Private Cloud LDAP search for user groups

Hi,

I’m trying to implement logic where I need to check user belongins to specific group. I’m using LDAP query function, and my LDAP query is:

(&(objectClass=user)(sAMAccountName=denis)(memberof=CN=supergroup,CN=Users,dc=contoso,dc=internal))

I expect that {ldap.LDAP-Query.execution.success} will be true if user belogs to group and false if he doesn’t. Also syntax of my LDAP query is highlighted as error from Apigee point if view.

I also tried to to regular search and use attributes, like

CN=denis

and extract attributes like

<Attributes>
            <Attribute>memberof</Attribute>

But I got error that these attributes not found:

{"fault":{"faultstring":"Unresolved variable : ldap.LDAP-Query.search.result.attribute.memberof","detail":{"errorcode":"entities.UnresolvedVariable"}}}

My question is, APigee LDAP can do only very simple queries, like XX=XX?

I don’t want to use node.js, are there any other way to use stock LDAP query to determine use belonings to group? Maybe my syntax wrong?

D.

When I do cn=user, and than extract vars (they seems to be case sensitive), so memberOf is working and brings me a lot of CN groups. How can I evaluate this and determine if user belongs to specific group and go on?

I came out with some sort of solution:

1. Extract member of from context

2. Evaluate with python belongins to group:

groups = flow.getVariable("ldap.LDAP-Query.search.result.attribute.memberOf") 
if groups.find("CN=a") == -1:
flow.setVariable("res","no") 
else: 
flow.setVariable("res","yes")

Another questions, it seems by documentation that array of variables (if I use the variable without index) is the first one. How can I automatically take every query result (multi-value) and create string from it? i++?

HI Denis, i have also same requirement. i tried as below, but didn’t work. Can you please correct what was wrong and also please share sample search template.

dc=example,dc=com

subtree

cn={request.header.username}

memberOf