In the IBM Security Verify Access appliance, there is an existing functionality for UserLookupHelper. The purpose of this blog is to address a customer request for Native LDAP features, so that the nativeLookup APIs can be introduced in Verify Access.
There is no much business abstract as these APIs are quite similar to the APIs of NativeLDAP DirContext. Use the NativeLDAPHelper as the utility to CRUD the attribute from LDAP.
The following mapping_rule.js sample program illustrates the usage of the NativeLDAP helper class:
importPackage(Packages.com.tivoli.am.fim.trustserver.sts);
importPackage(Packages.com.tivoli.am.fim.trustserver.sts.uuser);
importPackage(Packages.com.tivoli.am.fim.trustserver.sts.utilities);
// Importing the native LDAP utility JAVA class to the JS engine
importPackage(Packages.com.ibm.security.access.ldap.utils);
importPackage(Packages.javax.naming.directory);
//re-write Principal name with type as email nameid format
var principalName = stsuu.getPrincipalName();
var attrUtil = new AttributeUtil();
// Initializing the utility with various connection parameter with the init method
Note: In this example, it takes the 'IdPLdadper' properties from LMI Server Connections.
attrUtil.init('IdPLdadper','secAuthority=Default');
// Preparing the attributes to create specific sub context
var matchAttrs = new BasicAttributes(true);
matchAttrs.put(new BasicAttribute("objectclass", "domain"));
matchAttrs.put(new BasicAttribute("dc", "test"));
var name = "dc=test,dc=iswga";
var res7 = attrUtil.createSubContext(name,matchAttrs);
IDMappingExtUtils.traceString("after creating sub context : " + res7);
var matchAttrs = new BasicAttributes(true);
matchAttrs.put(new BasicAttribute("uid", "testuser3"));
matchAttrs.put(new BasicAttribute("cn", "Test"));
matchAttrs.put(new BasicAttribute("cn", "testuser3"));
matchAttrs.put(new BasicAttribute("sn", "User3"));
matchAttrs.put(new BasicAttribute("displayName", "testuser3 User"));
matchAttrs.put(new
BasicAttribute('userPassword','{SSHA}viIpzG9woq6O5vKfl4/U/8NjLZSzqc/k3hUfaw=='));
matchAttrs.put(new BasicAttribute("objectclass", "top"));
matchAttrs.put(new BasicAttribute("objectclass", "person"));
matchAttrs.put(new BasicAttribute("objectclass", "organizationalPerson"));
matchAttrs.put(new BasicAttribute("objectclass", "inetorgperson"));
var name = "cn=testuser3,dc=test,dc=iswga";
var res4 = attrUtil.createSubContext(name,matchAttrs);
IDMappingExtUtils.traceString("after creating sub context : " + res4);
Using the query to do the search and iterating each attribute
var filter = "(&(objectclass=secGroup)(secAuthority=Default))";
var res5 = attrUtil.search( 'secAuthority=Default', filter)
var result = res5.getNamingEnumeration();
IDMappingExtUtils.traceString("after search result : " + result);
while (result.hasMore()) {
var attrs = result.next().getAttributes();
IDMappingExtUtils.traceString("Iterating each attributes : " + attrs);
}
// Removing an attribute
var res = attrUtil.removeAttribute('cn=testuser,dc=iswga','homePhone','555-12345');
IDMappingExtUtils.traceString("after editting : " + res);
// Below code is to add certain new attribute
var res1 = attrUtil.addAttributeValue('cn=testuser,dc=iswga','homePhone','555-12345');
IDMappingExtUtils.traceString("after adding : " + res1);
// Retrieving an attribute
var res6 =
attrUtil.getAttributeValue('principalName=testuser,cn=Users,secAuthority=Default',
['principalName','secDomainId']);
IDMappingExtUtils.traceString("after getting with 2 attributes: " + res6);
For more information, see https://www.ibm.com/support/pages/node/6213574
------------------------------
Zhiyu (Bill) Gao
------------------------------