Tags

LdapNgPlugin

Query and display data from an LDAP directory

This plugin provides an interface to query an LDAP directory and display the results in a WikiApplication It is a complete rewrite of the Foswiki:Extensions/LdapPlugin by Gerard Hickey to provide greater flexibility and performance based on the Foswiki:Extensions/LdapContrib package.

Syntax Rules

LDAP

%LDAP{(filter=)"filter" ...}%
Query an LDAP directrory.

Parameters:
  • filter: the LDAP query string
  • host: host IP or name to connect to
  • port: port to of the host
  • version: protocol version; possible values: 2,3
  • ssl: use ssl to bind to the server; possible values 0,1
  • base: base dn of the (sub)tree to search in; if base is written in brackets (e.g. 'base="(ou=people)"') then it is prepended to the default base of the LdapContrib
  • scope: scope of search; possible values: sub, base, one
  • format: format string used to display a database record
  • nullformat: format string to be used when no results have been found, defaults to the empty string
  • header: header to prepend the output; default: '$dn'
  • footer: footer to appended to the output
  • separator: separator between database records; default: '$n'
  • value_separator: separator when joining list values; default: ', '
  • sort: name of attributes to sort the output (this feature is currently disabled)
  • reverse: reverse the result set; possible values: on, off; default: off
  • limit: maximum number of records to return; default: 0 (unlimited)
  • skip: number of records in the hit set to skip before displaying them; default: 0
  • exclude: regular expression matched against the dn of a returned record. the record will be skipped if it matches.
  • casesensitive: switch this to off for the exclude and include parameter to operate in case-insensitive mode
  • include: regular expression matched against the dn of a returned record. not matching record will be skipped.
  • hidenull: wether to hide any output on an empty hit set; possible values: on, off; default: off
  • clear: comma separated list of attributes to be removed from the output if they are not resolved
  • cache: time in seconds the result of the ldap query will be cached and not fetched anew; defaults to $Foswiki::cfg{Ldap}{DefaultCacheExpire}, or 0 if not set.
  • blob: comma separated list of attributes to be handled as blobs, like images stored in your LDAP directory.

Cgi Parameters:
  • refresh: refresh the cache of blobs (i.e. jpegPhotos); possible values: on, off, ldap; default: off;

The header, format and footer format strings may contain the following variables:
  • $percnt: % sign
  • $dollar: $ sign
  • $n: newline
  • $count: the number of hits
  • $index: the record number
  • $<attr-name>: the value of the record attribute <attr-name>

LDAPUSERS

%LDAPUSERS{...}%
List all LDAP userinformation. Information is drawn from cache and not from the LDAP server. Use ?refreshldap=on to update.

Parameters:
  • format: format string used to display a user record
  • header: header to prepend the output
  • footer: footer to appended to the output
  • sep: separator between database records; default: '$n'
  • limit: maximum number of records to return; default: 0 (unlimited)
  • skip: number of records in the hit set to skip before displaying them; default: 0
  • include: regular expression a user's WikiName must match to be included in the output
  • exclude: regular expression a user's WikiName must not match
  • casesensitive: switch this to off for the exclude and include parameter to operate in case-insensitive mode
  • hideunknown: on/off, enable/disable filtering out users that did not log in yet and thus have no hometopic (e.g. created by Foswiki:Extensions/NewUserPlugin), defaults to 'on'

The format string may contain the following variables:
  • $percnt: % sign
  • $dollar: $ sign
  • $n: newline
  • $index: the record number
  • $wikiName: the user's WikiName
  • $loginName: the user's login name
  • $displayName: a link pointing to the users hometopic in the Main web, if it exists, and '<nop>$wikiName' otherwise
  • $emails: the list of all known email addresses

Examples

Query user accounts

%LDAP{"(objectClass=posixAccount)" 
  base="(ou=people)"
  limit="100" 
  cache="3600"
  header="| *Nr* | *Name* | *Mail* | *Telephone* |$n" 
  format="| $index | $cn | $mail | $telephoneNumber  |" 
  sort="cn"
  clear="$mail,$telephoneNumber, $cn"
}%

Query user groups

%LDAP{"(objectClass=posixGroup)" 
  base="(ou=group)" 
  limit="100" 
  cache="3600"
  header="| *Nr* | *Group* | *Members* |$n" 
  format="| $index | $cn | $memberUid |" 
  clear="$mail,$memberUid"
  sort="cn"
}%

Display cached users records

%LDAPUSERS{limit="10"}%

Plugin Settings

The LdapNgPlugin will use the default configuration of the LdapContrib in your LocalSite.cfg file, that is
  • $Foswiki::cfg{Ldap}{Host} (overridable per query)
  • $Foswiki::cfg{Ldap}{Port} (overridable per query)
  • $Foswiki::cfg{Ldap}{Base} (overridable per query)
  • $Foswiki::cfg{Ldap}{Version} (overridable per query)
  • $Foswiki::cfg{Ldap}{SSL} (overridable per query)
  • $Foswiki::cfg{Ldap}{BindDN}
  • $Foswiki::cfg{Ldap}{BindPasswd}

Installation Instructions

You do not need to install anything in the browser to use this extension. The following instructions are for the administrator who installs the extension on the server.

Open configure, and open the "Extensions" section. "Extensions Operation and Maintenance" Tab -> "Install, Update or Remove extensions" Tab. Click the "Search for Extensions" button. Enter part of the extension name or description and press search. Select the desired extension(s) and click install. If an extension is already installed, it will not show up in the search results.

You can also install from the shell by running the extension installer as the web server user: (Be sure to run as the webserver user, not as root!)
cd /path/to/foswiki
perl tools/extension_installer <NameOfExtension> install

If you have any problems, or if the extension isn't available in configure, then you can still install manually from the command-line. See https://foswiki.org/Support/ManuallyInstallingExtensions for more help.

If you are using LdapNgPlugin together with LdapContrib to integrate LDAP users to Foswiki you might also want to display an according list of all WikiUsers. Therefore LdapNgPlugin comes with a view template that you have to apply to the WikiUsers topic. Do so either by adding

   * Set VIEW_TEMPLATE = LdapWikiUsersView

or by adding

$Foswiki::cfg{Plugins}{AutoTemplatePlugin}{ViewTemplateRules} = {
...
    'WikiUsers' => 'LdapWikiUsersView',
...
};

to your LocalSite.cfg in case Foswiki:Extensions/AutoTemplatePlugin is installed as well.

Please do not use the LdapWikiUsersView template in case your are running Foswiki:Extensions/SolrPlugin as well which implements a fast solr-based person search with a different SolrWikiUsersView template.

Dependencies

NameVersionDescription
Foswiki::Contrib::LdapContrib>=7.80Required
Cache::Cache>=1.05Required

Change History

10 Oct 2017: fixed decoding of dn
30 Aug 2017: adjustments to recent changes in LdapContrib API
16 Jan 2017: fix querying for users at all of the DNs configured in {UserBase}
02 Sep 2016: added nullformat parameter to %LDAP macro
23 May 2016: added value_separator to fetch multi-value attributes from LDAP
31 Aug 2015: added support to index profile images stored in LDAP and indexed in Solr
16 Dec 2014: added view template for WikiUsers; more robust extraction of user information while indexing profiles with Foswiki:Extensions/SolrPlugin; wrapping examples into verbatim sections not to expose usernames by default
18 Mar 2014: disable sorting temporarily as Net::LDAP::Search::sorted() destroys the result set on directories with references; added IgnoreViewRightsInSearch feature when indexing UserTopics using SolrPlugin; properly recode strings coming from the directory
29 Nov 2012: fixed performance problem for simple queries; fixes due to the latest changes in LdapContrib; fixed too many open file handles on long running solrindexing; don't index empty email fields using SolrPlugin
21 Nov 2012: fixed switching off the %LDAP cache when there's a global default; rewrite of formatting code; fixed fetching referrenced objects
19 Nov 2012: added casesensitive include/excluding
09 Nov 2012: added integration into SolrPlugin's index process by augmenting user profiles with ldap attributes
20 Dec 2011: added cache paremeter to %LDAP
17 Nov 2010: added exclude and include parameter to %LDAP
17 Nov 2009: renamed sep parameter to separator for consistency
27 Jan 2009: syncing version number with LdapContrib
08 Jan 2009: ported to foswiki
12 Jun 2008: fixed yet another "sep" problem
13 Nov 2007: fixed $nop
01 Oct 2007: added LDAPUSERS, lined up to changes in LdapContrib-2.0
04 June 2007: don't convert from/to utf8 if the site charset is already utf8
18 Dec 2006: added support for addresses as specified in RFC4517
04 Dec 2006: map utf8 strings from LDAP to the site's encoding and vice versa
30 Nov 2006: replaced commonTagsHandler with a properly registered LDAP tag
31 Aug 2006: added NO_PREFS_IN_TOPIC
19 Jul 2006: public release
25 April 2006: Initial (internal) version
Topic revision: r1 - 16 Dec 2014, ProjectContributor
This site is powered by FoswikiCopyright © by the contributing authors. All material on this site is the property of the contributing authors.
Ideas, requests, problems regarding CLASSE Wiki? Send feedback