and update NetSuite SuitePeople HCM with an employee email address